Presentation is loading. Please wait.

Presentation is loading. Please wait.

chownIoT Secure Handling of Smart Home IoT Devices Ownership Change

Published byNora Bryant Modified over 6 years ago

Similar presentations

Presentation on theme: "chownIoT Secure Handling of Smart Home IoT Devices Ownership Change"— Presentation transcript:

1 chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
Global Overview Samuel Marchal, Md Sakib Nizam Khan, N. Asokan Aalto University

2 IoT Smart Home Internet connected everyday objects in home
Remotely accessible / controllable Sensing + collection of sensitive information Spying Inference of presence / habits User profiling Local / Cloud storage

3 Ownership change Ownership of Smart Home (SH) device can change during lifetime Lend Resell / stealing Change of tenant (rental places) May introduce unauthorized access to privacy sensitive data Historical / personal data not wiped (threat to previous owner) Authentication credentials for cloud / network access saved (threat to previous owner) Old authentication credentials still valid (threat to new owner) Etc.

4 Threats and attackers capabilities
New Owner Local + remote control / access to device Physical memory + Cloud storage access Threat: Data + authentication credentials extraction (network + cloud) Previous Owner Remote control / access to device (through cloud) Cloud storage access Threat: Newly exported data extraction

5 chownIoT overview 1 4 2 Previous Owner New Owner 3
Detect Change of Ownership 4 2 Owner Change / Profile Retrieval & Management Protect Previous Owner Previous Owner New Owner Secure Use by New Owner 3

6 1. Automatic ownership change detection
Smart Home (SH) devices: Static: dishwasher, integrated blinds, heating system, etc. Semi-static: DVR, smart plugs, etc. Remain in a same context Idea: Ownership Context How to measure context ? Context: Information about the surrounding environment Sensor modalities BUT different devices different sensors All SH devices have at least connectivity (e.g. WiFi) Wi-Fi access point < SSID, MAC, Auth > Context Owner Owner Change Context Change BUT Context Change Owner Change

7 1.1 Verification of ownership change
SH devices setup and controlled using a control device (e.g. smartphone) Assumption: in vicinity if same owner change the context of SH device Verification: Challenge-response between control device and SH device (Bluetooth) SH device setup overhead Security association with control device (e.g. DH key exchange) trusted device Add new context to owner profile

8 2. Data Protection - Encryption
CCM = counter with CBC-MAC (cipher block chaining message authentication code) PBKDF2 (Password-Based Key Derivation Function 2) DK = PBKDF2(Pseudo Random Function, Password, Salt, count if iterations, key length)

9 3. Owner Profile Management
Existing profile recovery Owner authentication (e.g. password) Addition of new trusted device (failed challenge) New profile creation Owner authentication setup + trusted device association Owner 1 Owner n Profile management Control Device

10 4. Existing profile retrieval
User prompt with existing profile names Profile choice + authentication (password) Decryption key derivation (PBKDF2) From authentication / stored for encryption Success = authentication + profile restored Profile retrieval Control Device

11 chownIoT decision flow summary
Detect Ownership Change No Detected? Verify using Trusted Device yes Successful? Configure new Profile yes New Profile No Choice? Encrypt Profile Data Profile Retrieval/Creation Existing Profile Authenticate for Selected Profile Create New Known Context for Current Profile Successful? Decrypt Profile Data yes No

12 Prototype implementation
Smart home device features: Raspberry Pi 3 Language: C++ Trusted Device/New Control Device features: Android application Communication: Bluetooth / Wi-Fi Custom protocol based on UDP

13 Summary Privacy enhancement protocol for ownership change of SH devices Automatic: ownership change detection based on WiFi AP Secure: owner authentication / device association / data encryption Usable: profile management + limited annoyance Prototype implementation Android management application C++ code for smart home device UDP based communication protocol

14 Future Work Improvements: Ownership change detection
Abnormal power off Ownership change not detected Data remains unencrypted Potential solution: Always encrypt but costly / unrealistic Ownership change detection Reduce false positives Other sensor modalities Profile management Cloud-based management (no storage on device) Password based key derivation Brute force attack More robust key generation

15 chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
Global Overview Samuel Marchal, Md Sakib Nizam Khan, N. Asokan Aalto University

16 chownIoT initial configuration
Smart Home Device Control Device setup shared secret Outcome Trusted device authentication Owner authentication Trusted device identification Known context Diffie-Hellman Key Exchange response setup authentication mechanism Password based Authentication + Profile Name response Password Hash store authentication info Bluetooth Device Name, MAC, Shared Secret store trusted device identity AP SSID, MAC & Password store context

Download ppt "chownIoT Secure Handling of Smart Home IoT Devices Ownership Change"

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.

 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Azam Supervisor : Prof. Raj Jain

Azam Supervisor : Prof. Raj Jain
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
Authentication 802.11 has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.

Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.
Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.

Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.
@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.

@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.

Similar presentations

Ads by Google