Abstract | ||
---|---|---|
Today users can access and/or control their IoT devices using mobile apps. Such interactions often rely on IoT-to-Mobile communication that supports direct data exchanges between IoT devices and smartphones. To guarantee mutual authentication and encrypted data transmission in IoT-to-Mobile communications while keeping lightweight implementation, IoT devices and smartphones often share credentials in advance with the help of a cloud server. Since these credentials impact communication security, in this paper we seek to understand how such sensitive materials are implemented. We design a set of analysis techniques and implement them in KingFisher, an analysis framework. KingFisher identifies shared credentials, tracks their uses, and examines violations against nine security properties that the implementation of credentials should satisfy. With an evaluation of eight real-world IoT solutions with more than 35 million deployed devices, KingFisher revealed that all these solutions involve insecurely used credentials, and are subject to privacy leakage or device hijacking. |
Year | DOI | Venue |
---|---|---|
2022 | 10.1109/DSN53405.2022.00055 | 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
Keywords | DocType | ISSN |
IoT-to-Mobile communication,Value-based Analysis,Shared Credential,Companion App | Conference | 1530-0889 |
ISBN | Citations | PageRank |
978-1-6654-1694-8 | 0 | 0.34 |
References | Authors | |
23 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
yiwei zhang | 1 | 0 | 0.34 |
Siqi Ma | 2 | 0 | 1.01 |
Juanru Li | 3 | 179 | 24.07 |
Dawu Gu | 4 | 644 | 103.50 |
Elisa Bertino | 5 | 14025 | 2128.50 |