BULWARK: A Framework to Store IoT Data in User Accounts
The explosive growth of the Internet of Things (IoT) devices raises serious concerns for a user’s privacy and security because the existing software framework on these devices often support various default features and generate large data sets. Moreover, many IoT devices incorporate a man...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2022-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9686708/ |
_version_ | 1811309373832560640 |
---|---|
author | Jeremy Lynn Reed Ali Saman Tosun |
author_facet | Jeremy Lynn Reed Ali Saman Tosun |
author_sort | Jeremy Lynn Reed |
collection | DOAJ |
description | The explosive growth of the Internet of Things (IoT) devices raises serious concerns for a user’s privacy and security because the existing software framework on these devices often support various default features and generate large data sets. Moreover, many IoT devices incorporate a manufacturer-owned cloud-based back-end support to process and store the generated data while simultaneously sharing with third parties. Clearly, in such an industry-driven environment with the desire to use the IoT data as a revenue stream, it is a challenge for users to control IoT data. Device manufacturers utilize an opaque software design where user data is generated and stored with little transparency. Manufacturers use EULAs as a legal construct to protect a manufacturer’s legal standing and to explain a device’s behavior, however this explanation is vague and lacks the necessary details for a user to determine a device’s acceptable use and it has become increasingly difficult for users to secure and maintain their data. Fortunately, as the privacy minded user base of IoT devices grows, the manufacturers will be forced to implement a new framework that can enable users to have more control on the creation of their IoT data, and to store/disseminate such data in a secure and private manner. In this paper, we address this lack of transparency from manufacturers and address the issues of privacy and security by proposing a new framework called Bulwark, for manufacturer use on IoT devices and mobile applications. Proposed framework enables the user to generate and manage a set of data controlling rules, and store the result in their personal cloud account, while providing a dashboard data reporting tool enabling data transparency and supporting good user choices. The user’s ability to access, disseminate and secure IoT generated data, is now available within our proposed framework. Using reverse engineering, simulation and implementation of open source solutions, we demonstrate support for a set of common devices. Each device executed the framework, while communicating with a mobile application and cloud services. Rules were generated for each message and telemetry was returned to the mobile application for dashboard rendering. We stored generated data in the cloud using our own account, while maintaining the free tier for each of the cloud services. Network usage increased between 4% and 9% while storage size grew between 0% and 2% larger, as compared to using the device without the framework. Our framework demonstrates support for a multitude of devices, by either open source or support for similar feature sets. This framework is easy to integrate and we anticipate wide spread adoption. |
first_indexed | 2024-04-13T09:41:03Z |
format | Article |
id | doaj.art-8e94c1bb0a814468a341a71e479581c9 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-04-13T09:41:03Z |
publishDate | 2022-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-8e94c1bb0a814468a341a71e479581c92022-12-22T02:51:55ZengIEEEIEEE Access2169-35362022-01-0110156191563410.1109/ACCESS.2022.31449139686708BULWARK: A Framework to Store IoT Data in User AccountsJeremy Lynn Reed0https://orcid.org/0000-0002-7499-5747Ali Saman Tosun1Department of Computer Science, The University of Texas at San Antonio, San Antonio, TX, USADepartment of Mathematics and Computer Science, The University of North Carolina at Pembroke, Pembroke, NC, USAThe explosive growth of the Internet of Things (IoT) devices raises serious concerns for a user’s privacy and security because the existing software framework on these devices often support various default features and generate large data sets. Moreover, many IoT devices incorporate a manufacturer-owned cloud-based back-end support to process and store the generated data while simultaneously sharing with third parties. Clearly, in such an industry-driven environment with the desire to use the IoT data as a revenue stream, it is a challenge for users to control IoT data. Device manufacturers utilize an opaque software design where user data is generated and stored with little transparency. Manufacturers use EULAs as a legal construct to protect a manufacturer’s legal standing and to explain a device’s behavior, however this explanation is vague and lacks the necessary details for a user to determine a device’s acceptable use and it has become increasingly difficult for users to secure and maintain their data. Fortunately, as the privacy minded user base of IoT devices grows, the manufacturers will be forced to implement a new framework that can enable users to have more control on the creation of their IoT data, and to store/disseminate such data in a secure and private manner. In this paper, we address this lack of transparency from manufacturers and address the issues of privacy and security by proposing a new framework called Bulwark, for manufacturer use on IoT devices and mobile applications. Proposed framework enables the user to generate and manage a set of data controlling rules, and store the result in their personal cloud account, while providing a dashboard data reporting tool enabling data transparency and supporting good user choices. The user’s ability to access, disseminate and secure IoT generated data, is now available within our proposed framework. Using reverse engineering, simulation and implementation of open source solutions, we demonstrate support for a set of common devices. Each device executed the framework, while communicating with a mobile application and cloud services. Rules were generated for each message and telemetry was returned to the mobile application for dashboard rendering. We stored generated data in the cloud using our own account, while maintaining the free tier for each of the cloud services. Network usage increased between 4% and 9% while storage size grew between 0% and 2% larger, as compared to using the device without the framework. Our framework demonstrates support for a multitude of devices, by either open source or support for similar feature sets. This framework is easy to integrate and we anticipate wide spread adoption.https://ieeexplore.ieee.org/document/9686708/IoT securityIoT privacycloud computing |
spellingShingle | Jeremy Lynn Reed Ali Saman Tosun BULWARK: A Framework to Store IoT Data in User Accounts IEEE Access IoT security IoT privacy cloud computing |
title | BULWARK: A Framework to Store IoT Data in User Accounts |
title_full | BULWARK: A Framework to Store IoT Data in User Accounts |
title_fullStr | BULWARK: A Framework to Store IoT Data in User Accounts |
title_full_unstemmed | BULWARK: A Framework to Store IoT Data in User Accounts |
title_short | BULWARK: A Framework to Store IoT Data in User Accounts |
title_sort | bulwark a framework to store iot data in user accounts |
topic | IoT security IoT privacy cloud computing |
url | https://ieeexplore.ieee.org/document/9686708/ |
work_keys_str_mv | AT jeremylynnreed bulwarkaframeworktostoreiotdatainuseraccounts AT alisamantosun bulwarkaframeworktostoreiotdatainuseraccounts |