Browse > Article
http://dx.doi.org/10.22937/IJCSNS.2022.22.3.39

Cybersecurity Threats and Countermeasures of the Smart Home Ecosystem  

Darem, Abdulbasit (Department of Computer Science, Northern Border University)
Alhashmi, Asma A. (Department of Computer Science, Northern Border University)
Jemal, H.A. (Cybersecurity Research and Innovation Centre, Deakin University)
Publication Information
International Journal of Computer Science & Network Security / v.22, no.3, 2022 , pp. 303-311 More about this Journal
Abstract
The tremendous growth of the Internet of things is unbelievable. Many IoT devices have emerged on the market over the last decade. This has made our everyday life easier inside our homes. The technology used at home has changed significantly over the past several decades, leading to what is known today as the smart home. However, this growth has also brought new challenges to our home security and privacy. With the smart home becoming more mainstream, cybersecurity issues have become a fundamental concern. The smart home is an environment where heterogeneous devices and appliances are interconnected through the Internet of Things (IoT) to provide smart services to residents. These services include home climate control, energy management, video on demand, music on-demand, remote healthcare, remote control, and other similar services in a ubiquitous manner. Smart home devices can be controlled via the Internet using smartphones. However, connecting smart home appliances to wireless networks and the Internet makes individuals vulnerable to malicious attacks. Remote access within the same environment or over the Internet requires an effective access control mechanism. This paper intends to shed light on how smart home devices are working as well as the type of security and privacy threats of the smart home. It also illustrated the types of authentication methods that can be used with smart home devices. In addition, a comparison of Smart home IoT-based security protocols was presented along with a security countermeasure that can be used in a smart home environment. Finally, a few open problems were mentioned as future research directions for researchers.
Keywords
Smart home; Cybersecurity; Internet of Things (IoT); Security countermeasure; Authentication;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Ala Al-Fuqaha ; Mohsen Guizani ; Mehdi Mohammadi ; Mohammed Aledhari ; Moussa Ayyash, Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications, IEEE Communications Surveys & Tutorials, 2015, Volume: 17 , Issue: 4, 2347 - 2376.   DOI
2 Barnana Baruah, Subhasish Dhal, A two-factor authentication scheme against FDM attack in IFTTT based Smart Home System, Computers & Security, Volume 77, August 2018, Pages 21-35   DOI
3 Kuen-Min Lee ; Wei-Guang Teng ; Ting-Wei Hou, Point-n-Press: An Intelligent Universal Remote Control System for Home Appliances, IEEE Transactions on Automation Science and Engineering, July 2016, ( Volume: 13 , Issue: 3, Page(s): 1308 - 1317.   DOI
4 Min, and Varadharajan, B. Min, V. Varadharajan, Design and analysis of a new feature-distributed malware, Proceedings of the IEEE thirteenth international conference on trust, security and privacy in computing and communications (2014), pp. 457-464.
5 F. Stajano, Pico: No more passwords!, in: International Workshop on Security Protocols, Springer, 2011, pp. 49-81.
6 Yeh, H.L., Chen, T.H., Liu, P.C., Kim, T.H., Wei, H.W., 2011. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.Sensors 11 (5), 4767-4779.   DOI
7 K. Bhargavan, A.D. Lavaud, C. Fournet, A. Pironti, P.Y. Strub, Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS Proceedings of the IEEE symposium on security and privacy (2014), pp. 98-113
8 M. Sethi, E. Oat, M. Di Francesco, T. Aura, Secure bootstrapping of cloudmanaged ubiquitous displays, in: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, in: UbiComp'14, ACM, New York, NY, USA, 2014, pp. 739-750.
9 Zou et al. "A Robust Two-Factor User Authentication Scheme-Based ECC for Smart Home in IoT." IEEE Systems Journal (2021).
10 Z. Shelby, K. Hartke, and C. Bormann, The constrained application protocol (CoAP), 2014, https://tools.ietf.org/html/rfc7252.
11 H. Tschofenig, Fixing user authentication for the internet of things (IoT), Datenschutz und Datensicherheit-DuD 40 (4) (2016) 222-224.   DOI
12 Masud, M., Gaba, G.S., Choudhary, K., Hossain, M.S., Alhamid, M.F., Muhammad, G.,2021. Lightweight and anonymity-preserving user authentication scheme forIoT-based healthcare. IEEE Internet Things J. 1-1.
13 Wu, F., Li, X., Sangaiah, A.K., Xu, L., Kumari, S., Wu, L., Shen, J., 2018. A lightweightand robust two-factor authentication scheme for personalized healthcaresystems using wireless medical sensor networks. Future Generat. Comp. Syst.82, 727-737.   DOI
14 Satapathy, Utkalika, et al. "An ECC based lightweight authentication protocol for mobile phone in smart home." IEEE 13th international conference on industrial and information systems (ICIIS). IEEE, 2018.
15 Lu, Di, et al. "xTSeH: A trusted platform module sharing scheme towards smart IoT-eHealth devices." IEEE Journal on Selected Areas in Communications 39.2 (2020): 370-383.
