research-article

Trust schemas and ICN: key to secure home IoT

Author:

Kathleen NicholsAuthors Info & Claims

ICN '21: Proceedings of the 8th ACM Conference on Information-Centric Networking

September 2021

Pages 95 - 106

https://doi.org/10.1145/3460417.3482972

Published: 22 September 2021 Publication History

Abstract

Home and business internet of things (IoT) networking presents security challenges that can be addressed using information-centric networking (ICN) to secure information rather than channels. In particular, we leverage ICN's per-packet signing, combined with recent innovations in trust schemas, to construct a strong trust zone. This architecture creates domains governed by a secured trust schema provided to every device during its enrollment together with the device's attribute-based signing cert chain(s). Applications don't need to be rewritten to gain security; a run-time library with an MQTT-like publish/subscribe API uses the provisioned trust schema and certs to construct, sign and ship outgoing publications and to both cryptographically and structurally validate a subscriber's incoming publications. This unique application of trust schemas (Versec) is explained and an example home IoT framework is described where trust schemas express straightforward, homeowner-specific policies that an open-source library enforces at run-time on behalf of security-agnostic applications. Along with the specific innovation in trust management, the platform exploits current and emergent IoT best practices. Utility programs, libraries, and examples are available as an open-source Data-Centric Toolkit.

References

[1]

[n.d.]. Authenticated Encryption. https://en.wikipedia.org/wiki/Authenticated_encryption

[2]

[n.d.]. SmartThings API (v1.0-PREVIEW). https://smartthings.developer.samsung.com/docs/api-ref/st-api.html##operation/listCapabilities

[3]

[n.d.]. Welcome to iotschema.org. http://iotschema.org/

[4]

2019. Cybersecurity. The Bridge 49 (2019).

[5]

2020. https://doc.libsodium.org/

[6]

2020a. CUE history and principles. https://cuelang.org/docs/about/

[7]

2020b. CUE Tutorials. https://cuelang.org/docs/tutorials/

[8]

2020. Implementing CUE. https://github.com/cue-lang/cue/blob/master/doc/ref/impl.md

[9]

2021. https://staceyoniot.com/you-can-learn-much-about-matter-from-the-project-chip-github-repo/

[10]

2021. https://en.wikipedia.org/wiki/X.509#Security

[11]

2021a. Additional authenticated data guide. https://cloud.google.com/kms/docs/additional-authenticated-data#confused_deputy_attack_example

[12]

2021a. Annotated Schema Example - DNMP. https://github.com/pollere/DCT/blob/main/versec/dnmpExample.md

[13]

2021b. Graph Theory – Subsumption and unification. https://en.wikipedia.org/wiki/Graph_theory#Subsumption_and_unification

[14]

2021. LANGSEC: Language-theoretic Security "The View from the Tower of Babel". http://langsec.org

[15]

2021. Matter is the foundation for connected things. https://buildwithmatter.com/

[16]

2021. One Data Model. https://onedm.org/

[17]

2021. Supervisor: A Process Control System. http://supervisord.org/

[18]

2021. TPM attestation. https://docs.microsoft.com/en-us/azure/iot-dps/concepts-tpm-attestation

[19]

2021b. The Versec Trust Schema Compiler. https://github.com/pollere/DCT/blob/main/versec/language.md

[20]

Martín Abadi and Boon Thau Loo. 2007. Towards a Declarative Language and System for Secure Networking. In Third International Workshop on Networking Meets Databases, NetDB'07, Cambridge, MA, USA, April 10, 2007, Brian Cooper and Nick Feamster (Eds.). USENIX Association. https://www.usenix.org/conference/netdb-07/towards-declarative-language-and-system-secure-networking

[21]

Alexander Afanasyev, J Alex Halderman, Scott Ruoti, Kent Seamons, Yingdi Yu, Daniel Zappala, and Lixia Zhang. 2016. Content-based security for the web. In Proceedings of the 2016 New Security Paradigms Workshop. 49–60.

Digital Library

[22]

Matt Blaze, Joan Feigenbaum, and Jack Lacy. 1996. Decentralized Trust Management. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 164–173.

