Toward Usable Network Traffic Policies for IoT Devices in Consumer Networks

DeMarinis, Nicholas; Fonseca, Rodrigo

doi:10.1145/3139937.3139949

Cited by 11 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers have found that many applications built on emerging programming platforms such as Samsung's SmartThings [2] are over-privileged due to design flaws in their permission models [20,22]. To address these types of technical vulnerabilities, researchers have proposed network-traffic-analysis-based security mechanisms [8,15,16,40,45,46,53], user-centric and context-aware permission systems [21,31,49], analyses to identify incorrect or inconsistent application behaviors [11,38,51], and decentralized automation platforms with more fine-grained authentication tokens [23].…”

Section: Technical Vulnerabilitiesmentioning

confidence: 99%

“I would have to evaluate their objections”: Privacy tensions between smart home device owners and incidental users

Cobb

Bhagavatula

Garrett

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Recent research and articles in popular press have raised concerns about the privacy risks that smart home devices can create for incidental users—people who encounter smart home devices that are owned, controlled, and configured by someone else. In this work, we present the results of a user-centered investigation that explores incidental users’ experiences and the tensions that arise between device owners and incidental users. We conducted five focus group sessions through which we identified specific contexts in which someone might encounter other people’s smart home devices and the main concerns device owners and incidental users have in such situations. We used these findings to inform the design of a survey instrument, which we deployed to a demographically representative sample of 386 adults in the United States. Through this survey, we can better understand which contexts and concerns are most bothersome and how often device owners are willing to accommodate incidental users’ privacy preferences. We found some surprising trends in terms of what people are most worried about and what actions they are willing to take. For example, while participants who did not own devices themselves were often uncomfortable imagining them in their own homes, they were not as concerned about being affected by such devices in homes that they entered as part of their jobs. Participants showed interest in privacy solutions that might have a technical implementation component, but also frequently envisioned an open dialogue between incidental users and device owners to negotiate privacy accommodations.

show abstract

Section: Technical Vulnerabilitiesmentioning

confidence: 99%

“I would have to evaluate their objections”: Privacy tensions between smart home device owners and incidental users

Cobb

Bhagavatula

Garrett

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Although it is not suitable for novice users, manual rules input is the most accurate method of obtaining user input. The connections between de-vices depend on the user activities [40]. Hence, in a simple environment, advanced users [75] can customise the pre-defined policies [172,73], such as MUD [101], to meet their security and privacy requirements.…”

Section: Motivationmentioning

confidence: 99%

“…Hence, in a simple environment, advanced users [75] can customise the pre-defined policies [172,73], such as MUD [101], to meet their security and privacy requirements. Smart spaces also include other security services such as IDS [161,134,40,116]. Thus, there are three main security components for smart spaces: user input, pre-defined IoT policies, and network security middleboxes, which need to be incorporated when designing smart space security system.…”

