Purdue University Graduate School
Browse
- No file added yet -

Achieving Compositional Security and Privacy in IoT Environments

Download (27.85 MB)
thesis
posted on 2024-09-11, 15:50 authored by Muslum Ozgur OzmenMuslum Ozgur Ozmen

The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.

In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.

To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments.

Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.

History

Degree Type

  • Doctor of Philosophy

Department

  • Computer Science

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

Dr. Z. Berkay Celik

Additional Committee Member 2

Dr. Antonio Bianchi

Additional Committee Member 3

Dr. Dongyan Xu

Additional Committee Member 4

Dr. Xiangyu Zhang

Usage metrics

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC