International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Cybersecurity Threats and Countermeasures of the Smart Home Ecosystem

  • Darem, Abdulbasit (Department of Computer Science, Northern Border University) ;
  • Alhashmi, Asma A. (Department of Computer Science, Northern Border University) ;
  • Jemal, H.A. (Cybersecurity Research and Innovation Centre, Deakin University)
  • Received : 2022.03.05
  • Published : 2022.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

The tremendous growth of the Internet of things is unbelievable. Many IoT devices have emerged on the market over the last decade. This has made our everyday life easier inside our homes. The technology used at home has changed significantly over the past several decades, leading to what is known today as the smart home. However, this growth has also brought new challenges to our home security and privacy. With the smart home becoming more mainstream, cybersecurity issues have become a fundamental concern. The smart home is an environment where heterogeneous devices and appliances are interconnected through the Internet of Things (IoT) to provide smart services to residents. These services include home climate control, energy management, video on demand, music on-demand, remote healthcare, remote control, and other similar services in a ubiquitous manner. Smart home devices can be controlled via the Internet using smartphones. However, connecting smart home appliances to wireless networks and the Internet makes individuals vulnerable to malicious attacks. Remote access within the same environment or over the Internet requires an effective access control mechanism. This paper intends to shed light on how smart home devices are working as well as the type of security and privacy threats of the smart home. It also illustrated the types of authentication methods that can be used with smart home devices. In addition, a comparison of Smart home IoT-based security protocols was presented along with a security countermeasure that can be used in a smart home environment. Finally, a few open problems were mentioned as future research directions for researchers.

Keywords

Acknowledgement

The authors gratefully acknowledge the approval and the support of this research study by grant no. SAT-2018-3-9-F-7828 from the Deanship of Scientific Research at Northern Border University, Arar, K.S.A.

