Charting the atack surface of trigger-action IoT platforms

Qi Wang, Pubali Datta, Wei Yang, Si Liu, Adam Bates, Carl A. Gunter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Internet of Things (IoT) deployments are becoming increasingly automated and vastly more complex. Facilitated by programming abstractions such as trigger-action rules, end-users can now easily create new functionalities by interconnecting their devices and other online services. However, when multiple rules are simultaneously enabled, complex system behaviors arise that are diicult to understand or diagnose. While history tells us that such conditions are ripe for exploitation, at present the security states of trigger-action IoT deployments are largely unknown. In this work, we conduct a comprehensive analysis of the interactions between trigger-action rules in order to identify their security risks. Using IFTTT as an exemplar platform, we irst enumerate the space of inter-rule vulnerabilities that exist within trigger-action platforms. To aid users in the identiication of these dangers, we go on to present iRuler, a system that performs Satisiability Modulo Theories (SMT) solving and model checking to discover inter-rule vulnerabilities within IoT deployments. iRuler operates over an abstracted information low model that represents the attack surface of an IoT deployment, but we discover in practice that such models are diicult to obtain given the closed nature of IoT platforms. To address this, we develop methods that assist in inferring trigger-action information lows based on Natural Language Processing. We develop a novel evaluative methodology for approximating plausible real-world IoT deployments based on the installation counts of 315,393 IFTTT applets, determining that 66% of the synthetic deployments in the IFTTT ecosystem exhibit the potential for inter-rule vulnerabilities. Combined, these eforts provide the insight into the real-world dangers of IoT deployment misconigurations.

Original languageEnglish (US)
Title of host publicationCCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1439-1453
Number of pages15
ISBN (Electronic)9781450367479
DOIs
StatePublished - Nov 6 2019
Event26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 - London, United Kingdom
Duration: Nov 11 2019Nov 15 2019

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019
CountryUnited Kingdom
CityLondon
Period11/11/1911/15/19

Keywords

  • Formal Methods
  • Information Flow
  • Inter-rule Vulnerability
  • NLP
  • Trigger-Action IoT Platform

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Charting the atack surface of trigger-action IoT platforms'. Together they form a unique fingerprint.

  • Cite this

    Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., & Gunter, C. A. (2019). Charting the atack surface of trigger-action IoT platforms. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1439-1453). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3319535.3345662