Analysis of privacy threats in internet of medical things (IoMT) using machine learning

Abstract

The growing market for Internet of Medical Things (IoMT) promises new conveniences for consumers while presenting new challenges for preserving consumers’ privacy. Most of the IoMT devices have sensors that keep capturing users’ activities and transmit information about these activities on the internet. In this thesis, we demonstrate that machine learning schemes could be employed by an Internet Service Provider (ISP) or an intentional attack to infer device name/ type and privacy sensitive user activities by analyzing internet traffic generated from commercially available IoMT devices, even though those devices use end-to-end transport-layer encryption. To better protect the privacy of IoMT device users, we proposed a traffic shaping scheme. Our experiments showed that traffic shaping significantly reduces an adversary’s ability to accurately identify devices owned by users or detect genuine user activities/interactions. Hence, it can effectively and practically mitigate many privacy risks associated with IoMT devices.