Ravisha Rohilla,Janvi Panwar

DOI: https://doi.org/10.5121/csit.2024.141508

2024-08-27

Abstract:The proliferation of Internet of Things (IoT) devices has raised significant concerns regarding their security vulnerabilities. This paper explores the security risks associated with smart light systems, focusing on covert communication channels. Drawing upon previous re-search highlighting vulnerabilities in communication protocols and en-cryption flaws, the study investigates the potential for exploiting smart light systems for covert data transmission. Specifically, the paper repli-cates and analyzes an attack method introduced by Ronen and Shamir, which utilizes the Philips Hue White lighting system to create a covert channel through visible light communication (VLC). Experimental re-sults demonstrate the feasibility of transmitting data covertly through subtle variations in brightness levels, leveraging the inherent functional-ity of smart light bulbs. Despite limit. ations imposed by device constraints and communication protocols, the study underscores the need for heightened awareness and security measures in IoT environment. Ultimately, the findings emphasize the importance of implementing robust security practices and exercising caution when deploying networked IoT devices in sensitive environment.

Cryptography and Security,Emerging Technologies

Anindya Maiti,Murtuza Jadliwala

DOI: https://doi.org/10.48550/arXiv.1808.07814

2018-08-23

Abstract:Modern Internet-enabled smart lights promise energy efficiency and many additional capabilities over traditional lamps. However, these connected lights create a new attack surface, which can be maliciously used to violate users' privacy and security. In this paper, we design and evaluate novel attacks that take advantage of light emitted by modern smart bulbs in order to infer users' private data and preferences. The first two attacks are designed to infer users' audio and video playback by a systematic observation and analysis of the multimedia-visualization functionality of smart light bulbs. The third attack utilizes the infrared capabilities of such smart light bulbs to create a covert-channel, which can be used as a gateway to exfiltrate user's private data out of their secured home or office network. A comprehensive evaluation of these attacks in various real-life settings confirms their feasibility and affirms the need for new privacy protection mechanisms.

Cryptography and Security

Xianghui Cao,Devu Manikantan Shila,Yu Cheng,Zequ Yang,Yang Zhou,Jiming Chen

DOI: https://doi.org/10.1109/jiot.2016.2516102

IF: 10.6

2016-01-01

IEEE Internet of Things Journal

Abstract:ZigBee has been widely recognized as an important enabling technique for Internet of Things (IoT). However, the ZigBee nodes are normally resource-limited, making the network susceptible to a variety of security threats. This paper closely investigates a severe attack on ZigBee networks termed as ghost, which leverages the underlying vulnerabilities of the IEEE 802.15.4 security suites to deplete the energy of the nodes. We show that the impact of ghost is very large and that it can facilitate a variety of threats including denial of service and replay attacks. We highlight that merely deploying a standard suite of advanced security techniques does not necessarily guarantee improved security, but instead might be leveraged by adversaries to cause severe disruption in the network. We propose several recommendations on how to localize and withstand the ghost and other related attacks in ZigBee networks. Extensive simulations are provided to show the impact of the ghost and the performance of the proposed recommendations. Moreover, physical experiments also have been conducted and the observations confirm the severity of the impact by the ghost attack. We believe that the presented work will aid the researchers to improve the security of ZigBee further.

Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Christopher Vattheuer,Charlie Liu,Ali Abedi,Omid Abari

DOI: https://doi.org/10.48550/arXiv.2301.07202

2023-01-18

Abstract:Home security systems have become increasingly popular since they provide an additional layer of protection and peace of mind. These systems typically include battery-powered motion sensors, contact sensors, and smart locks. Z-Wave is a very popular wireless communication technology for these low-power systems. In this paper, we demonstrate two new attacks targeting Z-Wave devices. First, we show how an attacker can remotely attack Z-Wave security devices to increase their power consumption by three orders of magnitude, reducing their battery life from a few years to just a few hours. Second, we show multiple Denial of Service (DoS) attacks which enables an attacker to interrupt the operation of security systems in just a few seconds. Our experiments show that these attacks are effective even when the attacker device is in a car 100 meters away from the targeted house.

