Summary
Trigger-Action platforms are web-based systems that enable users to create automation rules by stitching together online services representing digital and physical resources using OAuth tokens. Unfortunately, these platforms introduce a longrange large-scale security risk: If they are compromised, an attacker can misuse the OAuth tokens belonging to a large number of users to arbitrarily manipulate their devices and data. We introduce Decentralized Action Integrity, a security principle that prevents an untrusted trigger-action platform from misusing compromised OAuth tokens in ways that are inconsistent with any given user’s set of trigger-action rules. We present the design and evaluation of Decentralized Trigger-Action Platform (DTAP), a trigger-action platform that implements this principle by overcoming practical challenges. DTAP splits currently monolithic platform designs into an untrusted cloud service, and a set of user clients (each user only trusts their client). Our design introduces the concept of Transfer Tokens (XTokens) to practically use fine grained rule-specific tokens without increasing the number of OAuth permission prompts compared to current platforms. Our evaluation indicates that DTAP poses negligible overhead: it adds less than 15ms of latency to rule execution time, and reduces throughput by 2.5%.
Research Paper
When referring to our work, please cite it as:
Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, Atul Prakash
Decentralized Action Integrity for Trigger-Action IoT Platforms
22nd Network and Distributed Security Symposium (NDSS 2018), San Diego, CA, Feb 2018
or, use BibTeX for citation:
@InProceedings{dtap18, author = {Earlence Fernandes and Amir Rahmati and Jaeyeon Jung and Atul Prakash}, title = {{Decentralized Action Integrity for Trigger-Action IoT Platforms}}, booktitle = {22nd Network and Distributed Security Symposium (NDSS 2018)}, month = Feb, year = 2018 }