DOCSLIB.ORG

Analyzing & Designing the Security of Shared

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analyzing & Designing the Security of Shared c 2018 Soteris Demetriou ANALYZING & DESIGNING THE SECURITY OF SHARED RESOURCES ON SMARTPHONE OPERATING SYSTEMS BY SOTERIS DEMETRIOU DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate College of the University of Illinois at Urbana-Champaign, 2018 Urbana, Illinois Doctoral Committee: Professor Carl A. Gunter, Chair Professor Klara Nahrstedt Assistant Professor Adam M. Bates Professor XiaoFeng Wang, Indiana University Bloomington ABSTRACT Smartphone penetration surpassed 80% in the US and nears 70% in Western Europe. In fact, smartphones became the de facto devices users leverage to manage personal infor- mation and access external data and other connected devices on a daily basis. To support such multi-faceted functionality, smartphones are designed with a multi-process architecture, which enables third-party developers to build smartphone applications which can utilize smartphone internal and external resources to o↵er creative utility to users. Unfortunately, such third-party programs can exploit security inefficiencies in smartphone operating sys- tems to gain unauthorized access to available resources, compromising the confidentiality of rich, highly sensitive user data. The smartphone ecosystem, is designed such that users can readily install and replace applications on their smarpthones. This facilitates users’ e↵orts in customizing the capabil- ities of their smartphones tailored to their needs. Statistics report an increasing number of available smartphone applications—in 2017 there were approximately 3.5 million third-party apps on the offifial application store of the most popular smartphone platform. In addition we expect users to have approximately 95 such applications installed on their smartphones at any given point. However, mobile apps are developed by untrusted sources. On Android— which enjoys 80% of the smarpthone OS marketshare—application developers are identified based on self-sign certificates. Thus there is no good way of holding a developer account- able for a malicious behavior. This creates an issue of multi-tenancy on smartphones where principals from diverse untrusted sources share internal and external smartphone resources. Smartphone OSs rely on traditional operating system process isolation strategies to confine untrusted third-party applications. However this approach is insufficient because incidental seemingly harmless resources can be utilized by untrusted tenants as side-channels to bypass the process boundaries. Smartphones also introduced a permission model to allow their users to govern third-party application access to system resources (such as camera, microphone and location functionality). However, this permission model is both coarse-grained and does not distinguish whether a permission has been declared by a trusted or an untrusted princi- pal. This allows malicious applications to perform privilege escalation attacks on the mobile platform. To make things worse, applications might include third-party libraries, for ad- vertising or common recognition tasks. Such libraries share the process address space with their host apps and as such can inherit all the privileges the host app does. Identifying and mitigating these problems on smartphones is not a trivial process. Manual analysis on its own of all mobile apps is cumbersome and impractical, code analysis techniques su↵er from ii scalability and coverage issues, ad-hoc approaches are impractical and sucseptible to mis- takes, while sometimes vulnerabilities are well hidden at the interplays between smartphone tenants and resources. In this work I follow an analytical approach to discover major security and privacy issues on smartphone platforms. I utilize the Android OS as a use case, because of its open-source nature but also its popularity. In particular I focus on the multi-tenancy characteristic of smartphones and identify the resources each tenant within a process, across processes and across devices can access. I design analytical tools to automate the discovery process, attacks to better understand the adversary models, and introduce design changes to the participating systems to enable robust fine-grained access control of resources. My approach revealed a new understanding of the threats introduced