Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)
- URL: http://arxiv.org/abs/2309.03574v2
- Date: Fri, 8 Sep 2023 17:00:39 GMT
- Title: Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)
- Authors: Sashidhar Jakkamsetti, Youngil Kim, Gene Tsudik,
- Abstract summary: Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation.
This paper constructs a privacy-agileuation RootofTrust architecture for devices, called PAISA.
It guarantees timely and secure announcements about IoT devices' presence and their capabilities.
- Score: 12.842258850026878
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation. This prompts, respectively, privacy and security/safety issues. The dangers of hidden IoT devices have been recognized and prior research suggested some means of mitigation, mostly based on traffic analysis or using specialized hardware to uncover devices. While such approaches are partially effective, there is currently no comprehensive approach to IoT device transparency. Prompted in part by recent privacy regulations (GDPR and CCPA), this paper motivates and constructs a privacy-agile Root-of-Trust architecture for IoT devices, called PAISA: Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure announcements about IoT devices' presence and their capabilities. PAISA has two components: one on the IoT device that guarantees periodic announcements of its presence even if all device software is compromised, and the other that runs on the user device, which captures and processes announcements. Notably, PAISA requires no hardware modifications; it uses a popular off-the-shelf Trusted Execution Environment (TEE) -- ARM TrustZone. This work also comprises a fully functional (open-sourced) prototype implementation of PAISA, which includes: an IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android smartphone-based app that captures and processes announcements. Both security and performance of PAISA design and prototype are discussed.
Related papers
- IoT-LM: Large Multisensory Language Models for the Internet of Things [70.74131118309967]
IoT ecosystem provides rich source of real-world modalities such as motion, thermal, geolocation, imaging, depth, sensors, and audio.
Machine learning presents a rich opportunity to automatically process IoT data at scale.
We introduce IoT-LM, an open-source large multisensory language model tailored for the IoT ecosystem.
arXiv Detail & Related papers (2024-07-13T08:20:37Z) - zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms [0.0]
This paper introduces the zk-IoT framework, a novel approach to enhancing the security of Internet of Things (IoT) ecosystems.
Our framework ensures the integrity of firmware execution and data processing in potentially compromised IoT devices.
arXiv Detail & Related papers (2024-02-13T09:34:23Z) - A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things.
PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE.
We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z) - IoTScent: Enhancing Forensic Capabilities in Internet of Things Gateways [45.44831696628473]
This paper presents IoTScent, an open-source forensic tool that enables IoT gateways and Home Automation platforms to perform IoT traffic capture and analysis.
IoTScent is specifically designed to operate over IEEE5.4-based traffic, which is the basis for many IoT-specific protocols such as Zigbee, 6LoWPAN and Thread.
This work provides a comprehensive description of the IoTScent tool, including a practical use case that demonstrates the use of the tool to perform device identification from Zigbee traffic.
arXiv Detail & Related papers (2023-10-05T09:10:05Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - IoT Device Identification Based on Network Communication Analysis Using
Deep Learning [43.0717346071013]
The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices.
To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network.
In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
arXiv Detail & Related papers (2023-03-02T13:44:58Z) - Technical Report-IoT Devices Proximity Authentication In Ad Hoc Network
Environment [0.0]
Internet of Things (IoT) is a distributed communication technology system that offers the possibility for physical devices to connect and exchange data.
authentication to the IoT devices is essential as it is the first step in preventing any negative impact of possible attackers.
This paper implements an IoT devices authentication scheme based on something that is in the IoT devices environment.
arXiv Detail & Related papers (2022-10-01T03:07:42Z) - Learning, Computing, and Trustworthiness in Intelligent IoT
Environments: Performance-Energy Tradeoffs [62.91362897985057]
An Intelligent IoT Environment (iIoTe) is comprised of heterogeneous devices that can collaboratively execute semi-autonomous IoT applications.
This paper provides a state-of-the-art overview of these technologies and illustrates their functionality and performance, with special attention to the tradeoff among resources, latency, privacy and energy consumption.
arXiv Detail & Related papers (2021-10-04T19:41:42Z) - Zero-Bias Deep Learning for Accurate Identification of Internet of
Things (IoT) Devices [20.449229983283736]
We propose an enhanced deep learning framework for IoT device identification using physical layer signals.
We have evaluated the effectiveness of the proposed framework using real data from ADS-B (Automatic Dependent Surveillance-Broadcast), an application of IoT in aviation.
arXiv Detail & Related papers (2020-08-27T20:50:48Z) - IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers.
The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks.
In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.