Skip to main content
Top

2019 | OriginalPaper | Chapter

chownIoT: Enhancing IoT Privacy by Automated Handling of Ownership Change

Authors : Md Sakib Nizam Khan, Samuel Marchal, Sonja Buchegger, N. Asokan

Published in: Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Considering the increasing deployment of smart home IoT devices, their ownership is likely to change during their life-cycle. IoT devices, especially those used in smart home environments, contain privacy-sensitive user data, and any ownership change of such devices can result in privacy leaks. The problem arises when users are either not aware of the need to reset/reformat the device to remove any personal data, or not trained in doing it correctly as it can be unclear what data is kept where. In addition, if the ownership change is due to theft or loss, then there is no opportunity to reset. Although there has been a lot of research on security and privacy of IoT and smart home devices, to the best of our knowledge, there is no prior work specifically on automatically securing ownership changes. We present a system called https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-16744-8_14/479119_1_En_14_IEq1_HTML.gif for securely handling ownership change of IoT devices. https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-16744-8_14/479119_1_En_14_IEq2_HTML.gif combines authentication (of both users and their smartphone), profile management, data protection by encryption, and automatic inference of ownership change. For the latter, we use a simple technique that leverages the context of a device. Finally, as a proof of concept, we develop a prototype that implements https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-16744-8_14/479119_1_En_14_IEq3_HTML.gif inferring ownership change from changes in the WiFi SSID. The performance evaluation of the prototype shows that https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-16744-8_14/479119_1_En_14_IEq4_HTML.gif has minimal overhead and is compatible with the dominant IoT boards on the market.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
We only measure encryption, as it yields more conservative results than decryption [4].
 
2
Nevertheless, they can easily be mitigated by implementing user consent/notification during the authentication process, at the cost of reduced usability.
 
