Fear and Logging in the Internet of Things

As the Internet of Things (IoT) continues to proliferate, diagnosing incorrect behavior within increasinglyautomated homes becomes considerably more difficult. Devices and apps may be chained together in long sequences of triggeraction rules to the point that from an observable symptom (e.g., an unlocked door) it may be impossible to identify the distantly removed root cause (e.g., a malicious app). This is because, at present, IoT audit logs are siloed on individual devices, and hence cannot be used to reconstruct the causal relationships of complex workflows. In this work, we present ProvThings, a platform-centric approach to centralized auditing in the Internet of Things. ProvThings performs efficient automated instrumentation of IoT apps and device APIs in order to generate data provenance that provides a holistic explanation of system activities, including malicious behaviors. We prototype ProvThings for the Samsung SmartThings platform, and benchmark the efficacy of our approach against a corpus of 26 IoT attacks. Through the introduction of a selective code instrumentation optimization, we demonstrate in evaluation that ProvThings imposes just 5% overhead on physical IoT devices while enabling real time querying of system behaviors, and further consider how ProvThings can be leveraged to meet the needs of a variety of stakeholders in the IoT ecosystem.

[1]  Paul Sant,et al.  The Forensics Edge Management System: A Concept and Design , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[2]  Roksana Boreli,et al.  Network-level security and privacy control for smart-home IoT devices , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[3]  Jaehong Park,et al.  A provenance-based access control model , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[4]  Xiangyu Zhang,et al.  High Accuracy Attack Provenance via Binary-based Execution Partition , 2013, NDSS.

[5]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[6]  Indrakshi Ray,et al.  A Generic Digital Forensic Investigation Framework for Internet of Things (IoT) , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[7]  Andreas Schreiber,et al.  Visualizing Provenance using Comics , 2017, TaPP.

[8]  Ragib Hasan,et al.  FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things , 2015, 2015 IEEE International Conference on Services Computing.

[9]  Hongfei Yan,et al.  DroidForensics: Accurate Reconstruction of Android Attacks via Multi-layer Forensic Logging , 2017, AsiaCCS.

[10]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Mahmoud Elkhodr,et al.  Data Provenance in the Internet of Things , 2018, 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[12]  Ashish Gehani,et al.  SPADE: Support for Provenance Auditing in Distributed Environments , 2012, Middleware.

[13]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[14]  Andreas Haeberlen,et al.  Let SDN Be Your Eyes: Secure Forensics in Data Center Networks , 2014 .

[15]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[16]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX ATC, General Track.

[17]  Shwetak N. Patel,et al.  Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security , 2013, LASER.

[18]  Norita Md Norwawi,et al.  Internet of Things(IoT) digital forensic investigation model: Top-down forensic approach methodology , 2015, 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC).

[19]  Blase Ur,et al.  Practical trigger-action programming in the smart home , 2014, CHI.

[20]  Xiangyu Zhang,et al.  ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting , 2016, NDSS.

[21]  Thomas Moyer,et al.  Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs , 2018, NDSS.

[22]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[23]  Nathaniel Husted,et al.  Android Provenance: Diagnosing Device Disorders , 2013, TaPP.

[24]  Margo I. Seltzer,et al.  Provenance: a future history , 2009, OOPSLA Companion.

[25]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[26]  Andreas Haeberlen,et al.  Automated Network Repair with Meta Provenance , 2015, HotNets.

[27]  Thomas Moyer,et al.  Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs , 2015, TaPP.

[28]  Sabah Suhail,et al.  Introducing Secure Provenance in IoT: Requirements and Challenges , 2016, 2016 International Workshop on Secure Internet of Things (SIoT).

[29]  C. Zilles,et al.  Understanding the backward slices of performance degrading instructions , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).

[30]  Biplab Sikdar,et al.  Secure Data Provenance for the Internet of Things , 2017, IoTPTS@AsiaCCS.

[31]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[32]  Roksana Boreli,et al.  An experimental study of security and privacy risks with emerging household appliances , 2014, 2014 IEEE Conference on Communications and Network Security.

[33]  Ramjee Prasad,et al.  Proposed embedded security framework for Internet of Things (IoT) , 2011, 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE).

[34]  Michael D. Ernst,et al.  Automatic Trigger Generation for Rule-based Smart Homes , 2016, PLAS@CCS.

[35]  Matthew Smith,et al.  SoK: Lessons Learned from Android Security Research for Appified Software Platforms , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[36]  Sven Bugiel,et al.  Scippa: system-centric IPC provenance on Android , 2014, ACSAC.

[37]  Andreas Haeberlen,et al.  Secure network provenance , 2011, SOSP.

[38]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[39]  Thomas Moyer,et al.  Trustworthy Whole-System Provenance for the Linux Kernel , 2015, USENIX Security Symposium.

[40]  Andreas Haeberlen,et al.  The Good, the Bad, and the Differences: Better Network Diagnostics with Differential Provenance , 2016, SIGCOMM.

[41]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[42]  Xiangyu Zhang,et al.  LogGC: garbage collecting audit log , 2013, CCS.

[43]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[44]  Patrick D. McDaniel,et al.  Hi-Fi: collecting high-fidelity whole-system provenance , 2012, ACSAC '12.

[45]  Maya Cakmak,et al.  Supporting mental model accuracy in trigger-action programming , 2015, UbiComp.