Charger lanes, which are road segments equipped with in-motion wireless chargers, are expected to keep Electric Vehicles (EVs) continuously driving without recharging downtime. To maximize the service efficiency of the in-motion wireless chargers, we must properly coordinate the traffic of the EVs to avoid the generation of congestion at the charger lanes and on the road segments to them. In this article, we propose WPT-Opt, a game-theoretic approach for optimizing in-motion wireless charging efficiency, minimizing EVs’ driving time to the charger, and avoiding traffic congestion at the charger lanes to fulfill this task. We studied a metropolitan-scale dataset of public transportation EVs and observed the EVs’ spatial and temporal preference in selecting chargers, competition for chargers during busy charging times, the relationship between vehicle density and driving velocity on a road segment, the normal distribution of travel time of road segments, and the fact that vehicles have similar frequently driven trajectories. Based on the observations, a central controller estimates the vehicle density of the road segments by measuring the vehicles’ trajectory travel time, the friendship among the vehicles, and the vehicles’ routing choice given the presence of charger lanes. Then, we formulate a non-cooperative Stackelberg game between all the EVs and the central controller, in which each EV aims at minimizing its charging time cost to its selected target charger, while the central controller tries to maximally avoid the generation of congestion on the way through the in-motion wireless chargers. Our trace-driven experiments on SUMO demonstrate that WPT-Opt can maximally reduce the average charging time cost of the EVs by approximately 200% during different hours of a day.
{"title":"Utilizing Game Theory to Optimize In-motion Wireless Charging Service Efficiency for Electric Vehicles","authors":"Li Yan, Haiying Shen","doi":"10.1145/3430194","DOIUrl":"https://doi.org/10.1145/3430194","url":null,"abstract":"Charger lanes, which are road segments equipped with in-motion wireless chargers, are expected to keep Electric Vehicles (EVs) continuously driving without recharging downtime. To maximize the service efficiency of the in-motion wireless chargers, we must properly coordinate the traffic of the EVs to avoid the generation of congestion at the charger lanes and on the road segments to them. In this article, we propose WPT-Opt, a game-theoretic approach for optimizing in-motion wireless charging efficiency, minimizing EVs’ driving time to the charger, and avoiding traffic congestion at the charger lanes to fulfill this task. We studied a metropolitan-scale dataset of public transportation EVs and observed the EVs’ spatial and temporal preference in selecting chargers, competition for chargers during busy charging times, the relationship between vehicle density and driving velocity on a road segment, the normal distribution of travel time of road segments, and the fact that vehicles have similar frequently driven trajectories. Based on the observations, a central controller estimates the vehicle density of the road segments by measuring the vehicles’ trajectory travel time, the friendship among the vehicles, and the vehicles’ routing choice given the presence of charger lanes. Then, we formulate a non-cooperative Stackelberg game between all the EVs and the central controller, in which each EV aims at minimizing its charging time cost to its selected target charger, while the central controller tries to maximally avoid the generation of congestion on the way through the in-motion wireless chargers. Our trace-driven experiments on SUMO demonstrate that WPT-Opt can maximally reduce the average charging time cost of the EVs by approximately 200% during different hours of a day.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 26"},"PeriodicalIF":2.3,"publicationDate":"2021-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3430194","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44809492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Bastos, J. Voeten, S. Stuijk, R. Schiffelers, H. Corporaal
This article presents a modular automaton-based framework to specify flexible manufacturing systems and to optimize the makespan of product batches. The Batch Makespan Optimization (BMO) problem is NP-Hard and optimization can therefore take prohibitively long, depending on the size of the state-space induced by the specification. To tame the state-space explosion problem, we develop an algebra based on automata equivalence and inclusion relations that consider both behavior and structure. The algebra allows us to systematically relate the languages induced by the automata, their state-space sizes, and their solutions to the BMO problem. Further, we introduce a novel constraint-based approach to systematically prune the state-space based on the the notions of nonpermutation-repulsiveness and permutation-attractiveness. We prove that constraining a nonpermutation-repulsing automaton with a permutation-attracting constraint always reduces the state-space. This approach allows us to (i) compute optimal solutions of the BMO problem when the (additional) constraints are taken into account and (ii) compute bounds for the (original) BMO problem (without using the constraints). We demonstrate the effectiveness of our approach by optimizing an industrial wafer handling controller.
