No Arabic abstract
Smart home IoT systems often rely on cloud-based servers for communication between components. Although there exists a body of work on IoT security, most of it focuses on securing clients (i.e., IoT devices). However, cloud servers can also be compromised. Existing approaches do not typically protect smart home systems against compromised cloud servers. This paper presents FIDELIUS: a runtime system for secure cloud-based storage and communication even in the presence of compromised servers. FIDELIUSs design is tailored for smart home systems that have intermittent Internet access. In particular, it supports local control of smart home devices in the event that communication with the cloud is lost, and provides a consistency model using transactions to mitigate inconsistencies that can arise due to network partitions. We have implemented FIDELIUS, developed a smart home benchmark that uses FIDELIUS, and measured FIDELIUSs performance and power consumption. Our experiments show that compared to the commercial Particle.io framework, FIDELIUS reduces more than 50% of the data communication time and increases battery life by 2X. Compared to PyORAM, an alternative (ORAM-based) oblivious storage implementation, FIDELIUS has 4-7X faster access times with 25-43X less data transferred.
The number of mobile and IoT devices connected to home and enterprise networks is growing fast. These devices offer new services and experiences for the users; however, they also present new classes of security threats pertaining to data and device safety and user privacy. In this article, we first analyze the potential threats presented by these devices connected to edge networks. We then propose Securebox: a new cloud-driven, low cost Security-as-a-Service solution that applies Software-Defined Networking (SDN) to improve network monitoring, security and management. Securebox enables remote management of networks through a cloud security service (CSS) with minimal user intervention required. To reduce costs and improve the scalability, Securebox is based on virtualized middleboxes provided by CSS. Our proposal differs from the existing solutions by integrating the SDN and cloud into a unified edge security solution, and by offering a collaborative protection mechanism that enables rapid security policy dissemination across all connected networks in mitigating new threats or attacks detected by the system. We have implemented two Securebox prototypes, using a low-cost Raspberry-PI and off-the-shelf fanless PC. Our system evaluation has shown that Securebox can achieve automatic network security and be deployed incrementally to the infrastructure with low management overhead.
Smart speakers and voice-based virtual assistants are core components for the success of the IoT paradigm. Unfortunately, they are vulnerable to various privacy threats exploiting machine learning to analyze the generated encrypted traffic. To cope with that, deep adversarial learning approaches can be used to build black-box countermeasures altering the network traffic (e.g., via packet padding) and its statistical information. This letter showcases the inadequacy of such countermeasures against machine learning attacks with a dedicated experimental campaign on a real network dataset. Results indicate the need for a major re-engineering to guarantee the suitable protection of commercially available smart speakers.
Home automation in modern smart home platforms is often facilitated using trigger-action routines. While such routines enable flexible automation, they also lead to an instance of the integrity problem in these systems: untrusted third-parties may use platform APIs to modify the abstract home objects (AHOs) that privileged, high-integrity devices such as security cameras rely on (i.e., as triggers), thereby transitively attacking them. As most accesses to AHOs are legitimate, removing the permissions or applying naive information flow controls would not only fail to prevent these problems, but also break useful functionality. Therefore, this paper proposes the alternate approach of home abstraction endorsement, which endorses a proposed change to an AHO by correlating it with certain specific, preceding, environmental changes. We present the HomeEndorser framework, which provides a policy model for specifying endorsement policies for AHOs as changes in device states, relative to their location, and a platform-based reference monitor for mediating all API requests to change AHOs against those device states. We evaluate HomeEndorser on the HomeAssistant platform, finding that we can derive over 1000 policy rules for HomeEndorser to endorse changes to 6 key AHOs, preventing malice and accidents for less than 10% overhead for endorsement check microbenchmarks, and with no false alarms under realistic usage scenarios. In doing so, HomeEndorser lays the first steps towards providing a practical foundation for ensuring that API-induced changes to abstract home objects correlate with the physical realities of the users environment.
In this paper, we propose to identify compromised mobile devices from a network administrators point of view. Intuitively, inadvertent users (and thus their devices) who download apps through untrustworthy markets are often allured to install malicious apps through in-app advertisement or phishing. We thus hypothesize that devices sharing a similar set of apps will have a similar probability of being compromised, resulting in the association between a device being compromised and apps in the device. Our goal is to leverage such associations to identify unknown compromised devices (i.e., devices possibly having yet currently not having known malicious apps) using the guilt-by-association principle. Admittedly, such associations could be quite weak as it is often hard, if not impossible, for an app to automatically download and install other apps without explicit initiation from a user. We describe how we can magnify such weak associations between devices and apps by carefully choosing parameters when applying graph-based inferences. We empirically show the effectiveness of our approach with a comprehensive study on the mobile network traffic provided by a major mobile service provider. Concretely, we achieve nearly 98% accuracy in terms of AUC (area under the ROC curve). Given the relatively weak nature of association, we further conduct in-depth analysis of the different behavior of a graph-inference approach, by comparing it to active DNS data. Moreover, we validate our results by showing that detected compromised devices indeed present undesirable behavior in terms of their privacy leakage and network infrastructure accessed.
A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.