Creating and sharing knowledge for telecommunications

A Network Service for Preventing Data Leakage from IoT Cloud-assisted Equipment

Cunha , V. A. ; Silva, E. ; de Carvalho, M. B. ; Corujo, D. ; Barraca, JPB ; Gomes, D.G. ; Schaeffer-Filho, A. ; Santos, C. R. P. ; Granville , L. Z. ; Aguiar, R.

A Network Service for Preventing Data Leakage from IoT Cloud-assisted Equipment, Proc IEEE International Symposium on Computer and Communications - ISCC, Barcelona, Spain, Vol. , pp. - , June, 2019.

Digital Object Identifier:

Abstract
The fact that most IoT solutions are provided by third parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the third party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, their format and constraints. To verify the compliance with these contracts, we propose a Network Service architecture which validates REST-alike API requests/responses against a Swagger schema. We deal with encrypted traffic using an SFC-enabled Man-in-the-Middle (MITM), allowing verifications in "real-time." We devised a Proof of Concept and shown that we were able to detect (and stop) contract violations.