from third-party libraries within an application process; it revealed new capabilities of the mobile application adversary exploiting shared filesystem and permission resources; and shows how a mobile app adversary can exploit shared communication mediums to compromise the confidentiality of the data collected by external devices (e.g. fitness and medical accessories, NFC tags etc.). Moreover, I show how we can eradicate these problems following an architectural design approach to introduce backward-compatible, e↵ective and efficient modifications in operating systems to achieve fine-grained application access to shared resources. My work has let to security changes in the official release of Android by Google. iii To my parents Yiannis and Maria, my brothers Michael and Alexandros, my sister-in-law Georgia and my niece Florentia for their unconditional love and support. iv ACKNOWLEDGMENTS This thesis would have not been possible to realize without the invaluable support and guidance of my advisor and academic father Dr Carl A. Gunter. Professor Gunter trusted me to explore issues that I find interesting without any constraints. I consider myself privileged to be given the opportunity to work and learn from Dr. Gunter. I can not imagine having abetteradvisorandmentor. I would like to also thank Dr Xiaofeng Wang, whose indispensable guidance was continuous throughout my work. I was lucky during the beginning of my studies to meet with Professor Wang who got me involved in smartphone security, a topic which became the focus of my thesis. Unequivocally I learnt a lot during my interactions with Professor Wang both on how to find interesting problems and how to approach solving them. Special thanks to Dr Klara Nahrstedt and Adam M. Bates for their feedback and guidance. The final version of this thesis is shaped based on their astute observations. My sincere thanks also goes to Dr. Michael Grace and Dr. Xiaoyong Zhou who provided me with an opportunity to join their team as intern at Samsung Research America (SRA). At SRA I got exposed to real problems modern smartphone operating system vendors face and the approaches they take to tackle them. Lastly, I would like to thank all the people I got to work with during my Ph.D. studies: Dr. Carl A. Gunter; Dr. XiaoFeng Wang; Dr. Klara Nahrstedt; Dr. Kyu-Han Kim; Dr. Landon Cox; Dr. Patrick Tague; Dr. Xiaoyong Zhou; Dr. Muhammad Naveed; Dr. Michael Grace; Dr. Puneet Jain; Dr. Wei Yang; Dr. Aston Zhang; Dr. Yueh-Hsun Lin; Dr. Yuan Tian; Dr. Animesh Shrivastava; Dr. Wenrui Diao; Dr. Feng Qian; Dr. Kai Chen; Dr. Xinhui Han; Dr. Kehuan Zhang; Dongjing He; Xiaorui Pan; Yeonjoon Lee; Kan Yuan; Whitney Merrill; Gliz Seray Tuncay; Tongxin Li; Mingming Zha; Nan Zhang; Xianghang Mi; Peiyuan Zong; Karan Ganju. My interactions with all of them shaped me both as an academic and as a person. v TABLE OF CONTENTS CHAPTER 1 INTRODUCTION . 1 1.1 Motivation . 1 1.2 Problem Statement . 3 1.3 Approach ..................................... 4 1.4 Thesis Contributions . 8 1.5 Thesis Organisation . 10 CHAPTER 2 BACKGROUND . 11 2.1 AndroidOS .................................... 11 2.2 AndroidSecurityModel ............................. 15 2.3 BackroundonTechniquesandMethodologiesUsed . 23 2.4 Android’sSharedResources . 24 CHAPTER3 LITERATUREREVIEW......................... 28 3.1 AdvertisingLibraries ............................... 28 3.2 InformationLeaksthrough FilesystemResources. 29 3.3 IPC, System Resources and Shared Application Components . 30 3.4 Shared Communication Channels . 31 3.5 Shared IoT Devices . 32 CHAPTER 4 SHARING PROCESS PRIVILEGES . 34 4.1 Introduction . 34 4.2 Analysis ...................................... 36 4.3 Detection Design . 46 4.4 Detection Evaluation . 55 4.5 UtilityandLimitations. 62 4.6 Summary . 65 CHAPTER 5 SHARING FILESYSTEM RESOURCES . 67 5.1 Introduction . 67 5.2 Analysis ...................................... 68 5.3 Mitigation Design . 87 5.4 Mitigation Evaluation . 89 5.5 Summary . 90 CHAPTER 6 SHARING SYSTEM AND APPLICATION RESOURCES . 92 6.1 Introduction . 92 6.2 Analysis ...................................... 93 6.3 Mitigation Design . 97 6.4 Mitigation Evaluation . 102 vi 6.5 Mitigation Formal Verification . 106 6.6 Summary . 109 CHAPTER 7 SHARING DIRECT COMMUNICATION CHANNELS . 111 7.1 Introduction . 111 7.2 Analysis ...................................... 112 7.3 Mitigation Design . 128 7.4 Mitigation Evaluation . 