[23]

Check Point Software Technologies LTD. 2020. The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb. https://blog.checkpoint.com/2020/02/05/the-dark-side-of-smart-lighting-check-point-research-shows-how-business-and-home-networks-can-be-hacked-from-a-lightbulb/

[24]

S. Chokhani. 1996. A Security Flaw in the X.509 Standard. https://csrc.nist.gov/csrc/media/publications/conference-paper/1996/10/22/proceedings-of-the-19th-nissc-1996/documents/paper075/paper.pdf

[25]

Chung, David Ferraiolo, David Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2019. Guide to Attribute Based Access Control (ABAC) Definition and Considerations.

[26]

Home Assistant Community. 2018. Smarter SmartThings with MQTT and Home Assistant. https://community.home-assistant.io/t/smarter-smartthings-with-mqtt-and-home-assistant/42493

[27]

A. Compangno, M. Conti, and R. Droms. 2016. OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN. In Proceedings of the 2106 ACM ICN 2016 Conference. ACM, 166–175.

[28]

Brian A. Davey and Hilary A. Priestley. 2002. Introduction to Lattices and Order, Second Edition. Cambridge University Press.

[29]

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. 1999. SPKI Certificate Theory. RFC 2693 (1999).

[30]

Carl Ellison and Bruce Schneier. 2000. Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure. In Computer Security Journal, Vol. 16. 1–7.

[31]

David Eppstein, Michael T. Goodrich, Frank Uyeda, and George Varghese. 2011. What's the difference?: efficient set reconciliation without prior context. In Proceedings of the ACM SIGCOMM 2011 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Toronto, ON, Canada, August 15-19, 2011. 218–229.

Digital Library

[32]

C. Brubaker et al. 2014. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations. IEEE Security and Privacy (November 2014), 114–129. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4232952/

[33]

D. Dodson et al. 2021. Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD). Technical Report NIST.SP.1800-15. National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-15.pdf

[34]

N. Donovan et. al. [n.d.]. Device Management Requirements to Secure Enterprise IoT Edge Infrastructure. https://www.wwt.com/white-paper/device-management-requirements-to-secure-enterprise-iot-edge-infrastructure/

[35]

Krishnan Ganapathy. [n.d.]. Using a Trusted Platform Module for endpoint device security in AWS IoT Greengrass. UsingaTrustedPlatformModuleforendpointdevicesecurityinAWSIoTGreengrass

[36]

Paul Griffiths. 2020. TPM 2.0 and Certificate-Based IoT Device Authentication. Whitepaper. Global Sign. https://www.globalsign.com/en/resources/white-papers-ebooks/white-paper-tpm-20-and-certificate-based-iot-device-authentication

[37]

Peter Gutmann. 2002. Everything you Never Wanted to Know about PKI but were Forced to Find Out. https://www.cs.auckland.ac.nz/pgut001/pubs/pkitutorial.pdf

[38]

Subir Halder, Amrita Ghosal, and Mauro Conti. 2020. Secure Over-The-Air Software Updates in Connected Vehicles: A Survey. Computer Networks 178 (06 2020), 107343.

Digital Library

[39]

J. Alex Halderman. 2016. NDN: A Security Perspective. https://www.nist.gov/system/files/documents/itl/antd/Alex_Halderman.pdf

[40]

Luke Hinds. 2019. Keylime - An Open Source TPM Project for Remote Trust. https://www.youtube.com/watch?v=YtPsruEqGeY

[41]

Van Jacobson. 2019. Watching NDN's Waist: How Simplicity Creates Innovation and Opportunity. http://ice-ar.named-data.net/meetings/2019-ICE-WEN-Annual/0-ICNWEN-Van-Keynote.pdf

[42]

Randy King. 2020. Improving Existing Software Applications with a Practical and Secure NDN Publish/Subscribe Transport. (September 2020). https://www.nist.gov/video/ndn-community-meeting-day-2-part-2 video of talk (at 1:33 into Day 2 Part 2) at NDN Community Meeting 2020.

