Nikolaos Sapountzis, Ruimin Sun and Daniela Oliveira

By 2018, it is no secret to the global networking community: Internet of Things (IoT) devices, usually controlled by IoT applications and applets, have dominated human lives. It has been shown that popular applet platforms (including If This Then That (IFTTT)) are susceptible to attacks that try to exfiltrate private photos, leak user location, etc. As new attacks might show up very frequently, tracking them fast and in an efficient and scalable manner is a daunting task due to the limited (e.g., memory, energy) resources at the IoT/mobile device and the large network size. Towards that direction, in this paper we propose a decentralized Dynamic Information Flow Tracking (DDIFT) framework that overcomes these challenges, better adapts to the IoT context, and further, is able to illuminate IoT applet attacks. In doing so, we leverage the synergy between: (i) a dynamic information flow tracking module that considers the application of tags with different types along with provenance information and runs in the mobile device at a fast timescale, (ii) a forensics analysis module running in the cloud at a slow timescale, (iii) distributed optimization to optimize various functionalities of the above modules as well as their interaction. We show that our framework is able to detect IoT applet attacks with higher accuracy (on average 81% improvement for different URL upload attack scenarios) and decreases resource wastage (on average 71% less memory usage under different integrity attack scenarios) compared to traditional DIFT, opening new horizons for IoT privacy and security.

View More Papers

Sharing Economy in Future Electricity Markets: Security and Privacy...

Mehdi Montakhabi, Shenja Van Der Graaf (IMEC-SMIT & Vrije Universiteit, Belgium); Akash Madhusudan (COSIC & KU Leuven, Belgium); Aysajan Abidin (KU Leuven, Belgium); Mustafa A. Mustafa (The University of Manchester, UK)

Read More

ADROIT: Detecting Spatio-Temporal Correlated Attack-Stages in IoT Networks

Dinil Mon Divakaran (Trustwave, Singapore); Rhishi Pratap Singh, Kushan Sudheera Kalupahana Liyanage, Mohan Gurusamy (National University of Singapore, Singapore); Vinay Sachidananda (Trustwave, Singapore)

Read More

IoT Security Solution Distribution via DLT

Le Su (Nanyang Technological University, Singapore); Dinil Mon Divakaran (Trustwave, Singapore); Sze Ling Yeo (Institute for Infocomm Research, Singapore); Jiqiang Lu (Beihang University, China); Vrizlynn Thing (National University of Singapore, Singapore)

Read More

Bridging the Cyber and Physical Worlds using Blockchains and...

Nikos Fotiou, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos and Dmitrij Lagutin

Read More