skip to main content
10.1145/3607199.3607225acmotherconferencesArticle/Chapter ViewAbstractPublication PagesraidConference Proceedingsconference-collections
research-article
Public Access

MP-Mediator: Detecting and Handling the New Stealthy Delay Attacks on IoT Events and Commands

Published: 16 October 2023 Publication History

Abstract

In recent years, intelligent and automated device control features have led to a significant increase in the adoption of smart home IoT systems. Each IoT device sends its events to (and receives commands from) the corresponding IoT server/platform, which executes automation rules set by the user. Recent studies have shown that IoT messages, including events and commands, are subject to stealthy delays ranging from several seconds to minutes, or even hours, without raising any alerts. Exploiting this vulnerability, adversaries can intentionally delay crucial events (e.g., fire alarms) or commands (e.g., locking a door), as well as alter the order of IoT messages that dictate automation rule execution. This manipulation can deceive IoT servers, leading to incorrect command issuance and jeopardizing smart home safety. In this paper, we present MP-Mediator, which is the first defense system that can detect and handle the new, stealthy, and widely applicable delay attacks on IoT messages. For IoT devices lacking accessible APIs, we propose innovative methods leveraging virtual devices and virtual rules as a bridge for indirect integration with MP-Mediator. Furthermore, a VPN-based component is proposed to handle command delay attacks on critical links. We implement and evaluate MP-Mediator in a real-world smart home testbed with twenty-two popular IoT devices and two major IoT automation platforms (IFTTT and Samsung SmartThings). The experimental results show that MP-Mediator can quickly and accurately detect the delay attacks on both IoT events and commands with a precision of more than 96% and a recall of 100%, as well as effectively handle the delay attacks.

References

[1]
2023. Amazon Alexa. https://developer.amazon.com/.
[2]
2023. Constrained Application Protocol. https://en.wikipedia.org/wiki/Constrained_Application_Protocol.
[3]
2023. Eclipse Mosquitto - An open source MQTT broker.https://mosquitto.org/.
[4]
2023. GoControl HUSBZB-1 USB Stick.https://www.gocontrol.com/detail.php?productId=6.
[5]
2023. Google Cloud Free Program. https://cloud.google.com/free/docs/gcp-free-tier/#compute.
[6]
2023. Home Assistant – Open source home automation that puts local control and privacy first. https://www.home-assistant.io/.
[7]
2023. Homebridge – Bringing HomeKit support where there is none. https://homebridge.io/.
[8]
2023. HomKit. https://developer.apple.com/homekit/.
[9]
2023. IFTTT - Every thing works better together.https://ifttt.com/.
[10]
2023. ioBroker – Automate your life. https://www.iobroker.net/.
[11]
2023. openHAB – an open-source platform for empowering home automa-tion. https://www.openhab.org/.
[12]
2023. OpenWrt. https://openwrt.org/.
[13]
2023. QUIC. https://en.wikipedia.org/wiki/QUIC.
[14]
2023. SmartThings. https://www.smartthings.com/.
[15]
2023. SONOFF ZigBee 3.0 - a universal Zigbee USB stick.
[16]
2023. Z-Wave JS UI - Fully configurable Zwave to MQTT Gateway and Control Panel.https://github.com/zwave-js/zwave-js-ui.
[17]
2023. Zigbee2MQTT - Zigbee to MQTT bridge, get rid of your proprietary Zigbee bridges.https://www.zigbee2mqtt.io/.
[18]
Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and Selcuk Uluagac. 2020. Peek-a-boo: I see your smart home activities, even encrypted!. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 207–218.
[19]
Emrah Bayraktaroglu, Christopher King, Xin Liu, Guevara Noubir, Rajmohan Rajaraman, and Bishal Thapa. 2013. Performance of IEEE 802.11 under jamming. Mobile Networks and Applications 18, 5 (2013), 678–696.
[20]
Simon Birnbach and Simon Eberz. 2019. Peeves: Physical event verification in smart homes. (2019).
[21]
Simon Birnbach, Simon Eberz, and Ivan Martinovic. 2022. Haunted House: Physical Smart Home Event Verification in the Presence of Compromised Sensors. ACM Transactions on Internet of Things 3, 3 (2022), 1–28.
[22]
Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis, Srikanth V Krishnamurthy, and Leandros Tassiulas. 2009. FIJI: Fighting implicit jamming in 802.11 WLANs. In International Conference on Security and Privacy in Communication Systems. Springer, 21–40.
[23]
Z Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated { IoT} Safety and Security Analysis. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). 147–158.
[24]
Z Berkay Celik, Gang Tan, and Patrick D McDaniel. 2019. IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. In NDSS.
[25]
Haotian Chi, Chenglong Fu, Qiang Zeng, and Xiaojiang Du. 2022. Delay Wreaks Havoc on Your Smart Home: Delay-based: Automation Interference Attacks. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 1575–1575.
[26]
Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. 2020. Cross-app interference threats in smart homes: Categorization, detection and handling. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 411–423.
[27]
Cláudio Correia, Miguel Correia, and Luís Rodrigues. 2020. Omega: a secure event ordering service for the edge. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 489–501.
[28]
Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive (2016).
[29]
Asish Kumar Dalai and Sanjay Kumar Jena. 2017. Wdtf: A technique for wireless device type fingerprinting. Wireless Personal Communications 97, 2 (2017), 1911–1928.
[30]
Christian Dietz, Raphael Labaca Castro, Jessica Steinberger, Cezary Wilczak, Marcel Antzek, Anna Sperotto, and Aiko Pras. 2018. IoT-botnet detection and isolation by access routers. In 2018 9th International Conference on the Network of the Future (NOF). IEEE, 88–95.
[31]
Wenbo Ding, Hongxin Hu, and Long Cheng. 2021. IOTSAFE: Enforcing safety and security policy with real IoT physical interaction discovery. In the 28th Network and Distributed System Security Symposium (NDSS 2021).
[32]
Alaba Ayotunde Fadele, Mazliza Othman, Ibrahim Abaker Targio Hashem, Ibrar Yaqoob, Muhammad Imran, and Muhammad Shoaib. 2019. A novel countermeasure technique for reactive jamming attack in internet of things. Multimedia Tools and Applications 78, 21 (2019), 29899–29920.
[33]
Nick Farina. [n. d.]. homebridge-dummy. https://www.npmjs.com/package/homebridge-dummy. (Accessed on 10/10/2022).
[34]
Earlence Fernandes, Amir Rahmati, Kevin Eykholt, and Atul Prakash. 2017. Internet of things security research: A rehash of old ideas or new intellectual challenges?IEEE Security & Privacy 15, 4 (2017), 79–84.
[35]
Chenglong Fu, Qiang Zeng, Haotian Chi, Xiaojiang Du, and Siva Likitha Valluru. 2022. Iot phantom-delay attacks: Demystifying and exploiting iot timeout behaviors. In 2022 52st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE.
[36]
Chenglong Fu, Qiang Zeng, and Xiaojiang Du. 2021. HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes. In 30th USENIX Security Symposium (USENIX Security 21). 4223–4240.
[37]
P Ganeshkumar, KP Vijayakumar, and M Anandaraj. 2016. A novel jammer detection framework for cluster-based wireless sensor networks. EURASIP Journal on Wireless Communications and Networking 2016, 1 (2016), 1–25.
[38]
Gigamon. 2016. Understanding network taps – the first step to visibility. https://www.gigamon.com/resources/resource-library/white-paper/understanding-network-taps-first-step-to-visibility.html.
[39]
Furkan Goksel, Muslum Ozgur Ozmen, Michael Reeves, Basavesh Shivakumar, and Z Berkay Celik. 2021. On the safety implications of misordered events and commands in IoT systems. In 2021 IEEE Security and Privacy Workshops (SPW). IEEE, 235–241.