16 G. Alpar, L. Batina, L. Batten, V. Moonsamy, A. Krasnova, A. Guellier, I. Natgunanathan, New directions in IoT privacy using attribute-based authentication, in: Proceedings of the ACM International Conference on Computing Frontiers, ACM, 2016, pp. 461-466
17 Alshahrani, M., Traore, I., 2019. Secure mutual authentication and automated accesscontrol for IoT smart home using cumulative keyed-hash chain. J. Inf. SecurityAppl. 45, 156-175.
18 Naresh, V.S., Reddi, S., Murthy, N.V.E.S., 2020. Provable secure lightweight multiple-shared key agreement based on hyper elliptic curve Diffie-Hellman for wirelesssensor networks. Inf. Sec. J.: Global Perspective 29 (1), 1-13   DOI
19 Santos-Gonzalez, I., Rivero-Garcia, A., Burmester, M., Munilla, J., Caballero-Gil, P.,2020. Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks. Inf. Syst. 88, 101423-101434   DOI
20 Das, A.K., Sutrala, A.K., Kumari, S., Odelu, V., Wazid, M., Li, X., 2016. An efficientmulti-gateway-based three-factor user authentication and key agreementscheme in hierarchical wireless sensor networks. Secur. Commun. Networks 9(13), 2070-2092.   DOI
21 Chifor, B.C., Bica, I., Patriciu, V.V. and Pop, F., 2018. A security authorization scheme for smart home Internet of Things devices. Future Generation Computer Systems, 86, pp.740-749.   DOI
22 Mishra, D., Vijayakumar, P., Sureshkumar, V., Amin, R., Islam, SK.H., Gope, P., 2018.Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks. Multimedia Tools Appl.77(14),18295-18325.   DOI
23 Kazmi, S., Javaid, N., Mughal, M.J., Akbar, M., Ahmed, S.H., Alrajeh, N., 2019. Toward the optimization of metaheuristic algorithms for IoT-enabled smart homestargeting balanced demand and supply of energy. IEEE Access 7, 24267-24281.   DOI
24 Shidik, G., Kusuma, E., Nuraisha, S., Andono, P., 2019. Heuristic vs. Meta heuristic method: improvement of spoofed fingerprint identification in IoT devices. Int.Rev. Modell. Simul. (IREMOS) 12 (3), 168-175   DOI
25 Bae, W.I., Kwak, J., 2020. Smart card-based secure authentication protocol in multi-server IoT environment. Multimedia Tools Appl. 79 (23-24), 15793-15811.   DOI
26 OASIS. AMQP Advanced Message Queuing Protocol. 2018. Available online: http://www.amqp.org/ (accessed on 20 Dec. 2021).
27 OMG. DDS Data Distribution Service. Available online: http://portals.omg.org/dds/what-is-dds-3/ (accessed on 20 Dec. 2021).
28 Velsquez, Ignacio, Anglica Caro, and Alfonso Rodrguez. "Authentication schemes and methods." Information and Software Technology 94.C (2018): 30-37.   DOI
29 Khan, A.A., Kumar, V., Ahmad, M., 2019. An elliptic curve cryptography basedmutual authentication scheme for smart grid communications using biometricapproach. J. King Saud Univ.-Comp. Inf. Sci., 1-8
30 J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in: 2007 IEEE Symposium on Security and Privacy (SP'07), IEEE, 2007, pp. 321-334.
31 Hussain et al. "Protocol-aware radio frequency jamming in Wi-Fi and commercial wireless networks." Journal of communications and networks 16.4 (2014): 397-406.   DOI
32 Dian, F. John, Amirhossein Yousefi, and Sungjoon Lim. "A practical study on Bluetooth Low Energy (BLE) throughput." 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). IEEE, 2018.
33 Pettersson, William. "An Evaluation of IoT Protocol Efficiency and suitability: For smart vehicles, smart homes & industrial scenarios." (2021).
34 Silva, D.; Carvalho, L.I.; Soares, J.; Sofia, R.C. A Performance Analysis of Internet of Things Networking Protocols: Evaluating MQTT, CoAP, OPC UA. Appl. Sci. 2021, 11, 4879. https://doi.org/10.3390/app11114879   DOI
35 Qu, C.; Tao, M.; Yuan, R. A Hypergraph-Based Blockchain Model and Application in Internet of Things-Enabled Smart Homes. Sensors 2018, 18, 2784.   DOI
36 Y., X. Dong, Sun, and W. Chang, "Influence of characteristics of the Internet of Things on consumer purchase intention", Social Behavior and Personality: an international journal, vol. 42, no. 2, pp. 321-330, 2014   DOI
37 Pardeep Kumar, An Braeken, Andrei Gurtov, Jari Iinatti, and Phuong Hoai Ha, Anonymous Secure Framework in Connected Smart Home Environments, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 12, NO. 4, APRIL 2017
38 Bogdan-Cosmin Chifora Ion Bica, Victor-Valeriu Patriciua, Florin Pop, A security authorization scheme for smart home Internet of Things devices, Future Generation Computer Systems, Volume 86, September 2018, Pages 740-749   DOI
39 Mussab Alaa, A.A. Zaidan, B.B. Zaidan, Mohammed Talal, and M.L.M. Kiah, A review of smart home applications based on Internet of Things, Journal of Network and Computer Applications, Volume 97, 1 November 2017, Pages 48-65.   DOI
40 Pettersson, William. "An Evaluation of IoT Protocol Efficiency and suitability: For smart vehicles, smart homes & industrial scenarios." (2021).
