A Technique For Securing Key-Value Stores Against Malicious Servers

Tech ID: 28935 / UC Case 2017-589-0

Brief Description

The advent of the Internet of Things (IoT) has drastically increased the potential scale and scope of destruction hackers can cause. Cloud servers now control and monitor devices such as cars, smart home controls, fitness trackers, medical monitoring systems. These cloud-based devices are at risk, however, in that if they become compromised, third parties could gain full control of all devices and stored information associated with that server. UCI researchers have developed the FIDELIUS system, a technique for secure communication and information storage.

Full Description

Numerous companies have recently launched a wide range of smart home devices that aim to reduce, energy consumption, save water, monitor the home, and increase convenience. Smart home devices are typically controlled via smartphone app or internet interface, but require cloud servers that are used for both communication and data storage. The servers record the parameters for the smart home device so the phone does not require constant communication and perform computations that the device cannot handle. Studies have shown that 70% of these devices, such as internet routers, smart cameras, and baby monitors, contain security vulnerabilities with an average of 25 vulnerabilities per device. Security for such devices relies mainly on intrusion detection and user authentication. Potential for physical and monetary damage is increased when a cloud server is compromised, since it sends commands and stores information for numerous devices. A hacker in control of the server could gain control of all associated devices and cause damage on a much higher scale. Currently, there are no protections in place to prevent an attacker from controlling a device in a situation where the cloud server is compromised.

UCI researchers have developed the FIDELIUS system, which uses an oblivious key-value store to provide security while keeping bandwidth and power consumption costs to a minimum. In this setup, even if communications are intercepted by a compromised cloud server, all information will by encrypted. The cloud server does not have access to the decryption keys, rendering the communications useless to the attacker. The system also allows for local control of the smart device in cases where server function is completely lost, such as in a Dedicated Denial of Service (DDoS) attack. The FIDELIUS system protects stored user information and communications for IoT devices even in the case where the associated cloud servers are compromised.

Suggested uses

Secure communication and information storage for IoT devices

Advantages

  • Prevents extraction of information from cloud servers that could violate the users’ privacy
  • Prevents attackers from forging of fake commands or replaying of old commands to IoT devices that might otherwise cause physical damage
  • Security and operation is maintained even when communication with the server is lost

State Of Development

Working prototype.

Contact

Learn About UC TechAlerts - Save Searches and receive new technology matches

Other Information

Categorized As

  • AN INTEGRAL PART OF
  • Institute for Innovation Logo
  • Institute for Innovation Logo

University of California, Irvine Invention Transfer Group
5141 California Avenue, Suite 200, Irvine,CA 92697-7700
Tel: 949.824.2683 | Fax: 949.824.3880
www.ota.uci.edu | ota@uci.edu

© 2017, The Regents of the University of California
Terms of use | Privacy Notice