FlyWeb/Security scenarios

From MozillaWiki
Jump to: navigation, search

Below is a list of usage scenarios. They are intended to provide a few concrete examples of how FlyWeb can be used, and that we'd like to keep secure.

It also contains some concrete example of information that users would not like to see leaked, and types of attacks that we'd like to protect users against.

Home thermostat

User installs a IoT-enabled thermostat in her house. They want to be able to connect to the thermostat to configure it. They does this by connecting to the thermostat and loading a HTML-based UI from it. This UI then sends requests to the thermostat in order to change settings.

User does not want neighbors to be able to change thermostat setting. User does not want neighbors to be able to see when user changes the thermostat to vacation mode.

Office TV

The user wants to display a picture slideshow on a IoT-enabled TV in the office. The user browse to flickr.com and flickr.com connects to the TV. The TV then loads a HTML UI from the flickr.com page on the users smartphone. The page on the users smartphone also changes to become a controller UI for choosing which pictures to show on the TV.

The user does not want an attacker to be able to see the picture data that is sent to the TV, even if the attacker is connected to the same office network. The user does not an attacker to be able to make requests to the smartphone and thereby trick the smartphone into sending pictures directly to those devices. The user does not want an attacker to send commands to the TV, tricking the TV into loading and displaying attacker-chosen pictures on the TV.

Hotel room devices

User rents a hotel room. Once in the hotel room the user wants to connect to several of the IoT enabled devices in the room. For example use netflix on their smartphone to watch netflix on the TV, or use pandora to connect to the in-room speakers to listen to music, connect to the thermostat and curtains to configure temperature and light.

The user does not want an attacker on the same hotel wifi to be able to display netflix on the users TV, play audio through the room speakers, etc. The user does also not want an attacker on the same hotel wifi to be able to see what movie on netflix that the user is watching, or what songs on pandora that the user is playing.

Parking meter

User parks car and and wants to pay for parking. User connects to the parking meter and loads a HTML interface from it. User uses the HTML interface to pay for the parking using amazon pay or paypal.

User does not want the money to be sent to an attacker rather than to the city which owns the parking spot. The user does not want an attacker to know the user's location.

P2P photo sharing

After attending an event together, two users, Adam and Beth, want to exchange pictures from their smartphones with each other. Adam navigate to pictureshare.com. The pictureshare.com page asks Adam to allow it to create a detectable service which other people can connect to, which Adam approves. Beth connects to the service shared from Adam's smartphone and loads a HTML UI from it.

Adam and Beth then both select pictures that they want to share with each other, and then both receive the pictures shared by the other person.

Both Adam and Beth wants to be sure that the pictures they share are sent only to the other person. They also want to be sure that the pictures that they receive are from the other person.