SLIDE 1
SoK: Security Evaluation
- f Home-based IoT
Deployments
1
Omar Alrawi, Chaz Lever, Fabian Monrose, Manos Antonakakis
2
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi - - PowerPoint PPT Presentation
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi - - PowerPoint PPT Presentation
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose, Manos Antonakakis 1 2 Alexa, unlock the front door. 3 Internet of Things 4 Internet of Things 4 Internet of Things 4 Internet of Things
SLIDE 2
SLIDE 3
Alexa, unlock the front door.
3
SLIDE 4
Internet of Things
4
SLIDE 5
Internet of Things
4
SLIDE 6
Internet of Things
4
SLIDE 7
Internet of Things
4
SLIDE 8
Internet of Things
4
SLIDE 9
Internet of Things
4
SLIDE 10
Internet of Things
4
SLIDE 11
Internet of Things
4
SLIDE 12
5
SLIDE 13
Prior Work
6
SLIDE 14
Prior Work
- Security Analysis of Emerging Smart Home
Applications
6
SLIDE 15
Prior Work
- Security Analysis of Emerging Smart Home
Applications
- DolphinAttack: Inaudible Voice Commands
6
SLIDE 16
Prior Work
- Security Analysis of Emerging Smart Home
Applications
- DolphinAttack: Inaudible Voice Commands
- Soteria: Automated IoT Safety and Security
Analysis
6
SLIDE 17
Prior Work
- Security Analysis of Emerging Smart Home
Applications
- DolphinAttack: Inaudible Voice Commands
- Soteria: Automated IoT Safety and Security
Analysis
- Skill Squatting Attacks on Amazon Alexa
6
SLIDE 18
Prior Work
- Security Analysis of Emerging Smart Home
Applications
- DolphinAttack: Inaudible Voice Commands
- Soteria: Automated IoT Safety and Security
Analysis
- Skill Squatting Attacks on Amazon Alexa
- Rethinking Access Control and Authentication for
the Home Internet of Things
6
SLIDE 19
Wouldn’t be nice to know
SLIDE 20
Wouldn’t be nice to know
- Cloud endpoints
SLIDE 21
Wouldn’t be nice to know
- Cloud endpoints
- Exposed services
SLIDE 22
Wouldn’t be nice to know
- Cloud endpoints
- Exposed services
- Mobile App
SLIDE 23
Wouldn’t be nice to know
- Cloud endpoints
- Exposed services
- Mobile App
- Network
SLIDE 24
Wouldn’t be nice to know
- Cloud endpoints
- Exposed services
- Mobile App
- Network
- Consumer report evaluation?
SLIDE 25
Overview of Prior Work
Studied Components
Devices Cloud integration services Network (by association)
Mitigations
Patching bugs Vendor responsibility
Unexplored Directions
Mobile app Cloud services Network discovery protocols User control and visibility
8
SLIDE 26
IoT Components
9
Device Mobile App Cloud Endpoints Network
SLIDE 27
Evaluating Off The Shelf Devices
10
SLIDE 28
Evaluating Off The Shelf Devices
- Evaluation of IoT devices should be:
- Objective
- Transparent
- Measurable
- Reproducible
10
SLIDE 29
Evaluating Off The Shelf Devices
- Evaluation of IoT devices should be:
- Objective
- Transparent
- Measurable
- Reproducible
- Device Representation
- Media devices vs appliances
10
SLIDE 30
Evaluating Off The Shelf Devices
- Evaluation of IoT devices should be:
- Objective
- Transparent
- Measurable
- Reproducible
- Device Representation
- Media devices vs appliances
- Easy to understand
- Consumer oriented
10
SLIDE 31
Lab Setup
11
SLIDE 32
IoT Lab Evaluation Device
12
SLIDE 33
IoT Lab Evaluation Device
- Internet pairing
12
SLIDE 34
IoT Lab Evaluation Device
- Internet pairing
- Configuration
12
SLIDE 35
IoT Lab Evaluation Device
- Internet pairing
- Configuration
- Updateable
12
SLIDE 36
IoT Lab Evaluation Device
- Internet pairing
- Configuration
- Updateable
- Exposed services
12
SLIDE 37
IoT Lab Evaluation Device
- Internet pairing
- Configuration
- Updateable
- Exposed services
- Vulnerable Services
12
SLIDE 38
IoT Lab Evaluation Device
- Internet pairing
- Configuration
- Updateable
- Exposed services
- Vulnerable Services
12
UPnP services RCE vulnerability CVE-2012-5958-65 Dropbear SSH RCE vulnerability CVE-2013-4863
