chownIoT Secure Handling of Smart Home IoT Devices Ownership Change

Slides:



Advertisements
Similar presentations
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Advertisements

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Azam Supervisor : Prof. Raj Jain
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.
Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.
@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Remarks by Dr Mawaki Chango Kara University DigiLexis Consulting
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
Outline The basic authentication problem
PV204 Security technologies LABS
Instructor Materials Chapter 6 Building a Home Network
Security Outline Encryption Algorithms Authentication Protocols
Wireless Technologies
Wireless Protocols WEP, WPA & WPA2.
Cryptography and Network Security
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
WEP & WPA Mandy Kershishnik.
Katrin Hoeper Channel Bindings Katrin Hoeper
Secure Sockets Layer (SSL)
Cryptographic Hash Function
A Wireless LAN Security Protocol
Radius, LDAP, Radius used in Authenticating Users
Security.
OTA & IoT A Shared & Collaborative Responsibility 24 October 2017
Towards an optimized BlockChain for IoT
Hello, Today we will look at cyber security and the Internet of Things and how it could impact our business.
Tutorial on Creating Certificates SSH Kerberos
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
Cryptography and Network Security
Presenter: Patrick N. zwane Advisor: Dr. Kai-Wei Kevin Ke 21/09/2018
The security and vulnerabilities of IoT devices
Internet of Things (IoT)
Wireless LAN Security 4.3 Wireless LAN Security.
Authentication and Access:
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Security in Network Communications
Network Security – Kerberos
Cryptography and Network Security
Security.
Security Of Wireless Sensor Networks
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Hiding Information, Encryption, and Bypasses
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Security of Wireless Sensor Networks
Tareq Khan, Ph.D. Assistant Professor,
SPINS: Security Protocols for Sensor Networks
Aggregation.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Lecture 36.
Lecture 36.
AIT 682: Network and Systems Security
Cryptography and Network Security
Presentation transcript:

chownIoT Secure Handling of Smart Home IoT Devices Ownership Change Global Overview Samuel Marchal, Md Sakib Nizam Khan, N. Asokan Aalto University samuel.marchal@aalto.fi

IoT Smart Home Internet connected everyday objects in home Remotely accessible / controllable Sensing + collection of sensitive information Spying Inference of presence / habits User profiling Local / Cloud storage

Ownership change Ownership of Smart Home (SH) device can change during lifetime Lend Resell / stealing Change of tenant (rental places) May introduce unauthorized access to privacy sensitive data Historical / personal data not wiped (threat to previous owner) Authentication credentials for cloud / network access saved (threat to previous owner) Old authentication credentials still valid (threat to new owner) Etc.

Threats and attackers capabilities New Owner Local + remote control / access to device Physical memory + Cloud storage access Threat: Data + authentication credentials extraction (network + cloud) Previous Owner Remote control / access to device (through cloud) Cloud storage access Threat: Newly exported data extraction

chownIoT overview 1 4 2 Previous Owner New Owner 3 Detect Change of Ownership 4 2 Owner Change / Profile Retrieval & Management Protect Previous Owner Previous Owner New Owner Secure Use by New Owner 3

1. Automatic ownership change detection Smart Home (SH) devices: Static: dishwasher, integrated blinds, heating system, etc. Semi-static: DVR, smart plugs, etc. Remain in a same context Idea: Ownership Context How to measure context ? Context: Information about the surrounding environment Sensor modalities BUT different devices different sensors All SH devices have at least connectivity (e.g. WiFi) Wi-Fi access point < SSID, MAC, Auth > Context Owner Owner Change Context Change BUT Context Change Owner Change

1.1 Verification of ownership change SH devices setup and controlled using a control device (e.g. smartphone) Assumption: in vicinity if same owner change the context of SH device Verification: Challenge-response between control device and SH device (Bluetooth) SH device setup overhead Security association with control device (e.g. DH key exchange) trusted device Add new context to owner profile

2. Data Protection - Encryption   CCM = counter with CBC-MAC (cipher block chaining message authentication code) PBKDF2 (Password-Based Key Derivation Function 2) DK = PBKDF2(Pseudo Random Function, Password, Salt, count if iterations, key length)

3. Owner Profile Management Existing profile recovery Owner authentication (e.g. password) Addition of new trusted device (failed challenge) New profile creation Owner authentication setup + trusted device association Owner 1 Owner n … Profile management Control Device

4. Existing profile retrieval User prompt with existing profile names Profile choice + authentication (password) Decryption key derivation (PBKDF2) From authentication / stored for encryption Success = authentication + profile restored Profile retrieval Control Device

chownIoT decision flow summary Detect Ownership Change No Detected? Verify using Trusted Device yes Successful? Configure new Profile yes New Profile No Choice? Encrypt Profile Data Profile Retrieval/Creation Existing Profile Authenticate for Selected Profile Create New Known Context for Current Profile Successful? Decrypt Profile Data yes No

Prototype implementation Smart home device features: Raspberry Pi 3 Language: C++ Trusted Device/New Control Device features: Android application Communication: Bluetooth / Wi-Fi Custom protocol based on UDP

Summary Privacy enhancement protocol for ownership change of SH devices Automatic: ownership change detection based on WiFi AP Secure: owner authentication / device association / data encryption Usable: profile management + limited annoyance Prototype implementation Android management application C++ code for smart home device UDP based communication protocol

Future Work Improvements: Ownership change detection Abnormal power off Ownership change not detected Data remains unencrypted Potential solution: Always encrypt but costly / unrealistic Ownership change detection Reduce false positives Other sensor modalities Profile management Cloud-based management (no storage on device) Password based key derivation Brute force attack More robust key generation

chownIoT Secure Handling of Smart Home IoT Devices Ownership Change Global Overview Samuel Marchal, Md Sakib Nizam Khan, N. Asokan Aalto University samuel.marchal@aalto.fi

chownIoT initial configuration Smart Home Device Control Device setup shared secret Outcome Trusted device authentication Owner authentication Trusted device identification Known context Diffie-Hellman Key Exchange response setup authentication mechanism Password based Authentication + Profile Name response Password Hash store authentication info Bluetooth Device Name, MAC, Shared Secret store trusted device identity AP SSID, MAC & Password store context

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.