Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
158 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Ruledger: Ensuring Execution Integrity in Trigger-Action IoT Platforms (2402.19011v1)

Published 29 Feb 2024 in cs.CR

Abstract: Smart home IoT systems utilize trigger-action platforms, e.g., IFTTT, to manage devices from various vendors. However, they may be abused by triggering malicious rule execution with forged IoT devices or events violating the execution integrity and the intentions of the users. To address this issue, we propose a ledger based IoT platform called Ruledger, which ensures the correct execution of rules by verifying the authenticity of the corresponding information. Ruledger utilizes smart contracts to enforce verifying the information associated with rule executions, e.g., the user and configuration information from users, device events, and triggers in the trigger-action platforms. In particular, we develop three algorithms to enable ledger-wallet based applications for Ruledger and guarantee that the records used for verification are stateful and correct. Thus, the execution integrity of rules is ensured even if devices and platforms in the smart home systems are compromised. We prototype Ruledger in a real IoT platform, i.e., IFTTT, and evaluate the performance with various settings. The experimental results demonstrate Ruledger incurs an average of 12.53% delay, which is acceptable for smart home systems.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Apple Homekit. https://www.apple.com/ios/home/.
  2. FISCO-BCOS. https://github.com/FISCO-BCOS/FISCO-BCOS.
  3. IFTTT. https://ifttt.com/.
  4. Intel. https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/key-protection-technology-paper.pdf.
  5. Microsoft Flow. https://flow.microsoft.com/en-us/.
  6. MQTT. https://mosquitto.org/.
  7. OAuth website. https://oauth.net/2/.
  8. Secure Wallet. https://www.ecomi.com/.
  9. SmartThings WebIDE. https://graph.api.smartthings.com/.
  10. The Ethereum Project. https://www.ethereum.org.
  11. Unbound Tech. https://www.unboundtech.com/solutions/blockchain-key-management/.
  12. Zapier. https://zapier.com/.
  13. Sok: Security evaluation of home-based iot deployments. In IEEE S&P, pages 1362–1380, 2019.
  14. L. Xing D. Zhao XF Wang D. Zou H. Jin B. Yuan, Y. Jia and Y. Zhang. Shattered chain of trust: Understanding security risks in cross-cloud iot access delegation. In USENIX Security, 2020.
  15. M. Castro and B. Liskov. Practical byzantine fault tolerance. In OSDI, page 173–186, 1999.
  16. Cross-app interference threats in smart homes: Categorization, detection and handling. In DSN, pages 411–423, 2020.
  17. Fine-grained and controlled rewriting in blockchains: Chameleon-hashing gone attribute-based. IACR Cryptology ePrint Archive, 2019.
  18. A. Rahmati D. Simionato M. Conti E. Fernandes, J. Paupore and A. Prakash. Flowfence: Practical data protection for emerging iot application frameworks. In USENIX Security, pages 531–548, 2016.
  19. J. Jung E. Fernandes and A. Prakash. Security analysis of emerging smart home applications. In IEEE S&P, pages 636–654. IEEE, 2016.
  20. Decentralized action integrity for trigger-action iot platforms. In NDSS, 2018.
  21. M. Balliu I. Bastys and A. Sabelfeld. If this then what? controlling flows in iot apps. In CCS, page 1102–1119, 2018.
  22. J. Martinez N. Brackenbury S. Lu L. Zhang, W. He and B. Ur. Autotap: synthesizing and repairing trigger-action programs using ltl properties. In ICSE, pages 281–291, 2019.
  23. Mace: Detecting privilege escalation vulnerabilities in web applications. In CCS, page 690–701, 2014.
  24. L. Bauer A. Das M. Surbatovich, J. Aljuraidan and L. Jia. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of ifttt recipes. In WWW, page 1501–1510, 2017.
  25. D. Maesa and L. Mori, P.and Ricci. A blockchain based approach for the definition of auditable access control systems. Computers & Security, 84:93–119, 2019.
  26. D. Minoli and B. Occhiogrosso. Blockchain mechanisms for iot security. Internet of Things, 1:1–13, 2018.
  27. Os. Novo. Blockchain meets iot: An architecture for scalable access management in iot. IEEE Internet of Things, 5(2):1184–1195, 2018.
  28. D. Ongaro and J. Ousterhout. In search of an understandable consensus algorithm. In {{\{{USENIX}normal-}\}} ATC, pages 305–319, 2014.
  29. Fairaccess: a new blockchain-based access control framework for the internet of things. SCN, 9(18):5943–5964, 2016.
  30. Fear and logging in the internet of things. In NDSS.
  31. W. Yang S. Liu A. Bates Q. Wang, P. Datta and Carl A. Gunter. Charting the attack surface of trigger-action iot platforms. In CCS, pages 1439–1453, 2019.
  32. V. Shmatikov R. Schuster and E. Tromer. Situational access control in the internet of things. In CCS, page 1056–1073, 2018.
  33. S. Eberz S. Birnbach and I. Martinovic. Peeves: Physical event verification in smart homes. In CCS, page 1455–1467, 2019.
  34. J. Kim B. Cho S. Lee H. Kim S. Lee, J. Choi and J. Kim. Fact: Functionality-centric access control system for iot programming frameworks. In SACMAT, pages 43–54, 2017.
  35. Iot passport: A blockchain-based trust framework for collaborative internet-of-things. In SACMAT, pages 83–92, 2019.
  36. Y. Zhang X. Mi, F. Qian and XF. Wang. An empirical characterization of ifttt: Ecosystem, usage, and performance. In IMC, page 398–404, 2017.
  37. YH. Lin XF. Wang B. Ur XZ. Guo Y. Tian, N. Zhang and P. Tague. Smartauth: User-centered authorization for the internet of things. In USENIX Security, pages 361–378, 2017.
  38. G. Tan Z. Celik and P. McDaniel. Iotguard: Dynamic enforcement of security and safety policy in commodity iot. In NDSS, 2019.
  39. P. McDaniel Z. Celik and G. Tan. Soteria: Automated iot safety and security analysis. In USENIX ATC, pages 147–158, 2018.
  40. G. Zyskind and O. Nathan. Decentralizing privacy: Using blockchain to protect personal data. In IEEE S&P Workshops, pages 180–184, 2015.
Citations (13)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets