Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users

Chen, Jiongyi; Zuo, Chao; Diao, Wenrui; Dong, Shuaike; Zhao, Qingchuan; Sun, Min; Lin, Zhiqiang; Zhang, Yinqian; Zhang, Kehuan

doi:10.1109/dsn.2019.00034

Cited by 26 publications

(13 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chen et al [68] studied the security challenges in IoT remote blinding. They used a state-machine model to evaluate ten real-world remote binding cases.…”

Section: Access Controlmentioning

confidence: 99%

“…More devices can handle computing and data storage missions to cloud services. To check their security issues, researchers have studies access control models in remote binding [68], IFTTT (if this then that) services [65], and resource sharing [67]. As more vendors develop mobile apps to control their devices, the access control issues in these apps are also worthy of attention.…”

Section: Application Layermentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.

show abstract

“…Chen et al [68] studied the security challenges in IoT remote blinding. They used a state-machine model to evaluate ten real-world remote binding cases.…”

Section: Access Controlmentioning

confidence: 99%

Section: Application Layermentioning

confidence: 99%

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

show abstract

“…In addition, they share their IoT devices, such as smart TVs and smart speakers, for altruistic or economic reasons. Although a single user can link to and use multiple devices, a single device cannot be linked to multiple user accounts (the IoT cloud revokes an existing binding when it receives a new binding request) [29,200]. In existing IoT frameworks, IoT devices are either shared with everyone (e.g.…”

Section: Motivationmentioning

confidence: 99%

Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

Al-Shaboti¹

2021

Preprint

View full text Add to dashboard Cite

The increasing use of Internet of Things (IoT) devices raises security and privacy concerns. In smart spaces, multiple IoT devices are simultaneously used to fulfil user activity functions. However, these devices exhibit several security vulnerabilities that can compromise smart space security and privacy. The ability of fine-grained control network access in IoT devices and application messages can significantly reduce the risk resulting from the exploitation of IoT vulnerabilities due to unauthorised access, thereby improving smart space security. A well-recognised approach in the literature for IoT access control is to use pre-defined access policies to allow the necessary connections for a device to function correctly. However, these policies allow access to all device functions (i.e. coarse-grained access) including those functions that are not used by any user activity. The overall goal of this thesis is to develop an access control framework and techniques to achieve fine-grained access policies by using user inputs. The user inputs will be utilised to select devices to fulfil user activities aiming to build an access policy from the minimum access required for each device function. In this thesis, the use of user inputs to meet user security and privacy requirements in single- and multi-user smart spaces is studied. The main contributions are as follows: first, an access control framework that enables users to tailor IoT device policies to meet their security and privacy requirements is proposed. Validation results of the framework show the effectiveness of integrating user access rules into the existing security countermeasures (i.e. pre-defined policies and intrusion detection systems – IDS) to enforce user security and privacy. Second, the problem of selecting preferable devices to fulfil user activity functions is formulated as an optimisation problem. The optimisation problem is then solved by local and global optimisation searching algorithms that are guided by a developed user preference quantified model. The results show that global optimisation search algorithms such as Genetic Algorithm (GA) find the solution more effectively and efficiently than local search algorithms such as simulated annealing and hill-climbing. Third, sharing access control for multi-user smart spaces is proposed. Traditional access control that considers a single user is not suitable for multi-user smart spaces, where users share their IoT devices. The sharing between multiple users poses challenges different than in single-user access control. For example, users may abuse using shared devices and use vulnerable ones. This thesis addresses these two challenges through two contributions. First, it proposes a novel sharing policy language that enables users to precisely define their sharing policy. Second, this thesis formulates the sharing policies as constraints in the context of an optimisation problem with the objective function that maximises the use of secure devices. Results show that the IoT sharing issue can naturally be translated into an integer linear programming (ILP) problem and effectively solved using off-the-shelf ILP solvers. Fourth, this thesis explores the feasibility and practicality of the fine-grained access policy enforcement through a smart home case study. A case study is built using a hub-based architecture that uses Web of Things (WoT) technology. WoT provides a device semantic description that includes device functions with the corresponding Uniform Resource Identifier (URI) which is used to build access control policies. The case study results show that policy enforcement can be effectively achieved by directing network traffic through a device proxy for each IoT device to enforce application access control without introducing statistically significant overhead on the user activity running time. In summary, this thesis studies the use of user inputs to derive fine-grained access control in smart spaces. For a single-user access control system, this thesis considers using manual rules and user preferences in small and dense smart spaces, respectively. For a multi-user access control system, this thesis proposes a secure sharing system supported by a sharing policy language to share and use IoT devices securely. For each scenario analysed, user input is utilised to derive fine-grained access policies. Enforcement of these policies has been explored by implementing a smart space case study using WoT technology. The overall results show that user preferences and sharing policies can be used to derive fine-grained access policies that are transparent to users and meet their security and privacy requirements.

show abstract

“…When a user clicks "Add Device" on the mobile app, a device binding process kicks off. DIAM-IoT is agnostic to the underlying device binding approaches and a variety of protocols [5] implemented by device manufactures can be utilized in practice.…”

Section: Device Binding and Verifiable Credential Generationmentioning

confidence: 99%

“…3.7.1 Phase 1 -Resolving Device DID. Once Bob obtains the DID did dev of Alice's IoT device 5 , he invokes the master smart contract sc mas . Based on the resolution of did dev , sc mas further invokes the corresponding manufacture smart contract sc mas to get the tuple ⟨did dev , H(doc dev ), URI doc dev , sta did dev ⟩.…”

Section: Decentralized and User-centric Data Authorizationmentioning

confidence: 99%

DIAM-IoT: A Decentralized Identity and Access Management Framework for Internet of Things

Fan

Chai

et al. 2020

Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure

View full text Add to dashboard Cite

With the exorbitant growth in the number of connected devices, the lack of proper identity and access management (IAM) mechanisms has become a major concern. The traditional IAM systems, which focus solely on managing people's digital identities, fail to accommodate billions of Internet of Things (IoT) devices. The emerging concepts such as decentralized identifiers (DIDs) and verifiable credentials (VCs) provide new perspectives on incorporating IAM capabilities into IoT ecosystems. In this paper, we present a decentralized IAM framework for IoT named DIAM-IoT, which is able to create a unified, interoperable, and tamper-proof device identity registry on top of the blockchain by introducing DIDs and VCs into the lifecycle of IoT devices, thereby breaking IoT application silos and unlocking the potential of IoT on a global scale. A proof-of-concept implementation of the DIAM-IoT framework for decentralized and user-centric data authorization demonstrates its feasibility and effectiveness in practice. CCS CONCEPTS • Computer systems organization → Embedded and cyberphysical systems; • Software and its engineering → Interoperability; • Security and privacy → Authorization.

show abstract

Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users

Cited by 26 publications

References 30 publications

A Survey on Recent Advanced Research of CPS Security

A Survey on Recent Advanced Research of CPS Security

Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

DIAM-IoT: A Decentralized Identity and Access Management Framework for Internet of Things

Contact Info

Product

Resources

About