Section: Motivationmentioning

confidence: 99%

Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

Al-Shaboti¹

2021

Preprint

View full text Add to dashboard Cite

The increasing use of Internet of Things (IoT) devices raises security and privacy concerns. In smart spaces, multiple IoT devices are simultaneously used to fulfil user activity functions. However, these devices exhibit several security vulnerabilities that can compromise smart space security and privacy. The ability of fine-grained control network access in IoT devices and application messages can significantly reduce the risk resulting from the exploitation of IoT vulnerabilities due to unauthorised access, thereby improving smart space security. A well-recognised approach in the literature for IoT access control is to use pre-defined access policies to allow the necessary connections for a device to function correctly. However, these policies allow access to all device functions (i.e. coarse-grained access) including those functions that are not used by any user activity. The overall goal of this thesis is to develop an access control framework and techniques to achieve fine-grained access policies by using user inputs. The user inputs will be utilised to select devices to fulfil user activities aiming to build an access policy from the minimum access required for each device function. In this thesis, the use of user inputs to meet user security and privacy requirements in single- and multi-user smart spaces is studied. The main contributions are as follows: first, an access control framework that enables users to tailor IoT device policies to meet their security and privacy requirements is proposed. Validation results of the framework show the effectiveness of integrating user access rules into the existing security countermeasures (i.e. pre-defined policies and intrusion detection systems – IDS) to enforce user security and privacy. Second, the problem of selecting preferable devices to fulfil user activity functions is formulated as an optimisation problem. The optimisation problem is then solved by local and global optimisation searching algorithms that are guided by a developed user preference quantified model. The results show that global optimisation search algorithms such as Genetic Algorithm (GA) find the solution more effectively and efficiently than local search algorithms such as simulated annealing and hill-climbing. Third, sharing access control for multi-user smart spaces is proposed. Traditional access control that considers a single user is not suitable for multi-user smart spaces, where users share their IoT devices. The sharing between multiple users poses challenges different than in single-user access control. For example, users may abuse using shared devices and use vulnerable ones. This thesis addresses these two challenges through two contributions. First, it proposes a novel sharing policy language that enables users to precisely define their sharing policy. Second, this thesis formulates the sharing policies as constraints in the context of an optimisation problem with the objective function that maximises the use of secure devices. Results show that the IoT sharing issue can naturally be translated into an integer linear programming (ILP) problem and effectively solved using off-the-shelf ILP solvers. Fourth, this thesis explores the feasibility and practicality of the fine-grained access policy enforcement through a smart home case study. A case study is built using a hub-based architecture that uses Web of Things (WoT) technology. WoT provides a device semantic description that includes device functions with the corresponding Uniform Resource Identifier (URI) which is used to build access control policies. The case study results show that policy enforcement can be effectively achieved by directing network traffic through a device proxy for each IoT device to enforce application access control without introducing statistically significant overhead on the user activity running time. In summary, this thesis studies the use of user inputs to derive fine-grained access control in smart spaces. For a single-user access control system, this thesis considers using manual rules and user preferences in small and dense smart spaces, respectively. For a multi-user access control system, this thesis proposes a secure sharing system supported by a sharing policy language to share and use IoT devices securely. For each scenario analysed, user input is utilised to derive fine-grained access policies. Enforcement of these policies has been explored by implementing a smart space case study using WoT technology. The overall results show that user preferences and sharing policies can be used to derive fine-grained access policies that are transparent to users and meet their security and privacy requirements.

show abstract

“…Similarly, DeMarinis and Fonseca [10] state that a networklayer architecture is required for the protection of a smart home against external threats and the mitigation of attacks from compromised devices. The authors recommend the implementation of a policy-based framework to restrict malicious traffic.…”

Section: B Security Frameworkmentioning

confidence: 99%

From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes

Augusto-Gonzalez¹,

Collen

Evangelatos

et al. 2019

2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)

View full text Add to dashboard Cite

The H2020 European research project GHOST-SafeGuarding Home IoT Environments with Personalised Realtime Risk Control-aims to deploy a highly effective security framework for IoT smart home residents through a novel reference architecture for user-centric cyber security in smart homes providing an unobtrusive and user-comprehensible solution. The aforementioned security framework leads to a transparent cyber security environment by increasing the effectiveness of the existing cyber security services and enhancing system's self-defence through disruptive software-enabled network security solutions. In this paper, GHOST security framework for IoT-based smart homes is presented. It is aiming to address the security challenges posed by several types of attacks, such as network, device and software. The effective design of the overall multilayered architecture is analysed, with particular emphasis given to the integration aspects through dynamic and re-configurable solutions and the features provided by each one of the architectural layers. Additionally, real-life trials and the associated use cases are described showcasing the competences and potential of the proposed framework.

show abstract

Toward Usable Network Traffic Policies for IoT Devices in Consumer Networks

Cited by 11 publications

References 7 publications

“I would have to evaluate their objections”: Privacy tensions between smart home device owners and incidental users

“I would have to evaluate their objections”: Privacy tensions between smart home device owners and incidental users

Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes

Contact Info

Product

Resources

About