Retrofitting Security and Privacy Measures to Smart Home Devices

Chenghao Ye; Praburam Prabhakar Indra; D. Aspinall

doi:10.1109/IOTSMS48152.2019.8939272

Retrofitting Security and Privacy Measures to Smart Home Devices

Chenghao Ye, Praburam Prabhakar Indra, D. Aspinall

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

There is a current trend for Internet of Things (IoT) technology in the home. However, device vendors provide no guarantees of security or privacy of their gadgets, nor can such things be measured by consumers. By now, there have been many incidents of vulnerable devices being sold and real-world attacks. Despite proposals for improving the quality of consumer devices, vulnerable devices are likely to remain in use, with it being highly difficult to replace or patch their hardware or software. In this paper, we set out to design a mitigation framework so that home networks can be made resilient to vulnerable devices. First, we select a representative collection of home IoT devices with different functions, and investigate their security and privacy, discovering a range of exploitable flaws. Then we design a framework based on a dedicated router, firewall, an IoT control platform and other mechanisms, which allows mitigation of current and potential future vulnerabilities. The framework is designed to be adaptable and extensible for all kinds of devices. We implement this framework and evaluate it against the sample devices, finding that it can indeed prevent most of the known exploits and the new exploits we found. Based on this study, we make some design suggestions for the future enhanced home cyber-security platforms.

Original language	English
Title of host publication	2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS)
Publisher	Institute of Electrical and Electronics Engineers
Pages	283-290
Number of pages	8
ISBN (Electronic)	978-1-7281-2949-5
ISBN (Print)	978-1-7281-2950-1
DOIs	https://doi.org/10.1109/IOTSMS48152.2019.8939272
Publication status	Published - 23 Dec 2019
Event	6th International Conference on Internet of Things: Systems, Management and Security - Granada, Spain Duration: 22 Oct 2019 → 25 Oct 2019 https://emergingtechnet.org/IOTSMS2019/index.php

Conference

Conference	6th International Conference on Internet of Things: Systems, Management and Security
Abbreviated title	IOTSMS 2019
Country/Territory	Spain
City	Granada
Period	22/10/19 → 25/10/19
Internet address	https://emergingtechnet.org/IOTSMS2019/index.php

Keywords / Materials (for Non-textual outputs)

data privacy
firewalls
home computing
Internet of Things
home cyber-security platforms
smart home devices
device vendors
home networks
home IoT devices
privacy
IoT control platform
Internet of Things technology
router
firewall
Smart homes
Privacy
Cameras
Feeds
Cryptography
Computer network security
Information Privacy
Internet-of-Things

Access to Document

10.1109/IOTSMS48152.2019.8939272Licence: All Rights Reserved

Retrofitting Security and Privacy_YE_DOA15082019_AFVAccepted author manuscript, 491 KBLicence: All Rights Reserved

https://ieeexplore.ieee.org/abstract/document/8939272Licence: All Rights Reserved

Cite this

@inproceedings{28e090db8abc437fac5a7a10d085f9e7,

title = "Retrofitting Security and Privacy Measures to Smart Home Devices",

abstract = "There is a current trend for Internet of Things (IoT) technology in the home. However, device vendors provide no guarantees of security or privacy of their gadgets, nor can such things be measured by consumers. By now, there have been many incidents of vulnerable devices being sold and real-world attacks. Despite proposals for improving the quality of consumer devices, vulnerable devices are likely to remain in use, with it being highly difficult to replace or patch their hardware or software. In this paper, we set out to design a mitigation framework so that home networks can be made resilient to vulnerable devices. First, we select a representative collection of home IoT devices with different functions, and investigate their security and privacy, discovering a range of exploitable flaws. Then we design a framework based on a dedicated router, firewall, an IoT control platform and other mechanisms, which allows mitigation of current and potential future vulnerabilities. The framework is designed to be adaptable and extensible for all kinds of devices. We implement this framework and evaluate it against the sample devices, finding that it can indeed prevent most of the known exploits and the new exploits we found. Based on this study, we make some design suggestions for the future enhanced home cyber-security platforms.",

keywords = "data privacy, firewalls, home computing, Internet of Things, home cyber-security platforms, smart home devices, device vendors, home networks, home IoT devices, privacy, IoT control platform, Internet of Things technology, router, firewall, Smart homes, Privacy, Cameras, Feeds, Cryptography, Computer network security, Information Privacy, Internet-of-Things",

