skip to main content
10.1145/3386901.3388941acmconferencesArticle/Chapter ViewAbstractPublication PagesmobisysConference Proceedingsconference-collections
research-article

SecWIR: securing smart home IoT communications via wi-fi routers with embedded intelligence

Published: 15 June 2020 Publication History

Abstract

Smart home Wi-Fi IoT devices are prevalent nowadays and potentially bring significant improvements to daily life. However, they pose an attractive target for adversaries seeking to launch attacks. Since the secure IoT communications are the foundation of secure IoT devices, this study commences by examining the extent to which mainstream security protocols are supported by 40 of the best selling Wi-Fi smart home IoT devices on the Amazon platform. It is shown that 29 of these devices have either no security protocols deployed, or have problematic security protocol implementations. Seemingly, these vulnerabilities can be easily fixed by installing security patches. However, many IoT devices lack the requisite software/hardware resources to do so. To address this problem, the present study proposes a SecWIR (Secure Wi-Fi IoT communication Router) framework designed for implementation on top of the users' existing home Wi-Fi routers to provide IoT devices with a secure IoT communication capability. However, it is way challenging for SecWIR to function effectively on all home Wi-Fi routers since some routers are resource-constrained. Thus, several novel techniques for resolving this implementation issue are additionally proposed. The experimental results show that SecWIR performs well on a variety of commercial off-the-shelf (COTS) Wi-Fi routers at the expense of only a small reduction in the non-IoT data service throughput (less than 8%), and small increases in the CPU usage (4.5%~7%), RAM usage (1.9 MB~2.2 MB), and the IoT device access delay (24 ms~154 ms) while securing 250 IoT devices.

