Billions of devices in the Internet of Things (IoT) are inter-connected over the internet and communicate with each other or end users. IoT devices communicate through messaging bots. These bots are important in IoT systems to automate and better manage the work flows. IoT devices are usually spread across many applications and are able to capture or generate substantial influx of big data. The integration of IoT with cloud computing to handle and manage big data, requires considerable security measures in order to prevent cyber attackers from adversarial use of such large amount of data. An attacker can simply utilize the messaging bots to perform malicious activities on a number of devices and thus bots pose serious cybersecurity hazards for IoT devices. Hence, it is important to detect the presence of malicious bots in the network. In this paper we propose an evidence theory-based approach for malicious bot detection. Evidence Theory, a.k.a. Dempster Shafer Theory (DST) is a probabilistic reasoning tool and has the unique ability to handle uncertainty, i.e. in the absence of evidence. It can be applied efficiently to identify a bot, especially when the bots have dynamic or polymorphic behavior. The key characteristic of DST is that the detection system may not need any prior information about the malicious signatures and profiles. In this work, we propose to analyze the network flow characteristics to extract key evidence for bot traces. We then quantify these pieces of evidence using apriori algorithm and apply DST to detect the presence of the bots.
more »
« less
This content will become publicly available on July 1, 2024
Trust TEE?: Exploring the Impact of Trusted Execution Environments on Smart Home Privacy Norms
IoT devices like smart cameras and speakers provide convenience but can collect sensitive information within private spaces. While research has investigated user perception of comfort with information flows originating from these types of devices, little focus has been given to the role of the sensing hardware in influencing these sentiments. Given the proliferation of trusted execution environments (TEEs) across commodity- and server-class devices, we surveyed 1049 American adults using the Contextual Integrity framework to understand how the inclusion of cloud-based TEEs in IoT ecosystems may influence comfort with data collection and use. We find that cloud-based TEEs significantly increase user comfort across information flows. These increases are more pronounced for devices manufactured by smaller companies and show that cloud-based TEEs can bridge the previously-documented gulfs in user trust between small and large companies. Sentiments around consent, bystander data, and indefinite retention are unaffected by the presence of TEEs, indicating the centrality of these norms.
more »
« less
- NSF-PAR ID:
- 10464261
- Date Published:
- Journal Name:
- Proceedings on Privacy Enhancing Technologies
- Volume:
- 2023
- Issue:
- 3
- ISSN:
- 2299-0984
- Page Range / eLocation ID:
- 5 to 23
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)There is an increasing emphasis on securing deep learning (DL) inference pipelines for mobile and IoT applications with privacy-sensitive data. Prior works have shown that privacy-sensitive data can be secured throughout deep learning inferences on cloud-offloaded models through trusted execution environments such as Intel SGX. However, prior solutions do not address the fundamental challenges of securing the resource-intensive inference tasks on low-power, low-memory devices (e.g., mobile and IoT devices), while achieving high performance. To tackle these challenges, we propose SecDeep, a low-power DL inference framework demonstrating that both security and performance of deep learning inference on edge devices are well within our reach. Leveraging TEEs with limited resources, SecDeep guarantees full confidentiality for input and intermediate data, as well as the integrity of the deep learning model and framework. By enabling and securing neural accelerators, SecDeep is the first of its kind to provide trusted and performant DL model inferencing on IoT and mobile devices. We implement and validate SecDeep by interfacing the ARM NN DL framework with ARM TrustZone. Our evaluation shows that we can securely run inference tasks with 16× to 172× faster performance than no acceleration approaches by leveraging edge-available accelerators.more » « less
-
Recent advances in cyber-physical systems, artificial intelligence, and cloud computing have driven the wide deployments of Internet-of-things (IoT) in smart homes. As IoT devices often directly interact with the users and environments, this paper studies if and how we could explore the collective insights from multiple heterogeneous IoT devices to infer user activities for home safety monitoring and assisted living. Specifically, we develop a new system, namely IoTMosaic, to first profile diverse user activities with distinct IoT device event sequences, which are extracted from smart home network traffic based on their TCP/IP data packet signatures. Given the challenges of missing and out-of-order IoT device events due to device malfunctions or varying network and system latencies, IoTMosaic further develops simple yet effective approximate matching algorithms to identify user activities from real-world IoT network traffic. Our experimental results on thousands of user activities in the smart home environment over two months show that our proposed algorithms can infer different user activities from IoT network traffic in smart homes with the overall accuracy, precision, and recall of 0.99, 0.99, and 1.00, respectively.more » « less
-
The ever increasing amount of personal data accumulated by companies offering innovative services through the cloud, Internet of Things devices and, more recently, social robots has started to alert consumers and legislative authorities. In the advent of the first modern laws trying to protect user privacy, such as the European Union General Data Protection Regulation, it is still unclear what are the tools and techniques that the industry should employ to comply with regulations in a transparent and cost effective manner. We propose an architecture for a public blockchain based ledger that can provide strong evidence of policy compliance. To address scalability concerns, we define a new type of off-chain channel that is based on general state channels and offers verification for information external to the blockchain. We also create a model of the business relationships in a smart home setup that includes a social robot and suggest a sticky policy mechanism to monitor cross-boundary policy compliance.more » « less
-
null (Ed.)Anxiety disorders affect more than 18 percent of the population and is the most common mental illnesses in the US. There is a great demand to address this emerging epidemic with tools to differentiate and diagnose such disorders, and to create awareness especially in places like NorthEast Texas which is home to 1.5 million people with 58 percent of them living in rural areas. The goal of the proposed device is to diagnose as many anxiety disorders as possible, in real-time using the diagnosing wearable framework, SolicitudeSavvy, which uses technology such as the Internet of Things (IoT), a network of interconnected devices, to accomplish such a task. The proposed IoT-based device has two components: a custom-built wearable necklace that contains sensors to collect data about the user as they go about their day and a low-cost portable system that monitors Electrooculography (EoG) signals using a camera. The partial necklace attaches to the shirt and opens halfway around the wearer's neck and the EoG can be attached to any eyewear. The device monitors the user throughout the day, and even as they go to bed at night. This information is accumulated in the IoT cloud and analyzed to see exactly what type of disorder(s) the patient may suffer from. The authorized personnel i.e. doctor or therapist can use this pattern to find a treatment that best suits them and is most likely to resolve their affliction.more » « less
