Visible to the public Ditio: Trustworthy Auditing of Sensor Activities in Mobile & IoT Devices

TitleDitio: Trustworthy Auditing of Sensor Activities in Mobile & IoT Devices
Publication TypeConference Paper
Year of Publication2017
AuthorsMirzamohammadi, Saeed, Chen, Justin A., Sani, Ardalan Amiri, Mehrotra, Sharad, Tsudik, Gene
Conference NameProceedings of the 15th ACM Conference on Embedded Network Sensor Systems
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5459-2
Keywordscomposability, Mobile and IoT devices, Operating systems, pubcrawl, Security and Privacy, Sensors, trustworthiness
AbstractMobile and Internet-of-Things (IoT) devices, such as smartphones, tablets, wearables, smart home assistants (e.g., Google Home and Amazon Echo), and wall-mounted cameras, come equipped with various sensors, notably camera and microphone. These sensors can capture extremely sensitive and private information. There are several important scenarios where, for privacy reasons, a user might require assurance about the use (or non-use) of these sensors. For example, the owner of a home assistant might require assurance that the microphone on the device is not used during a given time of the day. Similarly, during a confidential meeting, the host needs assurance that attendees do not record any audio or video. Currently, there are no means to attain such assurance in modern mobile and IoT devices. To this end, this paper presents Ditio, a system approach for auditing sensor activities. Ditio records sensor activity logs that can be later inspected by an auditor and checked for compliance with a given policy. It is based on a hybrid security monitor architecture that leverages both ARM's virtualization hardware and TrustZone. Ditio includes an authentication protocol for establishing a logging session with a trusted server and a formally verified companion tool for log analysis. Ditio prototypes on ARM Juno development board and Nexus 5 smartphone show that it introduces negligible performance overhead for both the camera and microphone. However, it incurs up to 17% additional power consumption under heavy use for the Nexus 5 camera.
URLhttp://doi.acm.org/10.1145/3131672.3131688
DOI10.1145/3131672.3131688
Citation Keymirzamohammadi_ditio:_2017