skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Trust TEE?: Exploring the Impact of Trusted Execution Environments on Smart Home Privacy Norms
IoT devices like smart cameras and speakers provide convenience but can collect sensitive information within private spaces. While research has investigated user perception of comfort with information flows originating from these types of devices, little focus has been given to the role of the sensing hardware in influencing these sentiments. Given the proliferation of trusted execution environments (TEEs) across commodity- and server-class devices, we surveyed 1049 American adults using the Contextual Integrity framework to understand how the inclusion of cloud-based TEEs in IoT ecosystems may influence comfort with data collection and use. We find that cloud-based TEEs significantly increase user comfort across information flows. These increases are more pronounced for devices manufactured by smaller companies and show that cloud-based TEEs can bridge the previously-documented gulfs in user trust between small and large companies. Sentiments around consent, bystander data, and indefinite retention are unaffected by the presence of TEEs, indicating the centrality of these norms.  more » « less
Award ID(s):
2211507 1704139 2211508
PAR ID:
10464261
Author(s) / Creator(s):
;
Date Published:
Journal Name:
Proceedings on Privacy Enhancing Technologies
Volume:
2023
Issue:
3
ISSN:
2299-0984
Page Range / eLocation ID:
5 to 23
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 2018 IEEE International Conference on Big Data (Big Data))
    Billions of devices in the Internet of Things (IoT) are inter-connected over the internet and communicate with each other or end users. IoT devices communicate through messaging bots. These bots are important in IoT systems to automate and better manage the work flows. IoT devices are usually spread across many applications and are able to capture or generate substantial influx of big data. The integration of IoT with cloud computing to handle and manage big data, requires considerable security measures in order to prevent cyber attackers from adversarial use of such large amount of data. An attacker can simply utilize the messaging bots to perform malicious activities on a number of devices and thus bots pose serious cybersecurity hazards for IoT devices. Hence, it is important to detect the presence of malicious bots in the network. In this paper we propose an evidence theory-based approach for malicious bot detection. Evidence Theory, a.k.a. Dempster Shafer Theory (DST) is a probabilistic reasoning tool and has the unique ability to handle uncertainty, i.e. in the absence of evidence. It can be applied efficiently to identify a bot, especially when the bots have dynamic or polymorphic behavior. The key characteristic of DST is that the detection system may not need any prior information about the malicious signatures and profiles. In this work, we propose to analyze the network flow characteristics to extract key evidence for bot traces. We then quantify these pieces of evidence using apriori algorithm and apply DST to detect the presence of the bots. 
    more » « less
  2. ; ; ; (, ACM Transactions on Internet Technology)
    Internet of Things (IoT) devices have been increasingly deployed in smart homes to automatically monitor and control their environments. Unfortunately, extensive recent research has shown that on-path external adversaries can infer and further fingerprint people’s sensitive private information by analyzing IoT network traffic traces. In addition, most recent approaches that aim to defend against these malicious IoT traffic analytics cannot adequately protect user privacy with reasonable traffic overhead. In particular, these approaches often did not consider practical traffic reshaping limitations, user daily routine permitting, and user privacy protection preference in their design. To address these issues, we design a new low-cost, open source user-centric defense system—PrivacyGuard—that enables people to regain the privacy leakage control of their IoT devices while still permitting sophisticated IoT data analytics that is necessary for smart home automation. In essence, our approach employs intelligent deep convolutional generative adversarial network assisted IoT device traffic signature learning, long short-term memory based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from five smart homes and buildings. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art adversarial machine learning and deep learning based user in-home activity inference and fingerprinting attacks and help users achieve the balance between their IoT data utility and privacy preserving. 
    more » « less
  3. ; ; ; (, IEEE INFOCOM2022)
    Recent advances in cyber-physical systems, artificial intelligence, and cloud computing have driven the wide deployments of Internet-of-things (IoT) in smart homes. As IoT devices often directly interact with the users and environments, this paper studies if and how we could explore the collective insights from multiple heterogeneous IoT devices to infer user activities for home safety monitoring and assisted living. Specifically, we develop a new system, namely IoTMosaic, to first profile diverse user activities with distinct IoT device event sequences, which are extracted from smart home network traffic based on their TCP/IP data packet signatures. Given the challenges of missing and out-of-order IoT device events due to device malfunctions or varying network and system latencies, IoTMosaic further develops simple yet effective approximate matching algorithms to identify user activities from real-world IoT network traffic. Our experimental results on thousands of user activities in the smart home environment over two months show that our proposed algorithms can infer different user activities from IoT network traffic in smart homes with the overall accuracy, precision, and recall of 0.99, 0.99, and 1.00, respectively. 
    more » « less
  4. ; ; ; ; (, IoTDI '21: Proceedings of the International Conference on Internet-of-Things Design and Implementation)
    null (Ed.)
    There is an increasing emphasis on securing deep learning (DL) inference pipelines for mobile and IoT applications with privacy-sensitive data. Prior works have shown that privacy-sensitive data can be secured throughout deep learning inferences on cloud-offloaded models through trusted execution environments such as Intel SGX. However, prior solutions do not address the fundamental challenges of securing the resource-intensive inference tasks on low-power, low-memory devices (e.g., mobile and IoT devices), while achieving high performance. To tackle these challenges, we propose SecDeep, a low-power DL inference framework demonstrating that both security and performance of deep learning inference on edge devices are well within our reach. Leveraging TEEs with limited resources, SecDeep guarantees full confidentiality for input and intermediate data, as well as the integrity of the deep learning model and framework. By enabling and securing neural accelerators, SecDeep is the first of its kind to provide trusted and performant DL model inferencing on IoT and mobile devices. We implement and validate SecDeep by interfacing the ARM NN DL framework with ARM TrustZone. Our evaluation shows that we can securely run inference tasks with 16× to 172× faster performance than no acceleration approaches by leveraging edge-available accelerators. 
    more » « less
  5. ; (, Microservices 2022)
    The constant and rapid evolution of technology has led to some amazing achievements. Normal people can communicate with others across the globe, relatively cheap Internet of Things (IoT) devices can be used to secure homes, track fitness and health, control appliances, etc., many people have access to a seemingly endless wealth of information in small devices in their pockets, organizations can provide high availability for important services by spinning up/down servers in minutes to scale with demand through cloud services, etc. However, not everyone who uses these technologies does so with a pure heart and good intentions, many people use them to commit or help commit crimes. A nefarious individual may use cloud services to host a highly available Command and Control (C2) server, a messaging app to form and communicate with a gang or hacking group, or IoT devices as part of a botnet designed to perform Distributed Denial of Service (DDoS) attacks. When these technologies are used in the commission of a crime, they hold valuable information that needs to be recovered forensically to use as evidence to convict the perpetrators. Unfortunately, that ever-evolving technology poses many challenges for digital forensics. This paper identifies and presents many of the challenges faced in digital forensics involving mobile devices, IoT devices, and cloud services in addition to proposing a framework for solving the IoT Forensic Data Analysis problem. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email