Policy-based Smart Home Management

Overview

In smart home management, the necessity to balance convenience and privacy becomes critical. As more homes become "smarter," with various devices from different manufacturers interconnected and communicating, the potential for privacy intrusions grows.

The thesis is based on the scope of the SHIFT project, which stands for Secure Home Integrated Framework and Tools. It builds upon a previous thesis where the focus was on detecting intelligent home device traffic by intercepting DNS (Domain Name System) requests. A DNS request is made to translate a URL, such as www.mysmartdevice.com, into an IP address, indicating that the device sends data for cloud processing. In this context, this data transmission could be considered a privacy breach, even though the data is sent using a secure transport protocol, such as HTTPS.

Within the scope of this thesis, the use of policies becomes necessary to define the scope or perimeter within which specific applications can communicate with cloud services. By focusing on high-level policies, or "intents", the project aims to make these privacy protections more user-friendly. In this context, the intent is considered a high-level policy, such as a user-expressed desire, which translates into system actions to allow or restrict device traffic. A practical example would be: "I want to block the external traffic of all IP cameras" or “Allow only a temperature sensor to send data externally.” This should be translated into a rule that interacts with one or more components, for instance, a firewall, to implement the rule.

The objectives of the thesis are as follows:

• To conduct an overview of the state-of-the-art in smart home device management, focusing on user privacy and device security. Furthermore, to provide the necessary background related to policy-based and intent-based network management.
• To propose the design of a component to be integrated into the current system, which was proposed in a previous thesis, to effectuate policy-based management. In this regard, it is necessary to elicit technical requirements that should be observed in practice regarding performance (considering that the system should be run on a Raspberry Pi or similar device).
• To evaluate the system through the experimentation of the prototype, assessing how these policies are applied, going through their translation until they are implemented in, for example, a network firewall. Performance-related aspects are observed.

References

• Komninos, N., Philippou, E., & Pitsillides, A. (2014). "Survey in Smart Grid and Smart Home Security: Issues, Challenges and Countermeasures." IEEE Communications Surveys & Tutorials, 16(4), 1933–1954.
• Stojkoska, B. L. R., & Trivodaliev, K. V. (2017). "A Review of Internet of Things for Smart Home: Challenges and Solutions." Journal of Cleaner Production, 140, 1454–1464.
• Tabassum, M., Kosinski, T., & Lipford, H. R. (2019). "I Don’t Own the Data: End User Perceptions of Smart Home Device Data Practices and Risks." In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), 435–450.
• Zheng, S., Apthorpe, N., Chetty, M., & Feamster, N. (2018). "User Perceptions of Smart Home IoT Privacy." Proceedings of the ACM on Human-computer Interaction, 2(CSCW), 1–20.
• Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G., & Baldini, G. (2017). "Security and Privacy Issues for an IoT based Smart Home." In 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE, 1292–1297.
• Pi-Hole. (2023). "Pi-hole Network-wide Ad Blocking." Accessed February 5, 2023. URL.https://pi-hole.net/