Abstract
In smart home Internet of Things (IoT) systems, interactions between devices are driven in two ways: automation applications (apps), and the physical channels (e.g., temperature, smoke). Meanwhile, device interactions can be maliciously exploited to launch IoT attacks. However, limited efforts explore whether it is feasible to discover potential exploitable device interactions from IoT deployments. This paper proposes a novel framework to detect interactions among devices (D-interact) from eavesdropped network traffic and device function descriptions, and discover all potential exploitable device interactions (i.t., attack paths). First, we use the packet-level patterns to fingerprint IoT device events and then identify all IoT device events from the eavesdropped traffic. Furthermore, we mine temporal and conditional dependencies of IoT events to infer device interactions introduced by IoT apps. Besides, to identify interactions between devices and physical channels, we use the natural language processing (NLP) technique to analyze device function descriptions. Based on the obtained device interactions, D-interact builds a device interaction graph to discover attack paths. To demonstrate the feasibility of our approach, we implement D-interact in a real-world smart home including 24 devices and 29 apps. The experiment results show that 38 device interactions are identified and 26 device interaction paths could be potentially exploited to impact the safety of the IoT environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Acar, A., et al.: Peek-a-boo: i see your smart home activities, even encrypted! In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 207ā218 (2020)
Home Assisant. https://www.home-assistant.io/
Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
Cve-poc (2021). https://github.com/chengcheng227/CVE-POC
Ding, W., Hu, H.: On the safety of iot device physical interaction control. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 832ā846 (2018)
Ding, W., Hu, H., Cheng, L.: IOTSAFE: enforcing safety and security policy with real IoT physical interaction discovery. In: The 28th Network and Distributed System Security Symposium (NDSS 2021) (2021)
Fernandes, F., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636ā654. IEEE (2016)
Gu, T., et al.: IoTSpy: uncovering human privacy leakage in IoT networks via mining wireless context. In: 2020 IEEE 31st Annual International Symposium on Personal, Indoor and Mobile Radio Communications, pp. 1ā7. IEEE (2020)
Hagberg, A., Swart, P., Chult, D.S.: Exploring network structure, dynamics, and function using NetworkX. Tech. rep. Los Alamos National Lab. (LANL), Los Alamos, NM (United States) (2008)
Lindley, D.S.: Bayesian statistics: A review. SIAM (1972)
Liu, X., et al.: SniffMislead: non-intrusive privacy protection against wireless packet sniffers in smart homes. In: 24th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 33ā47 (2021)
Loper, E., Bird, S.: Nltk: the natural language toolkit. arXiv preprint cs/0205028 (2002)
Luo, Y., et al.: Context-rich privacy leakage analysis through inferring apps in smart Home IoT. IEEE Internet of Things J. 8.4, 2736ā2750 (2020)
Ozmen, M.O., et al.: Discovering physical interaction vulnerabilities in IoT deployments. arXiv preprint arXiv:2102.01812 (2021)
Smartthing. https://www.smartthings.com/
Tarjan, R.: Depth-first search and linear graph algorithms. SIAM J. Computing 1.2, 146ā160 (1972)
Trimananda, R., et al.: Packet-level signatures for smart home devices. In: Network and Distributed Systems Security (NDSS) Symposium, vol. 2020 (2020)
Zhang, W., et al.: Homonit: monitoring smart home apps from encrypted traffic. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1074ā1088 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sun, M., Li, K., Zheng, Y., Zhang, W., Li, H., Sun, L. (2022). Inferring Device Interactions for Attack Path Discovery in Smart Home IoT. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13471. Springer, Cham. https://doi.org/10.1007/978-3-031-19208-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-19208-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19207-4
Online ISBN: 978-3-031-19208-1
eBook Packages: Computer ScienceComputer Science (R0)