Cryptography and Security,Networking and Internet Architecture

Narmeen Shafqat,Daniel J. Dubois,David Choffnes,Aaron Schulman,Dinesh Bharadia,Aanjhan Ranganathan

DOI: https://doi.org/10.48550/arXiv.2107.10830

2021-11-27

Abstract:Zigbee is an energy-efficient wireless IoT protocol that is increasingly being deployed in smart home settings. In this work, we analyze the privacy guarantees of Zigbee protocol. Specifically, we present ZLeaks, a tool that passively identifies in-home devices or events from the encrypted Zigbee traffic by 1) inferring a single application layer (APL) command in the event's traffic, and 2) exploiting the device's periodic reporting pattern and interval. This enables an attacker to infer user's habits or determine if the smart home is vulnerable to unauthorized entry. We evaluated ZLeaks' efficacy on 19 unique Zigbee devices across several categories and 5 popular smart hubs in three different scenarios; controlled RF shield, living smart-home IoT lab, and third-party Zigbee captures. We were able to i) identify unknown events and devices (without a-priori device signatures) using command inference approach with 83.6% accuracy, ii) automatically extract device's reporting signatures, iii) determine known devices using the reporting signatures with 99.8% accuracy, and iv) identify APL commands in a public capture with 91.2% accuracy. In short, we highlight the trade-off between designing a low-power, low-cost wireless network and achieving privacy guarantees. We have also released ZLeaks tool for the benefit of the research community.

Cryptography and Security

Liam Daly Manocchio,Siamak Layeghy,Marius Portmann

DOI: https://doi.org/10.48550/arXiv.2210.03254

2022-10-06

Cryptography and Security

Abstract:Internet of Things (IoT) devices are progressively being utilised in a variety of edge applications to monitor and control home and industry infrastructure. Due to the limited compute and energy resources, active security protections are usually minimal in many IoT devices. This has created a critical security challenge that has attracted researchers' attention in the field of network security. Despite a large number of proposed Network Intrusion Detection Systems (NIDSs), there is limited research into practical IoT implementations, and to the best of our knowledge, no edge-based NIDS has been demonstrated to operate on common low-power chipsets found in the majority of IoT devices, such as the ESP8266. This research aims to address this gap by pushing the boundaries on low-power Machine Learning (ML) based NIDSs. We propose and develop an efficient and low-power ML-based NIDS, and demonstrate its applicability for IoT edge applications by running it on a typical smart light bulb. We also evaluate our system against other proposed edge-based NIDSs and show that our model has a higher detection performance, and is significantly faster and smaller, and therefore more applicable to a wider range of IoT edge devices.

Jorge Higuera,Aleix Llenas,Josep Carreras

DOI: https://doi.org/10.48550/arXiv.1809.00986

2018-08-29

Computers and Society

Abstract:Smart lighting is an underlying concept that links three main aspects: solid-state lighting (SSL) technologies, advanced control and universal communication interfaces following global standards. However, this conceptualization is constantly evolving to comply with the guidelines of the next generation of devices that work in the Internet of Things (IoT) ecosystem. Modern smart lighting systems are based on light emitting diode (LED) technology and involve advanced drivers that have features such as dynamic spectral light reproduction and advanced sensing capabilities. The ultimate feature is of additional advanced services serving as the hub for optical communications that allows coexistence with traditional Wi-Fi gateways in indoor environments. In this context, lighting systems are evolving to support different wireless communications interfaces compatible with the IoT ecosystem. Market tendencies of SSL systems predict the accelerated expansion of connected IoT lighting control systems in different markets from smart homes and industrial environments. These systems offer advanced features never seen before such as advanced spectral control of the light source and also, the inclusion of several communication interfaces. These are mainly wired, radiofrequencies (RF) and optical wireless communications (OWC) interfaces for advanced services such as sensing and visible light communications (VLC). In this paper we present how to design and realize IoT-based smart lighting systems for different applications using different IoT-centric lighting architectures. Finally, different standards and aspects related to interoperability and web services are explained taking into account commercial smart lighting platforms.

