On the Safety Implications of Misordered Events and Commands in IoT Systems

Goksel, Furkan; Ozmen, Muslum Ozgur; Reeves, Michael; Shivakumar, Basavesh Ammanaghatta; Celik, Z. Berkay

doi:10.1109/spw53761.2021.00038

Cited by 3 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If events would be accepted although the time window used for verification has passed, then an attacker with read access to the sensors would be able to determine with near certainty if they could successfully launch an attack. Furthermore, recent work by Goksel et al [19] has shown that even just reordering real occurring events can have security implications. Requiring events to be reported within the time span of usual network delays limits the attackers ability to exploit these effects.…”

Section: Discussionmentioning

confidence: 99%

“…This risk extends even beyond malicious control software as presented in their paper, as compromised devices can easily send false event updates, or suppress the notification of an actual event. More recently, Goksel et al [19] have shown how even events that are just delayed or reordered can affect the safety of smart home systems; this vulnerability could be exploited by a determined attacker.…”

Section: Security Of Smart Home Systemsmentioning

confidence: 99%

See 1 more Smart Citation

Haunted House: Physical Smart Home Event Verification in the Presence of Compromised Sensors

Birnbach

Eberz

Martinovic

2022

ACM Trans. Internet Things

View full text Add to dashboard Cite

In this article, we verify physical events using data from an ensemble of smart home sensors. This approach both protects against event sensor faults and sophisticated attackers. To validate our system’s performance, we set up a “smart home” in an office environment. We recognize 22 event types using 48 sensors over the course of two weeks. Using data from the physical sensors, we verify the event stream supplied by the event sensors to detect both masking and spoofing attacks. We consider three threat models: a zero-effort attacker, an opportunistic attacker, and a sensor-compromise attacker who can arbitrarily modify live sensor data. For spoofed events, we achieve perfect classification for 9 out of 22 events and achieve a 0% false alarm rate at a detection rate exceeding 99.9% for 15 events. For 11 events the majority of masking attacks can be detected without causing any false alarms. We also show that even a strong opportunistic attacker is inherently limited to spoofing few select events and that doing so involves lengthy waiting periods. Finally, we demonstrate the vulnerability of a single-classifier system to compromised sensor data and introduce a more secure approach based on sensor fusion.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Security Of Smart Home Systemsmentioning

confidence: 99%