References

[1]
An overview of wireless protected access 2 (wpa2). https://www.lifewire.com/what-is-wpa2--818352, 2017.
[2]
Control network traffic with iptables. https://linode.com/docs/security/firewalls/control-network-traffic-with-iptables/, 2018.
[3]
Linux top command. https://www.lifewire.com/linux-top-command-2201163, 2018.
[4]
Openwrt/lede project. https://openwrt.org/, 2018.
[5]
Wi-fi security. https://www.wi-fi.org/discover-wi-fi/security, 2020.
[6]
ActivityManager. https://bit.ly/2o2pulx, 2018.
[7]
Alliance, L. Lorawan: Low power wide area network. https://lora-alliance.org/about-lorawan, 2020.
[8]
Alrawi, O., Lever, C., Antonakakis, M., and Monroee, F. Sok: Security evaluation of home-based iot deployments. In IEEE Symposium on Security and Privacy (S&P) (2019), pp. 1362--1380.
[9]
Alshamsi, A., and Saito, T. A technical comparison of ipsec and ssl. In AINA (2005).
[10]
Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, a., and Feamster, N. Spying on the smart home: Privacy attacks and defenses on encrypted iot traffic. CoRR abs/1708.05044 (2017).
[11]
Aras, E., Ramachandran, G. S., Lawrence, P., and Hughes, D. Exploring the security vulnerabilities of lora. In IEEE International Conference on Cybernetics (CYBCONF) (2017), pp. 1--6.
[12]
ASN1. A layman's guide to a subset of asn.1, ber, and der. http://luca.ntop.org/Teaching/Appunti/asn1.html, 2018.
[13]
Be'ery, T., and Shulman, A. A perfect crime? only time will only time will tell. https://media.blackhat.com/eu-13/briefings/Beery/bh-eu-13-a-perfect-crime-beery-wp.pdf, 2013.
[14]
Benzaïd, C., Boulgheraif, A., Dahmane, F. Z., Al-Nemrat, A., and Zeraoulia, K. Intelligent detection of mac spoofing attack in 802.11 network. In International Conference on Distributed Computing and Networking (ICDCN) (2016), p. 47.
[15]
Bonetto, R., Bui, N., Lakkundi, V., Olivereau, A., Serbanati, A., and Rossi, M. Secure communication for smart iot objects: Protocol stacks, use cases and practical examples. In IEEE international symposium on a world of wireless, mobile and multimedia networks (WoWMoM) (2012), pp. 1--7.
[16]
Caextract. Mozilla ca certificate store in pem format. https://curl.haxx.se/docs/caextract.html, 2018.
[17]
Celik, Z. B., Babun, L., Sikder, A. K., Aksu, H., Tan, G., McDaniel, P., and Uluagac, A. S. Sensitive information tracking in commodity iot. In USENIX Security Symposium (USENIX Security) (2018), pp. 1687--1704.
[18]
Celik, Z. B., Tan, G., and McDaniel, P. D. Iotguard: Dynamic enforcement of security and safety policy in commodity iot. In Network and Distributed Systems Symposium (NDSS) (2019).
[19]
Chawla, B. K., Gupta, O., and Sawhney, B. A review on ipsec and ssl vpn.
[20]
Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W. C., Sun, M., Yang, R., and Zhang, K. Iotfuzzer: Discovering memory corruptions in iot through app-based fuzzing. In Network and Distributed Systems Symposium (NDSS) (2018).
[21]
CVE. Beast attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389, 2011.
[22]
Dang, F., Li, Z., Liu, Y., Zhai, E., Chen, Q. A., Xu, T., Chen, Y., and Yang, J. Understanding fileless attacks on linux-based iot devices with honeycloud. In International Conference on Mobile Systems, Applications, and Services (Mobisys) (2019), pp. 482--493.
[23]
Davies, N., Taft, N., Satyanarayanan, M., Clinch, S., and Amos, B. Privacy mediators: Helping iot cross the chasm. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications (2016), ACM, pp. 39--44.
[24]
Fernandes, E., Jung, J., and Prakash, A. Security analysis of emerging smart home applications. In IEEE symposium on security and privacy (S&P) (2016), pp. 636--654.
[25]
Fruhlinger, J. The mirai botnet explained: How teen scammers and cctv cameras almost brought down the internet. https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html, 2018.
[26]
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., and Fu, K. They can hear your heartbeats: non-invasive security for implantable medical devices. In ACM SIGCOMM Computer Communication Review (2011), pp. 2--13.
[27]
Hafeez, I., Ding, A. Y., Suomalainen, L., Kirichenko, A., and Tarkoma, S. Securebox: Toward safer and smarter iot networks. In CAN@CoNEXT (2016).
[28]
Harris, A. F., Sundaram, H., and Kravets, R. Security and privacy in public iot spaces. In International Conference on Computer Communication and Networks (ICCCN) (2016), pp. 1--8.
[29]
Holt, C. C. Forecasting seasonals and trends by exponentially weighted moving averages. International journal of forecasting (2004).
[30]
Jones, R. Netperf. https://github.com/HewlettPackard/netperf, 2018.
[31]
Kavalaris, S. P., and Serrelis, E. Security issues of contemporary multimedia implementations: The case of sonos and sonosnet. In International Conference in Information Security and Digital Forensics (ISDF) (2014), pp. 63--74.