41 Fernandes, Rahmati, Jung, & Prakash Fernandes E, Rahmati A, Jung J, Prakash A. Decoupled-IFTTT: Constraining privilege in trigger-action platforms forthe internet of things, 2017, arXiv:1707.00405 [cs.CR].
42 Leonardi L, Lo Bello L, Battaglia F, Patti G. Comparative Assessment of the LoRaWAN Medium Access Control Protocols for IoT: Does Listen before Talk Perform Better than ALOHA? Electronics. 2020; 9(4):553. https://doi.org/10.3390/electronics9040553   DOI
43 Tao, M.; Ota, K.; Dong, M. Ontology-based data semantic management and application in IoT- and cloud-enabled smart homes. Future Gener. Comput. Syst. 2017, 76, 528-539.   DOI
44 M. Yoon, J. Baek, A study on framework for developing secure IoT service, in: Advances in Computer Science and Ubiquitous Computing, Springer, 2015, pp. 289-294.
45 L. Barreto, A. Celesti, M. Villari, M. Fazio, A. Puliafito, An authentication model for IoT clouds, in: Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, ACM, 2015, pp. 1032-1035.
46 Liu, Yunqiang, et al. "An efficient privacy protection solution for smart home application platform." 2016 2nd IEEE International Conference on Computer and Communications (ICCC). IEEE, 2016.
47 Shin, S., Kwon, T., 2019. A lightweight three-factor authentication and keyagreement scheme in wireless sensor networks for smart homes. Sensors 19(9), 2012-2036.   DOI
48 M. Noack, "Optimization of Two-Way Authentication Protocol in Internet of Things", 2014.
49 Kim, Taehong. "A study of the Z-wave protocol: implementing your own smart home gateway." 2018 3rd International Conference on Computer and Communication Systems (ICCCS). IEEE, 2018.
50 A.F.A. Rahman, M. Daud, M.Z. Mohamad, Securing sensor to cloud ecosystem using internet of things (IoT) security framework, in: Proceedings of the International Conference on Internet of Things and Cloud Computing, ACM, 2016, p. 79.
51 Kaspersky Report, "Kaspersky IoT cyberattacks report 2021" retrieved from https://www.kaspersky.com/about/press-releases, accessed on 10/12/2021.
52 Lei et al. "The insecurity of home digital voice assistants-vulnerabilities, attacks, and countermeasures." 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, 2018.
53 Pal, Debajyoti, Xiangmin Zhang, and Saeed Siyal. "Prohibitive factors to the acceptance of Internet of Things (IoT) technology in society: A smart-home context using a resistive modelling approach." Technology in Society 66 (2021): 101683.   DOI
54 Kaur, Damandeep, and Devender Kumar. "Cryptanalysis and improvement of a two-factor user authentication scheme for smart home." Journal of Information Security and Applications 58 (2021): 102787.   DOI
55 Al-Mutawa, Rihab Fahd, and Fathy Albouraey Eassa. "A smart home system based on internet of things." arXiv preprint arXiv:2009.05328 (2020).
56 Yu, Sungjin, Namsu Jho, and Youngho Park. "Lightweight Three-Factor-Based Privacy-Preserving Authentication Scheme for IoT-Enabled Smart Homes." IEEE Access 9 (2021): 126186-126197.   DOI
57 Shin, Sooyeon, and Taekyoung Kwon. "A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes." Sensors 19.9 (2019): 2012.   DOI
58 Batalla, Jordi Mongay, and Franciszek Gonciarz. "Deployment of smart home management system at the edge: mechanisms and protocols." Neural Computing and Applications 31.5 (2019): 1301-1315.   DOI
59 Bertino, E. Data security and privacy in the IoT. In Proceedings of the 19th International Conference on Extending Database Technology, Bordeaux, France, 15-18 March 2016; pp. 1-3.
60 Shahidinejad, A., Ghobaei-Arani, M., Souri, A., Shojafar, M., Kumari, S., 2021. Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloudenvironment. IEEE Consum. Electron. Mag. 1-1.   DOI
61 Amin, R., Biswas, G.P., 2016. A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad HocNetw. 36, 58-80.
62 Hoyul Choi, Hyunsoo Kwon, Junbeom Hur, ''A Secure OTP Algorithm Using a Smartphone Application', IEEE Seventh International Conference on Ubiquitous and Future Networks ICUFN Aug - 2015, pp. 476-481.
63 T. Abera, N. Asokan, L. Davi, F. Koushanfar, A. Paverd, A.-R. Sadeghi, G. Tsudik, Invited-things, trouble, trust: on building trust in IoT systems, in: Proceedings of the 53rd Annual Design Automation Conference, ACM, 2016, p. 121.