Authenticating Smart Home Devices via Home Limited Channels

IF 3.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Xiaoyu Ji, Chaohao Li, Xinyan Zhou, Juchuan Zhang, Yanmiao Zhang, Wenyuan Xu
{"title":"Authenticating Smart Home Devices via Home Limited Channels","authors":"Xiaoyu Ji, Chaohao Li, Xinyan Zhou, Juchuan Zhang, Yanmiao Zhang, Wenyuan Xu","doi":"10.1145/3399432","DOIUrl":null,"url":null,"abstract":"Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":"61 1","pages":"1 - 24"},"PeriodicalIF":3.5000,"publicationDate":"2020-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3399432","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 5

Abstract

Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.
通过家庭有限渠道认证智能家居设备
如今,智能家居中的物联网设备大多依靠射频信道进行通信,容易受到欺骗、窃听攻击等各种攻击。使用加密密钥的现有方法可能不适用于这些资源受限的设备,因为它们无法承担计算成本高昂的加密操作。因此,在本文中,我们为智能家居中的这些设备设计了一种无钥匙通信方法。特别地,我们引入了家庭限制通道(HLC),它只能在房屋内访问,而外部攻击者无法访问。利用HLCs,我们提出HlcAuth,一种挑战-响应机制,用于验证智能设备之间的通信,无需密钥。hlcath的优点是成本低、重量轻、不需要钥匙,而且不需要人工干预。根据安全性分析,HlcAuth可以击败重放攻击、消息伪造攻击和中间人攻击等。我们进一步在四种不同的物理场景下对HlcAuth进行了评估,结果表明,HlcAuth对内部设备在4.2m内实现了100%的真阳性率(TPR),而对外部攻击者的假阳性率(FPR)为0%,即保证了内部通信的高可用性和安全性。最后,我们在单房间和多房间场景中实现hlcath。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
5.20
自引率
3.70%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信