author = "Chenghao Ye and Indra, \{Praburam Prabhakar\} and D. Aspinall",

year = "2019",

month = dec,

day = "23",

doi = "10.1109/IOTSMS48152.2019.8939272",

language = "English",

isbn = "978-1-7281-2950-1",

pages = "283--290",

booktitle = "2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "6th International Conference on Internet of Things: Systems, Management and Security , IOTSMS 2019 ; Conference date: 22-10-2019 Through 25-10-2019",

url = "https://emergingtechnet.org/IOTSMS2019/index.php",

}

Ye, C, Indra, PP & Aspinall, D 2019, Retrofitting Security and Privacy Measures to Smart Home Devices. in 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). Institute of Electrical and Electronics Engineers, pp. 283-290, 6th International Conference on Internet of Things: Systems, Management and Security , Granada, Spain, 22/10/19. https://doi.org/10.1109/IOTSMS48152.2019.8939272

Retrofitting Security and Privacy Measures to Smart Home Devices. / Ye, Chenghao; Indra, Praburam Prabhakar; Aspinall, D.
2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). Institute of Electrical and Electronics Engineers, 2019. p. 283-290.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Retrofitting Security and Privacy Measures to Smart Home Devices

AU - Ye, Chenghao

AU - Indra, Praburam Prabhakar

AU - Aspinall, D.

PY - 2019/12/23

Y1 - 2019/12/23

N2 - There is a current trend for Internet of Things (IoT) technology in the home. However, device vendors provide no guarantees of security or privacy of their gadgets, nor can such things be measured by consumers. By now, there have been many incidents of vulnerable devices being sold and real-world attacks. Despite proposals for improving the quality of consumer devices, vulnerable devices are likely to remain in use, with it being highly difficult to replace or patch their hardware or software. In this paper, we set out to design a mitigation framework so that home networks can be made resilient to vulnerable devices. First, we select a representative collection of home IoT devices with different functions, and investigate their security and privacy, discovering a range of exploitable flaws. Then we design a framework based on a dedicated router, firewall, an IoT control platform and other mechanisms, which allows mitigation of current and potential future vulnerabilities. The framework is designed to be adaptable and extensible for all kinds of devices. We implement this framework and evaluate it against the sample devices, finding that it can indeed prevent most of the known exploits and the new exploits we found. Based on this study, we make some design suggestions for the future enhanced home cyber-security platforms.

AB - There is a current trend for Internet of Things (IoT) technology in the home. However, device vendors provide no guarantees of security or privacy of their gadgets, nor can such things be measured by consumers. By now, there have been many incidents of vulnerable devices being sold and real-world attacks. Despite proposals for improving the quality of consumer devices, vulnerable devices are likely to remain in use, with it being highly difficult to replace or patch their hardware or software. In this paper, we set out to design a mitigation framework so that home networks can be made resilient to vulnerable devices. First, we select a representative collection of home IoT devices with different functions, and investigate their security and privacy, discovering a range of exploitable flaws. Then we design a framework based on a dedicated router, firewall, an IoT control platform and other mechanisms, which allows mitigation of current and potential future vulnerabilities. The framework is designed to be adaptable and extensible for all kinds of devices. We implement this framework and evaluate it against the sample devices, finding that it can indeed prevent most of the known exploits and the new exploits we found. Based on this study, we make some design suggestions for the future enhanced home cyber-security platforms.

KW - data privacy

KW - firewalls

KW - home computing

KW - Internet of Things

KW - home cyber-security platforms

KW - smart home devices

KW - device vendors

KW - home networks

KW - home IoT devices

KW - privacy

KW - IoT control platform

KW - Internet of Things technology

KW - router

KW - firewall

KW - Smart homes

KW - Privacy

KW - Cameras

KW - Feeds

KW - Cryptography

KW - Computer network security

KW - Information Privacy

KW - Internet-of-Things

U2 - 10.1109/IOTSMS48152.2019.8939272

DO - 10.1109/IOTSMS48152.2019.8939272

M3 - Conference contribution

SN - 978-1-7281-2950-1

SP - 283

EP - 290

BT - 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS)

PB - Institute of Electrical and Electronics Engineers

T2 - 6th International Conference on Internet of Things: Systems, Management and Security

Y2 - 22 October 2019 through 25 October 2019

ER -

Retrofitting Security and Privacy Measures to Smart Home Devices

Abstract

Conference

Keywords / Materials (for Non-textual outputs)

Access to Document

Fingerprint

Cite this