主讲人介绍：Dr. Xiaojiang Du is a professor in the Department of Computer and Information Sciences at Temple University, Philadelphia, USA. Dr. Du received his B.S. and M.S. degree in electrical engineering from Tsinghua University, Beijing, China in 1996 and 1998, respectively. He received his M.S. and Ph.D. degree in electrical engineering from the University of Maryland College Park in 2002 and 2003, respectively. His research interests are security, wireless networks, and systems. He has authored over 300 journal and conference papers in these areas, as well as a book published by Springer. Dr. Du has been awarded more than $6 million US dollars research grants from the US National Science Foundation (NSF), Army Research Office, Air Force Research Lab, NASA, Qatar, the State of Pennsylvania, and Amazon. He won the best paper award at IEEE GLOBECOM 2014 and the best poster runner-up award at the ACM MobiHoc 2014. He serves on the editorial boards of three international journals. Dr. Du is a Senior Member of IEEE and a Life Member of ACM.
Emerging Internet of Thing (IoT) platforms provide a centralized solution to integrate heterogeneous IoT devices and deploy applications for home automation. However, new privacy threats are also introduced since platforms may fail to protect the collected data due to a number of general or domain-specific reasons, e.g., remote attacks, insider attacks, improper data release, flawed access control, malware, etc. In this work, we analyze state-of-art platform vulnerabilities that can cause data leakage and show that the key to mitigating privacy concerns is to breaking the default trust relationship between IoT devices and the platform. To enhance user privacy in home automation systems, we present PFirewall, a system that allows users to send the platform a minimum amount of sensitive data required for home automation and to customize their own intended data flow controls. PFirewall achieves this by providing a policy-driven data flow control where the policies are generated in two ways. On one hand, PFirewall automatically generates context-aware policies for the purpose of data minimization based on rule semantics extracted from IoT Apps. On the other hand, PFirewall provides interfaces and templates for users to specify policies according to their own privacy preferences. To enforce the data flow control on a closed-source IoT platform, we design and implement a firewall style mediator between IoT devices and the commercial hub to host the policy system. We set up two real-world testbeds to evaluate the performance of PFirewall. Evaluation results show that PFirewall is practical and effective: PFirewall does not interfere with home automation functionalities and avoids sending 97% of IoT data in total to the platform.