References

  1. Y., X. Dong, Sun, and W. Chang, "Influence of characteristics of the Internet of Things on consumer purchase intention", Social Behavior and Personality: an international journal, vol. 42, no. 2, pp. 321-330, 2014 https://doi.org/10.2224/sbp.2014.42.2.321
  2. M. Noack, "Optimization of Two-Way Authentication Protocol in Internet of Things", 2014.
  3. Pardeep Kumar, An Braeken, Andrei Gurtov, Jari Iinatti, and Phuong Hoai Ha, Anonymous Secure Framework in Connected Smart Home Environments, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 12, NO. 4, APRIL 2017
  4. Bogdan-Cosmin Chifora Ion Bica, Victor-Valeriu Patriciua, Florin Pop, A security authorization scheme for smart home Internet of Things devices, Future Generation Computer Systems, Volume 86, September 2018, Pages 740-749 https://doi.org/10.1016/j.future.2017.05.048
  5. Tao, M.; Ota, K.; Dong, M. Ontology-based data semantic management and application in IoT- and cloud-enabled smart homes. Future Gener. Comput. Syst. 2017, 76, 528-539. https://doi.org/10.1016/j.future.2016.11.012
  6. Qu, C.; Tao, M.; Yuan, R. A Hypergraph-Based Blockchain Model and Application in Internet of Things-Enabled Smart Homes. Sensors 2018, 18, 2784. https://doi.org/10.3390/s18092784
  7. Bertino, E. Data security and privacy in the IoT. In Proceedings of the 19th International Conference on Extending Database Technology, Bordeaux, France, 15-18 March 2016; pp. 1-3.
  8. Ala Al-Fuqaha ; Mohsen Guizani ; Mehdi Mohammadi ; Mohammed Aledhari ; Moussa Ayyash, Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications, IEEE Communications Surveys & Tutorials, 2015, Volume: 17 , Issue: 4, 2347 - 2376. https://doi.org/10.1109/COMST.2015.2444095
  9. Mussab Alaa, A.A. Zaidan, B.B. Zaidan, Mohammed Talal, and M.L.M. Kiah, A review of smart home applications based on Internet of Things, Journal of Network and Computer Applications, Volume 97, 1 November 2017, Pages 48-65. https://doi.org/10.1016/j.jnca.2017.08.017
  10. Barnana Baruah, Subhasish Dhal, A two-factor authentication scheme against FDM attack in IFTTT based Smart Home System, Computers & Security, Volume 77, August 2018, Pages 21-35 https://doi.org/10.1016/j.cose.2018.03.004
  11. Kuen-Min Lee ; Wei-Guang Teng ; Ting-Wei Hou, Point-n-Press: An Intelligent Universal Remote Control System for Home Appliances, IEEE Transactions on Automation Science and Engineering, July 2016, ( Volume: 13 , Issue: 3, Page(s): 1308 - 1317. https://doi.org/10.1109/TASE.2016.2539381
  12. Fernandes, Rahmati, Jung, & Prakash Fernandes E, Rahmati A, Jung J, Prakash A. Decoupled-IFTTT: Constraining privilege in trigger-action platforms forthe internet of things, 2017, arXiv:1707.00405 [cs.CR].
  13. Min, and Varadharajan, B. Min, V. Varadharajan, Design and analysis of a new feature-distributed malware, Proceedings of the IEEE thirteenth international conference on trust, security and privacy in computing and communications (2014), pp. 457-464.
  14. K. Bhargavan, A.D. Lavaud, C. Fournet, A. Pironti, P.Y. Strub, Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS Proceedings of the IEEE symposium on security and privacy (2014), pp. 98-113
  15. J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in: 2007 IEEE Symposium on Security and Privacy (SP'07), IEEE, 2007, pp. 321-334.
  16. F. Stajano, Pico: No more passwords!, in: International Workshop on Security Protocols, Springer, 2011, pp. 49-81.
  17. Yeh, H.L., Chen, T.H., Liu, P.C., Kim, T.H., Wei, H.W., 2011. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.Sensors 11 (5), 4767-4779. https://doi.org/10.3390/s110504767
  18. Z. Shelby, K. Hartke, and C. Bormann, The constrained application protocol (CoAP), 2014, https://tools.ietf.org/html/rfc7252.
  19. M. Sethi, E. Oat, M. Di Francesco, T. Aura, Secure bootstrapping of cloudmanaged ubiquitous displays, in: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, in: UbiComp'14, ACM, New York, NY, USA, 2014, pp. 739-750.
  20. M. Yoon, J. Baek, A study on framework for developing secure IoT service, in: Advances in Computer Science and Ubiquitous Computing, Springer, 2015, pp. 289-294.
  21. L. Barreto, A. Celesti, M. Villari, M. Fazio, A. Puliafito, An authentication model for IoT clouds, in: Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, ACM, 2015, pp. 1032-1035.
  22. H. Tschofenig, Fixing user authentication for the internet of things (IoT), Datenschutz und Datensicherheit-DuD 40 (4) (2016) 222-224. https://doi.org/10.1007/s11623-016-0582-1
  23. A.F.A. Rahman, M. Daud, M.Z. Mohamad, Securing sensor to cloud ecosystem using internet of things (IoT) security framework, in: Proceedings of the International Conference on Internet of Things and Cloud Computing, ACM, 2016, p. 79.
  24. T. Abera, N. Asokan, L. Davi, F. Koushanfar, A. Paverd, A.-R. Sadeghi, G. Tsudik, Invited-things, trouble, trust: on building trust in IoT systems, in: Proceedings of the 53rd Annual Design Automation Conference, ACM, 2016, p. 121.
  25. G. Alpar, L. Batina, L. Batten, V. Moonsamy, A. Krasnova, A. Guellier, I. Natgunanathan, New directions in IoT privacy using attribute-based authentication, in: Proceedings of the ACM International Conference on Computing Frontiers, ACM, 2016, pp. 461-466
  26. Amin, R., Biswas, G.P., 2016. A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad HocNetw. 36, 58-80.
  27. Das, A.K., Sutrala, A.K., Kumari, S., Odelu, V., Wazid, M., Li, X., 2016. An efficientmulti-gateway-based three-factor user authentication and key agreementscheme in hierarchical wireless sensor networks. Secur. Commun. Networks 9(13), 2070-2092. https://doi.org/10.1002/sec.1464
  28. Chifor, B.C., Bica, I., Patriciu, V.V. and Pop, F., 2018. A security authorization scheme for smart home Internet of Things devices. Future Generation Computer Systems, 86, pp.740-749. https://doi.org/10.1016/j.future.2017.05.048
  29. Mishra, D., Vijayakumar, P., Sureshkumar, V., Amin, R., Islam, SK.H., Gope, P., 2018.Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks. Multimedia Tools Appl.77(14),18295-18325. https://doi.org/10.1007/s11042-017-5376-4
  30. Wu, F., Li, X., Sangaiah, A.K., Xu, L., Kumari, S., Wu, L., Shen, J., 2018. A lightweightand robust two-factor authentication scheme for personalized healthcaresystems using wireless medical sensor networks. Future Generat. Comp. Syst.82, 727-737. https://doi.org/10.1016/j.future.2017.08.042
  31. Kazmi, S., Javaid, N., Mughal, M.J., Akbar, M., Ahmed, S.H., Alrajeh, N., 2019. Toward the optimization of metaheuristic algorithms for IoT-enabled smart homestargeting balanced demand and supply of energy. IEEE Access 7, 24267-24281. https://doi.org/10.1109/access.2017.2763624
  32. Shin, S., Kwon, T., 2019. A lightweight three-factor authentication and keyagreement scheme in wireless sensor networks for smart homes. Sensors 19(9), 2012-2036. https://doi.org/10.3390/s19092012
  33. Shidik, G., Kusuma, E., Nuraisha, S., Andono, P., 2019. Heuristic vs. Meta heuristic method: improvement of spoofed fingerprint identification in IoT devices. Int.Rev. Modell. Simul. (IREMOS) 12 (3), 168-175 https://doi.org/10.15866/iremos.v12i3.17330
  34. Alshahrani, M., Traore, I., 2019. Secure mutual authentication and automated accesscontrol for IoT smart home using cumulative keyed-hash chain. J. Inf. SecurityAppl. 45, 156-175.
  35. Khan, A.A., Kumar, V., Ahmad, M., 2019. An elliptic curve cryptography basedmutual authentication scheme for smart grid communications using biometricapproach. J. King Saud Univ.-Comp. Inf. Sci., 1-8
  36. Bae, W.I., Kwak, J., 2020. Smart card-based secure authentication protocol in multi-server IoT environment. Multimedia Tools Appl. 79 (23-24), 15793-15811. https://doi.org/10.1007/s11042-017-5548-2
  37. Naresh, V.S., Reddi, S., Murthy, N.V.E.S., 2020. Provable secure lightweight multiple-shared key agreement based on hyper elliptic curve Diffie-Hellman for wirelesssensor networks. Inf. Sec. J.: Global Perspective 29 (1), 1-13 https://doi.org/10.1080/19393555.2019.1708516
  38. Santos-Gonzalez, I., Rivero-Garcia, A., Burmester, M., Munilla, J., Caballero-Gil, P.,2020. Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks. Inf. Syst. 88, 101423-101434 https://doi.org/10.1016/j.is.2019.101423
  39. Shahidinejad, A., Ghobaei-Arani, M., Souri, A., Shojafar, M., Kumari, S., 2021. Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloudenvironment. IEEE Consum. Electron. Mag. 1-1. https://doi.org/10.1109/MCE.2017.2770231
  40. Masud, M., Gaba, G.S., Choudhary, K., Hossain, M.S., Alhamid, M.F., Muhammad, G.,2021. Lightweight and anonymity-preserving user authentication scheme forIoT-based healthcare. IEEE Internet Things J. 1-1.
