Special Session 153: 

Identifying Traffic Vulnerabilities in Smart Home IoT

Xiuzhen Cheng
Shandong University
Peoples Rep of China
Co-Author(s):    
Abstract:
Smart home IoT devices have been more prevalent than ever before but the relevant security considerations fail to keep up with due to device and technology heterogeneity and resource constraints, making IoT systems susceptible to various attacks. In this talk, we discuss a novel mechanism to identify the vulnerabilities in the communication traffics of IoT devices for smart home systems. This approach takes one or more packet capture files as inputs to construct a traffic graph by passing the captured messages, identify the correlated subgraphs by examining the attribute-value pairs associated with each message, and quantify their vulnerabilities based on the sensitivity levels of different keywords. The effectiveness of the approach was validated in a small smart home system that can control a smart bulb LB100 via either the smartphone APP for LB100 or a Google Home speaker. The analysis on 58,714 messages captured within 15 minutes revealed 6 vulnerable correlated subgraphs, based on which 6 attack cases were implemented. These attacks can be easily reproduced by attackers with little knowledge of IoT. This study is interesting as it takes only the collected traffic files as inputs without requiring the knowledge of the device firmware while being able to identify new vulnerabilities. Future research on IoT traffic vulnerabilities will also be discussed.