SocIoTy: Practical Cryptography in Smart Home Contexts
Authors: Tushar M. Jois (City College of New York), Gabrielle Beck (Johns Hopkins University), Sofia Belikovetsky (Johns Hopkins University), Joseph Carrigan (Johns Hopkins University), Alishah Chator (Boston University), Logan Kostick (Johns Hopkins University), Maximilian Zinkus (Johns Hopkins University), Gabriel Kaptchuk (Boston University), Aviel D. Rubin (Johns Hopkins University)
Volume: 2024
Issue: 1
Pages: 447–464
DOI: https://doi.org/10.56553/popets-2024-0026
Abstract: Smartphones form an important source of trust in modern computing. But, while their mobility is convenient, smartphones can be stolen or seized, allowing an adversary to impersonate the user in their digital life: accessing the user's services and decrypting their sensitive files. With this in mind, we build SocIoTy, which leverages a user's existing IoT devices to add a context-sensitive layer of security for non-expert users. Instead of assuming the existence of dedicated hardware, SocIoTy re-uses the devices of a user's smart home to provide cryptographic services, which we term at-home cryptography. We show that at-home cryptography can be built from simple cryptographic primitives, and that our SocIoTy solution is able to provide useful functionalities, like two-factor authentication (2FA) and secure file storage, while protecting against powerful adversaries in this setting. We implement and evaluate SocIoTy in real-world use cases and provide microbenchmarks for individual cryptographic operations on realistic models of IoT devices. We also provide full benchmarks of an end-to-end deployment on a simulated smart home, using a smartphone and 9 IoT devices to generate and display 2FA one-time passwords in less than 200 milliseconds. SocIoTy is able to provide strong, practical cryptography while binding its execution to the smart home itself, all without requiring additional hardware.
Keywords: smart home computation, context-based cryptography, two-factor authentication, systems security, compelled access security
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.