LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication Buses

Enterprise Internet of Things (E-IoT) systems allow users to control audio, video, scheduled events, lightning fixtures, door access, and relays in complex smart installations. These systems are widely used in government or smart private offices, smart buildings/homes, conference rooms, schools, hotels, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems and components has not been researched in the literature. To address this research gap, we focus on E-IoT communication buses, one of the core components used to connect E-IoT devices, and introduce LightningStrike attacks that demonstrate several weaknesses with E-IoT proprietary communication protocols used in E-IoT communication buses. Specifically, we show that popular E-IoT proprietary communication protocols are susceptible to Denial-of-Service (DoS), eavesdropping, impersonation, and replay attacks. As such threats cannot be mitigated through traditional defense mechanisms due to the limitations posed by E-IoT, we propose LGuard, a defense system to protect E-IoT systems against the attacks over communication buses. LGuard uses closed-circuit television footage and computer vision techniques to detect replay attacks. For impersonation and DoS attacks, LGuard utilizes traffic analysis. Finally, LGuard obfuscates the E-IoT traffic via inserting redundant traffic to the bus against eavesdropping attacks. We evaluated the performance of LGuard in a realistic E-IoT deployment, and our detailed evaluations show that LGuard achieves an overall accuracy and precision of 99% in detecting DoS, impersonation, and replay attacks while effectively increasing the difficulty of extracting valuable information for eavesdroppers. In addition, LGuard does not incur any operational overhead or modification to the existing E-IoT system.