Internet-of-Things (IoT) devices implement weak authentication and access control schemes. The on-demand nature of IoT devices requires a responsive communications channel, which is often at odds with thorough authentication and access control. This paper seeks to better understand IoT device security by examining the design of authentication and access control schemes. In this work, we explore the challenge of propagating credential revocation and access control list modifications in a shared IoT ecosystem. We evaluate the vulnerability of 19 popular security cameras and doorbells against a straightforward user-interface bound adversary attack. Our results demonstrate that 16 of 19 surveyed devices suffer from flaws that enable unauthorized access after credential modification or revocation. We conclude by discussing these findings and propose a means for balancing authentication and access control schemes while still offering responsive communications channels.104 2020 Symposium on Security and Privacy Workshops (SPW)
Bluetooth, a protocol designed to replace peripheral cables, has grown steadily over the last five years and includes a variety of applications. The Bluetooth protocol operates on a wide variety of mobile and wireless devices and is nearly ubiquitous. Several attacks exist that successfully target and exploit Bluetooth enabled devices. This paper describes the implementation of a network intrusion detection system for discovering malicious Bluetooth traffic. The work improves upon existing techniques, which only detect a limited set of attacks (based on measuring anomalies in the power levels of the Bluetooth device). The new method identifies reconnaissance, denial of service, and information theft attacks on Bluetooth enabled devices, using signatures of the attacks. Furthermore, this system includes an intrusion response component to deflect attacks in progress, based on the attack classification.This paper presents the implementation of the Bluetooth Intrusion Detection System and demonstrates its detection, analysis, and response capabilities. The tool includes a visualization interface to facilitate the understanding of Bluetooth enabled attacks. The experimental results show that the system can significantly improve the overall security of an organization by identifying and responding to threats posed to the Bluetooth protocol.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.