TY - GEN
T1 - Don't talk unless i say so! securing the internet of things with default-off networking
AU - Hong, James
AU - Levy, Amit
AU - Riliskis, Laurynas
AU - Levis, Philip
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/5/25
Y1 - 2018/5/25
N2 - The Internet of Things (IoT) is changing the way we interact with everyday objects. 'Smart' devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as 'Let the lights see the luminosity of the bedroom sensor at any time' and 'Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds' in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.
AB - The Internet of Things (IoT) is changing the way we interact with everyday objects. 'Smart' devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as 'Let the lights see the luminosity of the bedroom sensor at any time' and 'Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds' in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.
KW - Internet of Things
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=85048491268&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048491268&partnerID=8YFLogxK
U2 - 10.1109/IoTDI.2018.00021
DO - 10.1109/IoTDI.2018.00021
M3 - Conference contribution
AN - SCOPUS:85048491268
T3 - Proceedings - ACM/IEEE International Conference on Internet of Things Design and Implementation, IoTDI 2018
SP - 117
EP - 128
BT - Proceedings - ACM/IEEE International Conference on Internet of Things Design and Implementation, IoTDI 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd ACM/IEEE International Conference on Internet of Things Design and Implementation, IoTDI 2018
Y2 - 17 April 2018 through 20 April 2018
ER -