{"title":"Taming the State-space Explosion in the Makespan Optimization of Flexible Manufacturing Systems","authors":"J. Bastos, J. Voeten, S. Stuijk, R. Schiffelers, H. Corporaal","doi":"10.1145/3426194","DOIUrl":"https://doi.org/10.1145/3426194","url":null,"abstract":"This article presents a modular automaton-based framework to specify flexible manufacturing systems and to optimize the makespan of product batches. The Batch Makespan Optimization (BMO) problem is NP-Hard and optimization can therefore take prohibitively long, depending on the size of the state-space induced by the specification. To tame the state-space explosion problem, we develop an algebra based on automata equivalence and inclusion relations that consider both behavior and structure. The algebra allows us to systematically relate the languages induced by the automata, their state-space sizes, and their solutions to the BMO problem. Further, we introduce a novel constraint-based approach to systematically prune the state-space based on the the notions of nonpermutation-repulsiveness and permutation-attractiveness. We prove that constraining a nonpermutation-repulsing automaton with a permutation-attracting constraint always reduces the state-space. This approach allows us to (i) compute optimal solutions of the BMO problem when the (additional) constraints are taken into account and (ii) compute bounds for the (original) BMO problem (without using the constraints). We demonstrate the effectiveness of our approach by optimizing an industrial wafer handling controller.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 26"},"PeriodicalIF":2.3,"publicationDate":"2021-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3426194","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43644889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Nagarathinam, Arunchandar Vasan, V. Sarangan, Rajesh Jayaprakash, A. Sivasubramaniam
Increasing real estate and other infrastructure costs have resulted in the trend of co-working offices where users pay as they use for individual desks. Co-working offices that provide personalized comfort need to address users with potentially widely varying thermal comfort preferences. Providing personalized comfort in cabins separated by physical partitions with neighboring thermal zones or open-plan offices with a single actuator has received attention in the literature. In this article, the problem of minimizing user discomfort in open-plan co-working offices with multiple actuators while being cognizant of the energy consumed is considered. Specifically, the decision problems of assigning users to desks based on their thermal preferences and jointly controlling the multiple actuators are addressed. The non-linearities in the underlying thermodynamic constraints and the seating decision together make the problem computationally hard. A two-step heuristic that addresses these issues is presented. First, using a model that accounts for spatio-temporal thermodynamics, a one-time assignment of users to desks is performed that reduces the thermal resistance faced by the HVAC systems to provide the preferred comfort levels. Next, the setpoints are decided for all actuators to jointly minimize user discomfort by optimization and model-predictive control. Further, scalability is addressed by clustering user preferences and the associated HVAC actuators’ setpoints for the cases where a large number of actuators may be present in the room.
