Achieving IoT Devices Secure Sharing in Multi-User Smart Space

Multiple users often share their Internet of Things (IoT) devices in a smart space. However, existing IoT systems do not support IoT sharing between multiple users or take into account the security risks associated with using shared devices. We address this problem by proposing a new multi-user IoT Secure Sharing (IoTSS) system supported by a newly designed sharing policy language. Our approach treats the policies as constraints in the context of an optimisation problem to fulfil user activities using the least vulnerable devices. We show how IoT sharing can be transformed into an equivalent Integer Linear Programming (ILP) problem, which can be solved efficiently and effectively by off-the-shelf Integer ILP solvers. To study the practical feasibility of IoTSS, we have implemented a proof-of-concept proxy-based prototype for the popularly used Mozilla WebThings Gateway. We found that the proxy service can achieve policies enforcement without incurring statistically significant time overhead.

[1]  Peter J. Stuckey Lazy Clause Generation: Combining the Power of SAT and CP (and MIP?) Solving , 2010, CPAIOR.

[2]  Ian Welch,et al.  Towards Secure Smart Home IoT: Manufacturer and User Network Access Control Framework , 2018, 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA).

[3]  Aarathi Prasad,et al.  Enabling Multi-user Controls in Smart Home Devices , 2017, IoT S&P@CCS.

[4]  G. Nemhauser,et al.  Integer Programming , 2020 .

[5]  Kehuan Zhang,et al.  Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[6]  Marta E. Cecchinato,et al.  Degrees of Agency in Owners and Users of Home IoT Devices , 2017, CHI 2017.

[7]  Ian Welch,et al.  IoT Application-Centric Access Control (ACAC) , 2019, AsiaCCS.

[8]  Siân E. Lindley,et al.  Things We Own Together: Sharing Possessions at Home , 2016, CHI.

[9]  Ian Welch,et al.  Automatic Device Selection and Access Policy Generation Based on User Preference for IoT Activity Workflow , 2019, 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[10]  Lia Purpura On Tools , 2012 .

[11]  Peng Liu,et al.  Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms , 2018, USENIX Security Symposium.

[12]  Vitaly Shmatikov,et al.  Situational Access Control in the Internet of Things , 2018, CCS.

[13]  Radhika Garg,et al.  Understanding Motivators, Constraints, and Practices of Sharing Internet of Things , 2019, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[14]  Fiona Fui-Hoon Nah,et al.  A study on tolerable waiting time: how long are Web users willing to wait? , 2004, AMCIS.

[15]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[16]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[17]  Proyash Podder,et al.  Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms , 2019, SACMAT.

[18]  Franziska Roesner,et al.  Who's In Control?: Interactions In Multi-User Smart Homes , 2019, CHI.

[19]  P. G. Allen,et al.  Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study , 2019 .

[20]  William Enck,et al.  Hestia: simple least privilege network policies for smart homes , 2019, WiSec.

[21]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[22]  Peter Rossmanith,et al.  Simulated Annealing , 2008, Taschenbuch der Algorithmen.