Abstract
The goal of this paper is to research and review through experimental testing the security of home automation devices. The methodology includes analysis and review of these home automation devices through traffic capture, device scanning, and wireless analysis. The devices that will be tested are the Amazon Echo, Osram Smart Lights, and TPLink power switch. We present a classification model to analyze the relation between potential risk and realized risk through potential vulnerabilities in these varying home automation devices. Possible security flaws that might be found include default configurations, easy to crack passwords, unencrypted traffic, responses to forged traffic, and full control of the device without any authentication. We also perform a review of their privacy exposure and outline the security vectors used to attack IoT devices, as well as the most recent malwares in control of over a million IoT devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gartner Says 8.4 Billion Connected. http://www.gartner.com/newsroom/id/3598917
Romkey, J.: Toast of the IoT: the 1990 interop internet toaster. IEEE Consum. Electron. Mag. 6(1), 116–119 (2017)
Liu, J., Xiao, Y., Chen, C.L.P.: Authentication and access control in the Internet of Things. In: IEEE 32nd International Conference on Distributed Computing Systems Workshops. June 2012
Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the IPbased Internet of Things (2017)
Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the Internet of Things. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (2012)
Mohd, B.J., Hayajneh, T., Vasilakos, A.V.: A survey on lightweight block ciphers for low-resource devices: comparative study and open issues. J. Netw. Comput. App. 58, 73–93 (2015)
Lee, J.Y., Lin, W.C., Huang, Y.H.: A lightweight authentication protocol for Internet of Things. In: 2014 International Symposium on NextGeneration Electronics (ISNE) (2014)
Yao, X., Chen, Z., Tian, Y.: A lightweight attribute-based encryption scheme for the Internet of Things. Future Gener. Comput. Syst. 49, 104–112 (2015)
Ukil, A., Bandyopadhyay, S., Pal, A.: IoTPrivacy: to be private or not to be private. In: 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (2014)
Britton, K.E., Britton-Colonnese, J.D.: Privacy and security issues surrounding the protection of data generated by continuous glucose monitors. J. Diabetes Sci. Technol. 11(2), 216–219 (2017)
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: a novel honeypot for revealing current IoT threats. J. Inf. Process. 24(3), 522–533 (2016)
Min, B., Varadharajan, V.: Design and evaluation of feature distributed malware attacks against the Internet of Things (IoT). In: 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS) (2015)
Bhide, V.H., Wagh, S.: ilearning IoT: an intelligent self learning system for home automation using IoT. In: 2015 International Conference on Communications and Signal Processing (ICCSP) (2015)
Islam, S.H., Arijit, K., Biswas, G., Bhuiyan, M.Z.A., Vijayakumar, P., Karuppiah, M.: Provably secure identity-based signcryption scheme for crowdsourced industrial Internet of Things environments. IEEE IoT J. (2017)
Alali, M., Almogren, A., Bhuiyan, M.Z.A.: Improving risk assessment model of cyber security using fuzzy logic inference system. Comput. Secur. (2017)
Luo, E., Bhuiyan, M.Z.A., Wang, G., Rahman, M., Wu, J., Atiquzzaman, M.: PrivacyProtector: privacyprotected patient data collection in IoT-based healthcare systems. IEEE Commun. Mag. (COMMAG) (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Capellupo, M., Liranzo, J., Bhuiyan, M.Z.A., Hayajneh, T., Wang, G. (2017). Security and Attack Vector Analysis of IoT Devices. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_54
Download citation
DOI: https://doi.org/10.1007/978-3-319-72395-2_54
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72394-5
Online ISBN: 978-3-319-72395-2
eBook Packages: Computer ScienceComputer Science (R0)