[43]

Eliot Lear and Ralph Droms. 2019. Manufacturer Usage Description Specification. RFC 8520 (2019), 1–60.

Digital Library

[44]

Ninghui Li, Benjamin Grosof, and Joan Feigenbaum. 2003. Delegation logic. ACM Transactions on Information and System Security 6 (02 2003), 128–171.

Digital Library

[45]

Lars Lydersen. 2019. Commissioning Methods for IoT. https://www.silabs.com/documents/public/presentations/ew-2019-iot-security-commissioning-methods-for-iot.pdf

[46]

William R. Marczak, David Zook, Wenchao Zhou, Molham Aref, and Boon Thau Loo. 2009. Declarative Reconfigurable Trust Management. In Fourth Biennial Conference on Innovative Data Systems Research, CIDR 2009, Asilomar, CA, USA, January 4-7, 2009, Online Proceedings. www.cidrdb.org. http://www-db.cs.wisc.edu/cidr/cidr2009/Paper_11.pdf

[47]

M. Marlinspike. [n.d.]. More Tricks for Defeating SSL in Practice. http://2015.hack.lu/archive/2009/moxie-marlinspike-some_tricks_for_defeating_ssl_in_practice.pdf

[48]

Claudio Marxer and Christian Tschudin. 2017. Schematized Access Control for Data Cubes and Trees. In Proceedings of the 4th ACM Conference on Information-Centric Networking (Berlin, Germany) (ICN '17). Association for Computing Machinery, 170,175.

Digital Library

[49]

Lucas Mearian. 2020. Amid privacy and security failures, digital IDs advance. https://computerworld.com/article/3512108/frustration-over-growing-privacy-and-security-failures-advancing-self-sovereign-identities.html

[50]

Metadium. 2019. Introduction to Self-Sovereign Identity and Its 10 Guiding Principles. https://medium.com/metadium/introduction-to-self-sovereign-identity-and-its-10-guiding-principles-97c1ba603872

[51]

Michael Mitzenmacher and Rasmus Pagh. 2018. Simple multi-party set reconciliation. Distributed Computing 31, 6 (2018), 441–453.

[52]

Virag Mody. 2020. From Zero to Zero Trust. https://gravitational.com/blog/zero-to-zero-trust/

[53]

Falcon Momot, Sergey Bratus, Sven M. Hallberg, and Meredith L. Patterson. 2016. The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them. In IEEE Cybersecurity Development, SecDev 2016, Boston, MA, USA, November 3-4, 2016. IEEE Computer Society, 45–52.

[54]

Lily Hay Newman. 2019. Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis. https://www.wired.com/story/ring-hacks-exemplify-iot-security-crisis/

[55]

K. Nichols. 2019a. Lessons Learned Building a Secure Network Measurement Framework Using Basic NDN. In Proceedings of the 6th ACM Conference on Information-Centric Networking. ACM, 112–122.

Digital Library

[56]

K. Nichols. 2019b. Lessons Learned Building a Secure Network Measurement Framework Using Basic NDN (slides). https://pollere.net/Pdfdocs/LessonsLearned.pdf

[57]

Charlie Osborne. 2019. Google's OpenTitan: A new open source silicon root of trust project debuts. https://www.zdnet.com/article/googles-opentitan-a-new-open-source-silicon-root-of-trust-project-debuts/

[58]

owasp.org/www-project sidekek/. 2020. SideKEK README. https://github.com/OWASP/SideKEK

[59]

Inc. Pollere. 2020. Data-Centric Toolkit (version 3.0). https://github.com/pollere/DCT

[60]

Inc. Pollere. 2021a. Message-Based Publish/Subscribe (MBPS). https://github.com/pollere/DCT/tree/main/examples/mbps

[61]

Inc. Pollere. 2021b. Tools for setting up certs for DCT-enabled applications. https://github.com/pollere/DCT/tree/main/tools

[62]

R.L. Rivest and B.W. Lampson. 1996. SDSI - A Simple Distributed Security Infrastructure. Technical Report. MIT.

