Analysis of Smart Home Security: Emerging Threats and Solutions

security analysis of emerging smart home n.w
1 / 21
Embed
Share

Explore the security analysis of emerging smart home applications, focusing on potential vulnerabilities, proposed attacks, and solutions. The study delves into the SmartThings platform, identifying security risks and tradeoffs along with the architecture and limitations of the system.

  • Smart Home Security
  • Emerging Threats
  • SmartThings Platform
  • Security Risks
  • Vulnerabilities
rayaanacharya
nit_pr Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul Prakash 37th IEEE Symposium on Security and Privacy(2016) Presented by: Jia Qiwei

  2. Smart Home Apps Many devices can now be controlled remotely using apps Recent platforms make programming easier SmartThings platform has many features for control Pose certain security risks

  3. Goals of the Article Security analysis of smart home app programming platforms Identify potential security issues Design several attacks on an existing platform and platform apps Propose solutions to these security risks and tradeoffs

  4. Threat Model Focuses on discovery and exploitation of SmartThings framework design vulnerabilities Authors not concerned with other infrastructure vulnerabilities Bugs in other areas can be patched

  5. Difference with Previous Research Focus on either devices or protocols Specific devices or bugs have been found and fixed Paper performs empirical analysis and finds generally applicable vulnerabilities.

  6. SmartThings Programming platform for smart device apps, i.e. SmartApps Has some security features Assigns capabilities to apps

  7. Why SmartThings Good general representation Growing set of 521 apps Support for 132 device types Shares key security design principles

  8. Problems With Analysis Goal: scrutinize the security features of the platform Proved challenging due to lack of source code, etc. Instrumentation-based dynamic analysis, binary analysis not applicable Used static, runtime testing, and manual analysis.

  9. SmartThings Architecture Proprietary software, so little is known or can be found out Three major components: hubs, the cloud backend, the companion app Users manage hubs, SmartDevices communicate with the hub. SmartApps and SmartDevices communicate via method calls and generated events, e.g. SMS. SmartDevices expose the devices to the SmartThings ecosystem

  10. Architecture (Contd.) Capabilities and Authorization: SmartThings capability model Set of commands and attributes Ways in which a device can be controlled; state information of a device

  11. Listing 1. SmartApp structure

  12. Vulnerabilities of SmartThings Problematic authorization design means over-privileged apps Inadequate protection of sensitive data or events Insecure third party interaction; communication vulnerabilities Raw external Input exploitation No access control to internet/SMS for SmartApps

  13. Proof of Concept Attacks Exploit an existing SmartApp to program backdoor pin codes Create a battery monitor app that sends user pins to the attacker. Disable an existing vacation mode simulation SmartApp Fake fire alarm

  14. Problem: the Principle of Least Privilege States that an entity (user, program, etc) should have the minimum privilege to function. Difficult in practice; SmartThings is coarse-grained Problem can derive from developers or framework

  15. Problem: Coarse SmartApp-SmartDevice Binding SmartThings enumerates all physical devices which support capabilities in Preferences Not told which capabilities were requested Once selected, the SmartApp gains access to all of the capabilities implemented by the device handlers Consider ZWave SmartDevice s capability.battery

  16. Problem: Sensitive Events Event subsystem used extensively to post status and data Events can be filled with arbitrary data Each SmartDevice has an identifier Once approved for a SmartDevice, can monitor any SmartDevice events. Events can be spoofed

  17. Insecure Third Party Integration Susceptibility to Injection Attack ... ...

Related


No related presentations.

More Related Content