DB-PAISA: Discovery-Based Privacy-Agile IoT Sensing+Actuation
- URL: http://arxiv.org/abs/2412.11572v1
- Date: Mon, 16 Dec 2024 08:57:24 GMT
- Title: DB-PAISA: Discovery-Based Privacy-Agile IoT Sensing+Actuation
- Authors: Isita Bagayatkar, Youngil Kim, Gene Tsudik,
- Abstract summary: Internet of Things (IoT) devices are becoming increasingly commonplace in numerous public and semi-private settings.
Currently, most such devices lack mechanisms to facilitate their discovery by casual (nearby) users who are not owners or operators.
This naturally triggers privacy, security, and safety issues.
In this work, we construct DB-PAISA which addresses these issues via a pull-based method, whereby devices reveal their presence and capabilities only upon explicit user request.
- Score: 10.978372324294153
- License:
- Abstract: Internet of Things (IoT) devices are becoming increasingly commonplace in numerous public and semi-private settings. Currently, most such devices lack mechanisms to facilitate their discovery by casual (nearby) users who are not owners or operators. However, these users are potentially being sensed, and/or actuated upon, by these devices, without their knowledge or consent. This naturally triggers privacy, security, and safety issues. To address this problem, some recent work explored device transparency in the IoT ecosystem. The intuitive approach is for each device to periodically and securely broadcast (announce) its presence and capabilities to all nearby users. While effective, when no new users are present, this push-based approach generates a substantial amount of unnecessary network traffic and needlessly interferes with normal device operation. In this work, we construct DB-PAISA which addresses these issues via a pull-based method, whereby devices reveal their presence and capabilities only upon explicit user request. Each device guarantees a secure timely response (even if fully compromised by malware) based on a small active Root-of-Trust (RoT). DB-PAISA requires no hardware modifications and is suitable for a range of current IoT devices. To demonstrate its feasibility and practicality, we built a fully functional and publicly available prototype. It is implemented atop a commodity MCU (NXP LCP55S69) and operates in tandem with a smartphone-based app. Using this prototype, we evaluate energy consumption and other performance factors.
Related papers
- TOCTOU Resilient Attestation for IoT Networks (Full Version) [10.049514211874323]
TRAIN (TOCTOU-Resilient for IoT Networks) is an efficient technique that minimizes constant-time per-device vulnerability windows.
We demonstrate TRAIN's viability and evaluate its performance via a fully functional and publicly available prototype.
arXiv Detail & Related papers (2025-02-10T21:41:11Z) - T2Pair++: Secure and Usable IoT Pairing with Zero Information Loss [9.680415326163823]
We introduce a novel technique called Universal Operation Sensing, enabling IoT devices to sense the user's physical operations without the need for inertial sensors.
With this technique, users can complete the pairing process within seconds using simple actions such as pressing a button or twisting a knob.
We propose an accurate pairing protocol, which does not use fuzzy commitment and incurs zero information loss.
arXiv Detail & Related papers (2024-09-25T00:41:02Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things.
PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE.
We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version) [12.842258850026878]
Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation.
This paper constructs a privacy-agileuation RootofTrust architecture for devices, called PAISA.
It guarantees timely and secure announcements about IoT devices' presence and their capabilities.
arXiv Detail & Related papers (2023-09-07T09:08:31Z) - IoT Device Identification Based on Network Communication Analysis Using
Deep Learning [43.0717346071013]
The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices.
To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network.
In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
arXiv Detail & Related papers (2023-03-02T13:44:58Z) - Rapid IoT Device Identification at the Edge [5.213147236587845]
We show a novel method of rapid IoT device identification using neural networks trained on device DNS traffic.
The method identifies devices by fitting a model to the first seconds of DNS second-level-domain traffic following their first connection.
We classify 30 consumer IoT devices from 27 different manufacturers with 82% and 93% accuracy for product type and device manufacturers respectively.
arXiv Detail & Related papers (2021-10-26T18:11:38Z) - Learning, Computing, and Trustworthiness in Intelligent IoT
Environments: Performance-Energy Tradeoffs [62.91362897985057]
An Intelligent IoT Environment (iIoTe) is comprised of heterogeneous devices that can collaboratively execute semi-autonomous IoT applications.
This paper provides a state-of-the-art overview of these technologies and illustrates their functionality and performance, with special attention to the tradeoff among resources, latency, privacy and energy consumption.
arXiv Detail & Related papers (2021-10-04T19:41:42Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers.
The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks.
In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.