We explore the risks to security and privacy in IoT networks by setting up an inexpensive home automation network and performing a set of experiments intended to study attacks and defenses. We focus on privacy preservation in home automation networks but our insights can extend to other IoT applications. Privacy preservation is fundamental to achieving the promise of IoT, Industrial Internet and M2M.
We look at both simple cryptographic techniques and information manipulation to protect a user against an adversary inside the IoT network or an adversary that has compromised remote servers. We show how user data can be masked or selectively leaked and manipulated. We provide a blueprint for inexpensive study of IoT security and privacy using COTS products and services.