• Corpus ID: 203952988

New Problems and Solutions in IoT Security and Privacy

@article{Fernandes2019NewPA,
  title={New Problems and Solutions in IoT Security and Privacy},
  author={Earlence Fernandes and Amir Rahmati and Nick Feamster},
  journal={ArXiv},
  year={2019},
  volume={abs/1910.03686}
}
In a previous article for S&P magazine, we made a case for the new intellectual challenges in the Internet of Things security research. In this article, we revisit our earlier observations and discuss a few results from the computer security community that tackle new issues. Using this sampling of recent work, we identify a few broad general themes for future work. 

Tables from this paper

An Ensemble-Based Multiclass Classifier for Intrusion Detection Using Internet of Things

TLDR
The article exhibits that external users can access the IoT devices and infer the victim user's activity by sniffing the network traffic, and presents the performance of various bagging and boosting ensemble decision tree techniques of machine learning in the design of an efficient IDS.

Anomalous behavior detection-based approach for authenticating smart home system users

TLDR
Through an empirical evaluation conducted on real-world data, Duenna exhibits high authentication rates ensuring both security and user experience, and shows that a user behavior-based approach is a promising security scheme that could be integrated into existing SHS platforms.

References

SHOWING 1-10 OF 19 REFERENCES

Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?

TLDR
The Internet of Things is a new computing paradigm that spans wearable devices, homes, hospitals, cities, transportation, and critical infrastructure, and what new problems and challenges in this space will require new security mechanisms.

Securing vulnerable home IoT devices with an in-hub security manager

TLDR
A central security manager that is built on top of the smarthome's hub or gateway router and positioned to intercept all traffic to and from devices is proposed.

Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic

TLDR
It is demonstrated that an ISP or other network observer can infer privacy sensitive in-home activities by analyzing Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption.

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

TLDR
This paper proposes that access control focus on IoT capabilities (i. e., certain actions that devices can perform), rather than on a per-device granularity, and pinpoint necessary primitives for specifying more complex, yet desired, access-control policies.

Soteria: Automated IoT Safety and Security Analysis

TLDR
Soteria, a static analysis system for validating whether an IoT app or IoT environment (collection of apps working in concert) adheres to identified safety, security, and functional properties, is presented.

Situational Access Control in the Internet of Things

TLDR
This work designs and implements a new approach to IoT access control and introduces "environmental situation oracles'' (ESOs) as first-class objects in the IoT ecosystem, which reduces inefficiency, supports consistent enforcement of common policies, and reduces overprivileging.

End User Security and Privacy Concerns with Smart Homes

TLDR
G gaps in threat models arising from limited technical understanding of smart homes, awareness of some security issues but limited concern, ad hoc mitigation strategies, and a mismatch between the concerns and power of the smart home administrator and other people in the home are identified.

Decentralized Action Integrity for Trigger-Action IoT Platforms

TLDR
This work introduces Decentralized Action Integrity, a security principle that prevents an untrusted trigger-action platform from misusing compromised OAuth tokens in ways that are inconsistent with any given user’s set of trigger- action rules.

Security Analysis of Emerging Smart Home Applications

TLDR
This paper analyzed Samsung-owned SmartThings, which has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, fire alarms, and door locks, and discovered two intrinsic design flaws that lead to significant overprivilege in SmartApps.

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

TLDR
This work reveals a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid.