Internet of Things (IoT)
Best Practices in IoT
Currently, Internet of Things (IoT) security appears to depend on the kindness of strangers, especially as a single vulnerable device in an IoT network can lead to loss of information from other devices as well. In response, a range of organizations have published best practices for producing secure IoT devices. These organizations range from governmental organizations (like Federal Trade Commission) to international organizations (like Online Trust Alliance.)
Traditional security threats are still relevant in the Internet of Things (IoT). Yet traditional security threat models are inadequate for technologies that act upon our homes, families, and even pets. One response to the inadequacy of traditional threat models has been the creation of IoT best practices. These best practices have been created to answer the traditional and modern security threats relating to both computer systems in general and threats relating to IoT devices specifically. In our IoT project, we look to evaluate these best practices and see how effective they are in regards to minimizing vulnerabilities in the current IoT world.
Our first contribution is to provide case studies of security issues in two very different consumer IoT hubs. We enumerate a union of the best practices from the guidelines that existed at the time of the analysis, illustrating in which cases they would have mitigated or prevented the vulnerabilities we identified. We illustrate that the extant best practices, if properly used, could have mitigated some of the vulnerabilities. We note where a simple Boolean check box is an inadequate measure. We also mention our disclosure efforts and how the companies responded and reacted to the disclosures.
Publications
Articles in journals or book chapters (4) |
-
Behnood Momenzadeh,
Helen Dougherty,
Matthew Remmel,
Steven Myers,
and L Jean Camp.
Best Practices Would Make Things Better in the IoT.
IEEE Security & Privacy,
2020.
Keywords: IoT. [bibtex-entry] -
Shakthidhar Reddy Gopavaram,
Jayati Dev,
Sanchari Das,
and Jean Camp.
IoTMarketplace: Informing Purchase Decisions with Risk Communication.
2019.
Keywords: IoT, Mental Models, Mobile Privacy. [bibtex-entry] -
L. Jean Camp and Kalpana Shankar.
Constructing the Older User in Home-Based Ubiquitous Computing.
The Social Impact of Social Computing,
pp 110,
2011.
Note: Sheffield Hallam University.
Keywords: Aging, Privacy, IoT. [bibtex-entry] -
Kay Connelly and L. Jean Camp.
Beyond Consent: Privacy in Ubiquitous Computing (Ubicomp).
In Digital Privacy: Theory, Technologies and Practices eds,
pages 332--348.
Auerbach Publications,
2007.
Keywords: Aging, Human-Centered Computing, user studies, Privacy, IoT. [bibtex-entry]
Conference publications (19) |
-
Jacob Abbott,
Jayati Dev,
DongInn Kim,
Shakthidhar Reddy Gopavaram,
Meera Iyer,
Shivani Sadam,
Shirang Mare,
Tatiana Ringenberg,
Vafa Andalibi,
and L. Jean Camp.
Kids, Cats, and Control: Designing Privacy and Security Dashboards for IoT Home Devices.
In Proceedings of the Symposium on Usable Security and Privacy (USEC) 2023,
USEC '23,
San Diego, CA, USA,
2023.
Keywords: Security, user interviews, smart home, IoT. [bibtex-entry] -
Jacob Abbott,
Jayati Dev,
Donginn Kim,
Shakthidhar Gopavaram,
Meera Iyer,
Shivani Sadam,
Shrirang Mare,
Tatiana Ringenberg,
Vafa Andalibi,
and L. Jean Camp.
Privacy Lessons Learnt from Deploying an IoT Ecosystem in the Home.
In Proceedings of the 2022 European Symposium on Usable Security,
EuroUSEC '22,
New York, NY, USA,
pages 98–110,
2022.
Association for Computing Machinery.
Keywords: Security, user interviews, smart home, IoT, 2FA, privacy. [bibtex-entry] -
Joshua Streiff,
Naheem Noah,
and Sanchari Das.
A Call for a New Privacy and Security Regime for IoT Smart Toys.
In IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022),
2022.
IEEE.
Keywords: IoT. [bibtex-entry] -
L Jean Camp,
Shakthidhar Gopavaram,
Jayati Dev,
and Ece Gumusel.