[32]
Komando. Best apps to control your router. https://www.komando.com/apps/368384/best-apps-to-control-your-router/all, 2018.
[33]
Kumar, S., Hu, Y., Andersen, M. P., Popa, R. A., and Culler, D. E. Jedi: Many-to-many end-to-end encryption and key delegation for iot. In Network and Distributed Systems Symposium (NDSS) (2019).
[34]
Mazerik, R. Beast vs. crime attack. https://resources.infosecinstitute.com/beast-vs-crime-attack/#gref, 2013.
[35]
Mbed. Delta dfcm-nnn40. https://os.mbed.com/components/Delta-DFCM-NNN40/, 2018.
[36]
Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.-R., and Tarkoma, S. Iot sentinel: Automated device-type identification for security enforcement in iot. In IEEE International Conference on Distributed Computing Systems (ICDCS) (2017).
[37]
Moshtaghi, M., Leckie, C., Karunasekera, S., Bezdek, J. C., Rajasegarar, S., and Palaniswami, M. Incremental elliptical boundary estimation for anomaly detection in wireless sensor networks. In IEEE International Conference on Data Mining (ICDM) (2011).
[38]
Netgear. Readycloud at netgear. http://readycloud.netgear.com/client/en/welcome.html, 2020.
[39]
Obermaier, J., and Hutle, M. Analyzing the security and privacy of cloud-based video surveillance systems. In ACM International Workshop on IoT Privacy, Trust, and Security (IoTPTS) (2016), pp. 22--28.
[40]
Openwrt. Package: openssl-util. https://openwrt.org/packages/pkgdata/openssl-util, 2018.
[41]
Openwrt. Supported routers. https://openwrt.org/toh/start, 2018.
[42]
Paterson, K. On the security of rc4 in tls and wpa. http://www.isg.rhul.ac.uk/tls/, 2013.
[43]
Raza, S., Shafagh, H., Hewage, K., Hummen, R., and Voigt, T. Lithe: Lightweight secure coap for the internet of things. IEEE Sensors Journal (2013), 3711--3720.
[44]
Roethlisberger, D. Sslsplit. https://www.roe.ch/SSLsplit, 2018.
[45]
Ronen, E., Shamir, A., Weingarten, A.-O., and O'Flynn, C. Iot goes nuclear: Creating a zigbee chain reaction. In IEEE Symposium on Security and Privacy (S&P) (2017).
[46]
Salowey, J., Z. H. E. P., and Tschofenig, H. Transport layer security (tls) session resumption without server-side state. https://tools.ietf.org/html/rfc5077, 2008.
[47]
Shaikh, R. A., Lee, S., Khan, M. A., and Song, Y. J. Lsec: lightweight security protocol for distributed wireless sensor network. In IFIP International Conference on Personal Wireless Communications (PWC) (2006), pp. 367--377.
[48]
Simpson, A. K., Roesner, F., and Kohno, T. Securing vulnerable home iot devices with an in-hub security manager. In IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) (2017).
[49]
Sivanathan, A., Sherratt, D., Gharakheili, H. H., Sivaraman, V., and Vishwanath, A. Low-cost flow-based security solutions for smart-home iot devices. In IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS) (2016).
[50]
SSLdump. Ssldump home page. http://ssldump.sourceforge.net/, 2018.
[51]
Statista. Unit shipments of wi-fi enabled smart home devices worldwide from 2016 to 2020 (in millions). https://bit.ly/2EhpNj1, 2016.
[52]
Tian, Y., Zhang, N., Lin, Y.-H., Wang, X., Ur, B., Guo, X., and Tague, P. Smartauth: User-centered authorization for the internet of things. In USENIX Security Symposium (USENIX Security) (2017), pp. 361--378.
[53]
Tuecke, S., Welch, V., Engert, D., Pearlman, L., and Thompson, M. Internet x. 509 public key infrastructure (pki) proxy certificate profile. Tech. rep., 2004.
[54]
Weinschenk, C. Wi-fi installed base forecast to reach 17 billion by 2030, driven by the smart home. https://www.telecompetitor.com/wi-fi-installed-base-forecast-to-reach-17-billion-by-2030-driven-by-the-smart-home/, 2019.
[55]
Wolfssl. Wolfssl memory usage. https://www.wolfssl.com/docs/benchmarks/, 2018.
[56]
Wong, D. Downgrade attack on tls 1.3 and vulnerabilities in major tls libraries. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/, 2019.
[57]
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., and Xu, C. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In Workshopon Hot Topics in Networks (HotNets) (2015).
[58]
Zhang, C. N., Yu, Q., Huang, X., and Yang, C. An rc4-based lightweight security protocol for resource-constrained communications. In IEEE International Conference on Computational Science and Engineering (CSE)-Workshops (2008), pp. 133--140.
[59]
Zhang, N., Demetriou, S., Mi, X., Diao, W., Yuan, K., Zong, P., Qian, F., Wang, X., Chen, K., Tian, Y., et al. Understanding iot security through the data crystal ball: Where we are now and where we are going to be. arXiv preprint arXiv:1703.09809 (2017).
[60]
Zoller, T. Tls / sslv3 renegotiation vulnerability explained. http://www.g-sec.lu/practicaltls.pdf, 2011.

