Trust but Verify: Auditing Secure Internet of Things Devices
Judson Wilson, Riad S. Wahby, Henry Corrigan-Gibbs, Dan Boneh, Philip Levis, and Keith Winstein
Published in Proceedings of the The 15th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2017), June 2017.
Abstract
Internet-of-Things devices often collect and transmit sensitive information like camera footage, health monitoring data, or whether someone is home. These devices protect data in transit with end-to-end encryption, typically using TLS connections between devices and associated cloud services. But these TLS connections also prevent device owners from observing what their own devices are saying about them. Unlike in traditional Internet applications, where the end user controls one end of a connection (e.g., their web browser) and can observe its communication, Internet-of-Things vendors typically control the software in both the device and the cloud. As a result, owners have no way to audit the behavior of their own devices, leaving them little choice but to hope that these devices are transmitting only what they should. This paper presents TLS--Rotate and Release (TLS-RaR), a system that allows device owners to authorize devices, called auditors, to decrypt and verify recent TLS traffic without compromising future traffic. Unlike prior work, TLS-RaR requires no changes to TLS's wire format or cipher suites, and it allows the device's owner to conduct a surprise inspection of recent traffic, without prior notice to the device that its communications will be audited.
Talk (1MB), Paper (1MB)
BibTeX entry
@inproceedings{mobisys17tlsrar, author = "Judson Wilson and Riad S. Wahby and Henry Corrigan-Gibbs and Dan Boneh and Philip Levis and Keith Winstein", title = "{Trust but Verify: Auditing Secure Internet of Things Devices}", booktitle = "{Proceedings of the The 15th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2017)}", year = {2017}, month = {June} }





Login