141 7.5 Summary . 144 CHAPTER 8 SHARING DEVICES IN IoT ENVIRONMENTS . 146 8.1 Introduction . 146 8.2 Analysis ...................................... 149 8.3 Mitigation Design . 153 8.4 Mitigation Evaluation . 164 8.5 Discussion . 170 8.6 Summary . 172 CHAPTER9 DESIGNPRINCIPLES. 174 9.1 Contextual Threat Model . 176 9.2 Granularity of Mechanism . 177 9.3 Layered Responsibility . 179 CHAPTER 10 SUMMARY AND FUTURE DIRECTIONS . 182 10.1 Summary . 182 10.2 Contributions . 184 10.3 Moving Forward . 186 REFERENCES....................................... 187 vii CHAPTER 1: INTRODUCTION 1.1 MOTIVATION Eleven years now, after the first iOS and Android enabled smartphones, the technology behemoths are now responsible for 90% [1] of total smartphone sales in 2018. These de- vices have revolutionized the
Load more

Recommended publications
  • Valorising the Iot Databox: Creating Value for Everyone Charith Perera1*, Susan Y
    TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES Trans. Emerging Tel. Tech. 2017; 28:e3125 Published online 11 November 2016 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/ett.3125 RESEARCH ARTICLE Valorising the IoT Databox: creating value for everyone Charith Perera1*, Susan Y. L. Wakenshaw2, Tim Baarslag3, Hamed Haddadi4, Arosha K. Bandara1, Richard Mortier5, Andy Crabtree6, Irene C. L. Ng2, Derek McAuley6 and Jon Crowcroft5 1 School of Computing and Communications, The Open University, Walton Hall, Milton Keynes MK7 6AA, UK 2 Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK 3 University of Southampton, Southampton SO17 1BJ, UK 4 School of Electronic Engineering and Computer Science, Queen Mary University of London, Mile End Road, London E1 4NS, UK 5 Computer Laboratory, University of Cambridge, Cambridge CB3 0FD, UK 6 School of Computer Science, University of Nottingham, Jubilee Campus, Nottingham NG8 1BB, UK ABSTRACT The Internet of Things is expected to generate large amounts of heterogeneous data from diverse sources including physical sensors, user devices and social media platforms. Over the last few years, significant attention has been focused on personal data, particularly data generated by smart wearable and smart home devices. Making personal data available for access and trade is expected to become a part of the data-driven digital economy. In this position paper, we review the research challenges in building personal Databoxes that hold personal data and enable data access by other parties and potentially thus sharing of data with other parties. These Databoxes are expected to become a core part of future data marketplaces. Copyright © 2016 The Authors Transactions on Emerging Telecommunications Technologies Published by John Wiley & Sons, Ltd.
    [Show full text]
  • A Systematic Survey of Firmware Extraction Techniques for Iot Devices
    Breaking all the Things | A Systematic Survey of Firmware Extraction Techniques for IoT Devices Sebastian Vasile, David Oswald, and Tom Chothia University of Birmingham [email protected], [email protected], [email protected] Abstract. In this paper, we systematically review and categorize differ- ent hardware-based firmware extraction techniques, using 24 examples of real, wide-spread products, e.g. smart voice assistants (in particular Amazon Echo devices), alarm and access control systems, as well as home automation devices. We show that in over 45% of the cases, an exposed UART interface is sufficient to obtain a firmware dump, while in other cases, more complicated, yet still low-cost methods (e.g. JTAG or eMMC readout) are needed. In this regard, we perform an in-depth investiga- tion of the security concept of the Amazon Echo Plus, which contains significant protection methods against hardware-level attacks. Based on the results of our study, we give recommendations for countermeasures to mitigate the respective methods. 1 Introduction Extracting the firmware from IoT devices is a crucial first step when analysing the security of such systems. From a designer's point of view, preventing the firmware from falling into the hands of an adversary is often desirable: for in- stance, to protect cryptographic keys that identify a device and to impede prod- uct counterfeit or IP theft. The large variety of IoT devices results in different approaches to firmware extraction, depending on the device in question. Past work has looked at the state of security of IoT devices, e.g.
    [Show full text]
  • 2017 Iot & Consumer Electronics Guide
    PRESENTED BY 2017 IoT & CONSUMER ELECTRONICS ELECTRONICS COOLING® GUIDE SERIES | www.electronics-cooling.com 2017 IoT & CONSUMER ELECTRONICS GUIDE www.electronics-cooling.com | 2 | Electronics Cooling® Guide 2017 IoT & CONSUMER ELECTRONICS GUIDE TABLE OF CONTENTS Product Matrix (Thermal Management Manufacturers) 6 Product Selector 8 Electronics Cooling of Humans 10 MP DIVAKAR, PHD Technical Editor, Electronics Cooling Thermal Management in 12 Consumer-Grade Digital Cameras MP DIVAKAR, PHD Technical Editor, Electronics Cooling Thermal Management-Enabled 14 Products at CES 2017 MP DIVAKAR, PHD Technical Editor, Electronics Cooling Thermal Management of IoT 19 Hardware: Gateways MP DIVAKAR, PHD Technical Editor, Electronics Cooling Inductive Wireless Charging is 23 Now a Thermal Design Problem DR. VINIT SINGH NuCurrent, CTO REFERENCE SECTION Ecosystems 28 Overview of Components of 29 IoT & Consumer Electronics Products Design Aids & Tools 32 Calculations 33 Index of Advertisers 34 www.electronics-cooling.com | 3 | Electronics Cooling® Guide FOREWARD In this inaugural issue of Electronics Cooling®’s series of digital guides, IoT & Consumer Electronics, we seek to sup- ply you with the latest in thermal management of consumer electronics and the Internet of Things. The intent of these digital guides is to bring you a collection of articles and information on thermal management ma- terials. This issue features a brief description of the ecosystem for thermal management products, an overview of thermal management challenges, and some high-level descriptions of thermal design elements. We also feature more in-depth coverage in longer articles on select products. There are many unique challenges that every thermal management professional has to address with respect to IoT and Consumer Electronics products.
    [Show full text]
  • Google Onhub
    built for User Guide OnHub REV1.0.1 1910011984 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. TP-Link is a registered trademark of TP-Link Technologies Co., Ltd. Google, Google On, OnHub and other trademarks are owned by Google Inc. Other brands and product names are trademarks of their respective holders. Copyright © 2016 TP-Link Technologies Co., Ltd. All rights reserved. http://www.tp-link.com 1 FCC STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: • Reorient or relocate the receiving antenna. • Increase the separation between the equipment and receiver. • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/ TV technician for help. This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: ) 1 This device may not cause harmful interference.
    [Show full text]
  • Iot Or Not Identifying Iot Devices in a Short Time Scale
    The Interdisciplinary Center, Herzlia Efi Arazi School of Computer Science M.Sc. program - Research Track IoT or NoT Identifying IoT Devices in a Short Time Scale by Haim Levy M.Sc. dissertation, submitted in partial fulfillment of the requirements for the M.Sc. degree, research track, School of Computer Science The Interdisciplinary Center, Herzliya April 2020 This work was carried out under the supervision of Prof. Anat Bremlar- Barr and the assistance of Prof. Zohar Yakhini from the Efi Arazi School of Computer Science, The Interdisciplinary Center, Herzliya. Abstract In recent years the number of IoT devices in home networks has increased dra- matically. Whenever a new device connects to the network, it must be quickly managed and secured using the relevant security mechanism or QoS policy. Thus a key challenge is to distinguish between IoT and NoT devices in a matter of min- utes. Unfortunately, there is no clear indication of whether a device in a network is an IoT. In this paper, we propose different classifiers that identify a device as IoT or non-IoT, in a short time scale, and with high accuracy. Our classifiers were constructed using machine learning techniques on a seen (training) dataset and were tested on an unseen (test) dataset. They successfully classified devices that were not in the seen dataset with accuracy above 95%. The first classifier is a logistic regression classifier based on traffic features. The sec- ond classifier is based on features we retrieve from DHCP packets. Finally, we present a unified classifier that leverages the advantages of the other two classi- fiers.
    [Show full text]
  • Avoid the Silos and Help Build the True Internet of Things
    Avoid the Silos and Help Build the True Internet of Things April 2016 Aaron Vernon, CTO at Higgns [email protected] I N T R O D U C T I O N ● Aaron Vernon, CTO at Higgns ● Previously I was VP Software Engineering at LIFX and CTO at Two Bulls ● Chair of the AllSeen Alliance Common Frameworks Working Group ● I am going to cover the following: ○ The complexities of the current IoT landscape ○ How this affects companies and users ○ The Internet of Silos example ○ How we can work together better Transports W i F i ● Uses the 802.11 standard ● Standard on all mobile devices and routers ● Has become ubiquitous for users ● Great range ● Great bandwidth ● High power consumption ● High cost ● Onboarding experience can be complicated ● Examples: Nest Cam, LIFX, Canary, Honeywell Lyric B L U E T O O T H S M A R T ● Standard on most mobile devices ● Becoming increasingly ubiquitous ● Low bandwidth ● Medium range ● Low power consumption ● Low cost ● Smart Mesh is being worked on ● Examples: Flic, Ilumi, Elgato Eve Z I G B E E ● Uses the 802.15.4 standard ● Low bandwidth ● Low range ● Low power consumption ● Very low cost ● Forms a mesh network ● Typically requires a hub for the radio ● Known to have interop and interference problems ● Examples: Phillips Hue, large amount of sensors and actuators Z W A V E ● Proprietary - chips developed by a single manufacturer ● Uses different frequencies in different countries ● Low bandwidth ● Medium range ● Low power consumption ● Very low cost ● Forms a mesh network ● Better interoperability and less interference
    [Show full text]
  • Estado Diario Subdirección De Marcas 17/01/2018 1
    Estado Diario Subdirección de Marcas 17/01/2018 Sección M1: Observaciones de Forma Solicitud Representante Tipo signo Marca Observaciones 1252792 Patricio de la Barra , en representación de Mixta FITÓ Semillas Fito, S.A. 1252793 Patricio de la Barra , en representación de Mixta FITÓ Semillas Fito, S.A. 1259458 SILVA Y CIA., en representación de Johnson Denominativa JOHNSON CONTROLS Controls Technology Company 1259839 ALESSANDRI & COMPAÑIA, en representación Mixta CENTRAL PERK de Warner Bros. Entertainment Inc. 1265854 SARGENT & KRAHN, en representación de Denominativa STARR STARR INTERNATIONAL COMPANY INC. 1266201 Ricardo Cabrera Fernández, en representación Mixta PUERTAS ABIERTAS de ELEODORO TORRES GONZALEZ 1266365 Jorge Luis Pino Zúñiga, en representación de Mixta BATHLUX BATHROOM EXPERTS HONGYU WANG OTAY 2015, S. L. B-90200320 1266536 Nicolo Antonio Lira Airola Mixta Cerveza Chercán 1270401 JULIO CESAR AVALOS CARROZA, en Denominativa SMART TAPE representación de SOC. COM. SOLCOMER LTDA. 1272227 Patricio Eduardo Aguilera Diaz, en representación Denominativa CRIN DE RARI de Maestra Madre Crin SpA y Agrupación de Artesanas de Rari 1273353 JFM FOOD SPA Denominativa El Bajon del Maipo 1273862 KAREN PUPKIN RUTMAN, en representación de Mixta CLINIK R ODONTOLOGÍA CLINIKR SPA 1274567 Opazo Cancino Francisco Omar Mixta OFC Landi-Hartog 1274704 ESTUDIO FEDERICO VILLASECA Y COMPAÑIA, Mixta PACERS GAMING en representación de NBA Properties, Inc. 1274708 ESTUDIO FEDERICO VILLASECA Y COMPAÑIA, Mixta PISTONS GT en representación de NBA Properties, Inc. 1274710 ESTUDIO FEDERICO VILLASECA Y COMPAÑIA, Mixta CAVS LEGION GC en representación de NBA Properties, Inc. 1274711 ESTUDIO FEDERICO VILLASECA Y COMPAÑIA, Mixta MAVS GAMING en representación de NBA Properties, Inc. 1 Estado Diario Subdirección de Marcas 17/01/2018 Sección M1: Observaciones de Forma Solicitud Representante Tipo signo Marca Observaciones 1274713 ESTUDIO FEDERICO VILLASECA Y COMPAÑIA, Mixta KINGS GUARD GAMING en representación de NBA Properties, Inc.
    [Show full text]
  • User Preferences, Network Cookies and Neutrality
    Neutral Net Neutrality Yiannis Yiakoumis, Sachin Katti, and Nick McKeown Stanford University ABSTRACT Alexa ranking 1 10 100 1000 >5000 Should applications receive special treatment from the network? And if so, who decides which applications 10 are preferred? This discussion, known as net neutral- 8 ity, goes beyond technology and is a hot political topic. 6 In this paper we approach net neutrality from a user’s # of users 4 perspective. Through user studies, we demonstrate that 2 users do indeed want some services to receive preferen- tial treatment; and their preferences have a heavy-tail: skai.gr nbc.com cnn.com hulu.com cucirca.eu netflix.com abc.go.com a one-size-fits-all approach is unlikely to work. This speetest.net facebook.com starsports.com mail.google.com usanetwork.com espncricinfo.com ticketmaster.com suggests that users should be able to decide how their intercallonline.com ondemandkorea.com traffic is treated. A crucial part to enable user prefer- Figure 1: If given the choice, which websites would home ences, is the mechanism to express them. To this end, users prioritize? The preferences have a heavy tail: 43% of we present network cookies, a general mechanism to ex- the preferences are unique, with a median popularity index press user preferences to the network. Using cookies, of 223. we prototype Boost, a user-defined fast-lane and deploy it in 161 homes. programs promise that certain traffic is free from data caps (aka zero-rating). Similarly, others have proposed CCS Concepts giving some traffic a fast-lane over the last mile.
    [Show full text]
  • Valorising the Iot Databox: Creating Value for Everyone Charith Perera1*, Susan Y
    TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES Trans. Emerging Tel. Tech. (2016) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/ett.3125 RESEARCH ARTICLE Valorising the IoT Databox: creating value for everyone Charith Perera1*, Susan Y. L. Wakenshaw2, Tim Baarslag3, Hamed Haddadi4, Arosha K. Bandara1, Richard Mortier5, Andy Crabtree6, Irene C. L. Ng2, Derek McAuley6 and Jon Crowcroft5 1 School of Computing and Communications, The Open University, Walton Hall, Milton Keynes MK7 6AA, UK 2 Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK 3 University of Southampton, Southampton SO17 1BJ, UK 4 School of Electronic Engineering and Computer Science, Queen Mary University of London, Mile End Road, London E1 4NS, UK 5 Computer Laboratory, University of Cambridge, Cambridge CB3 0FD, UK 6 School of Computer Science, University of Nottingham, Jubilee Campus, Nottingham NG8 1BB, UK ABSTRACT The Internet of Things is expected to generate large amounts of heterogeneous data from diverse sources including physical sensors, user devices and social media platforms. Over the last few years, significant attention has been focused on personal data, particularly data generated by smart wearable and smart home devices. Making personal data available for access and trade is expected to become a part of the data-driven digital economy. In this position paper, we review the research challenges in building personal Databoxes that hold personal data and enable data access by other parties and potentially thus sharing of data with other parties. These Databoxes are expected to become a core part of future data marketplaces. Copyright © 2016 The Authors Transactions on Emerging Telecommunications Technologies Published by John Wiley & Sons, Ltd.
    [Show full text]
  • Swann Security with the Google Assistant Setup Guide
    THE SWANN SECURITY SERVICE WITH GOOGLE ASSISTANT SETUP GUIDE English 1 SWANN SECURITY WORKS WITH THE GOOGLE ASSISTANT Now it’s even easier to see what’s happening. You can ask your Google Assistant to show your Swann Security Cameras on your TV with Chromecast. Read this guide to learn how to connect your Swann Security cameras to your Google Assistant and enable voice control. GETTING STARTED Before you start, please make sure that: → You have the Swann Security app → You have a Swann Security account with a Swann device(s) paired → You have a Chromecast-connected TV → You have the Google Home app on your phone → You have the Google Assistant (built-in or app) on your phone or a Google Home device installed. For more information about the Google Assistant, see "Get started with the Google Assistant on your phone or tablet" 2 LINKING TO THE GOOGLE ASSISTANT To use Google Assistant voice control with your Swann Security cameras, follow these steps: STEP 1 STEP 2 STEP 3 STEP 4 Open the Google Tap the Home tab Tap + in the top left Choose Set up Home app. at the bottom of the corner. Device. screen. 3 LINKING TO THE GOOGLE ASSISTANT STEP 5 STEP 6 STEP 7 STEP 8 Choose "Have Scroll the list or tap The “Swann To link the Swann something already and search for Security” service Security service, set up" under “Swann Security”. will appear in the you will need your Works with Google. results. Tap it. Swann Security account credentials. 4 LINKING TO THE GOOGLE ASSISTANT STEP 9 STEP 10 STEP 11 Enter the email and Google Assistant Google Assistant is now ready to password associated will link your Swann interact with your cameras.
    [Show full text]
  • Apple Homekit
    Avoid the silos and help build the true Internet of Things Introduction ● Aaron Vernon, CTO at Two Bulls ● Been at Two Bulls from the beginning with two stretches away at startups - CTO of Blokify and VP Software Engineering at LIFX ● Member of the AllSeen Alliance Technical Steering Committee ● I am going to cover the following: ○ The complexities of the current IoT landscape ○ How this affects companies and users ○ The Internet of Silos example ○ How we can work together better Transports WiFi ● Uses the 802.11 standard ● Standard on all mobile devices and routers ● Has become ubiquitous for users ● Great range ● Great bandwidth ● High power consumption ● High cost ● Onboarding experience can be complicated ● Examples: Nest Cam, LIFX, Canary, Honeywell Lyric Bluetooth Smart ● Standard on most mobile devices ● Becoming increasingly ubiquitous ● Low bandwidth ● Medium range ● Low power consumption ● Low cost ● Smart Mesh is being worked on ● Examples: Flic, Ilumi, Elgato Eve ZigBee ● Uses the 802.15.4 standard ● Low bandwidth ● Low range ● Low power consumption ● Very low cost ● Forms a mesh network ● Typically requires a hub for the radio ● Known to have interop and interference problems ● Examples: Phillips Hue, large amount of sensors and actuators Z-Wave ● Proprietary - chips developed by a single manufacturer ● Uses different frequencies in different countries ● Low bandwidth ● Medium range ● Low power consumption ● Very low cost ● Forms a mesh network ● Better interoperability and less interference than ZigBee ● Typically requires
    [Show full text]
  • Accepted Manuscript1.0
    6850 IEEE INTERNET OF THINGS JOURNAL, VOL. 6, NO. 4, AUGUST 2019 How Do I Share My IoT Forensic Experience With the Broader Community? An Automated Knowledge Sharing IoT Forensic Platform Xiaolu Zhang, Kim-Kwang Raymond Choo ,Senior Member, IEEE , and Nicole Lang Beebe, Senior Member, IEEE Abstract —It is challenging for digital forensic practitioners to typical investigation process, two or more investigators located maintain skillset currency, for example knowing where and how in different cities and/or countries may be forensically examin- to extract digital artifacts relevant to investigations from newer, ing the same (type of) device at the same time [see Fig. 1(a)]. emerging devices (e.g., due to the increased variety of data storage schemas across manufacturers and constantly changing models). As the experience and background of both investigators are This paper presents a knowledge sharing platform, developed likely to vary, the outcomes of the forensic investigations may and validated using an Internet of Things dataset released in the also differ (e.g., in terms of the types and extent of artifacts DFRWS 2017–2018 forensic challenge. Specifically, we present being recovered). an automated knowledge-sharing forensic platform that auto- As the diversity of devices increases (e.g., IoT, wearable, matically suggests forensic artifact schemas, derived from case data, but does not include any sensitive data in the final (shared) embedded, and other digital devices), so does the challenge schema. Such artifact schemas are then stored in a schema pool in the forensic examination of such devices [4]. For example, and the platform presents candidate schemas for use in new cases an investigator who is unfamiliar with a particular device that based on the data presented.
    [Show full text]