{"title":"Security Analysis of Device Binding for IP-based IoT Devices","authors":"Jiongyi Chen, Menghan Sun, Kehuan Zhang","doi":"10.1109/PERCOMW.2019.8730580","DOIUrl":null,"url":null,"abstract":"As one of the fastest growing technologies today, the Internet of Things has profoundly changed the ways people interact with the physical world. With a mobile application on a smartphone, a user can conveniently control an IoT device and acquire the sensor data of the external environment. To enable such convenience, a critical step is to bind the user's smartphone with the IoT device and then establish a secure communication channel between them. Although various techniques have already been adopted, however, little has been done so far to systematically evaluate the security implications of those binding mechanisms in IoT. In this paper, we report the first systematic study on device binding mechanisms of IoT, in an attempt to understand the security implications. For this purpose, we defined a practical adversary model and systematically investigated 24 popular IoT products on the consumer market. Our investigation reveals the fact that IoT developers often mistrust the environment and do not follow best practices in device binding. As a result, we were able to launch several types of real-world attacks against the device binding process. Our research brings the insecure designs of device binding to the spotlight and shows that the threat to IoT device binding is realistic and serious.","PeriodicalId":437017,"journal":{"name":"2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PERCOMW.2019.8730580","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
As one of the fastest growing technologies today, the Internet of Things has profoundly changed the ways people interact with the physical world. With a mobile application on a smartphone, a user can conveniently control an IoT device and acquire the sensor data of the external environment. To enable such convenience, a critical step is to bind the user's smartphone with the IoT device and then establish a secure communication channel between them. Although various techniques have already been adopted, however, little has been done so far to systematically evaluate the security implications of those binding mechanisms in IoT. In this paper, we report the first systematic study on device binding mechanisms of IoT, in an attempt to understand the security implications. For this purpose, we defined a practical adversary model and systematically investigated 24 popular IoT products on the consumer market. Our investigation reveals the fact that IoT developers often mistrust the environment and do not follow best practices in device binding. As a result, we were able to launch several types of real-world attacks against the device binding process. Our research brings the insecure designs of device binding to the spotlight and shows that the threat to IoT device binding is realistic and serious.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