Devu Manikantan Shila,Xianghui Cao,Yu Cheng,Zequ Yang,Yang Zhou,Jiming Chen

DOI: https://doi.org/10.48550/arXiv.1410.1613

2014-10-07

Abstract:ZigBee has been recently drawing a lot of attention as a promising solution for ubiquitous computing. The ZigBee devices are normally resource-limited, making the network susceptible to a variety of security threats. This paper presents a severe attack on ZigBee networks termed as ghost, which leverages the underlying vulnerabilities of the IEEE 802.15.4 security suites to deplete the energy of the devices. We manifest that the impact of ghost is severe as it can reduce the lifetime of devices from years to days and facilitate a variety of threats including denial of service and replay attacks. We highlight that merely deploying a standard suite of advanced security techniques does not necessarily guarantee improved security, but instead might be leveraged by adversaries to cause severe disruption in the network. We propose several recommendations on how to localize and withstand the ghost and other related attacks in ZigBee networks. Extensive simulations are provided to show the impact of the ghost and the performance of the proposed recommendations. Moreover, physical experiments also have been conducted and the observations confirm the severity of the impact by the ghost attack. We believe that the presented work will aid the researchers to improve the security of ZigBee further.

Cryptography and Security,Networking and Internet Architecture

Stefan Marksteiner,Víctor Juan Expósito Jiménez,Heribert Vallant,Herwig Zeiner

DOI: https://doi.org/10.1109/CTTE.2017.8260940

2018-01-22

Abstract:While the application of IoT in smart technologies becomes more and more proliferated, the pandemonium of its protocols becomes increasingly confusing. More seriously, severe security deficiencies of these protocols become evident, as time-to- market is a key factor, which satisfaction comes at the price of a less thorough security design and testing. This applies especially to the smart home domain, where the consumer-driven market demands quick and cheap solutions. This paper presents an overview of IoT application domains and discusses the most important wireless IoT protocols for smart home, which are KNX-RF, EnOcean, Zigbee, Z-Wave and Thread. Finally, it describes the security features of said protocols and compares them with each other, giving advice on whose protocols are more suitable for a secure smart home.

Cryptography and Security

Davide Bonaventura,Sergio Esposito,Giampaolo Bella

DOI: https://doi.org/10.5220/0012767700003767

2024-07-17

Abstract:Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in these seemingly innocuous devices can expose users to significant risks. This paper extends the findings outlined in previous work, introducing a novel attack scenario. This new attack allows malicious actors to obtain sensitive credentials, including the victim's Tapo account email and password, as well as the SSID and password of her local network. Furthermore, we demonstrate how these findings can be replicated, either partially or fully, across other smart devices within the same IoT ecosystem, specifically those manufactured by Tp-Link. Our investigation focused on the Tp-Link Tapo range, encompassing smart bulbs (Tapo L530E, Tapo L510E V2, and Tapo L630), a smart plug (Tapo P100), and a smart camera (Tapo C200). Utilizing similar communication protocols, or slight variants thereof, we found that the Tapo L530E, Tapo L510E V2, and Tapo L630 are susceptible to complete exploitation of all attack scenarios, including the newly identified one. Conversely, the Tapo P100 and Tapo C200 exhibit vulnerabilities to only a subset of attack scenarios. In conclusion, by highlighting these vulnerabilities and their potential impact, we aim to raise awareness and encourage proactive steps towards mitigating security risks in smart device deployment.

