Nikolaos Sapountzis, Ruimin Sun and Daniela Oliveira

By 2018, it is no secret to the global networking community: Internet of Things (IoT) devices, usually controlled by IoT applications and applets, have dominated human lives. It has been shown that popular applet platforms (including If This Then That (IFTTT)) are susceptible to attacks that try to exfiltrate private photos, leak user location, etc. As new attacks might show up very frequently, tracking them fast and in an efficient and scalable manner is a daunting task due to the limited (e.g., memory, energy) resources at the IoT/mobile device and the large network size. Towards that direction, in this paper we propose a decentralized Dynamic Information Flow Tracking (DDIFT) framework that overcomes these challenges, better adapts to the IoT context, and further, is able to illuminate IoT applet attacks. In doing so, we leverage the synergy between: (i) a dynamic information flow tracking module that considers the application of tags with different types along with provenance information and runs in the mobile device at a fast timescale, (ii) a forensics analysis module running in the cloud at a slow timescale, (iii) distributed optimization to optimize various functionalities of the above modules as well as their interaction. We show that our framework is able to detect IoT applet attacks with higher accuracy (on average 81% improvement for different URL upload attack scenarios) and decreases resource wastage (on average 71% less memory usage under different integrity attack scenarios) compared to traditional DIFT, opening new horizons for IoT privacy and security.

View More Papers

Identity and Privacy vs. economic efficiency in the worldwide...

Prof. Virgil Gligor (CMU), Prof. Pekka Nikander (Aalto U.), Dr. Dmitrij Lagutin (Aalto U.), Dr. Michal Krol (UCL)

Read More

UIDS: Unikernel-based Intrusion Detection System for the Internet of...

Vittorio Cozzolino, Nikolai Schwellnus (Technical University of Munich, Germany); Aaron Yi Ding (Delft University of Technology, The Netherlands); Jörg Ott (Technical University of Munich, Germany)

Read More

Sharing Economy in Future Electricity Markets: Security and Privacy...

Mehdi Montakhabi, Shenja Van Der Graaf (IMEC-SMIT & Vrije Universiteit, Belgium); Akash Madhusudan (COSIC & KU Leuven, Belgium); Aysajan Abidin (KU Leuven, Belgium); Mustafa A. Mustafa (The University of Manchester, UK)

Read More

Poisoning Attacks on Federated Learning-based IoT Intrusion Detection System

Thien Duc Nguyen, Phillip Rieger, Markus Miettinen and Ahmad-Reza Sadeghi (TU Darmstadt, Germany)

Read More