  41. Silva, D.; Carvalho, L.I.; Soares, J.; Sofia, R.C. A Performance Analysis of Internet of Things Networking Protocols: Evaluating MQTT, CoAP, OPC UA. Appl. Sci. 2021, 11, 4879. https://doi.org/10.3390/app11114879
  42. OASIS. AMQP Advanced Message Queuing Protocol. 2018. Available online: http://www.amqp.org/ (accessed on 20 Dec. 2021).
  43. OMG. DDS Data Distribution Service. Available online: http://portals.omg.org/dds/what-is-dds-3/ (accessed on 20 Dec. 2021).
  44. Hussain et al. "Protocol-aware radio frequency jamming in Wi-Fi and commercial wireless networks." Journal of communications and networks 16.4 (2014): 397-406. https://doi.org/10.1109/JCN.2014.000069
  45. Pettersson, William. "An Evaluation of IoT Protocol Efficiency and suitability: For smart vehicles, smart homes & industrial scenarios." (2021).
  46. Dian, F. John, Amirhossein Yousefi, and Sungjoon Lim. "A practical study on Bluetooth Low Energy (BLE) throughput." 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). IEEE, 2018.
  47. Pettersson, William. "An Evaluation of IoT Protocol Efficiency and suitability: For smart vehicles, smart homes & industrial scenarios." (2021).
  48. Kim, Taehong. "A study of the Z-wave protocol: implementing your own smart home gateway." 2018 3rd International Conference on Computer and Communication Systems (ICCCS). IEEE, 2018.
  49. Leonardi L, Lo Bello L, Battaglia F, Patti G. Comparative Assessment of the LoRaWAN Medium Access Control Protocols for IoT: Does Listen before Talk Perform Better than ALOHA? Electronics. 2020; 9(4):553. https://doi.org/10.3390/electronics9040553
  50. Hoyul Choi, Hyunsoo Kwon, Junbeom Hur, ''A Secure OTP Algorithm Using a Smartphone Application', IEEE Seventh International Conference on Ubiquitous and Future Networks ICUFN Aug - 2015, pp. 476-481.
  51. Kaspersky Report, "Kaspersky IoT cyberattacks report 2021" retrieved from https://www.kaspersky.com/about/press-releases, accessed on 10/12/2021.
  52. Lei et al. "The insecurity of home digital voice assistants-vulnerabilities, attacks, and countermeasures." 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, 2018.
  53. Velsquez, Ignacio, Anglica Caro, and Alfonso Rodrguez. "Authentication schemes and methods." Information and Software Technology 94.C (2018): 30-37. https://doi.org/10.1016/j.infsof.2017.09.012
  54. Pal, Debajyoti, Xiangmin Zhang, and Saeed Siyal. "Prohibitive factors to the acceptance of Internet of Things (IoT) technology in society: A smart-home context using a resistive modelling approach." Technology in Society 66 (2021): 101683. https://doi.org/10.1016/j.techsoc.2021.101683
  55. Kaur, Damandeep, and Devender Kumar. "Cryptanalysis and improvement of a two-factor user authentication scheme for smart home." Journal of Information Security and Applications 58 (2021): 102787. https://doi.org/10.1016/j.jisa.2021.102787
  56. Zou et al. "A Robust Two-Factor User Authentication Scheme-Based ECC for Smart Home in IoT." IEEE Systems Journal (2021).
  57. Yu, Sungjin, Namsu Jho, and Youngho Park. "Lightweight Three-Factor-Based Privacy-Preserving Authentication Scheme for IoT-Enabled Smart Homes." IEEE Access 9 (2021): 126186-126197. https://doi.org/10.1109/ACCESS.2021.3111443
  58. Shin, Sooyeon, and Taekyoung Kwon. "A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes." Sensors 19.9 (2019): 2012. https://doi.org/10.3390/s19092012
  59. Satapathy, Utkalika, et al. "An ECC based lightweight authentication protocol for mobile phone in smart home." IEEE 13th international conference on industrial and information systems (ICIIS). IEEE, 2018.
  60. Liu, Yunqiang, et al. "An efficient privacy protection solution for smart home application platform." 2016 2nd IEEE International Conference on Computer and Communications (ICCC). IEEE, 2016.
  61. Batalla, Jordi Mongay, and Franciszek Gonciarz. "Deployment of smart home management system at the edge: mechanisms and protocols." Neural Computing and Applications 31.5 (2019): 1301-1315. https://doi.org/10.1007/s00521-018-3545-7
  62. Lu, Di, et al. "xTSeH: A trusted platform module sharing scheme towards smart IoT-eHealth devices." IEEE Journal on Selected Areas in Communications 39.2 (2020): 370-383.
  63. Al-Mutawa, Rihab Fahd, and Fathy Albouraey Eassa. "A smart home system based on internet of things." arXiv preprint arXiv:2009.05328 (2020).