Lessons for Labeling from Risk communication.
In Workshop and Call for Papers on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software,
September 2021.
Keywords: Privacy and Security Labels, IoT. [bibtex-entry] -
Jayati Dev,
Shakthidhar Gopavaram,
Ece Gumusel,
and L Jean Camp.
A Consumer-focused Modular Approach to Labeling IoT Devices and Software.
In Workshop and Call for Papers on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software,
September 2021.
Keywords: Privacy and Security Labels, IoT. [bibtex-entry] -
Shakthidhar Gopavaram,
Jayati Dev,
Ece Gumusel,
and L Jean Camp.
Going Beyond Labels.
In Workshop and Call for Papers on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software,
September 2021.
Keywords: Privacy and Security Labels, IoT. [bibtex-entry] -
Vafa Andalibi,
Jayati Dev,
DongInn Kim,
Eliot Lear,
and Jean Camp.
Making Access Control Easy in IoT.
In IFIP International Symposium on Human Aspects of Information Security & Assurance,
June 2021.
Keywords: IoT, MUD, MUD-Visualizer. [bibtex-entry] -
Shakthidhar Gopavaram,
Jayati Dev,
Sanchari Das,
and L Jean Camp.
IoT Marketplace: Willingness-To-Pay vs. Willingness-To-Accept.
In Proceedings of the 20th Annual Workshop on the Economics of Information Security (WEIS 2021),
June 2021.
Keywords: IoT, Privacy Labels, Marketplace, Psychological Biases. [bibtex-entry] -
Vafa Andalibi,
Eliot Lear,
DongInn Kim,
and Jean Camp.
On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment.
In 5th EAI International Conference on Safety and Security in Internet of Things, SaSeIoT,
May 2021.
Springer.
Keywords: IoT, MUD, MUD-Visualizer. [bibtex-entry] -
DongInn Kim,
Vafa Andalibi,
and L Jean Camp.
Protecting IoT Devices through Localized Detection of BGP Hijacks for Individual Things.
In SafeThings 2021,
Oakland,
May 2021.
IEEE Workshop on the Internet of Safe Things.
Keywords: Fingerprinting, IoT. [bibtex-entry] -
Vafa Andalibi,
Jayati Dev,
DongInn Kim,
Eliot Lear,
and L Jean Camp.
Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD).
In Annual Computer Security Applications Conference,
pages 337--348,
2021.
Keywords: MUD, access control, IoT, user studies. [bibtex-entry] -
Hilda Hadan and Sameer Patil.
Understanding Perceptions of Smart Devices.
In International Conference on Financial Cryptography and Data Security,
08 2020.
Keywords: IoT. [bibtex-entry] -
DongInn Kim,
Vafa Andalibi,
and L Jean Camp.
Fingerprinting Edge and Cloud Services in IoT.
In Systematic Approaches to Digital Forensic Engineering,
City University of New York (CUNY), New York City,
May 2020.
IEEE Computer Society.
Keywords: Fingerprinting, IoT. [bibtex-entry] -
Vafa Andalibi,
DongInn Kim,
and L. Jean Camp.
Throwing MUD into the FOG: Defending IoT and Fog by expanding MUD to Fog network.
In 2nd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 19),
Renton, WA,
July 2019.
USENIX Association.
Keywords: MUD, IoT. [bibtex-entry] -
Jacob Abbott,
Gege Gao,
and Patrick Shih.
Creen: A Carbon Footprint Calculator Designed for Calculation in Context.
In International Conference on Information,
pages 769--776,
2019.
Springer.
Keywords: Sustainability, IoT, HCI. [bibtex-entry] -
Joshua Streiff,
Sanchari Das,
and Joshua Cannon.
Overpowered and Underprotected Toys Empowering Parents with Tools to Protect Their Children.
In IEEE HUMANS AND CYBER SECURITY WORKSHOP (HACS 2019),
2019.
IEEE.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff,
Connie Justice,
and L Jean Camp.
Escaping to Cybersecurity Education: Using Manipulative Challenges to Engage and Educate.