[63]

E. Ronen, C. O'Flynn, A. Shamir, and A-O. Weingarten. 2017a. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. IEEE Symposium on Security and Privacy.

[64]

E. Ronen, C O'Flynn, A. Shamir, and A-O Weingarten. 2017b. IoT Goes Nuclear: Creating a ZigBee Chain Reaction (slides). https://eyalro.net/pdf/IoTSP17.pdf

[65]

Samsung. 2016. Samsung Announces Commercially Available IoT Cloud Platform to Deliver Interoperability Between Devices and Applications. https://news.samsung.com/us/samsung-announces-commercially-available-iot-cloud-platform\-deliver-interoperability-devices-applications/

[66]

Wentao Shang, Qiuhan Ding, Alessandro Marianantoni, Jeff Burke, and Lixia Zhang. 2014. Securing building management systems using named data networking. IEEE Network 28, 3 (2014), 50–56.

[67]

Diana K. Smetters and Van Jacobson. 2009. Securing Network Content. Technical Report. PARC. https://named-data.net/wp-content/uploads/securing-network-content-tr.pdf

[68]

Tony Truong. [n.d.]. How to Use the TPM to Secure Your IoT/Device Data. https://tonytruong.net/how-to-use-the-tpm-to-secure-your-iot-device-data/

[69]

W. Turton. 2021. Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals. https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams

[70]

UK National Cyber Security Centre. 2019. Zero trust architecture design principles. https://www.ncsc.gov.uk/blog-post/zero-trust-architecture-design-principles

[71]

UK National Cyber Security Centre. 2021. Zero trust architecture design principles. https://github.com/ukncsc/zero-trust-architecture

[72]

K. Goldman W. Arthur, D. Challener. [n.d.]. Quick Tutorial on TPM 2.0. https://link.springer.com/chapter/10.1007/978-1-4302-6584-9_3

[73]

Lan Wang, Vince Lehman, A. K. M. Mahmudul Hoque, Beichuan Zhang, Yingdi Yu, and Lixia Zhang. 2018. A Secure Link State Routing Protocol for NDN. IEEE Access 6 (2018), 10470–10482.

[74]

Tom Yates. [n.d.]. Secure key handling using the TPM. https://lwn.net/Articles/768419/

[75]

Yingdi Yu, Alexander Afanasyev, David D. Clark, kc claffy, Van Jacobson, and Lixia Zhang. 2015. Schematizing Trust in Named Data Networking. In Proceedings of the 2nd International Conference on Information-Centric Networking, ICN '15, San Francisco, California, USA, September 30 - October 2, 2015. 177–186.

Digital Library

[76]

Zhiyi Zhang, Yingdi Yu, Alexander Afanasyev, Jeff Burke, and Lixia Zhang. 2017. NAC: name-based access control in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking, ICN 2017, Berlin, Germany, September 26-28, 2017. 186–187.

Digital Library

Cited By

Agiollo ABardhi EConti MDal Fabbro NLazzeretti R(2024)Anonymous Federated Learning via Named-Data NetworkingFuture Generation Computer Systems10.1016/j.future.2023.11.009152:C(288-303)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1016/j.future.2023.11.009
Yu TMa XXie HKutscher DZhang L(2023)Cornerstone: Automating Remote NDN Entity BootstrappingProceedings of the 18th Asian Internet Engineering Conference10.1145/3630590.3630598(62-68)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3630590.3630598
Davis JCalvert KCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)SoK: On Named Content and Inter-domain RoutingProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623716(55-66)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623716
Show More Cited By

Index Terms

Trust schemas and ICN: key to secure home IoT
1. Networks
  1. Network protocols
  2. Network types
    1. Home networks
2. Security and privacy
  1. Network security
    1. Security protocols
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

A Review on Trust Evaluation for Internet of Things
MobiMedia '16: Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications

The Internet of Things (IoT) has been widely used in various application domains to provide advanced and intelligent services for human beings, such as environmental monitoring, intrusion detection. In IoT networks, senor nodes are normally low ...
Read More
Clustering-Driven Intelligent Trust Management Methodology for the Internet of Things (CITM-IoT)

