Skip to main content

If-This-Then-Allow-That (to Phone Home): A Trigger-Based Network Policy Enforcement Framework for Smart Homes

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13877))

Included in the following conference series:

  • 523 Accesses

Abstract

The Internet of Things (IoT) has become entrenched in many users’ networks due to the utility these Internet-connected objects provide. But this does not mean that users should unconditionally trust IoT devices on their networks. While several approaches exist for restricting network connectivity of IoT devices, these proposals typically identify legitimate traffic, and then permanently allow it to flow to or from the device. In this paper, we argue that this permanent access control can lead to privacy and security violations, and in many cases is not strictly required. We present If-This-Then-Allow-That (IFTAT), a framework that supports security policies that dynamically update network access control rules based on the type of access that is required at any given time. Device or environmental triggers such as motion sensors or mobile phone applications initiate the process of adding firewall exceptions, which are removed either automatically or after another trigger is activated. We describe a proof of concept implementation which shows how IFTAT can restrict the network access of untrusted IoT devices with little impact to the usability of these devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.raspberrypi.org/.

  2. 2.

    https://www.home-assistant.io/.

  3. 3.

    https://openwrt.org/.

  4. 4.

    https://esphome.io/.

  5. 5.

    https://iperf.fr/.

References

  1. Antonakakis, M., et al.: Understanding the Mirai botnet. In: USENIX Security Symposium, August 2017

    Google Scholar 

  2. de Graaf, R., Aycock, J., Jacobson, M.: Improved port knocking with strong authentication. In: Annual Computer Security Applications Conference (2005)

    Google Scholar 

  3. Dong, K., et al.: Real-time execution of trigger-action connection for home Internet-of-Things. In: IEEE INFOCOM 2022 - IEEE Conf. on Computer Communications (2022)

    Google Scholar 

  4. Goutam, S., Enck, W., Reaves, B.: Hestia: simple least privilege network policies for smart homes. In: ACM WiSec (2019)

    Google Scholar 

  5. Hamza, A., Ranathunga, D., Gharakheili, H.H., Roughan, M., Sivaraman, V.: Clear as MUD: generating, validating and applying IoT behavioral profiles. In: ACM SIGCOMM Workshop on IoT Security and Privacy (2018)

    Google Scholar 

  6. He, W., et al.: SoK: context sensing for access control in the adversarial home IoT. In: IEEE EuroS &P (2021)

    Google Scholar 

  7. Herwig, S., Harvey, K., Hughey, G., Roberts, R., Levin, D.: Measurement and analysis of Hajime, a peer-to-peer IoT botnet. In: NDSS Symposium (2019)

    Google Scholar 

  8. Huang, D.Y., Apthorpe, N., Li, F., Acar, G., Feamster, N.: IoT inspector: crowdsourcing labeled network traffic from smart home devices at scale. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 4(2), 1–21 (2020)

    Google Scholar 

  9. Lear, E., Droms, R., Romascanu, D.: Manufacturer usage description specification. RFC 8520, March 2019

    Google Scholar 

  10. Marchal, S., Miettinen, M., Nguyen, T.D., Sadeghi, A., Asokan, N.: AuDI: toward autonomous IoT device-type identification using periodic communication. IEEE J. Sel. Areas Commun. 37(6), 1402–1412 (2019)

    Article  Google Scholar 

  11. Mi, X., et al.: Resident evil: understanding residential IP proxy as a dark service. In: IEEE Symposium on Security and Privacy (2019)

    Google Scholar 

  12. Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: Conference on Distributed Computing Systems (ICDCS) (2017)

    Google Scholar 

  13. Mitev, R., Pazii, A., Miettinen, M., Enck, W., Sadeghi, A.R.: LeakyPick: IoT audio spy detector. In: Annual Computer Security Applications Conference (2020)

    Google Scholar 

  14. Newman, L.H.: An elaborate hack shows how much damage IoT bugs can do. WIRED, April 2018. https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do/

  15. Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.: D\(\ddot{\rm {I}}\)oT: a federated self-learning anomaly detection system for IoT. In: IEEE International Conference on Distributed Computing Systems, pp. 756–767 (2019)

    Google Scholar 

  16. OConnor, T., Enck, W., Reaves, B.: Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things. In: Conference on Security and Privacy in Wireless and Mobile Networks, pp. 140–150 (2019)

    Google Scholar 

  17. OConnor, T., Mohamed, R., Miettinen, M., Enck, W., Reaves, B., Sadeghi, A.R.: HomeSnitch: behavior transparency and control for smart home IoT devices. In: ACM WiSec (2019)

    Google Scholar 

  18. Ruiz, C., Pan, S., Bannis, A., Chang, M.P., Noh, H.Y., Zhang, P.: IDIoT: towards ubiquitous identification of IoT devices through visual and inertial orientation matching during human activity. In: IEEE/ACM International Conference on Internet-of-Things Design and Implementation (2020)

    Google Scholar 

  19. Seymour, W., Kraemer, M.J., Binns, R., Van Kleek, M.: Informing the design of privacy-empowering tools for the connected home. In: ACM Conference on Human Factors in Computing Systems (2020)

    Google Scholar 

  20. Talakala, G.H., Bapat, J.: Detecting spoofing attacks in Zigbee using device fingerprinting. In: IEEE Annual Consumer Communications Networking Conference (2021)

    Google Scholar 

  21. The Associated Press: Your smart fridge could be mining bitcoins for criminals. CBC News, June 2018. https://www.cbc.ca/news/science/bitcoin-hacking-smart-devices-1.4728222

  22. Thomasset, C., Barrera, D.: SERENIoT: distributed network security policy management and enforcement for smart homes. In: Annual Computer Security Applications Conference (2020)

    Google Scholar 

  23. Zhang, L., Tan, S., Wang, Z., Ren, Y., Wang, Z., Yang, J.: VibLive: a continuous liveness detection for secure voice user interface in IoT environment. In: Annual Computer Security Applications Conference (2020)

    Google Scholar 

Download references

Acknowledgement

The second and third authors acknowledge funding from the Natural Sciences and Engineering Research Council of Canada (NSERC) through the Discovery Grant program.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Furkan Alaca .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tam, A., Alaca, F., Barrera, D. (2023). If-This-Then-Allow-That (to Phone Home): A Trigger-Based Network Policy Enforcement Framework for Smart Homes. In: Jourdan, GV., Mounier, L., Adams, C., Sèdes, F., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2022. Lecture Notes in Computer Science, vol 13877. Springer, Cham. https://doi.org/10.1007/978-3-031-30122-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-30122-3_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-30121-6

  • Online ISBN: 978-3-031-30122-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics