Smart Locks: Lessons for Securing Commodity Internet of Things Devices

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI:10.1145/2897845.2897886

Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, D. Song, D. Wagner

{"title":"Smart Locks: Lessons for Securing Commodity Internet of Things Devices","authors":"Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, D. Song, D. Wagner","doi":"10.1145/2897845.2897886","DOIUrl":null,"url":null,"abstract":"We examine the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers. We present two categories of attacks against smart locks and analyze the security of five commercially-available locks with respect to these attacks. Our security analysis reveals that flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access. To guide future development of smart locks and similar Internet of Things devices, we propose several defenses that mitigate the attacks we present. One of these defenses is a novel approach to securely and usably communicate a user's intended actions to smart locks, which we prototype and evaluate. Ultimately, our work takes a first step towards illuminating security challenges in the system design and novel functionality introduced by emerging IoT systems.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"239","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2897845.2897886","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 239

Abstract

We examine the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers. We present two categories of attacks against smart locks and analyze the security of five commercially-available locks with respect to these attacks. Our security analysis reveals that flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access. To guide future development of smart locks and similar Internet of Things devices, we propose several defenses that mitigate the attacks we present. One of these defenses is a novel approach to securely and usably communicate a user's intended actions to smart locks, which we prototype and evaluate. Ultimately, our work takes a first step towards illuminating security challenges in the system design and novel functionality introduced by emerging IoT systems.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

智能锁:保护商品物联网设备的经验教训

我们研究了家庭智能锁的安全性:一种网络物理设备，它用可以通过移动设备或锁制造商的远程服务器进行电子控制的门栓取代了传统的门锁。我们提出了针对智能锁的两类攻击，并针对这些攻击分析了五种商用锁的安全性。我们的安全分析显示，现有锁的设计、实现和交互模型中的缺陷可以被几类攻击者利用，使他们能够了解用户的私人信息并获得未经授权的家庭访问。为了指导智能锁和类似物联网设备的未来发展，我们提出了几种防御措施来减轻我们提出的攻击。其中一种防御是一种新颖的方法，可以安全有效地将用户的预期动作传达给智能锁，我们对智能锁进行了原型化和评估。最终，我们的工作为阐明系统设计中的安全挑战和新兴物联网系统引入的新功能迈出了第一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

自引率

0.00%

发文量