Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced -- IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals' privacy or service integrity. To address such concerns, we propose IoT Notary, a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable `proof-of-integrity,' based on which a verifier can attest that captured sensor data adheres to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at the University of California Irvine to provide various real-time location-based services on the campus. We present extensive experiments over realtime WiFi connectivity data to evaluate IoT Notary, and the results show that IoT Notary imposes nominal overheads. The secure logs only take 21% more storage, while users can verify their one day's data in less than two seconds even using a resource-limited device.
翻译:智能建筑等当代IoT环境要求终端用户信任系统公布的数据采集规则。这种信任不到位有几个原因:IoT系统可能故意违反规则,或者IoT设备可能因网络攻击而将用户数据转移给恶意第三方,导致个人隐私或服务完整性的丧失。为了解决这些关切,我们提议IoT Notary,这是一个确保信任IoT系统和应用的框架。IoT Notary提供对实时传感器数据进行安全登录的登录,以便产生一个可核查的“防腐性”,核查者可以据此证明所捕获的传感器数据符合已公布的数据采集规则。IoT Notary是TIPERS的一个组成部分,这是一个智能空间系统,已在加利福尼亚Irvine大学部署,以提供各种基于实时定位的校园服务。我们通过实时WiFi连接数据进行广泛的实验,以评价IoT Notary,结果显示IoTary每天必须达到标称的顶部数据,而其存储时间比其存储时间要少两秒钟,但安全记录只能用21号数据,而仅用不到21秒。