Abstract
In this paper, we analyse the Internet of Things (IoT) aspect of smart home from a security perspective, and adapt an advanced malware technique (called feature-distributed malware) for the IoT. We design several attacks including cyber-physical system attacks and advanced cyber attacks, and then evaluate their impact via practical evaluations. Our proposed offensive techniques are based on the following current smart home status: (1) almost every smart home appliance is directly or indirectly connected to the Internet for remote monitoring and/or control. (2) there are Internet services that integrate heterogeneous devices into one single smart home environment. These integration services make it easy and simple to build any form of customised smart home configurations. However, at the same time, such services also put the smart home at risk when they are compromised and abused by attackers, which means that the attackers can achieve their goals without needing to compromise individual smart home devices. Our evaluation results show that using traditional web attack techniques such as cookie stealing can be turned into sophisticated attacks that enable the attackers to perform various malicious activities such as unlocking the smart lock installed at the target premises and disarming security alarms. Considering existing research efforts on the smart home security are mainly about security analysis of individual devices and protocols, we believe this work will shed light on the practical implications of integrating the smart home with the Internet of things, therefore helping the development of more secure smart home environments in the future.
Original language | English |
---|---|
Title of host publication | Proceedings - 2015 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015 |
Place of Publication | Piscataway, NJ |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 80-89 |
Number of pages | 10 |
ISBN (Electronic) | 9781467385817 |
DOIs | |
Publication status | Published - 2015 |
Event | 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015 - Gold Coast, Australia Duration: 9 Dec 2015 → 11 Dec 2015 |
Other
Other | 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015 |
---|---|
Country/Territory | Australia |
City | Gold Coast |
Period | 9/12/15 → 11/12/15 |
Keywords
- Cyber-Physical Systems
- Internet of Things
- Malware
- Security
- Smart Home