Cryptography and Security

Yuhao Zhuang,Wenjian Huang,Xuanzhong Chen,Xiangze Zeng,Weijing Wu

DOI: https://doi.org/10.3969/j.issn.1004-440X.2015.05.007

2015-01-01

Abstract:In this article,based on the analysis of existing lighting network structure,and taking full consideration of the advantages and disadvantages of wired and wireless connection scheme,a method combining wired and wireless network as integrated network was put forward in order to achieve complementary advantages of the wired and wireless networks.An integrated network was implemented by applying DALI protocol in ZigBee stack.It is compatible with the DALI protocol and the ZigBee Light Link ( ZLL) protocol which is dedicated for the field of illumination.Compared with the traditional ZLL network,the integrated network can reduce more than 2/3 of the control unit cost of the node without reducing the convenience and user experience,so it can greatly reduce the cost of intelligent lighting system construction.A user friendly software was also designed by using LabVIEW.At last a entire lighting control system based on the integrated network was completed.

Ahmed Mohamed Hussain,Gabriele Oligeri,Thiemo Voigt

DOI: https://doi.org/10.1007/978-3-030-68884-4_10

2021-01-01

Abstract:We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e., Google Nest Mini, Amazon Echo, and Amazon Echo Dot. We prove that it is possible to detect and identify with overwhelming probability their presence and the services running by the aforementioned devices in a crowded WiFi scenario. This work proves that standard encryption techniques alone are not sufficient to protect the privacy of the end-user, since the network traffic itself exposes the presence of both the device and the associated service. While more work is required to prevent non-trusted third parties to detect and identify the user’s devices, we introduce Eclipse, a technique to mitigate these types of attacks, which reshapes the traffic making the identification of the devices and the associated services similar to the random classification baseline.

Dong Jin,Christopher Hannon,Zhiyi Li,Pablo Cortes,Srinivasan Ramaraju,Patrick Burgess,Nathan Buch,Mohammad Shahidehpour

DOI: https://doi.org/10.1016/j.tej.2016.11.011

2016-01-01

The Electricity Journal

Abstract:A wireless networked LED street lighting system with centralized and remote control technology has emerged as an innovative smart city application with great potential to reduce energy cost and enhance public safety. A pilot system integrated within a campus microgrid demonstrates the benefits of two smart city applications for public safety enhancement, while revealing multiple cyber-security challenges.

Yang Li,Anna Maria Mandalari,Isabel Straw

2023-07-26

Abstract:For smart homes to be safe homes, they must be designed with security in mind. Yet, despite the widespread proliferation of connected digital technologies in the home environment, there is a lack of research evaluating the security vulnerabilities and potential risks present within these systems. Our research presents a comprehensive methodology for conducting systematic IoT security attacks, intercepting network traffic and evaluating the security risks of smart home devices. We perform hundreds of automated experiments using 11 popular commercial IoT devices when deployed in a testbed, exposed to a series of real deployed attacks (flooding, port scanning and OS scanning). Our findings indicate that these devices are vulnerable to security attacks and our results are relevant to the security research community, device engineers and the users who rely on these technologies in their daily lives.

Cryptography and Security

Kaushal Kafle,Kevin Moran,Sunil Manandhar,Adwait Nadkarni,Denys Poshyvanyk

DOI: https://doi.org/10.48550/arXiv.1812.01597

2018-12-05

Abstract:Home automation platforms provide a new level of convenience by enabling consumers to automate various aspects of physical objects in their homes. While the convenience is beneficial, security flaws in the platforms or integrated third-party products can have serious consequences for the integrity of a user's physical environment. In this paper we perform a systematic security evaluation of two popular smart home platforms, Google's Nest platform and Philips Hue, that implement home automation "routines" (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines. This analysis results in ten key findings with serious security implications. For instance, we demonstrate the potential for the misuse of smart home routines in the Nest platform to perform a lateral privilege escalation, illustrate how Nest's product review system is ineffective at preventing multiple stages of this attack that it examines, and demonstrate how emerging platforms may fail to provide even bare-minimum security by allowing apps to arbitrarily add/remove other apps from the user's smart home. Our findings draw attention to the unique security challenges of platforms that execute routines via centralized data stores and highlight the importance of enforcing security by design in emerging home automation platforms.

