IoT S&P’19- Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-ThingsFull Citation in the ACM Digital Library
SESSION: Keynote Address
The growth of commodity IoT devices that integrate physical processes with digital systems have changed the way we live, play, and work. Yet existing IoT platforms cannot help programmers evaluate whether their IoT applications are safe and secure, nor do these platforms help programmers build secure and reliable applications. In this talk, we discuss several pieces of work that help programmers build secure and reliable IoT applications. We first discuss our work of using static model checking and dynamic analysis to find violations of safety and functional properties in an IoT app or a collection of apps, according to a set of desired properties. We then discuss our recent effort of developing a framework for handling device faults in IoT applications. The framework provides a set of fault-handling primitives such as retry and restart, which programmers can utilize to handle device faults systematically to improve their applications’ reliability. This is joint work with Z. Berkay Celik, Patrick McDaniel, Michael Norris, Anand Sivasubramaniam, Prasanna Venkatesh, and Shulin Zhao.
SESSION: Attack and Defense
The wide deployment of devices in Internet of Things (IoT) not only brings many benefits, but also incurs some security challenges. Remote attestation becomes an attractive method to guarantee the security of IoT devices. Unfortunately, most current attestation schemes only focus on the software attacks, but cannot detect the physical attacks. Several remote attestation schemes resilient to physical attacks still have some drawbacks in energy consumption, runtime, and security. In this paper, we propose an Efficient Attestation scheme resilient to Physical Attacks (EAPA) for IoT devices. We exploit a distributed attestation mode to make the protocol be executed in parallel, which reduces the total runtime to $O(1)$. Besides, we introduce an accusation mechanism to report compromised devices and design a new key update method, ensuring the efficiency and the security of our scheme. Furthermore, we present the security analysis and the performance evaluation of EAPA. The results indicate that EAPA has the lowest energy and runtime consumption compared with related works. Particularly, it shows a constant value in terms of runtime consumption.
In this paper, we propose a framework called Contego-TEE to secure Internet-of-Things (IoT) edge devices with timing requirements from control spoofing attacks where an adversary sends malicious control signals to the actuators. We use a trusted computing base available in commodity processors (such as ARM TrustZone) and propose an invariant checking mechanism to ensure the security and safety of the physical system. A working prototype of Contego-TEE was developed using embedded Linux kernel. We demonstrate the feasibility of our approach for a robotic vehicle running on an ARM-based platform.
While the number of IoT devices grows at an exhilarating pace their security remains stagnant. Imposing secure coding standards across all vendors is infeasible. Testing individual devices allows an analyst to evaluate their security post deployment. Any discovered vulnerabilities can then be disclosed to the vendors in order to assist them in securing their products. The search for vulnerabilities should ideally be automated for efficiency and furthermore be device-independent for scalability.
We present FirmFuzz, an automated device-independent emulation and dynamic analysis framework for Linux-based firmware images. It employs a greybox-based generational fuzzing approach coupled with static analysis and system introspection to provide targeted and deterministic bug discovery within a firmware image.
We evaluate FirmFuzz by emulating and dynamically analyzing 32 images (from 27 unique devices) with a network accessible from the host performing the emulation. During testing, FirmFuzz discovered seven previously undisclosed vulnerabilities across six different devices: two IP cameras and four routers. So far, 4 CVE’s have been assigned.
Enabling Opportunistic Users in Multi-Tenant IoT Systems using Decentralized Identifiers and Permissioned Blockchains
In this work, we leverage advances in decentralized identifiers and permissioned blockchains to build a flexible user authentication and authorization mechanism that offers enhanced privacy, achieves fast revocation, and supports distributed “policy decision points” executed in mutually untrusted entities. The proposed solution can be applied in multi-tenant “IoT hubs” that interconnect diverse IoT silos and enable authorization of “guest” users, i.e., opportunistic users that have no trust relationship with the system, which has not encountered or known them before.
SESSION: System Analysis and Design
Bluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discoverable BLE devices expose a data structure called Generic Attribute (GATT) profile that describes supported features using concepts of services and characteristics. This profile can be accessed by any device in range and can expose users to privacy issues.