{"title":"User Placement and Optimal Cooling Energy for Co-working Building Spaces","authors":"S. Nagarathinam, Arunchandar Vasan, V. Sarangan, Rajesh Jayaprakash, A. Sivasubramaniam","doi":"10.1145/3432818","DOIUrl":"https://doi.org/10.1145/3432818","url":null,"abstract":"Increasing real estate and other infrastructure costs have resulted in the trend of co-working offices where users pay as they use for individual desks. Co-working offices that provide personalized comfort need to address users with potentially widely varying thermal comfort preferences. Providing personalized comfort in cabins separated by physical partitions with neighboring thermal zones or open-plan offices with a single actuator has received attention in the literature. In this article, the problem of minimizing user discomfort in open-plan co-working offices with multiple actuators while being cognizant of the energy consumed is considered. Specifically, the decision problems of assigning users to desks based on their thermal preferences and jointly controlling the multiple actuators are addressed. The non-linearities in the underlying thermodynamic constraints and the seating decision together make the problem computationally hard. A two-step heuristic that addresses these issues is presented. First, using a model that accounts for spatio-temporal thermodynamics, a one-time assignment of users to desks is performed that reduces the thermal resistance faced by the HVAC systems to provide the preferred comfort levels. Next, the setpoints are decided for all actuators to jointly minimize user discomfort by optimization and model-predictive control. Further, scalability is addressed by clustering user preferences and the associated HVAC actuators’ setpoints for the cases where a large number of actuators may be present in the room.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 24"},"PeriodicalIF":2.3,"publicationDate":"2021-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3432818","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44250507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Internet of Things (IoT) deployments have been growing manifold, encompassing sensors, networks, edge, fog, and cloud resources. Despite the intense interest from researchers and practitioners, most do not have access to large-scale IoT testbeds for validation. Simulation environments that allow analytical modeling are a poor substitute for evaluating software platforms or application workloads in realistic computing environments. Here, we propose a virtual environment for validating Internet of Things at large scales (VIoLET), an emulator for defining and launching large-scale IoT deployments within cloud VMs. It allows users to declaratively specify container-based compute resources that match the performance of native IoT compute devices using Docker. These can be inter-connected by complex topologies on which bandwidth and latency rules are enforced. Users can configure synthetic sensors for data generation as well. We also incorporate models for CPU resource dynamism, and for failure and recovery of the underlying devices. We offer a detailed comparison of VIoLET’s compute and network performance between the virtual and physical deployments, evaluate its scaling with deployments with up to 1,000 devices and 4, 000 device-cores, and validate its ability to model resource dynamism. Our extensive experiments show that the performance of the virtual IoT environment accurately matches the expected behavior, with deviations levels within what is seen in actual physical devices. It also scales to 1, 000s of devices and at a modest cloud computing costs of under 0.15% of the actual hardware cost, per hour of use, with minimal management effort. This IoT emulation environment fills an essential gap between IoT simulators and real deployments.
{"title":"VIoLET: An Emulation Environment for Validating IoT Deployments at Large Scales","authors":"Shrey Baheti, Shreyas Badiger, Yogesh L. Simmhan","doi":"10.1145/3446346","DOIUrl":"https://doi.org/10.1145/3446346","url":null,"abstract":"Internet of Things (IoT) deployments have been growing manifold, encompassing sensors, networks, edge, fog, and cloud resources. Despite the intense interest from researchers and practitioners, most do not have access to large-scale IoT testbeds for validation. Simulation environments that allow analytical modeling are a poor substitute for evaluating software platforms or application workloads in realistic computing environments. Here, we propose a virtual environment for validating Internet of Things at large scales (VIoLET), an emulator for defining and launching large-scale IoT deployments within cloud VMs. It allows users to declaratively specify container-based compute resources that match the performance of native IoT compute devices using Docker. These can be inter-connected by complex topologies on which bandwidth and latency rules are enforced. Users can configure synthetic sensors for data generation as well. We also incorporate models for CPU resource dynamism, and for failure and recovery of the underlying devices. We offer a detailed comparison of VIoLET’s compute and network performance between the virtual and physical deployments, evaluate its scaling with deployments with up to 1,000 devices and 4, 000 device-cores, and validate its ability to model resource dynamism. Our extensive experiments show that the performance of the virtual IoT environment accurately matches the expected behavior, with deviations levels within what is seen in actual physical devices. It also scales to 1, 000s of devices and at a modest cloud computing costs of under 0.15% of the actual hardware cost, per hour of use, with minimal management effort. This IoT emulation environment fills an essential gap between IoT simulators and real deployments.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"25:1-25:39"},"PeriodicalIF":2.3,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3446346","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"64037409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abdelaziz Khaled, Samir Ouchani, Z. Tari, K. Drira
