Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence...
Transcript of Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence...
![Page 1: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/1.jpg)
Securing Trigger-Action PlatformsEarlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash
* Work started while at the University of Michigan
![Page 2: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/2.jpg)
If Trigger-Condition Then Action
• Web-based systems that are increasingly popular in smart home/IoT settings
• If new NASA Instagram pic, Then send me email
• If 9PM, Then close the door
• End-user programming
![Page 3: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/3.jpg)
3
“IF smoke detected, THEN turn off oven”
Integrates with 300+ Online Services (IoT and non-IoT)
11 Million Users, 54 Million Trigger-Action Rules
![Page 4: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/4.jpg)
IF IFTTT is compromised, THEN …
4
Smoke Detector Online Service Oven Online Service
Attackers can use OAuth tokens to do whatever they want
![Page 5: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/5.jpg)
How can we architect a trigger-action platform whose compromise does not permit attackers
to invoke actions arbitrarily?
![Page 6: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/6.jpg)
Decentralized Action Integrity
If “smoke is detected” Then “turn off my oven”
Execute: (1) ONLY this action and (2) ONLY when the corresponding trigger is true
Assume: Trigger-Action platform is compromised
Attacker cannot create false triggers or re-use triggers from past executions
Verifiable and Timely Triggers Rule-Specific Tokens
![Page 7: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/7.jpg)
Decentralized?
Long-Lived OAuth tokens of
all users
Trigger-Action Platforms Today Our Proposed Platform
Rule-Specific Tokens
All users must completely trust this
…A user only
trusts its own client
Users do nottrust this
![Page 8: Securing Trigger-Action Platforms - Amir RahmatiSecuring Trigger-Action Platforms Earlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash * Work started while at the University](https://reader033.fdocuments.in/reader033/viewer/2022042307/5ed3c276a0e09216242fe78c/html5/thumbnails/8.jpg)
Securing Trigger-Action PlatformsEarlence Fernandes* Amir Rahmati* Jaeyeon Jung Atul Prakash
* Work started while at the University of Michigan
Even if a trigger-action platform is compromised, an attacker can only: (1) execute existing user rules correctly or (2) prevent execution of those rules
https://iotsecurity.eecs.umich.edu