Literature
1.
go back to reference Apthorpe, N., Reisman, D., Feamster, N.: Closing the blinds: four strategies for protecting smart home privacy from network observers. arXiv preprint arXiv:1705.06809 (2017) Apthorpe, N., Reisman, D., Feamster, N.: Closing the blinds: four strategies for protecting smart home privacy from network observers. arXiv preprint arXiv:​1705.​06809 (2017)
2.
go back to reference Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. arXiv preprint arXiv:1705.06805 (2017) Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. arXiv preprint arXiv:​1705.​06805 (2017)
3.
go back to reference Bohn, J.: Instant personalization and temporary ownership of handheld devices. In: 2004 Sixth IEEE Workshop on Mobile Computing Systems and Applications, WMCSA 2004, pp. 134–143. IEEE (2004) Bohn, J.: Instant personalization and temporary ownership of handheld devices. In: 2004 Sixth IEEE Workshop on Mobile Computing Systems and Applications, WMCSA 2004, pp. 134–143. IEEE (2004)
4.
go back to reference Ertaul, L., Mudan, A., Sarfaraz, N.: Performance comparison of AES-CCM and AES-GCM authenticated encryption modes. In: Proceedings of the International Conference on Security and Management (SAM), p. 331. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2016) Ertaul, L., Mudan, A., Sarfaraz, N.: Performance comparison of AES-CCM and AES-GCM authenticated encryption modes. In: Proceedings of the International Conference on Security and Management (SAM), p. 331. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2016)
7.
go back to reference Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, pp. 1–8. Citeseer (2004) Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, pp. 1–8. Citeseer (2004)
8.
go back to reference Jih, W.R., Cheng, S.y., Hsu, J.Y., Tsai, T.M., et al.: Context-aware access control in pervasive healthcare. In: Computer Science and Information Engineering, National Taiwan University, Taiwan (2005) Jih, W.R., Cheng, S.y., Hsu, J.Y., Tsai, T.M., et al.: Context-aware access control in pervasive healthcare. In: Computer Science and Information Engineering, National Taiwan University, Taiwan (2005)
9.
go back to reference Kapsalis, V., Hadellis, L., Karelis, D., Koubias, S.: A dynamic context-aware access control architecture for e-services. Comput. Secur. 25(7), 507–521 (2006)CrossRef Kapsalis, V., Hadellis, L., Karelis, D., Koubias, S.: A dynamic context-aware access control architecture for e-services. Comput. Secur. 25(7), 507–521 (2006)CrossRef
11.
go back to reference Kumar, Y., Munjal, R., Sharma, H.: Comparison of symmetric and asymmetric cryptography with existing vulnerabilities and countermeasures. Int. J. Comput. Sci. Manag. Stud. 11(03), 60–63 (2011) Kumar, Y., Munjal, R., Sharma, H.: Comparison of symmetric and asymmetric cryptography with existing vulnerabilities and countermeasures. Int. J. Comput. Sci. Manag. Stud. 11(03), 60–63 (2011)
13.
go back to reference McGrew, D., Bailey, D.: AES-CCM cipher suites for Transport Layer Security (TLS). Technical report (2012) McGrew, D., Bailey, D.: AES-CCM cipher suites for Transport Layer Security (TLS). Technical report (2012)
14.
go back to reference Miettinen, M., Asokan, N., Nguyen, T.D., Sadeghi, A.R., Sobhani, M.: Context-based zero-interaction pairing and key evolution for advanced personal devices. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 880–891. ACM (2014) Miettinen, M., Asokan, N., Nguyen, T.D., Sadeghi, A.R., Sobhani, M.: Context-based zero-interaction pairing and key evolution for advanced personal devices. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 880–891. ACM (2014)
15.
go back to reference Miettinen, M., Heuser, S., Kronz, W., Sadeghi, A.R., Asokan, N.: ConXsense: automated context classification for context-aware access control. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 293–304. ACM (2014) Miettinen, M., Heuser, S., Kronz, W., Sadeghi, A.R., Asokan, N.: ConXsense: automated context classification for context-aware access control. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 293–304. ACM (2014)
16.
go back to reference Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT. arXiv preprint arXiv:1611.04880 (2016) Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT. arXiv preprint arXiv:​1611.​04880 (2016)
17.
go back to reference Pradeep, B., Singh, S.: Ownership authentication transfer protocol for ubiquitous computing devices. arXiv preprint arXiv:1208.1712 (2012) Pradeep, B., Singh, S.: Ownership authentication transfer protocol for ubiquitous computing devices. arXiv preprint arXiv:​1208.​1712 (2012)
18.
go back to reference Ren, B., Liu, C., Cheng, B., Hong, S., Zhao, S., Chen, J.: EasyGuard: enhanced context-aware adaptive access control system for android platform: poster. In: Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking, pp. 458–459. ACM (2016) Ren, B., Liu, C., Cheng, B., Hong, S., Zhao, S., Chen, J.: EasyGuard: enhanced context-aware adaptive access control system for android platform: poster. In: Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking, pp. 458–459. ACM (2016)
20.
go back to reference Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Contextual proximity detection in the face of context-manipulating adversaries. arXiv preprint arXiv:1511.00905 (2015) Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Contextual proximity detection in the face of context-manipulating adversaries. arXiv preprint arXiv:​1511.​00905 (2015)
21.
go back to reference Tam, P., Newmarch, J.: Protocol for ownership of physical objects in ubiquitous computing environments. In: IADIS International Conference E-Society 2004, pp. 614–621 (2004) Tam, P., Newmarch, J.: Protocol for ownership of physical objects in ubiquitous computing environments. In: IADIS International Conference E-Society 2004, pp. 614–621 (2004)
23.
go back to reference Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Technical report (2003) Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Technical report (2003)
24.
go back to reference Wullems, C., Looi, M., Clark, A.: Towards context-aware security: an authorization architecture for intranet environments. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops 2004, pp. 132–137. IEEE (2004) Wullems, C., Looi, M., Clark, A.: Towards context-aware security: an authorization architecture for intranet environments. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops 2004, pp. 132–137. IEEE (2004)
25.
go back to reference Zhang, G., Parashar, M.: Context-aware dynamic access control for pervasive applications. In: Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference, pp. 21–30 (2004) Zhang, G., Parashar, M.: Context-aware dynamic access control for pervasive applications. In: Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference, pp. 21–30 (2004)
26.
go back to reference Zhang, L., McDowell, W.C.: Am i really at risk? Determinants of online users’ intentions to use strong passwords. J. Internet Commer. 8(3–4), 180–197 (2009)CrossRef Zhang, L., McDowell, W.C.: Am i really at risk? Determinants of online users’ intentions to use strong passwords. J. Internet Commer. 8(3–4), 180–197 (2009)CrossRef
Metadata
Title
chownIoT: Enhancing IoT Privacy by Automated Handling of Ownership Change
Authors
Md Sakib Nizam Khan
Samuel Marchal
Sonja Buchegger
N. Asokan
Copyright Year
2019
DOI
https://doi.org/10.1007/978-3-030-16744-8_14

Premium Partner