Industrial cyber-physical systems (ICPS) are heterogeneous inter-operating parts that can be physical, technical, networking, and even social like agent operators. Incrementally, they perform a central role in critical and industrial infrastructures, governmental, and personal daily life. Especially with the Industry 4.0 revolution, they became more dependent on the connectivity by supporting novel communication and distance control functionalities, which expand their attack surfaces that result in a high risk for cyber-attacks. Furthermore, regarding physical and social constraints, they may push up new classes of security breaches that might result in serious economic damages. Thus, designing a secure ICPS is a complex task, since this needs to guarantee security and harmonize the functionalities between the various parts that interact with different technologies. This article highlights the significance of cyber-security infrastructure and shows how to evaluate, prevent, and mitigate ICPS-based cyber-attacks. We carried out this objective by establishing an adequate semantics for ICPS’s entities and their composition, which includes social actors that act differently than mobile robots and automated processes. This article also provides the feasible attacks generated by a reinforcement learning mechanism based on multiple criteria that selects both appropriate actions for each ICPS component and the possible countermeasures for mitigation. To efficiently analyze ICPS’s security, we proposed a model-checking-based framework that relies on a set of predefined attacks from where the security requirements are used to assess how well the model is secure. Finally, to show the effectiveness of the proposed solution, we model, analyze, and evaluate the ICPS security on two real use cases.
{"title":"Assessing the Severity of Smart Attacks in Industrial Cyber-Physical Systems","authors":"Abdelaziz Khaled, Samir Ouchani, Z. Tari, K. Drira","doi":"10.1145/3422369","DOIUrl":"https://doi.org/10.1145/3422369","url":null,"abstract":"Industrial cyber-physical systems (ICPS) are heterogeneous inter-operating parts that can be physical, technical, networking, and even social like agent operators. Incrementally, they perform a central role in critical and industrial infrastructures, governmental, and personal daily life. Especially with the Industry 4.0 revolution, they became more dependent on the connectivity by supporting novel communication and distance control functionalities, which expand their attack surfaces that result in a high risk for cyber-attacks. Furthermore, regarding physical and social constraints, they may push up new classes of security breaches that might result in serious economic damages. Thus, designing a secure ICPS is a complex task, since this needs to guarantee security and harmonize the functionalities between the various parts that interact with different technologies. This article highlights the significance of cyber-security infrastructure and shows how to evaluate, prevent, and mitigate ICPS-based cyber-attacks. We carried out this objective by establishing an adequate semantics for ICPS’s entities and their composition, which includes social actors that act differently than mobile robots and automated processes. This article also provides the feasible attacks generated by a reinforcement learning mechanism based on multiple criteria that selects both appropriate actions for each ICPS component and the possible countermeasures for mitigation. To efficiently analyze ICPS’s security, we proposed a model-checking-based framework that relies on a set of predefined attacks from where the security requirements are used to assess how well the model is secure. Finally, to show the effectiveness of the proposed solution, we model, analyze, and evaluate the ICPS security on two real use cases.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 28"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3422369","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46231272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu
Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way
{"title":"Introduction to the Special Issue on Security and Privacy for Connected Cyber-physical Systems","authors":"Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu","doi":"10.1145/3431201","DOIUrl":"https://doi.org/10.1145/3431201","url":null,"abstract":"Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 2"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3431201","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47303579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kaushal Kafle, Kevin Moran, Sunil Manandhar, Adwait Nadkarni, D. Poshyvanyk
Home automation platforms enable consumers to conveniently automate various physical aspects of their homes. However, the security flaws in the platforms or integrated third-party products can have serious security and safety implications for the user’s physical environment. This article describes our systematic security evaluation of two popular smart home platforms, Google’s Nest platform and Philips Hue, which implement home automation “routines” (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines, and it leads to 11 key findings with serious security implications. We combine several of the vulnerabilities we find to demonstrate the first end-to-end instance of lateral privilege escalation in the smart home, wherein we remotely disable the Nest Security Camera via a compromised light switch app. Finally, we discuss potential defenses, and the impact of the continuous evolution of smart home platforms on the practicality of security analysis. Our findings draw attention to the unique security challenges of smart home platforms and highlight the importance of enforcing security by design.
