Analysing Security of IoT Integrations
Abstract:
Internet of Things (IoT) is rapidly evolving and applied extensively in various areas such as smart home, smart healthcare, smart agriculture, and smart city. A key feature of these IoT systems is the integration of a wide assortment of technologies, including multiple standards, customized or proprietary communication protocols, and heterogeneous platforms. During the integration, critical security vulnerabilities are likely to be introduced, due to customization, unsatisfied assumptions, incompatibility, conflicts in security policies, and lack of comprehensive testing. Hence, this thesis aims to address the security problems in IoT systems from an integration perspective, as a complement to numerous studies that focus on the analysis of individual techniques.
In this thesis, we propose systematic ways to analyze security of two main types of IoT integrations, i.e., edge-based integrations (e.g., smart home integrations) and cloud-based integrations (e.g., multi-party trigger-action integration platforms) to find security vulnerabilities in them. The two types of IoT integrations are identified based on where the execution of the core logic of the integration functionalities (e.g., discovery, authentication and control of the entities) happen.
First, we propose an approach that examines the security of an edge-based smart home integration. It extracts the abstract specification of application layer protocols and internal behaviors of entities, whereby it is able to conduct an end-to-end security analysis against various attack models. Using our approach, we find 12 non-trivial security vulnerabilities from three extensively-used smart home systems. By exploiting these vulnerabilities, the attacker can obtain remote control over the end devices and steal sensitive information like a Wi-Fi password.
Second, we propose an approach that examines privacy weaknesses in a cloud-based multi-party trigger-action integration platform~(TAIP) that may lead to privacy violations when integrating multiple third-party services. It is a dynamic testing approach which infers privacy-relevant behaviors of the TAIP, whereby it can perform an automatic analysis of privacy weaknesses of TAIPs. We evaluate the effectiveness of our approach by applying it on the TAIPs that comprise the IFTTT platform and several online services. It generates 407 applets by synthesizing the trigger/action types from 52 services. This enables us to detect 194 violations of existing access policies, 90 lacks of access revocation, 15 of them have unintended data flows, 218 lacks of data access control and 73 lacks of least privilege enforcements. The results show that the multi-party TAIPs have privacy weaknesses, due to their lack of comprehensive testing and lack of adequate measures (1) to prevent conflicts in data policies of the involved parties, and (2) to provide data control for the end users.