Learning Context-Aware Policies from Multiple Smart Homes via Federated Multi-Task Learning

Internet-of-Things (IoT) devices deployed in smart homes expose users to cyber threats that can cause privacy leakage (e.g., smart TV eavesdropping) or physical hazards (e.g., smart stove causing fire). Prior work has argued that to effectively detect and prevent such threats, contextual policies are needed to decide if an access to an IoT device should be allowed. Today, however, such contextual access control policies need to be manually generated by IoT developers or users via preinstallation or runtime prompts. Both approaches suffer from potential misconfigurations and often fail to provide coverage over the space of policies. In this paper, our goal is to build a machine learning framework to automatically learn the contextual access control policies from the observed behavioral patterns of users in smart homes. Designing such a learning framework is challenging on two fronts. First, the accuracy is constrained by insufficient data in some smart homes and the diversity of IoT access patterns across different smart homes. Second, since we rely on usage patterns of IoT devices, users will have privacy concerns. We address these challenges in designing LoFTI, a federated multi-task learning framework that learns customized context-aware policies from multiple smart homes in a privacy-preserving manner. Based on prior user studies, we identify six general types of features to capture contextual access patterns. We build a simple machine learning model with temporal structure to achieve a good trade-off between accuracy and communication/computation cost. We design a custom data augmentation mechanism to address the issue of unbalanced data in learning (i.e., few negative vs. normal samples). We show that LoFTI can achieve low false positives/false negatives, reducing the false negative rate by 24.2% and false positive rate by 49.5%, comparing with the state-of-the-art single-home learning and all-home learning mechanism.

[1]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[2]  Frédo Durand,et al.  Data augmentation using learned transforms for one-shot medical image segmentation , 2019, ArXiv.

[3]  Vitaly Shmatikov,et al.  Situational Access Control in the Internet of Things , 2018, CCS.

[4]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[5]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[6]  Musard Balliu,et al.  If This Then What?: Controlling Flows in IoT Apps , 2018, CCS.

[7]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[8]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[9]  Blase Ur,et al.  Rethinking Access Control and Authentication for the Home Internet of Things (IoT) , 2018, USENIX Security Symposium.

[10]  Ameet Talwalkar,et al.  Federated Multi-Task Learning , 2017, NIPS.

[11]  Robert C. Bolles,et al.  Random sample consensus: a paradigm for model fitting with applications to image analysis and automated cartography , 1981, CACM.

[12]  Lujo Bauer,et al.  Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes , 2017, WWW.

[13]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[14]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[15]  Stefan Saroiu,et al.  An Operating System for the Home , 2012, NSDI.