{"title":"Security in Centralized Data Store-based Home Automation Platforms","authors":"Kaushal Kafle, Kevin Moran, Sunil Manandhar, Adwait Nadkarni, D. Poshyvanyk","doi":"10.1145/3418286","DOIUrl":"https://doi.org/10.1145/3418286","url":null,"abstract":"Home automation platforms enable consumers to conveniently automate various physical aspects of their homes. However, the security flaws in the platforms or integrated third-party products can have serious security and safety implications for the user’s physical environment. This article describes our systematic security evaluation of two popular smart home platforms, Google’s Nest platform and Philips Hue, which implement home automation “routines” (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines, and it leads to 11 key findings with serious security implications. We combine several of the vulnerabilities we find to demonstrate the first end-to-end instance of lateral privilege escalation in the smart home, wherein we remotely disable the Nest Security Camera via a compromised light switch app. Finally, we discuss potential defenses, and the impact of the continuous evolution of smart home platforms on the practicality of security analysis. Our findings draw attention to the unique security challenges of smart home platforms and highlight the importance of enforcing security by design.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 27"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418286","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45931072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
C. Ardagna, Rasool Asal, E. Damiani, Nabil El Ioini, Mehdi Elahi, C. Pahl
Internet of Things (IoT) is composed of physical devices, communication networks, and services provided by edge systems and over-the-top applications. IoT connects billions of devices that collect data from the physical environment, which are pre-processed at the edge and then forwarded to processing services at the core of the infrastructure, on top of which cloud-based applications are built and provided to mobile end users. IoT comes with important advantages in terms of applications and added value for its users, making their world smarter and simpler. These advantages, however, are mitigated by the difficulty of guaranteeing IoT trustworthiness, which is still in its infancy. IoT trustworthiness is a must especially in critical domains (e.g., health, transportation) where humans become new components of an IoT system and their life is put at risk by system malfunctioning or breaches. In this article, we put forward the idea that trust in IoT can be boosted if and only if its automation and adaptation processes are based on trustworthy data. We therefore depart from a scenario that considers the quality of a single decision as the main goal of an IoT system and consider the trustworthiness of collected data as a fundamental requirement at the basis of a trustworthy IoT environment. We therefore define a methodology for data collection that filters untrusted data out according to trust rules evaluating the status of the devices collecting data and the collected data themselves. Our approach is based on blockchain and smart contracts and collects data whose trustworthiness and integrity are proven over time. The methodology balances trustworthiness and privacy and is experimentally evaluated in real-world and simulated scenarios using Hyperledger fabric blockchain.
物联网(Internet of Things, IoT)是由物理设备、通信网络以及边缘系统和顶级应用提供的服务组成的。物联网连接了数十亿个设备,这些设备从物理环境中收集数据,这些数据在边缘进行预处理,然后转发到基础设施核心的处理服务,在此基础上构建基于云的应用程序并提供给移动终端用户。物联网在应用和用户附加值方面具有重要优势,使他们的世界更智能、更简单。然而,这些优势因保证物联网可信度的困难而减弱,物联网仍处于起步阶段。物联网的可信度是必须的,特别是在关键领域(例如,健康,运输),在这些领域,人类成为物联网系统的新组成部分,他们的生命因系统故障或漏洞而面临风险。在本文中,我们提出了这样一种观点,即当且仅当物联网的自动化和适应过程基于可信数据时,才能提高对物联网的信任。因此,我们脱离了将单个决策的质量视为物联网系统主要目标的场景,并将收集数据的可信度视为可信赖物联网环境基础上的基本要求。因此,我们定义了一种数据收集方法,根据评估收集数据的设备和收集的数据本身的状态的信任规则过滤掉不受信任的数据。我们的方法是基于区块链和智能合约,并收集数据,这些数据的可信度和完整性随着时间的推移而得到证明。该方法平衡了可信度和隐私性,并使用Hyperledger fabric区块链在真实世界和模拟场景中进行了实验评估。
{"title":"From Trustworthy Data to Trustworthy IoT","authors":"C. Ardagna, Rasool Asal, E. Damiani, Nabil El Ioini, Mehdi Elahi, C. Pahl","doi":"10.1145/3418686","DOIUrl":"https://doi.org/10.1145/3418686","url":null,"abstract":"Internet of Things (IoT) is composed of physical devices, communication networks, and services provided by edge systems and over-the-top applications. IoT connects billions of devices that collect data from the physical environment, which are pre-processed at the edge and then forwarded to processing services at the core of the infrastructure, on top of which cloud-based applications are built and provided to mobile end users. IoT comes with important advantages in terms of applications and added value for