Visible to the public Trust but Verify: Auditing the Secure Internet of Things

TitleTrust but Verify: Auditing the Secure Internet of Things
Publication TypeConference Paper
Year of Publication2017
AuthorsWilson, Judson, Wahby, Riad S., Corrigan-Gibbs, Henry, Boneh, Dan, Levis, Philip, Winstein, Keith
Conference NameProceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4928-4
Keywordsauditing, composability, Decrypt, Internet of Things, IoT, Metrics, Middlebox, Networked Control Systems Security, proxy, pubcrawl, resilience, Resiliency, Scalability, TLS, TLS 1.3, TLS-RAR, TLS-rotate and release, Transport Layer Security, user behavior, user privacy in the cloud, web of trust
Abstract

Internet-of-Things devices often collect and transmit sensitive information like camera footage, health monitoring data, or whether someone is home. These devices protect data in transit with end-to-end encryption, typically using TLS connections between devices and associated cloud services. But these TLS connections also prevent device owners from observing what their own devices are saying about them. Unlike in traditional Internet applications, where the end user controls one end of a connection (e.g., their web browser) and can observe its communication, Internet-of-Things vendors typically control the software in both the device and the cloud. As a result, owners have no way to audit the behavior of their own devices, leaving them little choice but to hope that these devices are transmitting only what they should. This paper presents TLS-Rotate and Release (TLS-RaR), a system that allows device owners (e.g., consumers, security researchers, and consumer watchdogs) to authorize devices, called auditors, to decrypt and verify recent TLS traffic without compromising future traffic. Unlike prior work, TLS-RaR requires no changes to TLS's wire format or cipher suites, and it allows the device's owner to conduct a surprise inspection of recent traffic, without prior notice to the device that its communications will be audited.

URLhttps://dl.acm.org/doi/10.1145/3081333.3081342
DOI10.1145/3081333.3081342
Citation Keywilson_trust_2017