Internet of Things (IoT) platforms enable users to deploy home automation applications. Meanwhile, privacy issues arise as large amounts of sensitive device data flow out to IoT platforms. Most of the data flowing out to a platform actually do not trigger automation actions, while homeowners currently have no control once devices are bound to the platform. We present PFirewall, a customizable data-flow control system to enhance the privacy of IoT platform users. PFirewall automatically generates data-minimization policies, which only disclose minimum amount of data to fulfill automation. In addition, PFirewall provides interfaces for homeowners to customize individual privacy preferences by defining user-specified policies. To enforce these policies, PFirewall transparently intervenes and mediates the communication between IoT devices and the platform, without modifying the platform, IoT devices, or hub. Evaluation results on four real-world testbeds show that PFirewall reduces IoT data sent to the platform by 97% without impairing home automation, and effectively mitigates user-activity inference/tracking attacks and other privacy risks.
翻译:同时,随着大量敏感设备数据流到IoT平台,出现了隐私问题。大部分流到平台的数据实际上不会触发自动化行动,而拥有者目前一旦装置被绑在平台上就无法控制。我们展示了可定制的数据流控制系统PFirewail,这是一个可定制的数据流控制系统,以提高IoT平台用户的隐私。PFirewall自动生成数据最小化政策,仅披露最低限度的数据量,用于实现自动化。此外,PFirewall为房主提供界面,通过界定用户指定政策,使个人隐私偏好定制化。为了执行这些政策,PFirewal透明干预,并在不修改平台、IoT装置或枢纽的情况下,对IoT装置和平台之间的通信进行调解。四个真实世界测试床的评估结果显示,PFirewall将发送到平台的IoT数据减少97%,而不损害家庭自动化,并有效减少用户在引用/跟踪攻击和其他隐私风险方面的主动性。