On Continuously Verifying Device-level Functional Integrity by Monitoring Correlated Smart Home Devices
Pages 219 - 230
Abstract
The correct functionality (can also be called as functional integrity) from a smart device is essential towards ensuring their safe and secure operations. The functional integrity of a device can be defined based on its correctness in sensing and actuating on the physical environment as well as in reporting to the users. As evident from several practical threats (e.g., event spoofing attacks, event masking attacks, sensor failure, vulnerabilities, and misconfigurations), this functional integrity of a device are often breached to cause severe security and safety impacts to their users. To make things worse, such integrity breaches might stay stealthy (due to their non-existence at the user-side) as well as be caused from both devices and apps (due to their vulnerability and misconfiguratons at both physical and cyber spaces). Existing works mainly focus on detecting specific attacks without aiming at verifying functional integrity as a security property. In this paper, we bridge this gap by proposing a continuous approach for smart homes to verify functional integrity at the device-level while monitoring correlated devices. Specifically, our main idea is to learn the correlations among various sensors and actuators in a smart environment, and continuously monitor all the correlated devices to verify functional integrity breaches against various real-world attacks, including spoofing, masking, sensor failure, and device misconfigurations/vulnerabilities. We implement our approach in the context of smart home and evaluate its effectiveness (e.g., for sensors, R2 score of 0.98, and for actuators, accuracy up to 100%) using a public dataset.
References
[1]
openHAB 2024. Empowering the smart home. openHAB. https://www.openhab. org/
[2]
NIST 2024. National Vulnerability Database - CVE-2023--50124 Detail. NIST. https://nvd.nist.gov/vuln/detail/CVE-2023--50124
[3]
OpenMotics 2024. OpenMotics makes building automation relevant. OpenMotics. https://www.openmotics.com/en/
[4]
DataCebo 2024. The Synthetic Data Vault. DataCebo. https://sdv.dev/
[5]
Shadi Al-Sarawi, Mohammed Anbar, Kamal Alieyan, and Mahmood Alzubaidi. 2017. Internet of Things (IoT) communication protocols. In 2017 8th International conference on information technology (ICIT). IEEE, 685--690.
[6]
Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In IEEE Symposium on S&P. 1362--1380.
[7]
Home Assistant. 2024. Awaken your home. http://www.home-assistant.io/.
[8]
David S Bayard and Scott R Ploen. 2005. High accuracy inertial sensors from inexpensive components. US Patent 6,882,964.
[9]
Simon Birnbach, Simon Eberz, and Ivan Martinovic. 2019. Peeves: Physical Event Verification in Smart Homes. In ACM CCS. ACM, 1455--1467.
[10]
Simon Birnbach, Simon Eberz, and Ivan Martinovic. 2022. Haunted house: physical smart home event verification in the presence of compromised sensors. ACM TIOT 3, 3 (2022), 1--28.
[11]
Alireza Borhani and Hamid R Zarandi. 2022. ThingsDND: IoT Device Failure Detection and Diagnosis for Multi-User Smart Homes. In 2022 18th European Dependable Computing Conference (EDCC). IEEE, 113--116.
[12]
Davide Chicco, Matthijs J Warrens, and Giuseppe Jurman. 2021. The coefficient of determination R-squared is more informative than SMAPE, MAE, MAPE, MSE and RMSE in regression analysis evaluation. PeerJ Computer Science 7 (2021), e623.
[13]
Jiwon Choi, Hayoung Jeoung, Jihun Kim, Youngjoo Ko, Wonup Jung, Hanjun Kim, and Jong Kim. 2018. Detecting and identifying faulty IoT devices in smart home with context extraction. In 48th Annual IEEE/IFIP International Conference on DSN. IEEE, 610--621.
[14]
Shruti Dash and Pallavi Choudekar. 2022. IoT-Based Smart Home Surveillance System. In Applied Information Processing Systems. Springer, 417--427.
[15]
Wenbo Ding, Hongxin Hu, and Long Cheng. 2021. IoTSafe: Enforcing Safety and Security Policy withReal IoT Physical Interaction Discovery. In Network and Distributed System Security Symposium.
[16]
Thilina Dissanayake, Takuya Maekawa, Daichi Amagata, and Takahiro Hara. 2018. Detecting door events using a smartphone via active sound sensing. ACM IMWUT 2, 4 (2018), 1--26.
[17]
Yutao Dong, Qing Li, Kaidong Wu, Ruoyu Li, Dan Zhao, Gareth Tyson, Junkun Peng, Yong Jiang, Shutao Xia, and Mingwei Xu. 2023. {HorusEye}: A Realtime {IoT} Malicious Traffic Detection Framework using Programmable Switches. In 32nd USENIX Security Symposium (USENIX Security 23). 571--588.
[18]
Nancy E ElHady, Stephan Jonas, Julien Provost, and Veit Senner. 2020. Sensor failure detection in ambient assisted living using association rule mining. Sensors 20, 23 (2020), 6760.
