Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

[1]  Emile H. L. Aarts,et al.  The New Everyday: Views on Ambient Intelligence , 2003 .

[2]  N. Leligou,et al.  Sensor networks security issues in augmented home environment , 2008, 2008 IEEE International Symposium on Consumer Electronics.

[3]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[4]  Mohammed Hassan Ahmed,et al.  Smart Home Activities: A Literature Review , 2014 .

[5]  Andreas Jacobsson,et al.  A risk analysis of a smart home automation system , 2016, Future Gener. Comput. Syst..

[6]  Javier Rubio-Loyola,et al.  Accurate real-time monitoring of bottlenecks and performance of packet trace collection , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[7]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[8]  L. Delahoche,et al.  The Smart Home Concept : our immediate future , 2006, 2006 1ST IEEE International Conference on E-Learning in Industrial Electronics.

[9]  Ali Ismail Awad,et al.  Fingerprint Local Invariant Feature Extraction on GPU with CUDA , 2013, Informatica.

[10]  Bako Ali Internet of Things based Smart Homes : Security Risk Assessment and Recommendations , 2016 .

[11]  W. Granzer,et al.  Security in networked building automation systems , 2006, 2006 IEEE International Workshop on Factory Communication Systems.

[12]  Shuang-Hua Yang,et al.  Safety and Security of Remote Monitoring and Control of intelligent Home Environments , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[13]  Yang Liu,et al.  Vulnerability assessment and defense technology for smart home cybersecurity considering pricing cyberattacks , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[14]  Jin-Young Choi,et al.  Home-Network Security Model in Ubiquitous Environment , 2007 .

[15]  Subhas Chandra Mukhopadhyay,et al.  Smart Homes: Design, Implementation and Issues , 2015 .

[16]  Teddy Mantoro,et al.  Securing the authentication and message integrity for Smart Home using smart phone , 2014, 2014 International Conference on Multimedia Computing and Systems (ICMCS).

[17]  Stefano Paolo Corgnati,et al.  Insights on Smart Home Concept and Occupants’ Interaction with Building Controls , 2017 .

[18]  Ali Ismail Awad,et al.  Evaluation of Acceleration Algorithm for Biometric Identification , 2012, NDT.

[19]  Muhammad Ali Akbar,et al.  Secure biometric template generation for multi-factor authentication , 2015, Pattern Recognit..

[20]  Tiago M. Fernández-Caramés,et al.  A Practical Evaluation of a High-Security Energy-Efficient Gateway for IoT Fog Computing Applications , 2017, Sensors.

[21]  Sotirios Terzis,et al.  Security, Privacy and Trust Issues in Smart Environments , 2005 .

[22]  Muhammad Bilal,et al.  An Authentication Protocol for Future Sensor Networks , 2017, Sensors.

[23]  Jingsha He,et al.  An Adaptive Privacy Protection Method for Smart Home Environments Using Supervised Learning , 2017, Future Internet.

[24]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[25]  R.J.C. Nunes,et al.  An Internet application for home automation , 2000, 2000 10th Mediterranean Electrotechnical Conference. Information Technology and Electrotechnology for the Mediterranean Countries. Proceedings. MeleCon 2000 (Cat. No.00CH37099).

[26]  Javier Rubio-Loyola,et al.  Maximizing packet loss monitoring accuracy for reliable trace collections , 2008, 2008 16th IEEE Workshop on Local and Metropolitan Area Networks.

[27]  Heng Yin,et al.  Attacks on WebView in the Android system , 2011, ACSAC '11.

[28]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[29]  Huansheng Ning,et al.  Unit and Ubiquitous Internet of Things , 2013 .

[30]  Ali Ismail Awad,et al.  Biometrics Applications in e-Health Security: A Preliminary Survey , 2015, HIS.

[31]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[32]  Ali Ismail Awad,et al.  Evaluation of a Fingerprint Identification Algorithm with SIFT Features , 2012, 2012 IIAI International Conference on Advanced Applied Informatics.