In Proceedings of the 13th European Conference on Games Based Learning,
pages 1046--1050,
2019.
ACPI.
Keywords: IoT. [bibtex-entry] -
Andrew Dingman,
Gianpaolo Russo,
George Osterholt,
Tyler Uffelman,
and L. Jean Camp.
Good Advice That Just Doesn't Help.
In 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI),
pages 289--291,
2018.
IEEE.
Keywords: Mental Models, IoT, Governance. [bibtex-entry] -
Joshua Streiff,
Olivia Kenny,
Sanchari Das,
Andrew Leeth,
and L Jean Camp.
Who's Watching Your Child? Exploring Home Security Risks with Smart Toy Bears.
In Internet-of-Things Design and Implementation (IoTDI), 2018 IEEE/ACM Third International Conference on,
pages 285--286,
2018.
IEEE.
Keywords: IoT. [bibtex-entry]
Posters and Presentations (15) |
-
Joshua Streiff,
Tatiana Ringenberg,
Jayati Dev,
and L.Jean Camp.
Everyone’s Flag: Using Entry Level Capture the Flag to Engage Low SES Student Groups.
ECGBL,
October 2022.
Keywords: IoT. [bibtex-entry] -
Laura Calloway.
Harm Reduction for Internet of Things Devices.
Presentation at Annual Meeting of Society For Social Studies Of Science (4S, 2021), Toronto, CA, Virtual,
October 2021.
Keywords: privacy, health, IoT, surveillance. [bibtex-entry] -
Corey Allen and Joshua Streiff.
Sleeping Alone: Detecting and Countering Hidden Cameras in AirBnB Environments.
IU GROUPS STEM Poster (IN),
July 2021.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff.
Finding Alice & Bob: Using BLE to Locate Victims & First Responders in Buildings.
IU IDER Poster (IN),
July 2021.
Keywords: IoT. [bibtex-entry] -
Andy Puga and Joshua Streiff.
Hunting for the Internet of Things: An Educational BLE Scavanger Hunt Game.
IU GROUPS STEM Poster (IN),
July 2020.
Keywords: IoT. [bibtex-entry] -
Lizbeth Roque,
Emily Sung,
and Joshua Streiff.
Gaming For Cyber Kids: Building Manipulative Cyber Educational Games for Grades 7th-8th.
IU GROUPS STEM Poster (IN),
July 2020.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff,
Vafa Andalibi,
and Sanchari Das.
Securtle: The Security Turtle.
A Bsides STL Workshop,
September 2019.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff,
Vafa Andalibi,
and Sanchari Das.
Eyes In Your Child’s Bedroom: Exploiting Child Data Risks with Smart Toys.
A Bsides MSP Workshop,
September 2019.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff.
Practical Cybersecurity and Manipulative Gaming Education.
A Flipping the Switch! Cybersecurity Workshop Session at Indiana Department of Education Workshop,
September 2019.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff.
Bears, Unicorns, & Crockpots, Oh My! An Introduction to Internet of Things (IoT) Threat Modeling Education.
An AI & Connected Conference Workshop,
September 2019.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff.
Educational Hacking Using Command Line & Bluetooth Low Energy.
An Avon STEM Educator Leadership Day Workshop,
September 2019.
Keywords: IoT. [bibtex-entry] -
Niang Chin,
Joshua Streiff,
and Sameer Patil.
The Overly Friendly Crockpot.
Trusted CI Poster Session (IL),
July 2019.
Keywords: IoT. [bibtex-entry] -
Nathaly Reynaga,
Behnod Momensadeh,
Joshua Streiff,
and Sameer Patil.
The One Where Patty Trusted Her Printer: The Threat of IoT Printers.
IU GROUPS STEM Poster (IN),
July 2019.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff.
Capturing Education: CTF and IoT in K-12 Education.
A Luddy Hall Pathfinders Workshop,
July 2019.
Keywords: IoT. [bibtex-entry] -
Joshua Streiff.
How Santa knows if you are Naughty or Nice: How your IoT toys can spy on you.
A SPICE Colloquium Speaker Series,
September 2018.
Keywords: IoT. [bibtex-entry]