Trust but Verify: Auditing the Secure Internet of Things
作者: Judson Wilson , Riad S. Wahby , Henry Corrigan-Gibbs , Dan Boneh , Philip Levis
关键词:
摘要: Internet-of-Things devices often collect and transmit sensitive information like camera footage, health monitoring data, or whether someone is home. These protect data in transit with end-to-end encryption, typically using TLS connections between associated cloud services. But these also prevent device owners from observing what their own are saying about them. Unlike traditional Internet applications, where the end user controls one of a connection (e.g., web browser) can observe its communication, vendors control software both cloud. As result, have no way to audit behavior devices, leaving them little choice but hope that transmitting only they should. This paper presents TLS--Rotate Release (TLS-RaR), system allows consumers, security researchers, consumer watchdogs) authorize called auditors, decrypt verify recent traffic without compromising future traffic. prior work, TLS-RaR requires changes TLS's wire format cipher suites, it device's owner conduct surprise inspection traffic, notice communications will be audited.
acm.org
sci-hub.se 参考文章(38)
Gaurav Shah, Andres Molina, Matt Blaze, Keyboards and covert channels usenix security symposium. pp. 5- ,(2006)
David A. McGrew, John Viega, The Galois/Counter Mode of Operation (GCM) ,(2005)
Amir Houmansadr, Nikita Borisov, CoCo: coding-based covert timing channels for network flows information hiding. pp. 314- 328 ,(2011) , 10.1007/978-3-642-24178-9_22
Ryan Singel, Whistle-Blower Outs NSA Spy Room ,(2007)
Yali Liu, Dipak Ghosal, Frederik Armknecht, Ahmad-Reza Sadeghi, Steffen Schulz, Stefan Katzenbeisser, Hide and seek in time: robust covert timing channels european symposium on research in computer security. pp. 120- 135 ,(2009) , 10.1007/978-3-642-04444-1_8
Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue, A Messy State of the Union: Taming the Composite State Machines of TLS 2015 IEEE Symposium on Security and Privacy. ,vol. 60, pp. 535- 552 ,(2015) , 10.1109/SP.2015.39
Mihir Bellare, Alexandra Boldyreva, Adam O’Neill, Deterministic and Efficiently Searchable Encryption Advances in Cryptology - CRYPTO 2007. pp. 535- 552 ,(2007) , 10.1007/978-3-540-74143-5_30
Hugo Krawczyk, Perfect Forward Secrecy. Encyclopedia of Cryptography and Security (2nd Ed.). pp. 921- 922 ,(2005)
Nickolai Zeldovich, Raluca Ada Popa, Hari Balakrishnan, Steven Valdez, Jonas Helfer, Emily Stark, M. Frans Kaashoek, Building web applications on top of encrypted data using Mylar networked systems design and implementation. pp. 157- 172 ,(2014) , 10.5555/2616448.2616464
Karthikeyan Bhargavan, Antoine Delignat Lavaud, Cedric Fournet, Alfredo Pironti, Pierre Yves Strub, Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS ieee symposium on security and privacy. pp. 98- 113 ,(2014) , 10.1109/SP.2014.14