• Corpus ID: 203952988

New Problems and Solutions in IoT Security and Privacy

  title={New Problems and Solutions in IoT Security and Privacy},
  author={Earlence Fernandes and Amir Rahmati and Nick Feamster},
In a previous article for S&P magazine, we made a case for the new intellectual challenges in the Internet of Things security research. In this article, we revisit our earlier observations and discuss a few results from the computer security community that tackle new issues. Using this sampling of recent work, we identify a few broad general themes for future work. 

Tables from this paper

An Ensemble-Based Multiclass Classifier for Intrusion Detection Using Internet of Things

The article exhibits that external users can access the IoT devices and infer the victim user's activity by sniffing the network traffic, and presents the performance of various bagging and boosting ensemble decision tree techniques of machine learning in the design of an efficient IDS.

Anomalous behavior detection-based approach for authenticating smart home system users

Through an empirical evaluation conducted on real-world data, Duenna exhibits high authentication rates ensuring both security and user experience, and shows that a user behavior-based approach is a promising security scheme that could be integrated into existing SHS platforms.



Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?

The Internet of Things is a new computing paradigm that spans wearable devices, homes, hospitals, cities, transportation, and critical infrastructure, and what new problems and challenges in this space will require new security mechanisms.

Securing vulnerable home IoT devices with an in-hub security manager

A central security manager that is built on top of the smarthome's hub or gateway router and positioned to intercept all traffic to and from devices is proposed.

Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic

It is demonstrated that an ISP or other network observer can infer privacy sensitive in-home activities by analyzing Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption.

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

This paper proposes that access control focus on IoT capabilities (i. e., certain actions that devices can perform), rather than on a per-device granularity, and pinpoint necessary primitives for specifying more complex, yet desired, access-control policies.

Soteria: Automated IoT Safety and Security Analysis

Soteria, a static analysis system for validating whether an IoT app or IoT environment (collection of apps working in concert) adheres to identified safety, security, and functional properties, is presented.

Situational Access Control in the Internet of Things

This work designs and implements a new approach to IoT access control and introduces "environmental situation oracles'' (ESOs) as first-class objects in the IoT ecosystem, which reduces inefficiency, supports consistent enforcement of common policies, and reduces overprivileging.

On the Safety of IoT Device Physical Interaction Control

A framework called IoTMon is proposed that discovers any possible physical interactions and generates all potential interaction chains across applications in the IoT environment and includes an assessment of the safety risk of each discovered inter-app interaction chain based on its physical influence.

End User Security and Privacy Concerns with Smart Homes

G gaps in threat models arising from limited technical understanding of smart homes, awareness of some security issues but limited concern, ad hoc mitigation strategies, and a mismatch between the concerns and power of the smart home administrator and other people in the home are identified.

Decentralized Action Integrity for Trigger-Action IoT Platforms

This work introduces Decentralized Action Integrity, a security principle that prevents an untrusted trigger-action platform from misusing compromised OAuth tokens in ways that are inconsistent with any given user’s set of trigger- action rules.

Security Analysis of Emerging Smart Home Applications

This paper analyzed Samsung-owned SmartThings, which has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, fire alarms, and door locks, and discovered two intrinsic design flaws that lead to significant overprivilege in SmartApps.