IoT Notary: Sensor Data Attestation in Smart Environment

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced — IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals' privacy or service integrity. To address such concerns, we propose IoT Notary, a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable ‘proof-of-integrity,’ based on which a verifier can attest that captured sensor data adheres to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at UCI to provide various real-time location-based services in the campus. IoT Notary imposes nominal overheads for verification, thereby users can verify their data of one day in less than two seconds.

[1]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[2]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[3]  Dalton Cézane Gomes Valadares,et al.  Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX) , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[4]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[5]  Ahmad Ibrahim AID : Autonomous Attestation of IoT Devices , 2018 .

[6]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[7]  Qi Li,et al.  Interface-Based Side Channel Attack Against Intel SGX , 2018, ArXiv.

[8]  Ahmad-Reza Sadeghi,et al.  DARPA: Device Attestation Resilient to Physical Attacks , 2016, WISEC.

[9]  Alfred Kobsa,et al.  TIPPERS: A privacy cognizant IoT environment , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[10]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[11]  Jonathan Katz,et al.  vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[12]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[13]  Luigi V. Mancini,et al.  RADIS: Remote Attestation of Distributed IoT Services , 2018, 2019 Sixth International Conference on Software Defined Systems (SDS).

[14]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[15]  Dan Boneh,et al.  Certificate Transparency with Privacy , 2017, Proc. Priv. Enhancing Technol..

[16]  Mauro Conti,et al.  SANA: Secure and Scalable Aggregate Network Attestation , 2016, CCS.

[17]  Chris Clifton,et al.  Transforming Semi-Honest Protocols to Ensure Accountability , 2006, Sixth IEEE International Conference on Data Mining - Workshops (ICDMW'06).

[18]  Stephen Kwamena Aikins,et al.  Connectivity of Smart Devices: Addressing the Security Challenges of the Internet of Things , 2016 .

[19]  Shafi Goldwasser,et al.  Practical Accountability of Secret Processes , 2018, IACR Cryptol. ePrint Arch..

[20]  Alessandro Acquisti,et al.  Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online , 2016, SOUPS.

[21]  Hema Date,et al.  Security Mechanisms for Connectivity of Smart Devices in the Internet of Things , 2016 .

[22]  Ragib Hasan,et al.  Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service , 2016, IEEE Transactions on Dependable and Secure Computing.

[23]  David M'Raïhi,et al.  TOTP: Time-Based One-Time Password Algorithm , 2011 .

[24]  Atul Prakash,et al.  Security Implications of Permission Models in Smart-Home Application Frameworks , 2017, IEEE Security & Privacy.

[25]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[26]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[27]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[28]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29]  Juan Wang,et al.  Enabling Security-Enhanced Attestation With Intel SGX for Remote Terminal and IoT , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[30]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[31]  Gene Tsudik,et al.  Remote attestation of IoT devices via SMARM: Shuffled measurements against roving malware , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[32]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[33]  Nalini Venkatasubramanian,et al.  IoT Notary: Sensor Data Attestation in Smart Environment , 2019, 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA).