Smartphones are the center of our digital lives, but they are easily lost, stolen, or hacked, giving adversaries access to sensitive information. Experts at the Johns Hopkins Information Security Institute have developed a new system to enhance smartphone security, transforming devices that most people have in their homes into powerful privacy protectors.
SocIoTy repurposes Internet of Things (IoT) devices—such as speakers, home security systems, thermostats, and voice assistance technologies—as cryptographic tools providing two-factor authentication and secure file storage. This means that even if an attacker compromises your smartphone, they still need access to your home to breach your files.
The ISI team’s work, supported by the National Science Foundation and the Defense Advanced Research Projects Agency, appears in the 2024 Proceedings on Privacy Enhancing Technologies Symposium.
Logan Kostick
“Two-factor authentication (2FA) is increasingly common in our everyday lives, and work like SocIoTy adds an extra layer of protection by tying their 2FA to their smart home. With SocIoTy, users can rest assured that access to their most sensitive accounts can happen only when at home,” explains team member Logan Kostick, a doctoral student in the Whiting School of Engineering’s Department of Computer Science. “More generally, SocIoTy shows that existing smart home devices can be re-used beyond their original purposes, and we’re pursuing future work that looks at other services we could provide with them.”
The researchers tested the SocIoTy system in simulated smart home environments, using different types of computing devices to take the place of IoT devices in real-world scenarios. They evaluated the system’s performance overall as well as on small, specific tasks and found it to be smooth and quick, generating authentication codes in under 200 milliseconds—about the time it takes a person to blink an eye—even when connecting a smartphone and nine home devices simultaneously.
“Our benchmarks show that SocIoTy is practical, efficient, and conducive to deployment on real smart homes,” the authors write in the paper. “In the future, we plan on exploring what other at-home services we can provide on top of IoT devices through systems like SocIoTy.”
Kostick worked with Aviel D. Rubin, a professor emeritus of computer science, and Tushar Jois, an assistant professor of electrical engineering at the City College of New York, on the project. Jois received his PhD in computer science from Johns Hopkins and was also advised by Rubin.
Additional co-authors include Joseph Carrigan, a former ISI senior security engineer; alumni Maximilian Zinkus, Engr ’24, Gabrielle Beck, Engr ’24, Alishah Chator, Engr ’23, and Gabriel Kaptchuk, Engr ’20, who conducted the work while earning their PhDs; and Sofia Belikovetsky, who conducted her postdoctoral research at Johns Hopkins.