[33]  Lawrie Brown,et al.  Computer Security: Principles and Practice , 2007 .

[34]  Michael Schiefer Smart Home Definition and Security Threats , 2015, 2015 Ninth International Conference on IT Security Incident Management & IT Forensics.

[35]  Ali Ismail Awad,et al.  Fast Fingerprint Orientation Field Estimation Incorporating General Purpose GPU , 2014, SOFA.

[36]  Shen Bin,et al.  Research on data mining models for the internet of things , 2010, 2010 International Conference on Image Analysis and Signal Processing.

[37]  James Stevens,et al.  Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process , 2007 .

[38]  Mahmoud Al-Qutayri,et al.  Integrated Wireless Technologies for Smart Homes Applications , 2010 .

[39]  Hein S. Venter,et al.  Social engineering attack examples, templates and scenarios , 2016, Comput. Secur..

[40]  Liyanage C. De Silva,et al.  State of the art of smart homes , 2012, Eng. Appl. Artif. Intell..

[41]  M. Kalaiselvi Geetha,et al.  Internet of Things: Novel Advances and Envisioned Applications , 2017 .

[42]  Senol Zafer Erdogan,et al.  Mobility Monitoring by Using RSSI in Wireless Sensor Networks , 2010 .

[43]  Hannu Tenhunen,et al.  International Conference on Ambient Systems , Networks and Technologies ( ANT 2015 ) SEA : A Secure and E ffi cient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways , 2015 .

[44]  Sadie Creese,et al.  Security Risk Assessment in Internet of Things Systems , 2017, IT Professional.

[45]  Ali Ismail Awad,et al.  A Distributed Security Mechanism for Resource-Constrained IoT Devices , 2016, Informatica.

[46]  Richard Harper,et al.  Inside the Smart Home: Ideas, Possibilities and Methods , 2003 .

[47]  Lingfeng Wang,et al.  An information flow security model for home area network of smart grid , 2013, 2013 IEEE International Conference on Cyber Technology in Automation, Control and Intelligent Systems.

[48]  Ali Ismail Awad,et al.  Optimized hardware implementation of the advanced encryption standard algorithm , 2013, 2013 8th International Conference on Computer Engineering & Systems (ICCES).

[49]  Wenbing Zhao,et al.  SPE: Security and Privacy Enhancement Framework for Mobile Devices , 2017, IEEE Transactions on Dependable and Secure Computing.

[50]  Soma Bandyopadhyay,et al.  A Survey of Middleware for Internet of Things , 2011, WiMo/CoNeCo.

[51]  Gang Zhao,et al.  A novel risk assessment model for privacy security in Internet of Things , 2014, Wuhan University Journal of Natural Sciences.

[52]  Hesham F. A. Hamed,et al.  Advanced Encryption Standard Algorithm: Issues and Implementation Aspects , 2012, AMLTA.

[53]  Ali Ismail Awad,et al.  Fingerprint Singularity Detection: A Comparative Study , 2011, ICSECS.

[54]  Yuan-Ting Zhang,et al.  A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network , 2016, Sensors.

[55]  Santanu Das Technology for SMART HOME , 2013 .

[56]  George Mastorakis,et al.  A distributed IDS architecture model for Smart Home systems , 2017, Cluster Computing.

[57]  Domen Zupančič,et al.  Smart-Home Energy Management in the Context of Occupants' Activity , 2014 .

[58]  Nader Mohamed,et al.  Challenges in middleware solutions for the internet of things , 2012, 2012 International Conference on Collaboration Technologies and Systems (CTS).

[59]  Aboul Ella Hassanien,et al.  Impact of Some Biometric Modalities on Forensic Science , 2014, Computational Intelligence in Digital Forensics.

[60]  Kang Bing,et al.  Design of an Internet of Things-based smart home system , 2011, 2011 2nd International Conference on Intelligent Control and Information Processing.