[19]
Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In IEEE symposium on S&P. IEEE, 636--654.
[20]
Chenglong Fu, Qiang Zeng, and Xiaojiang Du. 2021. HAWatcher: Semanticsaware anomaly detection for appified smart homes. In 30th USENIX Security Symposium. 4223--4240.
[21]
Saurabh Ganeriwal, Laura K Balzano, and Mani B Srivastava. 2008. Reputationbased framework for high integrity sensor networks. ACM TOSN 4, 3 (2008), 1--37.
[22]
Aniketh Girish, Tianrui Hu, Vijay Prakash, Daniel J Dubois, Srdjan Matic, Danny Yuxing Huang, Serge Egelman, Joel Reardon, Juan Tapiador, David Choffnes, et al. 2023. In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes. In ACM IMC. 437--456.
[23]
Liangyi Gong, Yiyang Zhao, Chaocan Xiang, Zhenhua Li, Chen Qian, and Panlong Yang. 2018. Robust light-weight magnetic-based door event detection with smartphones. IEEE Transactions on Mobile Computing 18, 11 (2018), 2631--2646.
[24]
Grant Hernandez, Orlando Arias, Daniel Buentello, and Yier Jin. 2014. Smart nest thermostat: A smart spy in your home. Black Hat USA 2015 (2014).
[25]
Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity internet of things devices. In ACM ASIACCS. 461--472.
[26]
Mahdi Jafari and Jafar Roshanian. 2013. Inertial navigation accuracy increasing using redundant sensors. Journal of Science and Engineering 1, 1 (2013), 55--66.
[27]
Lee Han Keat and Chuah Chai Wen. 2018. Smart indoor home surveillance monitoring system using Raspberry Pi. JOIV 2, 4--2 (2018), 299--308.
[28]
Palanivel A Kodeswaran, Ravi Kokku, Sayandeep Sen, and Mudhakar Srivatsa. 2016. Idea: A system for efficient failure management in smart IoT environments. In ACM MobiSys. 43--56.
[29]
Diana Kornbrot. 2014. Point biserial correlation. Wiley StatsRef: Statistics Reference Online (2014).
[30]
Ludmila I Kuncheva. 2014. Combining pattern classifiers: methods and algorithms. John Wiley & Sons. 123 pages.
[31]
Mo Li, Yunhao Liu, and Lei Chen. 2008. Nonthreshold-based event detection for 3D environment monitoring in sensor networks. IEEE Transactions on Knowledge and Data Engineering 20, 12 (2008), 1699--1711.
[32]
Michael A Mahler, Qinghua Li, and Ang Li. 2017. SecureHouse: A home security system based on smartphone sensors. In PerCom. IEEE, 11--20.
[33]
N Malarvizhi, Arun Kumar Dash, V Manikanta, and Athreayasa Kalyan. 2022. AIBased Tracking System from Real-Time CCTV Captures. In Artificial Intelligence and Sustainable Computing. Springer, 739--747.
[34]
Madhumita Mallick, Archan Misra, Niloy Ganguly, and Youngki Lee. 2020. DETECTIF: Unified detection & correction of IoT faults in smart homes. InWoWMoM. IEEE, 78--87.
[35]
MHammad Mazhar, Li Li, Endadul Hoque, and Omar Chowdhury. 2023. Maverick: An app-independent and platform-agnostic approach to enforce policies in IoT systems at runtime. In ACM WiSec. 73--84.
[36]
Thien Duc Nguyen, Samuel Marchal, Markus Miettinen, Hossein Fereidooni, N Asokan, and Ahmad-Reza Sadeghi. 2019. DÏoT: A federated self-learning anomaly detection system for IoT. In IEEE ICDCS. 756--767.
[37]
Muslum Ozgur Ozmen, Ruoyu Song, Habiba Farrukh, and Z Berkay Celik. 2023. Evasion attacks and defenses on smart home physical event verification. In NDSS 2023. NDSS.
[38]
K Pearson. 1895. Notes on regression and inheritance in the case of two parents proceedings of the royal society of London, Vol. 58., 240--242 pages.
[39]
Abhay Kumar Ray and Ashish Bagwari. 2020. IoT based Smart home: Security Aspects and security architecture. In IEEE CSNT. IEEE, 218--222.
[40]
Phillip Rieger, Marco Chilese, Reham Mohamed, Markus Miettinen, Hossein Fereidooni, and Ahmad-Reza Sadeghi. 2023. ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks. In USENIX Security. 4301--4318.
[41]
Murray Rosenblatt. 1956. Remarks on some nonparametric estimates of a density function. The annals of mathematical statistics (1956), 832--837.
[42]
Álvaro San-Salvador and Álvaro Herrero. 2012. Contacting the devices: a review of communication protocols. In Ambient Intelligence-Software and Applications: 3rd International Symposium on Ambient Intelligence (ISAmI 2012). Springer, 3--10.
