Tyche: A new permission model to defend against smart home hacks
With the use of many integrated smart devices, an app-driven home environment is now a reality. But this young technology faces many new challenges, in particular, how users grant apps permissions to operations on devices. Prompting user for permission to every individual operation can cause usability issues (too many approval prompts) while grouping permissions by, say, function or device can cause an app to be too powerful and become a future security or privacy risk.
To remedy this, Prof. Amir Rahmati and his collaborators from Michigan have proposed Tyche, a safer app permissions system for smart homes and the Internet of Things. Their paper on this project, “Tyche: A Risk-Based Permission Model for Smart Homes,” received a Best Paper Award at the IEEE Cybersecurity Development Conference.
Currently, app permission models are inspired by smartphone operating systems – permission levels that group access to different operations by either device or by functionality. For example, in device-level grouping, an app that needs to only monitor battery status of a door lock is also granted dangerous permissions to lock and unlock the door. In function-level grouping, an app designed to automatically lock all doors at night may also get rights to more dangerous permissions to unlock the doors. At the other extreme, users can be prompted for each individual permission, but that can cause user annoyance or users ignoring the prompts and approving everything.
Tyche was designed as a secure alternative technique and introduces the notion of “risk-based permissions.” When using risk-based permissions, device operations are grouped by similar risk. Users can grant different apps permissions based on the risk level they trust that app with. The researchers developed the different risk levels with a user study that computed a relative ranking of risks associated with different device operations. They defined the risk groups and applied them to existing Samsung SmartThings apps. Through this permissions model change, they showed that existing apps better inform users of risks and also reduce access to high-risk operations by 60% while still functioning normally. That is 60% fewer risky operations an attacker could issue in the event of a breach. According to Professor Prakash, “The work is an important step towards understanding how to make tradeoffs between usability and security in the design of permission systems for emerging application domains.”
The researchers presented the paper at the 2018 IEEE SECDEV Conference in Cambridge, Massachusetts on October 2.