research-article

My House, My Rules: A Private-by-Design Smart Home Platform

Authors:

Igor Zavalyshyn,

Axel LegayAuthors Info & Claims

MobiQuitous '20: MobiQuitous 2020 - 17th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Pages 273 - 282

https://doi.org/10.1145/3448891.3450333

Published: 09 August 2021 Publication History

Abstract

Smart home technology has gained widespread adoption. However, several instances of massive corporate surveillance and episodes of sensor data breaches have raised many privacy concerns amongst potential consumers. This paper presents PatrIoT, a private-by-design IoT platform for smart home environments. PatrIoT revisits the typical architecture of existing IoT platforms, and provides an alternative design where the home owner retains full ownership and control of smart device generated data. It leverages Intel SGX to prevent unauthorized access to the data by untrusted IoT cloud providers, and offers homeowners an intuitive security abstraction named flowwall which allows them to specify easy-to-use policies for controlling sensitive sensor data flows within their smart homes. We have built and evaluated a PatrIoT prototype. Most of the participants in a field study considered PatrIoT to be easy to use, and the supported policies to be useful in protecting their privacy.

Supplementary Material

p273-zavalyshyn-supplement (p273-zavalyshyn-supplement.pdf)

Presentation slides

Download
2.16 MB

References

[1]

Sergei Arnautov, Bohdan Trach, Franz Gregor, 2016. SCONE: Secure Linux Containers with Intel SGX. In Proc. of OSDI.

Digital Library

[2]

Bram Bonné, Sai Teja Peddinti, Igor Bilogrevic, and Nina Taft. 2017. Exploring decision making with Android’s runtime permission dialogs using in-context surveys. In Proc. of SOUPS.

[3]

Z Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. SOTERIA: Automated IoT safety and security analysis. In Proc. of USENIX ATC.

[4]

Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. In Proc. of NDSS.

[5]

Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, 2019. Exploring how privacy and security factor into IoT device purchase behavior. In Proc. of CHI.

Digital Library

[6]

Adam Clark Estes. [n.d.]. Yes, Your Amazon Echo Is an Ad Machine. https://gizmodo.com/yes-your-amazon-echo-is-an-ad-machine-1821712916.

[7]

Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proc. of IEEE S&P.

[8]

Earlence Fernandes, Justin Paupore, 2016. Flowfence: Practical data protection for emerging iot application frameworks. In Proc. of USENIX Security.

[9]

Christine Hauser. [n.d.]. Police Use Fitbit Data to Charge 90-Year-Old Man in Stepdaughter’s Killing. https://nyti.ms/2Oz8P5j. Accessed August 2020.

[10]

Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In Proc. of OSDI.

Digital Library

[11]

Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, and Atul Prakash. 2017. ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms. In Proc. of NDSS.

[12]

Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX enclaves from practical side-channel attacks. In Proc. of USENIX ATC.

[13]

Rishabh Poddar, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy. 2018. Safebricks: Shielding network functions in the cloud. In Proc. of NSDI.

[14]

Threat Post. 2019. Amazon Sends 1,700 Alexa Voice Recordings to a Random Person. https://threatpost.com/amazon-1700-alexa-voice-recordings.

[15]

Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. Enclavedb: A secure database using SGX. In Proc. of IEEE SP.

[16]

Nuno Santos, Rodrigo Rodrigues, Krishna P. Gummadi, and Stefan Saroiu. 2012. Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services. In Proc. of USENIX Security.

[17]

Jatinder Singh, Thomas Pasquier, Jean Bacon, Julia Powles, Raluca Diaconu, and David Eyers. 2016. Big Ideas Paper: Policy-driven Middleware for a Legally-compliant Internet of Things. In Proc. of Middleware.

Digital Library

[18]

Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. Smartauth: User-centered authorization for the internet of things. In Proc. of USENIX Security.

[19]

Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and Logging in the Internet of Things. In Proc. of NDSS.

[20]

I. Zavalyshyn, N. O. Duarte, and N. Santos. 2018. HomePad: A Privacy-Aware Smart Hub for Home Environments. In Proc. of SEC.

[21]

Wei Zhou, Yan Jia, Yao Yao, 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In Proc. of USENIX Security.

Cited By

De Keersmaeker FSadre RPelsser C(2024)Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619760(413-422)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619760
Al Muhander BWiese JRana OPerera C(2023)Interactive Privacy Management: Toward Enhancing Privacy Awareness and Control in the Internet of ThingsACM Transactions on Internet of Things10.1145/36000964:3(1-34)Online publication date: 21-Sep-2023
https://dl.acm.org/doi/10.1145/3600096
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Show More Cited By

Recommendations

Private assisted house for smart living

The increasing number of elderly people and chronic diseases asks for innovative care models enabled by technology. Considering house as the place where most of people spend their daily routine, we believe that smart house development and diffusion could ...
Restful Design and Implementation of Smart Appliances for Smart Home
UIC-ATC-SCALCOM '14: Proceedings of the 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)

The world is changing and we are moving towards the day when everything will be network accessible, named 'Internet of Things (IoT)'. The growing popularity of IoT leads various services such as healthcare, connected car, smart education and smart home ...
Private memoirs of a smart meter
BuildSys '10: Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Building

Household smart meters that measure power consumption in real-time at fine granularities are the foundation of a future smart electricity grid. However, the widespread deployment of smart meters has serious privacy implications since they inadvertently ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MobiQuitous '20: MobiQuitous 2020 - 17th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

December 2020

493 pages

ISBN:9781450388405

DOI:10.1145/3448891

Editors:
Max Mühlhäuser
Technical University of Darmstadt, Germany
,
George C. Polyzos
Athens University of Economics and Business Athens, Greece
,
Florian Michahelles
Siemens Corporation, USA
,
Alejandro Sanchez Guinea
Technical University of Darmstadt, Germany
,
Lin Wang
Vrije Universiteit (VU) Amsterdam

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Fundação para a Ciência e a Tecnologia (FCT)

Conference

MobiQuitous '20

MobiQuitous '20: Computing, Networking and Services

December 7 - 9, 2020

Darmstadt, Germany

Acceptance Rates

Overall Acceptance Rate 26 of 87 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
189
Total Downloads

Downloads (Last 12 months)52
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

De Keersmaeker FSadre RPelsser C(2024)Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619760(413-422)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619760
Al Muhander BWiese JRana OPerera C(2023)Interactive Privacy Management: Toward Enhancing Privacy Awareness and Control in the Internet of ThingsACM Transactions on Internet of Things10.1145/36000964:3(1-34)Online publication date: 21-Sep-2023
https://dl.acm.org/doi/10.1145/3600096
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Ahmadpanah MHedin DSabelfeld A(2023)LazyTAP: On-Demand Data Minimization for Trigger-Action Applications2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179425(3079-3097)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179425
Chen YChowdhury AWang RSabelfeld AChatterjee RFernandes E(2021)Data Privacy in Trigger-Action Systems2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00108(501-518)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00108

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten