Towards Transparency of IoT Device Presence
As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation.
Overview
Abstract
As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation. This prompts, respectively, privacy and security/safety issues. The dangers of hidden IoT devices have been recognized and prior research suggested some means of mitigation, mostly based on traffic analysis or using specialized hardware to uncover devices. While such approaches are partially effective, there is currently no comprehensive approach to IoT device transparency.
Prompted in part by recent privacy regulations (GDPR and CCPA), this work motivates and constructs a privacy-agile Root-of-Trust architecture for IoT devices called PAISA: Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure announcements of nearby IoT devices’ presence and capabilities. PAISA has two components: one on the IoT device that guarantees periodic announcements of its presence even if all device software is compromised, and the other on the user device, which captures and processes announcements. PAISA requires no hardware modifications; it uses a popular off-the-shelf Trusted Execution Environment (TEE) – ARM TrustZone. To demonstrate its viability, PAISA is instantiated as an open-source prototype, which includes an IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android smartphone-based app that captures and processes announcements. We also discuss the security and performance of PAISA and its prototype.
Brief Biography
Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his Ph.D. in Computer Science from USC. Before coming to UCI in 2000, he was at the IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include numerous topics in security, privacy, and applied cryptography. Gene Tsudik was a Fulbright Scholar and a Fulbright Specialist (thrice). He is a fellow of ACM, IEEE, AAAS, IFIP, and a foreign member of Academia Europaea. From 2009 to 2015, he served as the Editor-in-Chief of ACM TOPS. He received the 2017 ACM SIGSAC Outstanding Contribution Award, the 2020 IFIP Jean-Claude Laprie Award, and the 2023 ACM SIGSAC Outstanding Innovation Award. His magnum opus is the first ever rhyming crypto-poem published as a refereed paper. Gene Tsudik is allergic to over-hyped topics, such as machine learning, blockchains/cryptocurrencies, and differential privacy. He has no social media presence.