Cryptography and Security

Xu Li,Xiaohui Liang,Rongxing Lu,Xuemin (Sherman) Shen,Xiaodong Lin,Haojin Zhu

DOI: https://doi.org/10.1109/mcom.2012.6257525

IF: 9.03

2012-01-01

IEEE Communications Magazine

Abstract:Smart grid has emerged as the next-generation power grid via the convergence of power system engineering and information and communication technology. In this article, we describe smart grid goals and tactics, and present a three-layer smart grid network architecture. Following a brief discussion about major challenges in smart grid development, we elaborate on smart grid cyber security issues. We define a taxonomy of basic cyber attacks, upon which sophisticated attack behaviors may be built. We then introduce fundamental security techniques, whose integration is essential for achieving full protection against existing and future sophisticated security attacks. By discussing some interesting open problems, we finally expect to trigger more research efforts in this emerging area.

Linzhi Zhou,Chen Yuan

DOI: https://doi.org/10.1117/12.2687761

2023-08-28

Abstract:This paper proposes a design of intelligent energy-saving lighting control system based on ZigBee and NB-IoT technology. The system uses low-cost ZigBee networking scheme for data communication within the streetlamp group, collects data to the gateway configured with NB IoT module, designs communication protocol for streetlamp application scenarios, and uses it to interact with cloud platform for data, so as to solve the problems of untimely control, vulnerability to interference and small coverage of previous communication technology. The stability of ZigBee network transmission is optimized, And design and implementation of information transmission data to the client. The test results show that the intelligent energy-saving lighting control system based on ZigBee wireless network technology and NB-IoT remote communication technology has the advantages of strong penetration ability, low power consumption, stable and reliable operation, and has strong practicability and promotional value.

Computer Science,Engineering,Environmental Science

Rebeca P. Díaz Redondo,Ana Fernández Vilas,Gabriel Fernández dos Reis

DOI: https://doi.org/10.3390/s20143977

2023-12-13

Abstract:Smart meters are of the basic elements in the so-called Smart Grid. These devices, connected to the Internet, keep bidirectional communication with other devices in the Smart Grid structure to allow remote readings and maintenance. As any other device connected to a network, smart meters become vulnerable to attacks with different purposes, like stealing data or altering readings. Nowadays, it is becoming more and more popular to buy and plug-and-play smart meters, additionally to those installed by the energy providers, to directly monitor the energy consumption at home. This option inherently entails security risks that are under the responsibility of householders. In this paper, we focus on an open solution based on Smartpi 2.0 devices with two purposes. On the one hand, we propose a network configuration and different data flows to exchange data (energy readings) in the home. These flows are designed to support collaborative among the devices in order to prevent external attacks and attempts of corrupting the data. On the other hand, we check the vulnerability by performing two kind of attacks (denial of service and stealing and changing data by using a malware). We conclude that, as expected, these devices are vulnerable to these attacks, but we provide mechanisms to detect both of them and to solve, by applying cooperation techniques

Cryptography and Security,Networking and Internet Architecture

Zhiyi Li,Dong Jin,Christopher Hannon,Mohammad Shahidehpour,Jianhui Wang

DOI: https://doi.org/10.1049/iet-cps.2016.0017

2016-01-01

IET Cyber-Physical Systems Theory & Applications

Abstract:Intelligent traffic lights are critical cyber-physical systems that help smart cities to cut road congestion and vehicle emissions. However, they also open a new frontier of cybersecurity. Security researchers have demonstrated ways to compromise the traffic lights to cause potential traffic disruption and public safety degradation. This study aims to raise the public awareness of the cybersecurity issues in traffic light systems. The authors present a bi-level game-theoretic framework for assessing cybersecurity risks of traffic light systems, as the first step towards understanding and mitigating the security vulnerabilities. Additionally, they propose a minimax-regret-based methodology to guide the deployment of defensive measures in traffic light systems against cyberattacks.