[40]
Tianbo Gu, Zheng Fang, Allaukik Abhishek, and Prasant Mohapatra. 2020. IoTSpy: Uncovering Human Privacy Leakage in IoT Networks via Mining Wireless Context. In 2020 IEEE 31st Annual International Symposium on Personal, Indoor and Mobile Radio Communications. IEEE, 1–7.
[41]
Danny Yuxing Huang, Noah Apthorpe, Frank Li, Gunes Acar, and Nick Feamster. 2020. Iot inspector: Crowdsourcing labeled network traffic from smart home devices at scale. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 2 (2020), 1–21.
[42]
Yeonseon Jeong, Hyunghoon Kim, and Hyo Jin Jo. 2022. ASD: ARP Spoofing Detector Using OpenWrt. Security and Communication Networks 2022 (2022).
[43]
Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, Atul Prakash, and SJ Unviersity. 2017. ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms. In NDSS, Vol. 2. San Diego, 2–2.
[44]
Mingyan Li, Iordanis Koutsopoulos, and Radha Poovendran. 2007. Optimal jamming attacks and network defense policies in wireless sensor networks. In IEEE INFOCOM 2007-26th IEEE International Conference on Computer Communications. IEEE, 1307–1315.
[45]
Yuan Luo, Long Cheng, Hongxin Hu, Guojun Peng, and Danfeng Yao. 2020. Context-Rich Privacy Leakage Analysis Through Inferring Apps in Smart Home IoT. IEEE Internet of Things Journal 8, 4 (2020), 2736–2750.
[46]
Sergey A Marchenkov, Dmitry G Korzun, Anton I Shabaev, and Anatoly V Voronin. 2017. On applicability of wireless routers to deployment of smart spaces in Internet of Things environments. In 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Vol. 2. IEEE, 1000–1005.
[47]
Christoph Mayer. [n. d.]. XArp. http://www.xarp.net/. (Accessed on 09/20/2022).
[48]
Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. Iot sentinel: Automated device-type identification for security enforcement in iot. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2177–2184.
[49]
Danh Nguyen, Cem Sahin, Boris Shishkin, Nagarajan Kandasamy, and Kapil R Dandekar. 2014. A real-time and protocol-aware reactive jamming framework built on software-defined radios. In Proceedings of the 2014 ACM workshop on Software radio implementation forum. 15–22.
[50]
Andrea Di Pasquale. 2016. ArpON. https://arpon.sourceforge.io/. (Accessed on 09/20/2022).
[51]
Konstantinos Pelechrinis, Marios Iliofotou, and Srikanth V Krishnamurthy. 2010. Denial of service attacks in wireless networks: The case of jammers. IEEE Communications surveys & tutorials 13, 2 (2010), 245–257.
[52]
Alan Reed. 2017. ARP-Defense. https://github.com/aarreedd/ARP-Defense. (Accessed on 09/20/2022).
[53]
Mustafizur R Shahid, Gregory Blanc, Zonghua Zhang, and Hervé Debar. 2018. IoT devices recognition through network traffic analysis. In 2018 IEEE international conference on big data (big data). IEEE, 5187–5192.
[54]
Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A Selcuk Uluagac. 2019. Aegis: A context-aware security framework for smart home systems. In Proceedings of the 35th Annual Computer Security Applications Conference. 28–41.
[55]
Statista. [n. d.]. Smart home device penetration in the U.S. 2021. https://www.statista.com/statistics/1247351/smart-home-device-us-household-penetration/. (Accessed on 12/01/2022).
[56]
Alanoud Subahi and George Theodorakopoulos. 2019. Detecting IoT user behavior and sensitive information in encrypted IoT-app traffic. Sensors 19, 21 (2019), 4777.
[57]
Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky. 2020. Packet-level signatures for smart home devices. In Network and Distributed Systems Security (NDSS) Symposium, Vol. 2020.
[58]
VERACODE. 2021. ARP Spoofing. https://www.veracode.com/security/arp-spoofing.
[59]
Sean Whalen. 2001. An introduction to arp spoofing. Node99 [Online Document] (2001).
[60]
Kai Yang, Qiang Li, and Limin Sun. 2019. Towards automatic fingerprinting of IoT devices in the cyberspace. Computer Networks 148 (2019), 318–327.
[61]
Lingjing Yu, Bo Luo, Jun Ma, Zhaoyu Zhou, and Qingyun Liu. 2020. You Are What You Broadcast: Identification of Mobile and { IoT} Devices from (Public){ WiFi}. In 29th USENIX Security Symposium (USENIX Security 20). 55–72.
[62]
Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, and Haojin Zhu. 2018. Homonit: Monitoring smart home apps from encrypted traffic. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1074–1088.

Cited By

View all
  • (2024)Seeing Is Believing: Extracting Semantic Information from Video for Verifying IoT EventsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656124(101-112)Online publication date: 27-May-2024

Index Terms

  1. MP-Mediator: Detecting and Handling the New Stealthy Delay Attacks on IoT Events and Commands

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses
      October 2023
      769 pages
      ISBN:9798400707650
      DOI:10.1145/3607199
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 16 October 2023

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. IoT
      2. delay attack
      3. detection
      4. handling
      5. security

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Funding Sources

      Conference

      RAID 2023

      Acceptance Rates

      Overall Acceptance Rate 43 of 173 submissions, 25%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)213
      • Downloads (Last 6 weeks)17
      Reflects downloads up to 17 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Seeing Is Believing: Extracting Semantic Information from Video for Verifying IoT EventsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656124(101-112)Online publication date: 27-May-2024

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format.

      HTML Format

      Login options

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media