Cited By

View all
  • (2024)Transparent Third-Party Authentication With Application Mobility for 5G Mobile-Edge ComputingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.329608521:1(1142-1157)Online publication date: Feb-2024
  • (2024)Deployment of an Advanced Wi-Fi Data Firewall System to Enhance Security in the IoT Ecosystem2024 3rd International Conference on Sentiment Analysis and Deep Learning (ICSADL)10.1109/ICSADL61749.2024.00096(553-557)Online publication date: 13-Mar-2024
  • (2023)Recent Trends of Federated Learning for Smart Healthcare SystemsFederated Learning and AI for Healthcare 5.010.4018/979-8-3693-1082-3.ch005(78-103)Online publication date: 18-Dec-2023
  • Show More Cited By

Index Terms

  1. SecWIR: securing smart home IoT communications via wi-fi routers with embedded intelligence

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      MobiSys '20: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services
      June 2020
      496 pages
      ISBN:9781450379540
      DOI:10.1145/3386901
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 15 June 2020

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. IoT
      2. security
      3. smart home
      4. wi-fi

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      MobiSys '20
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 274 of 1,679 submissions, 16%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)46
      • Downloads (Last 6 weeks)2
      Reflects downloads up to 13 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Transparent Third-Party Authentication With Application Mobility for 5G Mobile-Edge ComputingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.329608521:1(1142-1157)Online publication date: Feb-2024
      • (2024)Deployment of an Advanced Wi-Fi Data Firewall System to Enhance Security in the IoT Ecosystem2024 3rd International Conference on Sentiment Analysis and Deep Learning (ICSADL)10.1109/ICSADL61749.2024.00096(553-557)Online publication date: 13-Mar-2024
      • (2023)Recent Trends of Federated Learning for Smart Healthcare SystemsFederated Learning and AI for Healthcare 5.010.4018/979-8-3693-1082-3.ch005(78-103)Online publication date: 18-Dec-2023
      • (2023)Enhancing security in smart homes with IoT using logit-boosted techniquesSixth International Conference on Computer Information Science and Application Technology (CISAT 2023)10.1117/12.3003944(86)Online publication date: 11-Oct-2023
      • (2023)Anonymous Broadcast Authentication With One-to-Many Transmission to Control IoT DevicesIEEE Access10.1109/ACCESS.2023.328833711(62955-62969)Online publication date: 2023
      • (2023)On the Security of Smart Home Systems: A SurveyJournal of Computer Science and Technology10.1007/s11390-023-2488-338:2(228-247)Online publication date: 30-Mar-2023
      • (2023)IoT-REX: A Secure Remote-Control System for IoT Devices from Centralized Multi-designated Verifier SignaturesInformation Security Practice and Experience10.1007/978-981-99-7032-2_7(105-122)Online publication date: 8-Nov-2023
      • (2021)Eavesdropping Vulnerability and Countermeasure in Infrared Communication for IoT DevicesSensors10.3390/s2124820721:24(8207)Online publication date: 8-Dec-2021
      • (2021)HivemindProceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3458864.3466626(467-482)Online publication date: 24-Jun-2021
      • (2021)Ultra Large-Scale Crowd Monitoring System Architecture and Design IssuesIEEE Internet of Things Journal10.1109/JIOT.2021.30762578:13(10356-10366)Online publication date: 1-Jul-2021

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      EPUB

      View this article in ePub.

      ePub

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media