ABSTRACT
Smart home Wi-Fi IoT devices are prevalent nowadays and potentially bring significant improvements to daily life. However, they pose an attractive target for adversaries seeking to launch attacks. Since the secure IoT communications are the foundation of secure IoT devices, this study commences by examining the extent to which mainstream security protocols are supported by 40 of the best selling Wi-Fi smart home IoT devices on the Amazon platform. It is shown that 29 of these devices have either no security protocols deployed, or have problematic security protocol implementations. Seemingly, these vulnerabilities can be easily fixed by installing security patches. However, many IoT devices lack the requisite software/hardware resources to do so. To address this problem, the present study proposes a SecWIR (Secure Wi-Fi IoT communication Router) framework designed for implementation on top of the users' existing home Wi-Fi routers to provide IoT devices with a secure IoT communication capability. However, it is way challenging for SecWIR to function effectively on all home Wi-Fi routers since some routers are resource-constrained. Thus, several novel techniques for resolving this implementation issue are additionally proposed. The experimental results show that SecWIR performs well on a variety of commercial off-the-shelf (COTS) Wi-Fi routers at the expense of only a small reduction in the non-IoT data service throughput (less than 8%), and small increases in the CPU usage (4.5%~7%), RAM usage (1.9 MB~2.2 MB), and the IoT device access delay (24 ms~154 ms) while securing 250 IoT devices.
- An overview of wireless protected access 2 (wpa2). https://www.lifewire.com/what-is-wpa2--818352, 2017.Google Scholar
- Control network traffic with iptables. https://linode.com/docs/security/firewalls/control-network-traffic-with-iptables/, 2018.Google Scholar
- Linux top command. https://www.lifewire.com/linux-top-command-2201163, 2018.Google Scholar
- Openwrt/lede project. https://openwrt.org/, 2018.Google Scholar
- Wi-fi security. https://www.wi-fi.org/discover-wi-fi/security, 2020.Google Scholar
- ActivityManager. https://bit.ly/2o2pulx, 2018.Google Scholar
- Alliance, L. Lorawan: Low power wide area network. https://lora-alliance.org/about-lorawan, 2020.Google Scholar
- Alrawi, O., Lever, C., Antonakakis, M., and Monroee, F. Sok: Security evaluation of home-based iot deployments. In IEEE Symposium on Security and Privacy (S&P) (2019), pp. 1362--1380.Google ScholarCross Ref
- Alshamsi, A., and Saito, T. A technical comparison of ipsec and ssl. In AINA (2005).Google ScholarDigital Library
- Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, a., and Feamster, N. Spying on the smart home: Privacy attacks and defenses on encrypted iot traffic. CoRR abs/1708.05044 (2017).Google Scholar
- Aras, E., Ramachandran, G. S., Lawrence, P., and Hughes, D. Exploring the security vulnerabilities of lora. In IEEE International Conference on Cybernetics (CYBCONF) (2017), pp. 1--6.Google ScholarCross Ref
- ASN1. A layman's guide to a subset of asn.1, ber, and der. http://luca.ntop.org/Teaching/Appunti/asn1.html, 2018.Google Scholar
- Be'ery, T., and Shulman, A. A perfect crime? only time will only time will tell. https://media.blackhat.com/eu-13/briefings/Beery/bh-eu-13-a-perfect-crime-beery-wp.pdf, 2013.Google Scholar
- Benzaïd, C., Boulgheraif, A., Dahmane, F. Z., Al-Nemrat, A., and Zeraoulia, K. Intelligent detection of mac spoofing attack in 802.11 network. In International Conference on Distributed Computing and Networking (ICDCN) (2016), p. 47.Google ScholarDigital Library
- Bonetto, R., Bui, N., Lakkundi, V., Olivereau, A., Serbanati, A., and Rossi, M. Secure communication for smart iot objects: Protocol stacks, use cases and practical examples. In IEEE international symposium on a world of wireless, mobile and multimedia networks (WoWMoM) (2012), pp. 1--7.Google ScholarCross Ref
- Caextract. Mozilla ca certificate store in pem format. https://curl.haxx.se/docs/caextract.html, 2018.Google Scholar
- Celik, Z. B., Babun, L., Sikder, A. K., Aksu, H., Tan, G., McDaniel, P., and Uluagac, A. S. Sensitive information tracking in commodity iot. In USENIX Security Symposium (USENIX Security) (2018), pp. 1687--1704.Google Scholar
