ABSTRACT
Internet of Things (IoT) devices have revolutionized the way we interact with our physical environment. With a single tap on a smartphone screen or a voice command one can control home lighting, thermostats and cameras, monitor physical activity, and keep track of personal belongings. However, while these devices become more and more embedded in our daily lives, there are growing concerns over the privacy and security of highly sensitive data they collect. Numerous cases of data abuse, unauthorized sharing and leakage have been reported. Unfortunately, existing IoT systems have not only failed to prevent such cases, but often contributed to those. To address this issue, we propose a clean-slate approach to building secure and private-by-design IoT systems, in which users retain full control and ownership of their IoT data. The approach builds upon key design concepts: (1) a dataflow programming model for building IoT apps and services, and (2) a mechanism to track sensitive sensor data flows inside these apps and automatically verify their compliance with user-defined privacy and security preferences.
- Adam Clark Estes. 2018. Yes, Your Amazon Echo Is an Ad Machine. https://gizmodo.com/yes-your-amazon-echo-is-an-ad-machine-1821712916.Google Scholar
- Eduardo Gomes, Igor Zavalyshyn, Nuno Santos, João Silva, and Axel Legay. 2020. Flowverine: Leveraging Dataflow Programming for Building Privacy-Sensitive Android Applications. In Proceedings of 19th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom) (to appear).Google Scholar
- Christine Hauser. 2018. Police Use Fitbit Data to Charge 90-Year-Old Man in Stepdaughter's Killing. https://www.nytimes.com/2018/10/03/us/fitbit-murder-arrest.html.Google Scholar
- Jay McGregor. 2019. Here's How Amazon's Ring Doorbell Police Partnership Affects You. https://www.forbes.com/sites/jaymcgregor/2019/08/06/heres-how-amazons-ring-doorbell-police-partnership-affects-you.Google Scholar
- Microsoft. 2020. Microsoft Azure Confidential Computing. https://azure.microsoft.com/en-us/solutions/confidential-compute/.Google Scholar
- Charlie Osborne. 2019. Amazon employees listen in to your conversations with Alexa. https://www.zdnet.com/article/amazon-employees-are-listening-in-to-your-conversations-with-alexa/.Google Scholar
- Tara Seals. 2018. Amazon Sends 1,700 Alexa Voice Recordings to a Random Person. https://threatpost.com/amazon-1700-alexa-voice-recordings/140201/.Google Scholar
- Amanda Yeo. 2019. Data leak by IoT device maker Wyze exposes personal information of 2.4 million people. https://mashable.com/article/wyze-smart-home-data-leak-breach/.Google Scholar
- Igor Zavalyshyn, Nuno O Duarte, and Nuno Santos. 2018. An Extended Case Study about Securing Smart Home Hubs through N-version Programming.. In Proceedings of ICETE (2). 289--300.Google Scholar
- Igor Zavalyshyn, Nuno O Duarte, and Nuno Santos. 2018. HomePad: A privacy-aware smart hub for home environments. In Proceedings of The Third IEEE/ACM Symposium on Edge Computing (SEC). IEEE, 58--73.Google ScholarCross Ref
- Igor Zavalyshyn, Thomas Given-Wilson, Axel Legay, and Ramin Sadre. 2020. Brief Announcement: Effectiveness of Code Hardening for Fault-Tolerant IoT Software. In Proceedings of 22nd International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS) (to appear).Google Scholar
Index Terms
- Building Private-by-Design IoT Systems
Recommendations
IoT: Imminent ownership Threat
IDEAS '17: Proceedings of the 21st International Database Engineering & Applications SymposiumInternet of things (IoT) is the current trend to connect all types of devices to the internet with the purpose of making remote control of these devices possible from anywhere. This allows for convenience, efficiency and the benefit of collecting data ...
Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications SecurityIoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Comments