Security Analysis of Smart Home Based on Life Cycle

With the rapid development of the Internet of Things (IoT) technology, security and privacy issues in the smart home have become the focus of extensive research. However, due to the differences in smart home solutions, especially the complex communication protocols and the wide variety of IoT devices, it is difficult for security researchers to systematically and comprehensively study the security of smart home. In this paper, we propose a novel security analysis method based on the life cycle of smart home, including the complete process of the user using IoT devices in smart home scenario, and take user, samrt device and IoT cloud as the research object. Moreover, in order to figure out the life cycle of smart home from different manufacturers, we propose a tool, called IoTCap (IoT Capture), to study the security and privacy issues of the smart home. The fundamental approach used in this tool is to capture IP-layer data packets sent and received by smart appliance on the user's mobile phone, and to analyze the contents of the data packets. Using this tool to recover the workflow and interaction process of the smart home, we further analyze security risks at all stages of the life cycle, including identity authentication, access control, protocol security, and privacy protection. The experimental results have shown that the method is feasible. We believe that this tool will be the basis of a general automation framework for analyzing the security and privacy of smart home.

[1]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[2]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[3]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.

[4]  Qi Wang,et al.  Fear and Logging in the Internet of Things , 2018, NDSS.

[5]  Jin-Hee Han,et al.  Security considerations for secure and trustworthy smart home system in the IoT environment , 2015, 2015 International Conference on Information and Communication Technology Convergence (ICTC).

[6]  Ítalo S. Cunha,et al.  AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle , 2016, SenSys.

[7]  Ali Saman Tosun,et al.  An Experimental Framework for Investigating Security and Privacy of IoT Devices , 2017, ISDDC.

[8]  Rohan Doshi,et al.  IoT network monitor , 2017, 2017 IEEE MIT Undergraduate Research Technology Conference (URTC).

[9]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[10]  Blase Ur,et al.  Rethinking Access Control and Authentication for the Home Internet of Things (IoT) , 2018, USENIX Security Symposium.

[11]  Yuguang Fang,et al.  EPIC: A Differential Privacy Framework to Defend Smart Homes Against Internet Traffic Analysis , 2018, IEEE Internet of Things Journal.