Traffic analysis attacks allow an attacker to infer sensitive information about users by analyzing network traffic of user devices. These attacks are passive in nature and are difficult to detect. In this paper, we demonstrate that an adversary, with access to upstream traffic from a smart home network, can identify the device types and user interactions with IoT devices, with significant confidence. These attacks are practical even when device traffic is encrypted because they only utilize statistical properties, such as traffic rates, for analysis. In order to mitigate the privacy implications of traffic analysis attacks, we propose a traffic morphing technique, which shapes network traffic thus making it more difficult to identify IoT devices and their activities. Our evaluation shows that the proposed technique provides protection against traffic analysis attacks and prevent privacy leakages for smart home users.