SocIoTy connects common home devices to your phone to provide extra security

Smartphones are the center of our digital lives, but they are easily lost, stolen, or hacked, giving adversaries access to sensitive information. Experts at Johns Hopkins Information Security Institute have developed a new system to enhance smartphone security, transforming devices that most people have in their homes into powerful privacy protectors.

SocIoTy repurposes Internet of Things devices, such as speakers, home security systems, thermostats, and voice assist technologies, as cryptographic tools providing two-factor authentication and secure file storage. This means that even if an attacker compromises your smartphone, they still need access to your home to breach your files.

The team’s work, supported by the National Science Foundation and the Defense Advanced Research Projects Agency, appears in the Proceedings on Privacy Enhancing Technologies 2024.

“Two-factor authentication (2FA) is increasingly common in our everyday lives, and work like SocIoTy adds an extra layer of protection by tying their 2FA to their smart home. With SocIoTy, users can rest assured that access to their most sensitive accounts can happen only when at home,” explains team member Logan Kostick, a doctoral student in the Whiting School of Engineering’s Department of Computer Science. “More generally, SocIoTy shows that existing smart home devices can be re-used beyond their original purposes, and we’re pursuing future work that looks at other services we could provide with them.”

The research team tested the SocIoTy system in simulated smart home environments, using different types of computing devices to take the place of IoT devices in real-world scenarios. They evaluated the system’s performance overall as well as on small, specific tasks and found it to be smooth and quick, generating authentication codes in under 200 milliseconds—about the time it takes a person to blink an eye—even when connecting a smartphone and nine home devices simultaneously.

“Our benchmarks show that SocIoTy is practical, efficient, and conducive to deployment on real smart homes,” the authors write in the paper. “In the future, we plan on exploring what other at-home services we can provide on top of IoT devices through systems like SocIoTy.”

Kostick worked with Avi Rubin, professor emeritus of computer science, and Tushar Jois, assistant professor of electrical engineering at the City College of New York, on the project. Jois received his PhD in computer science from Johns Hopkins and was advised by Rubin.

Additional co-authors include Joseph Carrigan, a former senior security engineer in ISI; Maximilian Zinkus, Engr ’24, Gabrielle Beck, Engr ’24, Alishah Chator, Engr ’23, and Gabriel Kaptchuk, Engr ’20, who conducted the work while earning their PhDs from Johns Hopkins; and Sofia Belikovetsky, who completed her postdoc at Johns Hopkins.