Towards Efficient Device-State Integrity Verification in Smart Homes using Device-App Causality Relationships

Abstract

The device-state in smart homes depends on both its physical channel (sensing and actuating in the environment) and its cyber-physical channel (interactions with apps and other devices). Ensuring device-state integrity is crucial for proper operation but can be compromised by security threats from devices, apps, and their interactions due to vulnerabilities and misconfigurations, posing risks to users. Existing works focus on either devices or apps, but none comprehensively address device-state integrity across device-app interactions. Furthermore, there exist several challenges in offering device-state integrity verification for smart homes. First, efficiently and comprehensively collecting data (that is an essential verification step) becomes more difficult as code instrumentation (used in several existing works) becomes impossible by changes in platform design and existing logging mechanisms (if any) generate humongous amount of data (including security unaware data). Second, efficiently and accurately verifying the device state integrity needs device-specific analysis to account for all interacting apps and devices. In this thesis, we tackle these challenges by presenting an efficient device-state integrity verification approach for smart homes. Specifically, our key ideas are to: model the interactions of all components in a smart home using causality relationships that affect a specific device, and verify device state based on this model. We implement our approach on SmartThings, build a new smart home dataset, and evaluate its effectiveness (e.g., 81.34% reduction in verification time and 56.49% reduction in response time)