Proactively Extracting IoT Device Capabilities: An Application to Smart Homes

Internet of Things (IoT) device adoption is on the rise. Such devices are mostly self-operated and require minimum user interventions. This is achieved by abstracting away their design complexities and functionalities from the users. However, this abstraction significantly limits a user’s insights on evaluating the true capabilities (i.e., what actions a device can perform) of a device and hence, its potential security and privacy threats. Most existing works evaluate the security of those devices by analyzing the environment data (e.g., network traffic, sensor data, etc.). However, such approaches entail collecting data from encrypted traffic, relying on the quality of the collected data for their accuracy, and facing difficulties in preserving both utility and privacy of the data. We overcome the above-mentioned challenges and propose a proactive approach to extract IoT device capabilities from their informational specifications to verify their potential threats, even before a device is installed. We apply our approach to the context of a smart home and evaluate its accuracy and efficiency on the devices from three different vendors.

[1]  Karen Scarfone,et al.  Considerations for managing Internet of Things (IoT) cybersecurity and privacy risks , 2018 .

[2]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[3]  Ahmad-Reza Sadeghi,et al.  AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication , 2019, IEEE Journal on Selected Areas in Communications.

[4]  Klaus Wehrle,et al.  Towards In-Network Security for Smart Homes , 2018, ARES.

[5]  Stefanos Gritzalis,et al.  Evolution and Trends in IoT Security , 2018, Computer.

[6]  Lei Yang,et al.  Hide Your Hackable Smart Home from Remote Attacks: The Multipath Onion IoT Gateways , 2018, ESORICS.

[7]  William Enck,et al.  HomeSnitch: behavior transparency and control for smart home IoT devices , 2019, WiSec.

[8]  Ivan Martinovic,et al.  Peeves: Physical Event Verification in Smart Homes , 2019, CCS.

[9]  Indrajit Ray,et al.  Behavioral Fingerprinting of IoT Devices , 2018, ASHES@CCS.

[10]  Jiwon Choi,et al.  Detecting and Identifying Faulty IoT Devices in Smart Home with Context Extraction , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[11]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[12]  Patrick D. McDaniel,et al.  IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT , 2019, NDSS.

[13]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[14]  Jaime Lloret,et al.  Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things , 2017, IEEE Access.

[15]  Yang Zhang,et al.  Modeling virtual channel to enforce runtime properties for IoT services , 2017, ICC.

[16]  Qi Wang,et al.  Fear and Logging in the Internet of Things , 2018, NDSS.

[17]  Franck Le,et al.  DeviceMien: network device behavior modeling for identifying unknown IoT devices , 2019, IoTDI.

[18]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[19]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[20]  Ravi S. Sandhu,et al.  An Access Control Framework for Cloud-Enabled Wearable Internet of Things , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).