ABSTRACT
Smart home technology has gained widespread adoption. However, several instances of massive corporate surveillance and episodes of sensor data breaches have raised many privacy concerns amongst potential consumers. This paper presents PatrIoT, a private-by-design IoT platform for smart home environments. PatrIoT revisits the typical architecture of existing IoT platforms, and provides an alternative design where the home owner retains full ownership and control of smart device generated data. It leverages Intel SGX to prevent unauthorized access to the data by untrusted IoT cloud providers, and offers homeowners an intuitive security abstraction named flowwall which allows them to specify easy-to-use policies for controlling sensitive sensor data flows within their smart homes. We have built and evaluated a PatrIoT prototype. Most of the participants in a field study considered PatrIoT to be easy to use, and the supported policies to be useful in protecting their privacy.
Supplemental Material
Available for Download
Presentation slides
- Sergei Arnautov, Bohdan Trach, Franz Gregor, 2016. SCONE: Secure Linux Containers with Intel SGX. In Proc. of OSDI.Google ScholarDigital Library
- Bram Bonné, Sai Teja Peddinti, Igor Bilogrevic, and Nina Taft. 2017. Exploring decision making with Android’s runtime permission dialogs using in-context surveys. In Proc. of SOUPS.Google Scholar
- Z Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. SOTERIA: Automated IoT safety and security analysis. In Proc. of USENIX ATC.Google Scholar
- Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. In Proc. of NDSS.Google ScholarCross Ref
- Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, 2019. Exploring how privacy and security factor into IoT device purchase behavior. In Proc. of CHI.Google ScholarDigital Library
- Adam Clark Estes. [n.d.]. Yes, Your Amazon Echo Is an Ad Machine. https://gizmodo.com/yes-your-amazon-echo-is-an-ad-machine-1821712916.Google Scholar
- Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proc. of IEEE S&P.Google ScholarCross Ref
- Earlence Fernandes, Justin Paupore, 2016. Flowfence: Practical data protection for emerging iot application frameworks. In Proc. of USENIX Security.Google Scholar
- Christine Hauser. [n.d.]. Police Use Fitbit Data to Charge 90-Year-Old Man in Stepdaughter’s Killing. https://nyti.ms/2Oz8P5j. Accessed August 2020.Google Scholar
- Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In Proc. of OSDI.Google ScholarDigital Library
- Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, and Atul Prakash. 2017. ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms. In Proc. of NDSS.Google ScholarCross Ref
- Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX enclaves from practical side-channel attacks. In Proc. of USENIX ATC.Google Scholar
- Rishabh Poddar, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy. 2018. Safebricks: Shielding network functions in the cloud. In Proc. of NSDI.Google Scholar
- Threat Post. 2019. Amazon Sends 1,700 Alexa Voice Recordings to a Random Person. https://threatpost.com/amazon-1700-alexa-voice-recordings.Google Scholar
- Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. Enclavedb: A secure database using SGX. In Proc. of IEEE SP.Google ScholarCross Ref
- Nuno Santos, Rodrigo Rodrigues, Krishna P. Gummadi, and Stefan Saroiu. 2012. Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services. In Proc. of USENIX Security.Google Scholar
- Jatinder Singh, Thomas Pasquier, Jean Bacon, Julia Powles, Raluca Diaconu, and David Eyers. 2016. Big Ideas Paper: Policy-driven Middleware for a Legally-compliant Internet of Things. In Proc. of Middleware.Google ScholarDigital Library
- Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. Smartauth: User-centered authorization for the internet of things. In Proc. of USENIX Security.Google Scholar
- Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and Logging in the Internet of Things. In Proc. of NDSS.Google ScholarCross Ref
- I. Zavalyshyn, N. O. Duarte, and N. Santos. 2018. HomePad: A Privacy-Aware Smart Hub for Home Environments. In Proc. of SEC.Google Scholar
- Wei Zhou, Yan Jia, Yao Yao, 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In Proc. of USENIX Security.Google Scholar
Recommendations
Private assisted house for smart living
The increasing number of elderly people and chronic diseases asks for innovative care models enabled by technology. Considering house as the place where most of people spend their daily routine, we believe that smart house development and diffusion could ...
Restful Design and Implementation of Smart Appliances for Smart Home
UIC-ATC-SCALCOM '14: Proceedings of the 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)The world is changing and we are moving towards the day when everything will be network accessible, named 'Internet of Things (IoT)'. The growing popularity of IoT leads various services such as healthcare, connected car, smart education and smart home ...
Private memoirs of a smart meter
BuildSys '10: Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in BuildingHousehold smart meters that measure power consumption in real-time at fine granularities are the foundation of a future smart electricity grid. However, the widespread deployment of smart meters has serious privacy implications since they inadvertently ...
Comments