FIAT: Frictionless Authentication of IoT Traffic

FIAT

Home IoT (Internet of Things) deployments are vulnerable to local adversaries, compromising a LAN, and remote adversaries, compromising either the accounts associated with IoT devices or third-party devices like mobile phones used to control the IoT. There is, however, a fundamental difference between an attacker and a legitimate IoT user: the physical interaction with the device (e.g., via a mobile app) used to operate the IoT. Such physical interactions can be used to build frictionless authentications. However, their integration with IoT requires each vendor to independently adopt them, which is both complex and expensive. We instead design and build FIAT, the first third-party mechanism to automatically authorize IoT traffic by learning recurring traffic and validating human actions behind unpredictable traffic. FIAT does not require modification of the IoT devices or apps, as it operates passively on network traffic. Our evaluation shows that FIAT achieves high accuracy with minimal impact on the user experience.


Poster

Yunming Xiao, Matteo Varvello (2021). Poster: FIAT: Frictionless Authentication of IoT Traffic. In CoNEXT’21. [Poster PDF]

Publication

Yunming Xiao, Matteo Varvello (2022). FIAT: Frictionless Authentication of IoT Traffic. In CoNEXT’22.

Avatar
Yunming Xiao
Research Fellow

I am broadly interested in computer networks and systems. My current research focuses on enhancing the security, privacy, and reliability of Internet infrastructure and services.