A Study of Data Store-based Home Automation

Kafle, Kaushal; Moran, Kevin; Manandhar, Sunil; Nadkarni, Adwait; Poshyvanyk, Denys

doi:10.1145/3292006.3300031

Cited by 21 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A common trait of the home security/safety systems proposed by prior work [15], [8], [4], [10], [5], [16] is their reliance on policies for analysis or enforcement, which researchers generally specify based on their understanding of the home. For example, Soteria [4] has a policy which states that "the refrigerator and security system must always be on", which is motivated by the safety and security consequences of the two devices being OFF.…”

Section: A Motivating Example: Effective Policy Specificationmentioning

confidence: 99%

“…However, such an event may also be triggered by an adversary who can commandeer global state variables such as "awake/asleep", or "home/away". Indeed, our prior work [16] demonstrates how an attacker could manipulate such variables via compromised low-security devices, to indirectly control high-security devices. Finally, we also attempt to generate unnatural (i.e., unlikely) scenarios to mimic accidents or adversarial circumstances (Sec.…”

Section: A Threat Modelmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses

Manandhar

Moran

Kafle

et al. 2020

2020 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

Designing practical security systems for the smart home is challenging without the knowledge of realistic home usage. This paper describes the design and implementation of H lion, a framework that generates natural home automation scenarios by identifying the regularities in user-driven home automation sequences, which are in turn generated from routines created by end-users. Our key hypothesis is that smart home event sequences created by users exhibit inherent semantic patterns, or naturalness that can be modeled and used to generate valid and useful scenarios. To evaluate our approach, we first empirically demonstrate that this naturalness hypothesis holds, with a corpus of 30,518 home automation events, constructed from 273 routines collected from 40 users. We then demonstrate that the scenarios generated by H lion seem valid to end-users, through two studies with 16 external evaluators. We further demonstrate the usefulness of H lion's scenarios by addressing the challenge of policy specification, and using H lion to generate 17 security/safety policies with minimal effort. We distill 16 key findings from our results that demonstrate the strengths of our approach, surprising aspects of home automation, as well as challenges and opportunities in this rapidly growing domain.

show abstract

Section: A Motivating Example: Effective Policy Specificationmentioning

confidence: 99%

Section: A Threat Modelmentioning

confidence: 99%

Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses

Manandhar

Moran

Kafle

et al. 2020

2020 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…There have been several successful attempt at hacking smart devices. Kafle et al [72] found SSL-vulnerabilities in popular smart home devices Nest and Philips Hue. Roy Solberg, a norwegian system developer, found that communication in the Mill smart heaters was unencrypted, which meant that anyone could control any internet connected heater [73].…”

Section: Prefacementioning

confidence: 99%

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Thompson

Erdogan

2020

Proceedings of the 6th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

The Internet of Things is rising in popularity across many different domains, such as build automation, healthcare, electrical smart metering and physical security. Many prominent IT experts and companies like Gartner expect there to be a continued rise in the amount of IoT endpoints, with an estimated 5.8 million endpoints in 2020. With the rapid growth of the devices, the physical nature of these devices, and the amount of data collected, there will be a greater need for trustworthiness. These devices often gather personal data and as the devices have relatively less computational power than other devices, security and privacy risks are greater. With the IoT systems often operating in highly dynamic environments, the development of these systems should often be done in an iterative manner. De-vOps is an increasingly popular agile practice which combines the development and operations of systems to provide continuous delivery. This is well suited for the development of IoT systems. However, there is currently a lack of support for risk driven planning of trustworthy smart IoT systems within DevOps. This thesis investigates currently available tools and methods for the planning of trustworthy smart IoT systems within DevOps. We also propose a tool-supported method with the purpose of assisting developers in the planning phase of DevOps with identifying security and privacy risks, and executing risk assessment algorithms. Furthermore we facilitate automatic real-time security and privacy risk assessment through our custom made API. Moreover we conduct a case study where we apply both our method and tool in a real-life smart home case. Based on our initial result we argue that our tool-supported method: is easy to use and understandable for developers, supports the planning of trustworthy smart IoT systems in the DevOps practice in terms of security and privacy risk assessment and it is appropriate for use in the DevOps practice in terms of adapting to new plans and flexible in response to changes in the system.

show abstract

“…With the wide adoption of IoT devices, security and privacy have become a pressing issue [9,13,15,17,30,36,42,51,52]. A large body of existing works focuses on the security of software and firmware of the IoT devices [31,32,34], and measurements of IoT botnets [14,33].…”

Section: Related Work Iot Security and Privacymentioning

confidence: 99%

Security Vetting Process of Smart-home Assistant Applications: A First Look and Case Studies

Hu,

Yang,

Lin

et al. 2020

Preprint

View full text Add to dashboard Cite

The popularity of smart-home assistant systems such as Amazon Alexa and Google Home leads to a booming third-party application market (over 70,000 applications across the two stores). While existing works have revealed security issues in these systems, it is not well understood how to help application developers to enforce security requirements. In this paper, we perform a preliminary case study to examine the security vetting mechanisms adopted by Amazon Alexa and Google Home app stores. With a focus on the authentication mechanisms between Alexa/Google cloud and third-party application servers (i.e. end-points), we show the current security vetting is insufficient as developer mistakes cannot be effectively detected and notified. A weak authentication would allow attackers to spoof the cloud to insert/retrieve data into/from the application endpoints. We validate the attack through ethical proof-of-concept experiments. To confirm vulnerable applications have indeed passed the security vetting and entered the markets, we develop a heuristic-based searching method. We find 219 realworld Alexa endpoints that carry the vulnerability, many of which are related to critical applications that control smart home devices and electronic cars. We have notified Amazon and Google about our findings and offered our suggestions to mitigate the issue.

show abstract

A Study of Data Store-based Home Automation

Cited by 21 publications

References 16 publications

Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses

Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Security Vetting Process of Smart-home Assistant Applications: A First Look and Case Studies

Contact Info

Product

Resources

About