Securing Consumer IoT in the Smart Home: Architecture, Challenges, and Countermeasures

The consumer Internet of Things (IoT) platforms are gaining high popularity. However, due to the open nature of wireless communications, smart home platforms are facing many new challenges, especially in the aspect of security and privacy. In this article, we first introduce the architecture of current popular smart home platforms and elaborate the functions of each component. Then we discuss the security and privacy challenges arising from these platforms and review the state of the art of the proposed countermeasures. We give a comprehensive survey on several new attacks on the voice interface of smart home platforms, which aim to gain unauthorized access and execute over-privileged behaviors to compromise the user's privacy. To thwart these attacks, we propose a novel voice liveness detection system, which analyzes the wireless signals generated by IoT devices and the received voice samples to perform user authentication. We implement a real-world testbed on Samsung's SmartThings platform to evaluate the performance of the proposed system, and demonstrate its effectiveness.

[1]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[2]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.

[3]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[4]  Kang G. Shin,et al.  Continuous Authentication for Voice Assistants , 2017, MobiCom.

[5]  Xiaojiang Du,et al.  Achieving Efficient and Secure Data Acquisition for Cloud-Supported Internet of Things in Smart Grid , 2017, IEEE Internet of Things Journal.

[6]  Jie Liu,et al.  MASHaBLE: mobile applications of secret handshakes over bluetooth LE , 2016, MobiCom '16.

[7]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[8]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[9]  Mohsen Guizani,et al.  A lightweight live memory forensic approach based on hardware virtualization , 2017, Information Sciences.

[10]  Yongdae Kim,et al.  Dissecting Customized Protocols: Automatic Analysis for Customized Protocols based on IEEE 802.15.4 , 2016, WISEC.

[11]  Jie Wu,et al.  Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms , 2016, IEEE Transactions on Vehicular Technology.

[12]  Jie Yang,et al.  Hearing Your Voice is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication , 2017, CCS.

[13]  Micah Sherr,et al.  Hidden Voice Commands , 2016, USENIX Security Symposium.

[14]  Mengyuan Li,et al.  You Can Jam But You Cannot Hide: Defending Against Jamming Attacks for Geo-Location Database Driven Spectrum Sharing , 2016, IEEE Journal on Selected Areas in Communications.