SLIDE 39
IoT Lab Evaluation Cloud Backends
13
SLIDE 40
IoT Lab Evaluation Cloud Backends
- Types of cloud backends
- 1st, 3rd, or hybrid
13
SLIDE 41
IoT Lab Evaluation Cloud Backends
- Types of cloud backends
- 1st, 3rd, or hybrid
- TLS/SSL
- Self-signed
- Name mismatch
- Vulnerable TLS/SSL version
13
SLIDE 42
IoT Lab Evaluation Cloud Backends
- Types of cloud backends
- 1st, 3rd, or hybrid
- TLS/SSL
- Self-signed
- Name mismatch
- Vulnerable TLS/SSL version
- Insecure protocols
13
SLIDE 43
IoT Lab Evaluation Cloud Backends
- Types of cloud backends
- 1st, 3rd, or hybrid
- TLS/SSL
- Self-signed
- Name mismatch
- Vulnerable TLS/SSL version
- Insecure protocols
- Vulnerable software
- Services
13
SLIDE 44
IoT Lab Evaluation Cloud Backends
- Types of cloud backends
- 1st, 3rd, or hybrid
- TLS/SSL
- Self-signed
- Name mismatch
- Vulnerable TLS/SSL version
- Insecure protocols
- Vulnerable software
- Services
13
- 12 different backends, 1st Party
- Supports SSL v2/v3
- CVE-2013-4810 – RCE JBoss Server
SLIDE 45
IoT Lab Evaluation Mobile App
14
SLIDE 46
IoT Lab Evaluation Mobile App
- Permissions
- Requested unused
14
SLIDE 47
IoT Lab Evaluation Mobile App
- Permissions
- Requested unused
- Programming errors
- Incorrect use of crypto
14
SLIDE 48
IoT Lab Evaluation Mobile App
- Permissions
- Requested unused
- Programming errors
- Incorrect use of crypto
- Hardcoded secrets
- API keys for cloud services
14
SLIDE 49
IoT Lab Evaluation Mobile App
- Permissions
- Requested unused
- Programming errors
- Incorrect use of crypto
- Hardcoded secrets
- API keys for cloud services
14
- Hardcoded Crypto key
- uLi4/f4+Pb39.T19
- UMENG_MESSAGE_SECRET: …
SLIDE 50
IoT Lab Evaluation Network
15
SLIDE 51
IoT Lab Evaluation Network
- Protocols in use
- Insecure Protocols
- Custom Protocols
15
SLIDE 52
IoT Lab Evaluation Network
- Protocols in use
- Insecure Protocols
- Custom Protocols
- Encryption between
- Device to Cloud
- Device to Mobile App
- Mobile App to Cloud
15
SLIDE 53
IoT Lab Evaluation Network
- Protocols in use
- Insecure Protocols
- Custom Protocols
- Encryption between
- Device to Cloud
- Device to Mobile App
- Mobile App to Cloud
- MITM Attack on
- Device to Cloud
- Device to Mobile App
- Mobile App to Cloud
15
SLIDE 54
IoT Lab Evaluation Network
- Protocols in use
- Insecure Protocols
- Custom Protocols
- Encryption between
- Device to Cloud
- Device to Mobile App
- Mobile App to Cloud
- MITM Attack on
- Device to Cloud
- Device to Mobile App
- Mobile App to Cloud
15
- Partial Encryption Across the Internet
- No Encryption on the LAN
SLIDE 55
Scoring The Components
Scorecard system Rating components Independent scoring Modular Documented
16
SLIDE 56
17
Component Framework
SLIDE 57
17
Component Framework
SLIDE 58
17
Component Framework
SLIDE 59
17
Component Framework
SLIDE 60
17
Component Framework
SLIDE 61
17
Component Framework
SLIDE 62
17
Component Framework
SLIDE 63
17
Component Framework
SLIDE 64
17
Component Framework
SLIDE 65
17
Component Framework
SLIDE 66
17
Component Framework
SLIDE 67
17
Component Framework
SLIDE 68
17
Component Framework
SLIDE 69
18
SLIDE 70
18
SLIDE 71
19
SLIDE 72
Evaluation Takeaways
20
SLIDE 73
Evaluation Takeaways
- Cloud managed
- Auto update
- Encrypted local traffic
with authenticated services
20
SLIDE 74
What's Next?
21
SLIDE 75
What's Next?
21
- Longitudinal analysis
- Do updates improve the Things?
SLIDE 76
What's Next?
21
- Longitudinal analysis
- Do updates improve the Things?
- Accurate representation
- Inducing device activities
SLIDE 77
How Can You Access/Contribute?
- Evaluation data is public
- Feel free to reach out:
- Request specific device evaluation
- Sponsor devices for evaluation
- Additional questions
- Download our data
- https://YourThings.info
- Contact email:
- contact@YourThings.info
22