The growth and adoption of the Internet of Things (IoT) is increasing day by day. The large number of IoT devices increases the risk of security threats such as (but not limited to) viruses or cyber-attacks. One possible approach to achieve IoT security ...
Read More
Trust management in social Internet of Things: A taxonomy, open issues, and challenges
Abstract
Internet of Things (IoT) is an emerging area in which billions of smart objects are interconnected with each other using Internet for data and resource sharing. These smart objects are generally used to sense various parameters such as ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICN '21: Proceedings of the 8th ACM Conference on Information-Centric Networking

September 2021

150 pages

ISBN:9781450384605

DOI:10.1145/3460417

General Chairs:
Giovanna Carofiglio,
David Oran,
Program Chairs:
Jorg Ott
Technische Universität München
,
Lan Wang
University of Memphis

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 September 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICN '21

Sponsor:

SIGCOMM

ICN '21: 8th ACM Conference on Information-Centric Networking

September 22 - 24, 2021

Paris, France

Acceptance Rates

ICN '21 Paper Acceptance Rate 11 of 43 submissions, 26%;

Overall Acceptance Rate 133 of 482 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
418
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)10

Other Metrics

View Author Metrics

Citations

Cited By

Agiollo ABardhi EConti MDal Fabbro NLazzeretti R(2024)Anonymous Federated Learning via Named-Data NetworkingFuture Generation Computer Systems10.1016/j.future.2023.11.009152:C(288-303)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1016/j.future.2023.11.009
Yu TMa XXie HKutscher DZhang L(2023)Cornerstone: Automating Remote NDN Entity BootstrappingProceedings of the 18th Asian Internet Engineering Conference10.1145/3630590.3630598(62-68)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3630590.3630598
Davis JCalvert KCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)SoK: On Named Content and Inter-domain RoutingProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623716(55-66)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623716
Yu TMa XXie HKocaoğullar YZhang LCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)A New API in Support of NDN Trust SchemaProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623709(46-54)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623709
Yu TMa XXie HKocaoğullar YZhang LSchulzrinne HWählisch MZhang L(2022)IntertrustProceedings of the 9th ACM Conference on Information-Centric Networking10.1145/3517212.3559489(180-182)Online publication date: 6-Sep-2022
https://dl.acm.org/doi/10.1145/3517212.3559489
Podder PAfanasyev ASchulzrinne HWählisch MZhang L(2022)On improving versatility of Versec trust schemaProceedings of the 9th ACM Conference on Information-Centric Networking10.1145/3517212.3559487(174-176)Online publication date: 6-Sep-2022
https://dl.acm.org/doi/10.1145/3517212.3559487
Podder PAfanasyev A(2022)A Systematic Analysis to Improve Versatility of Versec Trust Schema2022 5th International Conference on Hot Information-Centric Networking (HotICN)10.1109/HotICN57539.2022.10036225(19-24)Online publication date: 24-Nov-2022
https://doi.org/10.1109/HotICN57539.2022.10036225
Patil VMoll PZhang LCarofiglio GOran DOtt JWang L(2021)Supporting pub/sub over NDN syncProceedings of the 8th ACM Conference on Information-Centric Networking10.1145/3460417.3483376(133-135)Online publication date: 22-Sep-2021
https://dl.acm.org/doi/10.1145/3460417.3483376
Papadopoulos CShannigrahi SAfanaseyv ACarofiglio GOran DOtt JWang L(2021)In-vehicle networking with NDNProceedings of the 8th ACM Conference on Information-Centric Networking10.1145/3460417.3483374(127-129)Online publication date: 22-Sep-2021
https://dl.acm.org/doi/10.1145/3460417.3483374
Yu TMoll PZhang ZAfanasyev AZhang L(2021)Enabling Plug-n-Play in Named Data NetworkingMILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM52596.2021.9653033(562-569)Online publication date: 29-Nov-2021
https://dl.acm.org/doi/10.1109/MILCOM52596.2021.9653033
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents