Charting the Attack Surface of Trigger-Action IoT Platforms

Wang, Qi; Datta, P. K.; Yang, Wei; Liu, Si; Bates, Adam; Gunter, Carl A.

doi:10.1145/3319535.3345662

Cited by 115 publications

(110 citation statements)

References 55 publications

(49 reference statements)

Supporting

Mentioning

110

Contrasting

Order By: Relevance

“…To compare the two approaches, we used the Alloy Analyzer [20] to generate counterexamples for safety properties for seven types of possible interactions between co-located apps in a smart home IoT system. The definitions of these safety properties were adapted from prior work [2,11,13,31]. We translated each safety property into a pair of assertions-one for the state-based model and the other for the rule-based model.…”

Section: Methodsmentioning

confidence: 99%

“…The safety properties can then be defined to describe paths between those rules that violate properties describing the coordination between apps (cf. Wang, et al [31]).…”

Section: Formal Model Of App Coordinationmentioning

confidence: 99%

“…In this assertion, the solver is looking for an instance where two rules send two conflicting commands to the same device from a shared system state (cf. the Action Conflict vulnerability described in Wang, et al [31]). The satisfies_rule predicate used on Lines 5-6 returns true if the shared state (sys.prev) satisfies the two rules r and r', respectively.…”

Section: State-based Modelmentioning

confidence: 99%

“…To determine whether rule-based properties are more scalable than the common state-based approach, we analyzed 325 randomly generated bundles of apps drawn from a corpus of 222 real-world IoT apps using both our state-based and rule-based models. We checked both systems for instances of seven general types of app coordination drawn from the literature [11,13,24], such as the Action Conflict and Action Loop inter-rule vulnerabilities described in Wang, et al [31] We tracked the time taken by the Alloy Analyzer to find up to a single counterexample for each assertion and compared the performance of each approach both as the number of apps and rules in the bundles increased.…”

Section: Rq1: State-vs Rule-based Analysismentioning

confidence: 99%

See 3 more Smart Citations

Comparing formal models of IoT app coordination analysis

Stevens

Alhanahnah

Yan

et al. 2020

Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security From Design to Deployment

View full text Add to dashboard Cite

The rising popularity of the Internet-of-Things (IoT) devices has driven their increasing adoption in various settings, such as modern homes. IoT systems integrate such physical devices with third-party apps, which can coordinate in arbitrary ways. However, malicious or undesired coordination can lead to serious vulnerabilities. This paper explores two different ways, i.e., a commonly-used statebased approach and a holistic, rule-based approach, to formally model app coordination and the safety and security thereof in the context of IoT platforms. The less common rule-base approach allows for a smaller, more scalable model. We realize both modeling approaches using bounded model checking with Alloy to automatically identify potential cases where apps exhibit coordination relationships. We evaluate the effectiveness of the modeling approaches by checking a corpus of real-world IoT apps of Samsung SmartThings and IFTTT. The experimental results demonstrate that our rule-based modeling leads to a more scalable analysis. CCS CONCEPTS • Security and privacy → Software and application security.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The safety properties can then be defined to describe paths between those rules that violate properties describing the coordination between apps (cf. Wang, et al [31]).…”

Section: Formal Model Of App Coordinationmentioning

confidence: 99%

Section: State-based Modelmentioning

confidence: 99%

Section: Rq1: State-vs Rule-based Analysismentioning

confidence: 99%

See 2 more Smart Citations

Comparing formal models of IoT app coordination analysis

Stevens

Alhanahnah

Yan

et al. 2020

Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security From Design to Deployment

View full text Add to dashboard Cite

show abstract

“…In recent years, many security mechanisms (e.g. [16,27,35,39]) adopt machine learning methods to achieve anomaly detection. Aegis [35] observes different user activities and usage patterns and builds a contextual model to differentiate malicious and benign behavior.…”

Section: Existing Security Mechanisms In Iotmentioning

confidence: 99%

AuthCTC: Defending Against Waveform Emulation Attack in Heterogeneous IoT Environments

Zhang

Huang

et al. 2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Widely deployed IoT devices have raised serious concerns for the spectrum shortage and the cost of multi-protocol gateway deployment. Recent emerging Cross-Technology Communication (CTC) technique can alleviate this issue by enabling direct communication among heterogeneous wireless devices, such as WiFi, Bluetooth, and ZigBee on 2.4 GHz. However, this new paradigm also brings security risks, where an attacker can use CTC to launch wireless attacks against IoT devices. Due to limited computational capability and different wireless protocols being used, many IoT devices are unable to use computationally-intensive cryptographic approaches for security enhancement. Therefore, without proper detection methods, IoT devices cannot distinguish signal sources before executing command signals. In this paper, we first demonstrate a new defined physical layer attack in the CTC scenario, named as waveform emulation attack, where a WiFi device can overhear and emulate the ZigBee waveform to attack ZigBee IoT devices. Then, to defend against this new attack, we propose a physical layer defensive mechanism, named as AuthCTC, to verify the legitimacy of CTC signals. Specifically, at the sender side, an authorization code is embedded into the packet preamble by leveraging the dynamically changed cyclic prefix. A WiFi-based detector is used to verify the authorization code at the receiver side. Extensive simulations and experiments using off-the-shelf devices are conducted to demonstrate both the feasibility of the attack and the effectiveness of our defensive mechanism. CCS CONCEPTS • Security and privacy → Authorization; • Networks → Mobile and wireless security.

show abstract

On the Privacy Risks of Compromised Trigger-Action Platforms

Chiang

Hsiao

et al. 2020

Computer Security – ESORICS 2020

View full text Add to dashboard Cite

Charting the Attack Surface of Trigger-Action IoT Platforms

Cited by 115 publications

References 55 publications

Comparing formal models of IoT app coordination analysis

Comparing formal models of IoT app coordination analysis

AuthCTC: Defending Against Waveform Emulation Attack in Heterogeneous IoT Environments

On the Privacy Risks of Compromised Trigger-Action Platforms

Contact Info

Product

Resources

About