Paper Info
Title
A Novel Graph-based Mechanism for Identifying Traffic Vulnerabilities in Smart Home IoT.
Abstract
Smart home IoT devices have been more prevalent than ever before but the relevant security considerations fail to keep up with due to device and technology heterogeneity and resource constraints, making IoT systems susceptible to various attacks. In this paper, we propose a novel graph-based mechanism to identify the vulnerabilities in communication of IoT devices for smart home systems. Our approach takes one or more packet capture files as inputs to construct a traffic graph by passing the captured messages, identify the correlated subgraphs by examining the attribute-value pairs associated with each message, and then quantify their vulnerabilities based on the sensitivity levels of different keywords. To test the effectiveness of our approach, we setup a smart home system that can control a smart bulb LB100 via either the smartphone APP for LB100 or the Google Home speaker. We collected and analyzed 58,714 messages and exploited 6 vulnerable correlated subgraphs, based on which we implemented 6 attack cases that can be easily reproduced by attackers with little knowledge of IoT. This study is novel as our approach takes only the collected traffic files as inputs without requiring the knowledge of the device firmware while being able to identify new vulnerabilities. With this approach, we won the third prize out of 20 teams in a hacking competition.
Year
Venue
Field
2018
IEEE INFOCOM
Graph,Packet analyzer,Cryptography,Computer science,Server,Computer network,Hacker,Home automation,Vulnerability,Firmware
DocType
ISSN
Citations 
Conference
0743-166X
1
PageRank 
References 
Authors
0.36
0
6
Name
Order
Citations
PageRank
Yizhen Jia1192.02
Yinhao Xiao2234.41
Jiguo Yu3688108.74
Xiuzhen Cheng43238210.23
Zhenkai Liang5148681.00
Zhiguo Wan6142.93