its users, making their world smarter and simpler. These advantages, however, are mitigated by the difficulty of guaranteeing IoT trustworthiness, which is still in its infancy. IoT trustworthiness is a must especially in critical domains (e.g., health, transportation) where humans become new components of an IoT system and their life is put at risk by system malfunctioning or breaches. In this article, we put forward the idea that trust in IoT can be boosted if and only if its automation and adaptation processes are based on trustworthy data. We therefore depart from a scenario that considers the quality of a single decision as the main goal of an IoT system and consider the trustworthiness of collected data as a fundamental requirement at the basis of a trustworthy IoT environment. We therefore define a methodology for data collection that filters untrusted data out according to trust rules evaluating the status of the devices collecting data and the collected data themselves. Our approach is based on blockchain and smart contracts and collects data whose trustworthiness and integrity are proven over time. The methodology balances trustworthiness and privacy and is experimentally evaluated in real-world and simulated scenarios using Hyperledger fabric blockchain.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 26"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418686","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41546292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Location-based services are one of the most important services offered by mobile social networks. Offering this kind of service requires accessing the physical position of users together with the access authorizations, i.e., who is authorized to access what information. However, these physical positions and authorizations are sensitive information that have to be kept secret from any adversary, including the service providers. As far as we know, the problem of offering location-based services in mobile social networks with a revocation feature under collusion assumption, i.e., an adversary colludes with the service provider, has not been studied. In this article, we show how to solve this problem in the example of range queries. Specifically, we guarantee any adversary, including the service provider, is not able to learn (1) the physical position of the users, (2) the distance between his position and that of the users, and (3) whether two users are allowed to learn the distance between them. We propose two approaches, namely, two-layer symmetric encryption and two-layer attribute-based encryption. The main difference between them is that they use, among other encryption schemes, symmetric and attribute-based encryption, respectively. Next, we prove the secrecy guarantees of both approaches, analyze their complexity, and provide experiments to evaluate their performance in practice.
{"title":"Preserving Secrecy in Mobile Social Networks","authors":"Gabriela Suntaxi, A. A. E. Ghazi, Klemens Böhm","doi":"10.1145/3396071","DOIUrl":"https://doi.org/10.1145/3396071","url":null,"abstract":"Location-based services are one of the most important services offered by mobile social networks. Offering this kind of service requires accessing the physical position of users together with the access authorizations, i.e., who is authorized to access what information. However, these physical positions and authorizations are sensitive information that have to be kept secret from any adversary, including the service providers. As far as we know, the problem of offering location-based services in mobile social networks with a revocation feature under collusion assumption, i.e., an adversary colludes with the service provider, has not been studied. In this article, we show how to solve this problem in the example of range queries. Specifically, we guarantee any adversary, including the service provider, is not able to learn (1) the physical position of the users, (2) the distance between his position and that of the users, and (3) whether two users are allowed to learn the distance between them. We propose two approaches, namely, two-layer symmetric encryption and two-layer attribute-based encryption. The main difference between them is that they use, among other encryption schemes, symmetric and attribute-based encryption, respectively. Next, we prove the secrecy guarantees of both approaches, analyze their complexity, and provide experiments to evaluate their performance in practice.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 29"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3396071","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47817053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: