On the Safety Implications of Misordered Events and Commands in IoT Systems

Goksel F., Ozmen M. O., Reeves M., Shivakumar B., Celik Z. B.

42nd IEEE Symposium on Security and Privacy (S and P), ELECTR NETWORK, 27 May 2021, pp.235-241 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/spw53761.2021.00038
  • Page Numbers: pp.235-241
  • Middle East Technical University Affiliated: Yes


IoT devices, equipped with embedded actuators and sensors, provide custom automation in the form of IoT apps. IoT apps subscribe to events and upon receipt, transmit actuation commands which trigger a set of actuators. Events and actuation commands follow paths in the IoT ecosystem such as sensor-toedge, edge-to-cloud, and cloud-to-actuator, with different network and processing delays between these connections. Significant delays may occur especially when an IoT system cloud interacts with other clouds. Due to this variation in delays, the cloud may receive events in an incorrect order, and in turn, devices may receive and actuate misordered commands. In this paper, we first study eight major IoT platforms and show that they do not make strong guarantees on event orderings to address these issues. We then analyze the end-to-end interactions among IoT components, from the creation of an event to the invocation of a command. From this, we identify and formalize the root causes of misorderings in events and commands leading to undesired states. We deploy 23 apps in a simulated smart home containing 35 IoT devices to evaluate the misordering problem. Our experiments demonstrate a high number of misordered events and commands that occur through different interaction paths. Through this effort, we reveal the root and extent of the misordering problem and guide future work to ensure correct ordering in IoT systems.