[43]
Rahul Anand Sharma, Elahe Soltanaghaei, Anthony Rowe, and Vyas Sekar. 2022. Lumos: Identifying and Localizing Diverse Hidden {IoT} Devices in an Unfamiliar Environment. In 31st USENIX Security Symposium. 1095--1112.
[44]
V.K. Shen, D.W. Siderius, W.P. Krekelberg, and H.W. Hatch. 2019. Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. Technical Report. National Institute of Standards and Technology.
[45]
Md Wasiuddin Pathan Shuvo, Md Nazmul Hoq, Suryadipta Majumdar, and Paria Shirani. 2023. On Reducing Underutilization of Security Standards by Deriving Actionable Rules: An Application to IoT. In International Conference on Research in Security Standardisation. Springer, 103--128.
[46]
Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A Selcuk Uluagac. 2019. Aegis: A context-aware security framework for smart home systems. In ACSAC. 28--41.
[47]
Amit Kumar Sikder, Leonardo Babun, and A Selcuk Uluagac. 2021. Aegis a context-aware platform-independent security framework for smart home systems. Digital Threats: Research and Practice 2, 1 (2021), 1--33.
[48]
Vijay Sivaraman, Dominic Chan, Dylan Earl, and Roksana Boreli. 2016. Smartphones attacking smart-homes. In ACM WiSec. 195--200.
[49]
Tanin Sultana and Khan AWahid. 2019. IoT-Guard: Event-driven fog-based video surveillance system for real-time security management. IEEE Access 7 (2019), 134881 -- 134894.
[50]
Thomas George Thuruthel, Josie Hughes, Antonia Georgopoulou, Frank Clemens, and Fumiya Iida. 2021. Using redundant and disjoint time-variant soft robotic sensors for accurate static state estimation. IEEE Robotics and Automation Letters 6, 2 (2021).
[51]
Lingshan Xu, Xianghan Zheng, Wenzhong Guo, and Guolong Chen. 2012. A Cloud-based monitoring framework for Smart Home. In 4th IEEE CloudCom. IEEE, 805--810.
[52]
Wenwei Xue, Qiong Luo, Lei Chen, and Yunhao Liu. 2006. Contour map matching for event detection in sensor networks. In ACM SIGMOD. 145--156.
[53]
Wenwei Xue, Qiong Luo, and Hejun Wu. 2012. Pattern-based event detection in sensor networks. Distributed and Parallel Databases 30, 1 (2012), 27--62.
[54]
Rozhin Yasaei, Felix Hernandez, and Mohammad Abdullah Al Faruque. 2020. IoT-CAD: Context-aware adaptive anomaly detection in IoT systems through sensor association. In ICCAD. 1--9.
[55]
Juan Ye, Graeme Stevenson, and Simon Dobson. 2015. Fault detection for binary sensors in smart home environments. In PerCom. IEEE, 20--28.
[56]
Xiaojing Ye and Junwei Huang. 2011. A framework for cloud-based smart home. In ICCSNT, Vol. 2. IEEE, 894--897.
[57]
Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, and Haojin Zhu. 2018. HoMonit: Monitoring smart home apps from encrypted traffic. In ACM CCS. 1074--1088.
Index Terms
- On Continuously Verifying Device-level Functional Integrity by Monitoring Correlated Smart Home Devices
Recommendations
Home IoT device management blockchain platform using smart contracts and a countermeasure against 51% attacks
APIT '22: Proceedings of the 2022 4th Asia Pacific Information Technology ConferenceOne of the important problems in Home IoT is security. Attempts to solve the security problem of Home IoT using blockchain have continued. Blockchain is evaluated as a good system for verifying the integrity of data in Home IoT. However, when using a ...
On the Security of Smart Home Systems: A Survey
AbstractAmong the plethora of IoT (Internet of Things) applications, the smart home is one of the fastest-growing. However, the rapid development of the smart home has also made smart home systems a target for attackers. Recently, researchers have made ...
Authenticating Smart Home Devices via Home Limited Channels
Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2024
312 pages
ISBN:9798400705823
DOI:10.1145/3643833
- General Chairs:
- Yongdae Kim,
- Jong Kim,
- Program Chairs:
- Farinaz Koushanfar,
- Kasper Rasmussen
Copyright © 2024 ACM.
Publication rights licensed to ACM. ACM acknowledges that this contribution was co-authored by an affiliate of the Crown in Right of Canada. As such, the Crown in Right of Canada retains an equal interest in the copyright. Reprint requests should be forwarded to ACM, and reprints must include clear attribution to ACM and Crown in Right of Canada.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
WiSec '24: 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 27 - 29, 2024
Seoul, Republic of Korea
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 99Total Downloads
- Downloads (Last 12 months)99
- Downloads (Last 6 weeks)8
Reflects downloads up to 07 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in