Visible to the public Enabling Security Analysis of IoT Device-to-Cloud Traffic

TitleEnabling Security Analysis of IoT Device-to-Cloud Traffic
Publication TypeConference Paper
Year of Publication2020
AuthorsZhou, Eda, Turcotte, Joseph, De Carli, Lorenzo
Conference Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date PublishedJan. 2021
PublisherIEEE
ISBN Number978-1-6654-0392-4
Keywordscloud computing, composability, data privacy, Encryption, IoT security, Logic gates, Middleboxes, middleware, policy-based governance, privacy, Protocols, Prototypes, pubcrawl, resilience, Resiliency, Transport layer encryption
AbstractEnd-to-end encryption is now ubiquitous on the internet. By securing network communications with TLS, parties can insure that in-transit data remains inaccessible to collection and analysis. In the IoT domain however, end-to-end encryption can paradoxically decrease user privacy, as many IoT devices establish encrypted communications with the manufacturer's cloud backend. The content of these communications remains opaque to the user and in several occasions IoT devices have been discovered to exfiltrate private information (e.g., voice recordings) without user authorization. In this paper, we propose Inspection-Friendly TLS (IF-TLS), an IoT-oriented, TLS-based middleware protocol that preserves the encryption offered by TLS while allowing traffic analysis by middleboxes under the user's control. Differently from related efforts, IF-TLS is designed from the ground up for the IoT world, adding limited complexity on top of TLS and being fully controllable by the residential gateway. At the same time it provides flexibility, enabling the user to offload traffic analysis to either the gateway itself, or cloud-based middleboxes. We implemented a stable, Python-based prototype IF-TLS library; preliminary results show that performance overhead is limited and unlikely to affect quality-of-experience.
URLhttps://ieeexplore.ieee.org/document/9343050
DOI10.1109/TrustCom50675.2020.00258
Citation Keyzhou_enabling_2020