Addressing Security Vulnerabilities in Smart Homes
Internet of Things (IoT) devices provide users with great convenience in smart homes, which are houses equipped with automatic lighting, temperature control, entertainment features, and other new technologies. However, the interdependent behaviors across devices may yield unexpected interactions, leading to potential vulnerabilities that can compromise the security and privacy of IoT systems.
Researchers from SEIT Lab in the Department of Computer Science and Engineering at Michigan State University have proposed a new solution to address the potential vulnerabilities that arise from interdependent behaviors across IoT devices in smart homes. The research paper, entitled "Federated IoT Interaction Vulnerability Analysis," was presented at the top-tier computer science conference, the 39th IEEE International Conference on Data Engineering (ICDE 2023), in Anaheim, California. In this context, federated refers to the artificial intelligence technique that enables systems to collaboratively train a global model on multiple distributed local data sets without compromising data privacy.
To analyze potential IoT interaction vulnerabilities, the researchers proposed a federated and explainable IoT interaction data management system called FexIoT. The system captures causality information by fusing multi-domain data, including the descriptions of apps and real-time event logs, into interaction graphs. The interaction graph representation is encoded by graph neural networks (GNNs).
To collaboratively train the GNN model without uploading the raw data to a third party, the researchers designed a new federated graph learning model framework. Within the framework, users can keep their smart home usage data in local devices while the GNN model can still be collaboratively trained by sharing the model parameters. Moreover, within the framework, the researchers can mitigate the data heterogeneity issue in which non-identically distributed data from one source can weaken the model for all. This is an important research problem in artificial intelligence. Furthermore, the researchers design a search-based method to explain the GNN model prediction results. This approach offers a way to find the root causes of the interaction vulnerabilities, which is essential in ensuring transparency and accountability in the context of IoT systems.
The researchers evaluated their prototype on datasets collected from five IoT automation platforms. The large-scale evaluation was performed on the cloud sponsored by the Cloud Computing Fellowship provided by the Institute for Cyber-Enabled Research (ICER), and the results showed that FexIoT achieves more than 90% average accuracy for interaction vulnerability detection, outperforming existing methods. The explainable result for the detected vulnerabilities provided by FexIoT was also considered a significant improvement over existing methods.
Guangjing Wang, a Ph.D. candidate advised by Dr. Qiben Yan in SEIT Lab and Cloud Computing Fellowship recipient, highlighted the importance of their work. "Our proposed solution has the potential to enhance the security and reliability of IoT systems in smart homes and other domains by detecting and explaining potential vulnerabilities," said Guangjing. As more and more devices become interconnected, ensuring the security and privacy of IoT systems will become increasingly important. With the development of FexIoT, researchers have taken a significant step forward in this effort.
The research was partly supported through National Science Foundation grants CNS-1950171 and Michigan State University's Cloud Computing Fellowship, with computational resources and services provided by Information Technology Services and the Office of Research and Innovation at Michigan State University. This collaboration between researchers, funding agencies, and academic institutions highlights the importance of partnerships in advancing research and innovation in data engineering and IoT systems. It is through such partnerships that researchers are able to tackle complex problems and develop innovative solutions that have practical applications in various domains.