HomeShield: A Credential-Less Authentication Framework for Smart Home Systems

Smart home systems have become more and more prevailent in recent years. On the one hand, they make our everyday life more convenient; on the other hand, they suffer from the two notorious security problems, namely, the open-port problem and the overprivilege problem, making their security situation...

Full description

Saved in:
Bibliographic Details
Published inIEEE internet of things journal Vol. 7; no. 9; pp. 7903 - 7918
Main Authors Xiao, Yinhao, Jia, Yizhen, Liu, Chunchi, Alrawais, Arwa, Rekik, Molka, Shan, Zhiguang
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.09.2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Authentication
information security
Internet of Things
machine learning algorithms
Security
Servers
Smart buildings
Smart homes
Smart houses
Smart phones
Smartphones
System effectiveness
Workflow
Online AccessGet full text

Cover

More Information
Summary:Smart home systems have become more and more prevailent in recent years. On the one hand, they make our everyday life more convenient; on the other hand, they suffer from the two notorious security problems, namely, the open-port problem and the overprivilege problem, making their security situations extremely worrying and uncheerful. In this article, we proposed HomeShield, a novel credential-less authentication framework to shield smart home systems by effectively defending against the attacks resulted from these two security problems without the need for sensitive credentials. We further detailed an implementation of HomeShield based on the side channels that are publicly available in Android smartphones serving as controllers of smart home systems and presented its workflow in protecting against various attacks caused by the open-port and overprivilege problems. Finally, we tested our HomeShield implementation on a real-world smart home system and considered four threat models that cover basically all practical attacks, including Mirai and its variants. We also considered the effectiveness of our HomeShield implementation on the SmartApps of the Samsung SmartThings platform, which also suffers from the open-port and overprivilege problems, even though its overprivilege issue has been extensively studied by the recently proposed works, such as ContexIoT and SmartAuth. The evaluation results indicate that our HomeShield realization can successfully defend against over 90% attack trials with an average latency of less than 1 s.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2020.3003621