Authenticating Smart Home Devices via Home Limited Channels

IF 3.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Internet of Things Pub Date : 2020-08-04 DOI:10.1145/3399432
Xiaoyu Ji, Chaohao Li, Xinyan Zhou, Juchuan Zhang, Yanmiao Zhang, Wenyuan Xu
{"title":"Authenticating Smart Home Devices via Home Limited Channels","authors":"Xiaoyu Ji, Chaohao Li, Xinyan Zhou, Juchuan Zhang, Yanmiao Zhang, Wenyuan Xu","doi":"10.1145/3399432","DOIUrl":null,"url":null,"abstract":"Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":"61 1","pages":"1 - 24"},"PeriodicalIF":3.5000,"publicationDate":"2020-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3399432","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 5

Abstract

Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
通过家庭有限渠道认证智能家居设备
如今,智能家居中的物联网设备大多依靠射频信道进行通信,容易受到欺骗、窃听攻击等各种攻击。使用加密密钥的现有方法可能不适用于这些资源受限的设备,因为它们无法承担计算成本高昂的加密操作。因此,在本文中,我们为智能家居中的这些设备设计了一种无钥匙通信方法。特别地,我们引入了家庭限制通道(HLC),它只能在房屋内访问,而外部攻击者无法访问。利用HLCs,我们提出HlcAuth,一种挑战-响应机制,用于验证智能设备之间的通信,无需密钥。hlcath的优点是成本低、重量轻、不需要钥匙,而且不需要人工干预。根据安全性分析,HlcAuth可以击败重放攻击、消息伪造攻击和中间人攻击等。我们进一步在四种不同的物理场景下对HlcAuth进行了评估,结果表明,HlcAuth对内部设备在4.2m内实现了100%的真阳性率(TPR),而对外部攻击者的假阳性率(FPR)为0%,即保证了内部通信的高可用性和安全性。最后,我们在单房间和多房间场景中实现hlcath。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
5.20
自引率
3.70%
发文量
0
期刊最新文献
Introduction to the Special Issue on Wireless Sensing for IoT Special Issue on Wireless Sensing for IoT: A Word from the Editor-in-Chief Resilient Intermediary‐Based Key Exchange Protocol for IoT A Two-Mode, Adaptive Security Framework for Smart Home Security Applications Online learning for dynamic impending collision prediction using FMCW radar
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1