Leakage of Authorization-Data in IoT Device Sharing New Attacks and Countermeasure

This paper presents a systematic study of authorization-data management in IoT device sharing, identifying six leakage flaws and proposing SecHARE, an automated tool to mitigate these issues. The proposed defense uses a shadow authorization-data mapping scheme to prevent unauthorized access while maintaining usability. SecHARE has been tested on popular open-source IoT clouds, demonstrating its effectiveness and compatibility across different platforms.

Uploaded by

Manju Nath

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

18 views

Leakage of Authorization-Data in IoT Device Sharing New Attacks and Countermeasure

Uploaded by

Manju Nath

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 7

Leakage of Authorization-Data in IoT Device Sharing

New Attacks and Countermeasure

ABSTRACT

Device sharing among users is a common functionality in today’s IoT clouds.

Supporting device sharing are the delegation methods proposed by different IoT
clouds, which we find are heterogeneous and ad-hoc — IoT clouds use various data
(e.g., device ID, product ID, and access token) as authorization certificates. In this
paper, we report the first systematic study on how the authorization-data are
managed in IoT device sharing. Our study brought to light the security risks in
today’s IoT authorization-data management, identifying 6 authorization-data leakage
flaws. To mitigate such flaws, we propose an approach to hide the authorization-data
from the delegatee (a.k.a., the user authorized to access the devices) without
disrupting the device sharing services.We propose SecHARE, an automated tool to
patch the vulnerable IoT clouds. We applied SecHARE to 3 popular open-source IoT
clouds. Results have shown the compatibility, effectiveness, and efficiency of
SecHARE.We havemade SecHARE publicly available.

EXISTING SYSTEM

IoT platform security: In the rapid development of the IoT, the IoT cloud plays an
important role. Chen et al. [56] and Zhou et al. [57] have reported flaws found in
device management for IoT clouds, demonstrating that leakage of device identity can
have serious consequences. However, they only discovered the vulnerabilities
without proposing any defense mechanisms. Yuan et al. [5] proposed a semi-
automated tool to detect cross-cloud IoT delegation vulnerabilities. In contrast,
ourwork focuses on authorization issues within individual cloud platforms and
provides an automated protection tool (SecHARE) to mitigate the authorization-data
leakage problem. Moreover, most of the existingwork ismainly for specific
platforms, such as SmartThings [7], [9], [58], [59], [60], [61], [62], [63], [64], [65],
IFTTT [10], [66], [67] and AWS Alexa [68], [69]. By contrast, our work is to
provide a tool to protect different cloud platforms. Besides that, someworks [7], [62],
[66], [70] providemethods to protect sensitive information or data flow in IoT apps,
whereas our work is focuses on protecting authorization-data only in the cloud.

To cope with the new application scenario, Jia et al. [58] focused on permission
protection and proposed ContexIoT, a fine-grained context-based permission system
for SmartThings to provide context integrity for IoT programs at runtime. Tian et al.
[59] presented a user-centric, semantic-based authorization design called SmartAuth
to help users avoid overly privileged applications in SmartThings. These researches
primarily focus on the permission management of the applications, without
consideration of dynamic user authorization scenarios or proposing methods to
secure the authorization-data. Fernandes et al. [62] proposed a privacy-preserving
system called FlowFence, which attempts to address the ineffectiveness of existing
permission-based access controls in controlling sensitive data flows in applications
by embedding the data flow patterns expected by users. However, this work mainly
tries to prevent malicious IoT applications from abusing the sensitive data (e.g., data
collected by the IoT sensors). In contrast, SecHARE focuses on securing the data
used for authorization and preventing unauthorization access in a shared IoT
scenario.

Furthermore, Fernandes et al. [10] introduced Decentralized Action Integrity to

prevent an untrusted trigger-action platform from misusing compromised OAuth
tokens. Andersen et al. [11] presented WAVE, an authorization framework offering
decentralized trust, which supports transitive fine-grained sharing and revocation.
However, these efforts, while meeting the current complex IoT authorization needs,
require all parties to work together following the same framework APIs and are more
difficult to apply and deploy to the real world. In contrast, our work only adds a few
changes to the cloud platform to realize automatic protection of authorization-data.
Moreover, our tool can adapt to a variety of authorization-data and is compatible
with different cloud platforms.
Disadvantages
 An existing system didn’t explore Defense with shadow authorization-data
Method.
 An existing system didn't implement authorization data protection.

Proposed System

The proposed defense leverages a simple yet effective data mapping scheme to
prevent authorization-data leakage. In specific, after the owner shares her device to a
delegate user, the IoT cloud needs to transmit the authorization-data to the delegatee
user. Instead of transmitting the authorizationdata directly to the delegatee user (as
today’s IoT clouds do), we generate a shadow copy of authorization-data, record the
mapping relationship between the actual authorization-data and the shadow
authorization-data and then transmit the shadow authorization-data to the delegatee
user. The delegatee user then uses the shadow authorization-data to access the
delegated device. Upon receiving the access request from the delegate user, the cloud
extracts the shadow authorization-data from the request, transfers the shadow
authorization-data to the actual authorization-data based on the mapping records
stored by the cloud, and uses the actual authorization-data for authorization check.
When the owner revokes the delegatee user’s access right, the cloud delete the
shadow authorization-data and its corresponding mapping record. Hence, even if the
shadow authorization-data is leaked to and preserved by the malicious delegatee
users, he will not be able to leverage the shadow authorization-data to gain
unauthorized access to the device. Note that, all the operations (e.g., data-mapping,
data-storage and data-deletion) are performed automatically by the backend cloud,
which are transparent to the users. Therefore, we could fix the authorization-data
leakage problems in today’s IoT cloudswhile preserving their usability.
Advantages
The proposed system shows that, in the absence of security standards/ guidance,
today’s IoT clouds usually develop their homegrown mechanisms to support device
sharing, resulting in heterogeneous and ad-hoc authorization-data management. In
specific, we find IoT clouds use various types of data with different changeability as
authorization-data. Moreover, our study shows that, due to the lack of understanding
on the security implications of the authorization-data, today’s IoT clouds often adopt
vulnerable authorization-data management mechanisms.