PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection
This addresses privacy risks for smart home users by minimizing data exposure, though it is an incremental improvement over existing data-flow control methods.
The authors tackled the problem of excessive sensitive data flowing from IoT devices to platforms by introducing PFirewall, a customizable data-flow control system that reduces IoT data sent to the platform by 97% without impairing automation.
Internet of Things (IoT) platforms enable users to deploy home automation applications. Meanwhile, privacy issues arise as large amounts of sensitive device data flow out to IoT platforms. Most of the data flowing out to a platform actually do not trigger automation actions, while homeowners currently have no control once devices are bound to the platform. We present PFirewall, a customizable data-flow control system to enhance the privacy of IoT platform users. PFirewall automatically generates data-minimization policies, which only disclose minimum amount of data to fulfill automation. In addition, PFirewall provides interfaces for homeowners to customize individual privacy preferences by defining user-specified policies. To enforce these policies, PFirewall transparently intervenes and mediates the communication between IoT devices and the platform, without modifying the platform, IoT devices, or hub. Evaluation results on four real-world testbeds show that PFirewall reduces IoT data sent to the platform by 97% without impairing home automation, and effectively mitigates user-activity inference/tracking attacks and other privacy risks.