Improving home automation security : integrating device fingerprinting into smart home

This paper explains the importance of accessing modern smart homes over the Internet, and highlights various security issues associated with it. This paper explains the evolution of device fingerprinting concept over time, and discusses various pitfalls in existing device fingerprinting approaches. In this paper, we propose a two-stage verification process for smart homes, using device fingerprints and login credentials, which verifies the user device as well as the user accessing the home over the Internet. Unlike any other previous approaches, our Device Fingerprinting algorithm considers a device’s geographical location while computing its fingerprint. In our device identification experiment, we were able to successfully identify 97.93% of the devices that visited our Webpage using JavaScript, Flash, and Geolocation.This work was supported in part by the National Research Foundation, South Africa, under Grant IFR160118156967, in part by the University of Pretoria’s Post Graduate Research Support Bursary, in part by the National Natural Science Foundation, China, under Grant 61572260, Grant 61373017, Grant 61572261, and Grant 61672296, and in part by the Scientific & Technological Support Project of Jiangsu Province under Grant BE2015702, Grant BE2016185, and Grant BE2016777.http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639hj2017Electrical, Electronic and Computer Engineerin

A critical review of cyber-physical security for building automation systems

Modern Building Automation Systems (BASs), as the brain that enables the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as optimized automation via outsourced cloud analytics and increased building-grid integrations. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber-secure resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro

Intelligent home automation security system based on novel logical sensing and behaviour prediction

The thesis, Intelligent Home Automation Security System Based on Novel Logical Sensing and Behavior Prediction, was designed to enhance authentication, authorization and security in smart home devices and services. The work proposes a three prong defensive strategy each of which are analyzed and evaluated separately to drastically improve security. The Device Fingerprinting techniques proposed, not only improves the existing approaches but also identifies the physical device accessing the home cybernetic and mechatronic systems using device specific and browser specific parameters. The Logical Sensing process analyses home inhabitant actions from a logical stand point and develops sophisticated and novel sensing techniques to identify intrusion attempts to a home’s physical and cyber space. Novel Behavior prediction methodology utilizes Bayesian networks to learn normal user behavior which is later compared to distinguish and identify suspicious user behaviors in the home in a timely manner. The logical sensing, behavior prediction and device fingerprinting techniques proposed were successfully tested, evaluated and verified in an actual home cyber physical system. The algorithms and techniques proposed in the thesis can be easily modified and adapted into many practical applications in Industrial Internet of Things, Industry 4.0 and cyber-physical systems.Thesis (PhD)--University of Pretoria, 2017.Electrical, Electronic and Computer EngineeringPhDUnrestricte

Advanced IoT Technology and Protocols: Review and Future Perspectives

The Internet of Things (IoT) has emerged as a disruptive paradigm, altering how we interact with our surroundings and enabling a plethora of novel applications across multiple sectors. This literature review provides a complete overview of the Internet of Things, including applications, technology, protocols, modeling tools, and future directions. The assessment begins by looking at a wide range of IoT applications, such as smart cities, healthcare, industrial automation, smart homes, and more. It then looks into the underlying technologies that enable IoT deployments, including low-power wireless communication protocols, edge computing, and sensor networks. Protocols and routing methods designed expressly for IoT networks are also described, as well as simulation tools used to simulate and evaluate IoT systems. The discussion focuses on critical insights and consequences for the future of IoT, including challenges and potential in security, interoperability, edge intelligence, and sustainability. By tackling these obstacles and using emerging technologies, IoT can create disruptive change across businesses while also improving quality of life. This review seeks to give scholars, practitioners, and stakeholders a thorough grasp of IoT and its implications for the future

A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT

Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety of security threats for such systems. However, due to unique characteristics of such systems i.e., battery power, bandwidth and processor overheads and network dynamics, intrusion detection for IoT is a challenge, which requires taking into account the trade-off between detection accuracy and performance overheads. In~this context, we are focused at highlighting this trade-off and its significance to achieve effective intrusion detection for IoT. Specifically, this paper presents a comprehensive study of existing intrusion detection systems for IoT systems in three aspects: computational overhead, energy consumption and privacy implications. Through extensive study of existing intrusion detection approaches, we have identified open challenges to achieve effective intrusion detection for IoT infrastructures. These include resource constraints, attack complexity, experimentation rigor and unavailability of relevant security data. Further, this paper is envisaged to highlight contributions and limitations of the state-of-the-art within intrusion detection for IoT, and~aid the research community to advance it by identifying significant research directions

Multivariate Stochastic Approximation to Tune Neural Network Hyperparameters for Criticial Infrastructure Communication Device Identification

The e-government includes Wireless Personal Area Network (WPAN) enabled internet-to-government pathways. Of interest herein is Z-Wave, an insecure, low-power/cost WPAN technology increasingly used in critical infrastructure. Radio Frequency (RF) Fingerprinting can augment WPAN security by a biometric-like process that computes statistical features from signal responses to 1) develop an authorized device library, 2) develop classifier models and 3) vet claimed identities. For classification, the neural network-based Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier is employed. GRLVQI has shown high fidelity in classifying Z-Wave RF Fingerprints; however, GRLVQI has multiple hyperparameters. Prior work optimized GRLVQI via a full factorial experimental design. Herein, optimizing GRLVQI via stochastic approximation, which operates by iterative searching for optimality, is of interest to provide an unconstrained optimization approach to avoid limitations found in full factorial experimental designs. The results provide an improvement in GRLVQI operation and accuracy. The methodology is further generalizable to other problems and algorithms

Orchestrating Intelligent Network Operations in Programmable Networks

Peer reviewe

Information exposure from consumer IoT devices: a multidimensional, network-informed measurement approach

Internet of Things (IoT) devices are increasingly found in everyday homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential privacy risks, since these devices can communicate information about their users to other parties over the Internet. However, understanding these risks in depth and at scale is difficult due to heterogeneity in devices' user interfaces, protocols, and functionality. In this work, we conduct a multidimensional analysis of information exposure from 81 devices located in labs in the US and UK. Through a total of 34,586 rigorous automated and manual controlled experiments, we characterize information exposure in terms of destinations of Internet traffic, whether the contents of communication are protected by encryption, what are the IoT-device interactions that can be inferred from such content, and whether there are unexpected exposures of private and/or sensitive information (e.g., video surreptitiously transmitted by a recording device). We highlight regional differences between these results, potentially due to different privacy regulations in the US and UK. Last, we compare our controlled experiments with data gathered from an in situ user study comprising 36 participants