- Celik, Z. B., Tan, G., and McDaniel, P. D. Iotguard: Dynamic enforcement of security and safety policy in commodity iot. In Network and Distributed Systems Symposium (NDSS) (2019).Google ScholarCross Ref
- Chawla, B. K., Gupta, O., and Sawhney, B. A review on ipsec and ssl vpn.Google Scholar
- Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W. C., Sun, M., Yang, R., and Zhang, K. Iotfuzzer: Discovering memory corruptions in iot through app-based fuzzing. In Network and Distributed Systems Symposium (NDSS) (2018).Google ScholarCross Ref
- CVE. Beast attack. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389, 2011.Google Scholar
- Dang, F., Li, Z., Liu, Y., Zhai, E., Chen, Q. A., Xu, T., Chen, Y., and Yang, J. Understanding fileless attacks on linux-based iot devices with honeycloud. In International Conference on Mobile Systems, Applications, and Services (Mobisys) (2019), pp. 482--493.Google ScholarDigital Library
- Davies, N., Taft, N., Satyanarayanan, M., Clinch, S., and Amos, B. Privacy mediators: Helping iot cross the chasm. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications (2016), ACM, pp. 39--44.Google ScholarDigital Library
- Fernandes, E., Jung, J., and Prakash, A. Security analysis of emerging smart home applications. In IEEE symposium on security and privacy (S&P) (2016), pp. 636--654.Google ScholarCross Ref
- Fruhlinger, J. The mirai botnet explained: How teen scammers and cctv cameras almost brought down the internet. https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html, 2018.Google Scholar
- Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., and Fu, K. They can hear your heartbeats: non-invasive security for implantable medical devices. In ACM SIGCOMM Computer Communication Review (2011), pp. 2--13.Google ScholarDigital Library
- Hafeez, I., Ding, A. Y., Suomalainen, L., Kirichenko, A., and Tarkoma, S. Securebox: Toward safer and smarter iot networks. In CAN@CoNEXT (2016).Google ScholarDigital Library
- Harris, A. F., Sundaram, H., and Kravets, R. Security and privacy in public iot spaces. In International Conference on Computer Communication and Networks (ICCCN) (2016), pp. 1--8.Google ScholarCross Ref
- Holt, C. C. Forecasting seasonals and trends by exponentially weighted moving averages. International journal of forecasting (2004).Google ScholarCross Ref
- Jones, R. Netperf. https://github.com/HewlettPackard/netperf, 2018.Google Scholar
- Kavalaris, S. P., and Serrelis, E. Security issues of contemporary multimedia implementations: The case of sonos and sonosnet. In International Conference in Information Security and Digital Forensics (ISDF) (2014), pp. 63--74.Google Scholar
- Komando. Best apps to control your router. https://www.komando.com/apps/368384/best-apps-to-control-your-router/all, 2018.Google Scholar
- Kumar, S., Hu, Y., Andersen, M. P., Popa, R. A., and Culler, D. E. Jedi: Many-to-many end-to-end encryption and key delegation for iot. In Network and Distributed Systems Symposium (NDSS) (2019).Google Scholar
- Mazerik, R. Beast vs. crime attack. https://resources.infosecinstitute.com/beast-vs-crime-attack/#gref, 2013.Google Scholar
- Mbed. Delta dfcm-nnn40. https://os.mbed.com/components/Delta-DFCM-NNN40/, 2018.Google Scholar
- Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.-R., and Tarkoma, S. Iot sentinel: Automated device-type identification for security enforcement in iot. In IEEE International Conference on Distributed Computing Systems (ICDCS) (2017).Google Scholar
- Moshtaghi, M., Leckie, C., Karunasekera, S., Bezdek, J. C., Rajasegarar, S., and Palaniswami, M. Incremental elliptical boundary estimation for anomaly detection in wireless sensor networks. In IEEE International Conference on Data Mining (ICDM) (2011).Google ScholarDigital Library
- Netgear. Readycloud at netgear. http://readycloud.netgear.com/client/en/welcome.html, 2020.Google Scholar
- Obermaier, J., and Hutle, M. Analyzing the security and privacy of cloud-based video surveillance systems. In ACM International Workshop on IoT Privacy, Trust, and Security (IoTPTS) (2016), pp. 22--28.Google ScholarDigital Library
- Openwrt. Package: openssl-util. https://openwrt.org/packages/pkgdata/openssl-util, 2018.Google Scholar
- Openwrt. Supported routers. https://openwrt.org/toh/start, 2018.Google Scholar
- Paterson, K. On the security of rc4 in tls and wpa. http://www.isg.rhul.ac.uk/tls/, 2013.Google Scholar
