• Corpus ID: 237492034

Towards Practical Integrity in the Smart Home with HomeEndorser

@article{Kafle2021TowardsPI,
  title={Towards Practical Integrity in the Smart Home with HomeEndorser},
  author={Kaushal Kafle and Kirti Jagtap and Mansoor Ahmed-Rengers and Trent Jaeger and Adwait Nadkarni},
  journal={ArXiv},
  year={2021},
  volume={abs/2109.05139}
}
Home automation in modern smart home platforms is often facilitated using trigger-action routines. While such routines enable flexible automation, they also lead to an instance of the integrity problem in these systems: untrusted third-parties may use platform APIs to modify the abstract home objects (AHOs) that privileged, highintegrity devices such as security cameras rely on (i.e., as triggers), thereby transitively attacking them. As most accesses to AHOs are legitimate, removing the… 

Figures and Tables from this paper

References

SHOWING 1-10 OF 65 REFERENCES
Security in Centralized Data Store-based Home Automation Platforms
TLDR
This article describes a systematic security evaluation of two popular smart home platforms, Google’s Nest platform and Philips Hue, which implement home automation “routines” (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store.
A Study of Data Store-based Home Automation
TLDR
A systematic security evaluation of two popular smart home platforms that implement home automation "routines" via manipulation of state variables in a centralized data store draws attention to the unique security challenges of platforms that execute routines via centralized data stores, and highlights the importance of enforcing security by design in emerging home automation platforms.
Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses
TLDR
The design and implementation of Hεlion is described, a framework that generates natural home automation scenarios by identifying the regularities in user-driven home automation sequences, which are in turn generated from routines created by end-users.
Tyche: A Risk-Based Permission Model for Smart Homes
TLDR
Tyche, a secure development methodology that leverages the risk-asymmetry in physical device operations to limit the risk that apps pose to smart home users, without increasing the user's decision overhead, is presented.
SmartAuth: User-Centered Authorization for the Internet of Things
TLDR
The technique, called SmartAuth, automatically collects security-relevant information from an IoT app’s description, code and annotations, and generates an authorization user interface to bridge the gap between the functionalities explained to the user and the operations the app actually performs.
Peeves: Physical Event Verification in Smart Homes
TLDR
The goal of this paper is to verify physical events using data from an ensemble of sensors that are commonly found in smart homes, and shows that even a strong opportunistic attacker is inherently limited to spoofing few select events and that doing so involves lengthy waiting periods.
Fear and Logging in the Internet of Things
TLDR
This work presents ProvThings, a platform-centric approach to centralized auditing in the Internet of Things, which performs efficient automated instrumentation of IoT apps and device APIs in order to generate data provenance that provides a holistic explanation of system activities, including malicious behaviors.
Situational Access Control in the Internet of Things
TLDR
This work designs and implements a new approach to IoT access control and introduces "environmental situation oracles'' (ESOs) as first-class objects in the IoT ecosystem, which reduces inefficiency, supports consistent enforcement of common policies, and reduces overprivileging.
Improving Smart Home Security: Integrating Logical Sensing Into Smart Home
TLDR
This paper classifies natural access points to a home as primary and secondary access points depending on their use and proposes the use of logic-based security algorithms to improve home security.
Security Analysis of Emerging Smart Home Applications
TLDR
This paper analyzed Samsung-owned SmartThings, which has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, fire alarms, and door locks, and discovered two intrinsic design flaws that lead to significant overprivilege in SmartApps.
...
...