TY - GEN
T1 - Decentralized Action Integrity for Trigger-Action IoT Platforms
AU - Fernandes, Earlence
AU - Rahmati, Amir
AU - Jung, Jaeyeon
AU - Prakash, Atul
N1 - Publisher Copyright: © 2018 25th Annual Network and Distributed System Security Symposium, NDSS 2018. All Rights Reserved.
PY - 2018
Y1 - 2018
N2 - Trigger-Action platforms are web-based systems that enable users to create automation rules by stitching together online services representing digital and physical resources using OAuth tokens. Unfortunately, these platforms introduce a long-range large-scale security risk: If they are compromised, an attacker can misuse the OAuth tokens belonging to a large number of users to arbitrarily manipulate their devices and data. We introduce Decentralized Action Integrity, a security principle that prevents an untrusted trigger-action platform from misusing compromised OAuth tokens in ways that are inconsistent with any given user’s set of trigger-action rules. We present the design and evaluation of Decentralized Trigger-Action Platform (DTAP), a trigger-action platform that implements this principle by overcoming practical challenges. DTAP splits currently monolithic platform designs into an untrusted cloud service, and a set of user clients (each user only trusts their client). Our design introduces the concept of Transfer Tokens (XTokens) to practically use fine-grained rule-specific tokens without increasing the number of OAuth permission prompts compared to current platforms. Our evaluation indicates that DTAP poses negligible overhead: it adds less than 15ms of latency to rule execution time, and reduces throughput by 2.5%.
AB - Trigger-Action platforms are web-based systems that enable users to create automation rules by stitching together online services representing digital and physical resources using OAuth tokens. Unfortunately, these platforms introduce a long-range large-scale security risk: If they are compromised, an attacker can misuse the OAuth tokens belonging to a large number of users to arbitrarily manipulate their devices and data. We introduce Decentralized Action Integrity, a security principle that prevents an untrusted trigger-action platform from misusing compromised OAuth tokens in ways that are inconsistent with any given user’s set of trigger-action rules. We present the design and evaluation of Decentralized Trigger-Action Platform (DTAP), a trigger-action platform that implements this principle by overcoming practical challenges. DTAP splits currently monolithic platform designs into an untrusted cloud service, and a set of user clients (each user only trusts their client). Our design introduces the concept of Transfer Tokens (XTokens) to practically use fine-grained rule-specific tokens without increasing the number of OAuth permission prompts compared to current platforms. Our evaluation indicates that DTAP poses negligible overhead: it adds less than 15ms of latency to rule execution time, and reduces throughput by 2.5%.
UR - https://www.scopus.com/pages/publications/85111937035
U2 - 10.14722/ndss.2018.23119
DO - 10.14722/ndss.2018.23119
M3 - Conference contribution
T3 - 25th Annual Network and Distributed System Security Symposium, NDSS 2018
BT - 25th Annual Network and Distributed System Security Symposium, NDSS 2018
PB - The Internet Society
T2 - 25th Annual Network and Distributed System Security Symposium, NDSS 2018
Y2 - 18 February 2018 through 21 February 2018
ER -