Security in Centralized Data Store-based Home Automation Platforms-Reference-Cited by-同舟云学术

Security in Centralized Data Store-based Home Automation Platforms

Published:2021-01-31 Issue:1 Volume:5 Page:1-27
ISSN:2378-962X
Container-title:ACM Transactions on Cyber-Physical Systems
language:en
Short-container-title:ACM Trans. Cyber-Phys. Syst.

Author:

Kafle Kaushal¹,Moran Kevin²,Manandhar Sunil¹,Nadkarni Adwait¹,Poshyvanyk Denys¹

Affiliation:

1. William & Mary, United States of America, Williamsburg, VA

2. George Mason University, United States of America, Fairfax, VA

Abstract

Home automation platforms enable consumers to conveniently automate various physical aspects of their homes. However, the security flaws in the platforms or integrated third-party products can have serious security and safety implications for the user’s physical environment. This article describes our systematic security evaluation of two popular smart home platforms, Google’s Nest platform and Philips Hue, which implement home automation “routines” (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store . Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines, and it leads to 11 key findings with serious security implications. We combine several of the vulnerabilities we find to demonstrate the first end-to-end instance of lateral privilege escalation in the smart home, wherein we remotely disable the Nest Security Camera via a compromised light switch app. Finally, we discuss potential defenses, and the impact of the continuous evolution of smart home platforms on the practicality of security analysis. Our findings draw attention to the unique security challenges of smart home platforms and highlight the importance of enforcing security by design.

Funder

NSF

Publisher

Association for Computing Machinery (ACM)

Subject

Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3418286

Reference66 articles.

1. Google. 2018. Online appendix. Retrieved from https://sites.google.com/view/smart-home-routines-analysis-2/home. Google. 2018. Online appendix. Retrieved from https://sites.google.com/view/smart-home-routines-analysis-2/home.

2. CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses

3. SoK: Security Evaluation of Home-Based IoT Deployments

4. BetterCAP. 2018. BetterCAP stable documentation. Retrieved from https://www.bettercap.org/legacy///. BetterCAP. 2018. BetterCAP stable documentation. Retrieved from https://www.bettercap.org/legacy///.

5. How Users Interpret Bugs in Trigger-Action Programming

Cited by 13 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. RL-JSO: A Hybrid Q-Learning and Jellyfish Search Optimizer for Task Scheduling in Smart Homes Using a Fog-Assisted Cloud Architecture;2024-07-22

2. Practical Integrity Validation in the Smart Home with HomeEndorser;Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks;2024-05-27

3. Experts and intelligent systems for smart homes’ Transformation to Sustainable Smart Cities: A comprehensive review;Expert Systems with Applications;2024-03

4. Helion: Enabling Natural Testing of Smart Homes;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30

5. Impact of Information Leakage and Conserving Digital Privacy;Malware Analysis and Intrusion Detection in Cyber-Physical Systems;2023-09-26