SocIoTy: Practical Cryptography in Smart Home Contexts

Abstract

Smartphones form an important source of trust in modern computing. But, while their mobility is convenient, smartphones can be stolen or seized, allowing an adversary to impersonate the user in their digital life: accessing the user's services and decrypting their sensitive files. With this in mind, we build SocIoTy, which leverages a user's existing IoT devices to add a context-sensitive layer of security for non-expert users. Instead of assuming the existence of dedicated hardware, SocIoTy re-uses the devices of a user's smart home to provide cryptographic services, which we term at-home cryptography. We show that at-home cryptography can be built from simple cryptographic primitives, and that our SocIoTy solution is able to provide useful functionalities, like two-factor authentication (2FA) and secure file storage, while protecting against powerful adversaries in this setting. We implement and evaluate SocIoTy in real-world use cases and provide microbenchmarks for individual cryptographic operations on realistic models of IoT devices. We also provide full benchmarks of an end-to-end deployment on a simulated smart home, using a smartphone and 9 IoT devices to generate and display 2FA one-time passwords in less than 200 milliseconds. SocIoTy is able to provide strong, practical cryptography while binding its execution to the smart home itself, all without requiring additional hardware.