- Raza, S., Shafagh, H., Hewage, K., Hummen, R., and Voigt, T. Lithe: Lightweight secure coap for the internet of things. IEEE Sensors Journal (2013), 3711--3720.Google ScholarCross Ref
- Roethlisberger, D. Sslsplit. https://www.roe.ch/SSLsplit, 2018.Google Scholar
- Ronen, E., Shamir, A., Weingarten, A.-O., and O'Flynn, C. Iot goes nuclear: Creating a zigbee chain reaction. In IEEE Symposium on Security and Privacy (S&P) (2017).Google ScholarCross Ref
- Salowey, J., Z. H. E. P., and Tschofenig, H. Transport layer security (tls) session resumption without server-side state. https://tools.ietf.org/html/rfc5077, 2008.Google Scholar
- Shaikh, R. A., Lee, S., Khan, M. A., and Song, Y. J. Lsec: lightweight security protocol for distributed wireless sensor network. In IFIP International Conference on Personal Wireless Communications (PWC) (2006), pp. 367--377.Google ScholarDigital Library
- Simpson, A. K., Roesner, F., and Kohno, T. Securing vulnerable home iot devices with an in-hub security manager. In IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) (2017).Google ScholarCross Ref
- Sivanathan, A., Sherratt, D., Gharakheili, H. H., Sivaraman, V., and Vishwanath, A. Low-cost flow-based security solutions for smart-home iot devices. In IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS) (2016).Google ScholarCross Ref
- SSLdump. Ssldump home page. http://ssldump.sourceforge.net/, 2018.Google Scholar
- Statista. Unit shipments of wi-fi enabled smart home devices worldwide from 2016 to 2020 (in millions). https://bit.ly/2EhpNj1, 2016.Google Scholar
- Tian, Y., Zhang, N., Lin, Y.-H., Wang, X., Ur, B., Guo, X., and Tague, P. Smartauth: User-centered authorization for the internet of things. In USENIX Security Symposium (USENIX Security) (2017), pp. 361--378.Google Scholar
- Tuecke, S., Welch, V., Engert, D., Pearlman, L., and Thompson, M. Internet x. 509 public key infrastructure (pki) proxy certificate profile. Tech. rep., 2004.Google Scholar
- Weinschenk, C. Wi-fi installed base forecast to reach 17 billion by 2030, driven by the smart home. https://www.telecompetitor.com/wi-fi-installed-base-forecast-to-reach-17-billion-by-2030-driven-by-the-smart-home/, 2019.Google Scholar
- Wolfssl. Wolfssl memory usage. https://www.wolfssl.com/docs/benchmarks/, 2018.Google Scholar
- Wong, D. Downgrade attack on tls 1.3 and vulnerabilities in major tls libraries. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/, 2019.Google Scholar
- Yu, T., Sekar, V., Seshan, S., Agarwal, Y., and Xu, C. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In Workshopon Hot Topics in Networks (HotNets) (2015).Google ScholarDigital Library
- Zhang, C. N., Yu, Q., Huang, X., and Yang, C. An rc4-based lightweight security protocol for resource-constrained communications. In IEEE International Conference on Computational Science and Engineering (CSE)-Workshops (2008), pp. 133--140.Google ScholarDigital Library
- Zhang, N., Demetriou, S., Mi, X., Diao, W., Yuan, K., Zong, P., Qian, F., Wang, X., Chen, K., Tian, Y., et al. Understanding iot security through the data crystal ball: Where we are now and where we are going to be. arXiv preprint arXiv:1703.09809 (2017).Google Scholar
- Zoller, T. Tls / sslv3 renegotiation vulnerability explained. http://www.g-sec.lu/practicaltls.pdf, 2011.Google Scholar
Index Terms
- SecWIR: securing smart home IoT communications via wi-fi routers with embedded intelligence
Recommendations
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
A review on smart home present state and challenges: linked to context-awareness internet of things (IoT)
The smart home is considered as an essential domain in Internet of Things (IoT) applications, it is an interconnected home where all types of things interact with each other via the Internet. This helps to automate the home by making it smart and ...
Study of the Different Security Threats on the Internet of Things and their Applications
NISS '19: Proceedings of the 2nd International Conference on Networking, Information Systems & SecurityThe Internet of Things is one of the revolutions of the industry 4.0. It will change our lives mode. It will be present in every domain: healthcare, transportation, at home, agriculture generally in the city. Everyone will be connected to the Internet ...
Comments