Abstract
The Internet of Things (IoT) has become entrenched in many users’ networks due to the utility these Internet-connected objects provide. But this does not mean that users should unconditionally trust IoT devices on their networks. While several approaches exist for restricting network connectivity of IoT devices, these proposals typically identify legitimate traffic, and then permanently allow it to flow to or from the device. In this paper, we argue that this permanent access control can lead to privacy and security violations, and in many cases is not strictly required. We present If-This-Then-Allow-That (IFTAT), a framework that supports security policies that dynamically update network access control rules based on the type of access that is required at any given time. Device or environmental triggers such as motion sensors or mobile phone applications initiate the process of adding firewall exceptions, which are removed either automatically or after another trigger is activated. We describe a proof of concept implementation which shows how IFTAT can restrict the network access of untrusted IoT devices with little impact to the usability of these devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Antonakakis, M., et al.: Understanding the Mirai botnet. In: USENIX Security Symposium, August 2017
de Graaf, R., Aycock, J., Jacobson, M.: Improved port knocking with strong authentication. In: Annual Computer Security Applications Conference (2005)
Dong, K., et al.: Real-time execution of trigger-action connection for home Internet-of-Things. In: IEEE INFOCOM 2022 - IEEE Conf. on Computer Communications (2022)
Goutam, S., Enck, W., Reaves, B.: Hestia: simple least privilege network policies for smart homes. In: ACM WiSec (2019)
Hamza, A., Ranathunga, D., Gharakheili, H.H., Roughan, M., Sivaraman, V.: Clear as MUD: generating, validating and applying IoT behavioral profiles. In: ACM SIGCOMM Workshop on IoT Security and Privacy (2018)
He, W., et al.: SoK: context sensing for access control in the adversarial home IoT. In: IEEE EuroS &P (2021)
Herwig, S., Harvey, K., Hughey, G., Roberts, R., Levin, D.: Measurement and analysis of Hajime, a peer-to-peer IoT botnet. In: NDSS Symposium (2019)
Huang, D.Y., Apthorpe, N., Li, F., Acar, G., Feamster, N.: IoT inspector: crowdsourcing labeled network traffic from smart home devices at scale. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 4(2), 1–21 (2020)
Lear, E., Droms, R., Romascanu, D.: Manufacturer usage description specification. RFC 8520, March 2019
Marchal, S., Miettinen, M., Nguyen, T.D., Sadeghi, A., Asokan, N.: AuDI: toward autonomous IoT device-type identification using periodic communication. IEEE J. Sel. Areas Commun. 37(6), 1402–1412 (2019)
Mi, X., et al.: Resident evil: understanding residential IP proxy as a dark service. In: IEEE Symposium on Security and Privacy (2019)
Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: Conference on Distributed Computing Systems (ICDCS) (2017)
Mitev, R., Pazii, A., Miettinen, M., Enck, W., Sadeghi, A.R.: LeakyPick: IoT audio spy detector. In: Annual Computer Security Applications Conference (2020)
Newman, L.H.: An elaborate hack shows how much damage IoT bugs can do. WIRED, April 2018. https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do/
Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.: D\(\ddot{\rm {I}}\)oT: a federated self-learning anomaly detection system for IoT. In: IEEE International Conference on Distributed Computing Systems, pp. 756–767 (2019)
OConnor, T., Enck, W., Reaves, B.: Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things. In: Conference on Security and Privacy in Wireless and Mobile Networks, pp. 140–150 (2019)
OConnor, T., Mohamed, R., Miettinen, M., Enck, W., Reaves, B., Sadeghi, A.R.: HomeSnitch: behavior transparency and control for smart home IoT devices. In: ACM WiSec (2019)
Ruiz, C., Pan, S., Bannis, A., Chang, M.P., Noh, H.Y., Zhang, P.: IDIoT: towards ubiquitous identification of IoT devices through visual and inertial orientation matching during human activity. In: IEEE/ACM International Conference on Internet-of-Things Design and Implementation (2020)
Seymour, W., Kraemer, M.J., Binns, R., Van Kleek, M.: Informing the design of privacy-empowering tools for the connected home. In: ACM Conference on Human Factors in Computing Systems (2020)
Talakala, G.H., Bapat, J.: Detecting spoofing attacks in Zigbee using device fingerprinting. In: IEEE Annual Consumer Communications Networking Conference (2021)
The Associated Press: Your smart fridge could be mining bitcoins for criminals. CBC News, June 2018. https://www.cbc.ca/news/science/bitcoin-hacking-smart-devices-1.4728222
Thomasset, C., Barrera, D.: SERENIoT: distributed network security policy management and enforcement for smart homes. In: Annual Computer Security Applications Conference (2020)
Zhang, L., Tan, S., Wang, Z., Ren, Y., Wang, Z., Yang, J.: VibLive: a continuous liveness detection for secure voice user interface in IoT environment. In: Annual Computer Security Applications Conference (2020)
Acknowledgement
The second and third authors acknowledge funding from the Natural Sciences and Engineering Research Council of Canada (NSERC) through the Discovery Grant program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tam, A., Alaca, F., Barrera, D. (2023). If-This-Then-Allow-That (to Phone Home): A Trigger-Based Network Policy Enforcement Framework for Smart Homes. In: Jourdan, GV., Mounier, L., Adams, C., Sèdes, F., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2022. Lecture Notes in Computer Science, vol 13877. Springer, Cham. https://doi.org/10.1007/978-3-031-30122-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-30122-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30121-6
Online ISBN: 978-3-031-30122-3
eBook Packages: Computer ScienceComputer Science (R0)