By 2018, it is no secret to the global networking community: Internet of Things (IoT) devices, usually controlled by IoT applications and applets, have dominated human lives. It has been shown that popular applet platforms (including If This Then That (IFTTT)) are susceptible to attacks that try to exfiltrate private photos, leak user location, etc. As new attacks might show up very frequently, tracking them fast and in an efficient and scalable manner is a daunting task due to the limited (e.g., memory, energy) resources at the IoT/mobile device and the large network size. Towards that direction, in this paper we propose a decentralized Dynamic Information Flow Tracking (DDIFT) framework that overcomes these challenges, better adapts to the IoT context, and further, is able to illuminate IoT applet attacks. In doing so, we leverage the synergy between: (i) a dynamic information flow tracking module that considers the application of tags with different types along with provenance information and runs in the mobile device at a fast timescale, (ii) a forensics analysis module running in the cloud at a slow timescale, (iii) distributed optimization to optimize various functionalities of the above modules as well as their interaction. We show that our framework is able to detect IoT applet attacks with higher accuracy (on average 81% improvement for different URL upload attack scenarios) and decreases resource wastage (on average 71% less memory usage under different integrity attack scenarios) compared to traditional DIFT, opening new horizons for IoT privacy and security.

View More Papers

Security Analysis against Spoofing Attacks for Distributed UAVs

Kyo Hyun Kim (University of Illinois at Urbana-Champaign, USA); Siddhartha Nalluri (Duke University, USA); Ashish Kashinath (University of Illinois at...

Read More

OAuth 2.0 Authorization using Blockchain-based Tokens

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris and George C. Polyzos (Athens University of Economics and Business, Greece)

Read More

Privacy preserving learning in IoT systems

Farinaz Koushanfar (Professor and Henry Booker Faculty Scholar, Co-Founder and Co-Director, Center for Machine-Integrated Computing and Security, Jacobs School of...

Read More