In this paper, we discuss how the GATT profile can be used to create a fingerprint that can be exploited to circumvent anti-tracking features of the BLE standard (i.e. MAC address randomization). Leveraging a dataset of more than 13000 profiles, we analyze the potential of this fingerprint and show that it can be used to uniquely identify a number of devices. We also shed light on several issues where GATT profiles can be mined to infer sensitive information that can impact privacy of users. Finally, we suggest solutions to mitigate those issues.
PoTN: A Novel Blockchain Consensus Protocol with Proof-of-Trust Negotiation in Distributed IoT Networks
As one of the fundamental characteristics of distributed IoT networks, blockchain has attracted tremendous interests from both the academics and industries. Recently, the key to support distributed IoT networks through blockchain is the consensus protocol with multi-miners selection. However, most of them are fixed-miners based, and thus offering opportunities for attackers to launch DoS attack against the fixed miners or manipulate the creation of blocks by bribing the fixed miners. In this paper, we propose a novel consensus protocol called proof-of-trust negotiation (PoTN). With negotiation rules, trust management is introduced to evaluate the trustworthiness of miners. In this basis, the random-honest miners selection can be achieved by the design of trusted random selection algorithm on the miner team. Simulation results show that PoTN is more effective than traditional consensus protocols in block creation.
Recently, industrial Internet-of-Things IoT has appeared and developed rapidly, and image data captured by IoT nodes or terminal devices is associated with user’s personal privacy information. In order to protect image data, image encryption mechanism provides a flexible and secure approach in retaining the secrecy of images transformation and storage in the Internet-of-Things systems. In this paper, we propose an efficient image encryption algorithm that can encrypt a large number of images. First, initial conditions of hyperchaotic Chen system are computed by SHA-512 and chaotic sequences. Then, pixel scrambling, image encryption and cyclic shift are employed to permute the plain image. The XOR operation is also constructed to improve correlation between pixels. Due to the sensitivity of SHA algorithm for the original input, each image has its own unique encryption parameter value. Simulation results and theoretical analysis demonstrate that, compared with related schemes, the proposed scheme is efficient and practical, and it can be used in the requirement of sensitive image protections such as internet of vehicles (IoVs) and wireless body area networks (WBAN).
SESSION: Next-gen IoT
With the development of cloud computing and artificial intelligence, the Internet of Things (IoT) products are gradually entering every corner of our lives and changing the way we live. Yet traditional computer authentication protocol cannot be used directly in the Internet of things devices, because of its limitations (e.g., simple CPU structure, low storage capacity, weak computing power, etc.). Therefore, the authentication protocol for the Internet of Things is an essential ingredient for securing the internet of things.
In this paper, we introduce the background of authentication protocol for the Internet of Things, analyze the differences of authentication protocol between computer and Internet of Things, and then illustrates the developing trend of IoT authentication protocol. Based on the thorough survey, we discuss the new features of the authentication protocol for the Internet of Things from three aspects: description, solution. opportunities. At last, we specify some difficulties for the research of authentication protocol in the IoT.
It is argued that the weakest link in the security chain is now the Internet of Things (IoT) and not the people. Hence, an increasing number of solutions are proposed to secure these devices. Here, we propose a PLuggable And Reprogrammable (PLAR) software architecture for IoT devices with the goal of securing the devices throughout their development and deployment life cycle. PLAR is an open source IoT device software solution composed of re-configurable and re-programmable modules. PLAR’s hub enables a device operator to specify security policies detailing specific security functions for an IoT device. Accordingly, after an initial analysis of the device, it may add new compatible modules or upgrade existing ones in real-time. It enables to tune the security capabilities of the device based on requirements of end-users/developers by over-riding the weak configurations. We present PLAR’s architecture and showcase its capabilities by discussing different usecases. We also report on our initial feasibility-study, where an IP camera, vulnerable to authentication attacks is reconfigured with an improved authentication module.
As an extension of cloud computing, fog computing environment as well as fog node plays an increasingly important role in internet of things (IoT). This technology provides IoT with more distributed and efficient applications and services. However, IoT nodes have so much variety and perform poorly, which leads to more security issues. For this situation, we initially design a security scheme for the IoT fog environment. Based on the combination of Blockchain and Trusted Execution Environment (TEE) technologies, the security of data storage and transmission from fog nodes to the cloud are ensured, thus ensuring the trustworthiness of the data source in the fog environment.