Proceedings ArticleDOI
Smart Locks: Lessons for Securing Commodity Internet of Things Devices
Grant Ho,Derek Leung,Pratyush Mishra,Ashkan Hosseini,Dawn Song,David Wagner +5 more
- pp 461-472
TLDR
This work examines the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers and proposes several defenses that mitigate the attacks.Abstract:
We examine the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers We present two categories of attacks against smart locks and analyze the security of five commercially-available locks with respect to these attacks Our security analysis reveals that flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access To guide future development of smart locks and similar Internet of Things devices, we propose several defenses that mitigate the attacks we present One of these defenses is a novel approach to securely and usably communicate a user's intended actions to smart locks, which we prototype and evaluate Ultimately, our work takes a first step towards illuminating security challenges in the system design and novel functionality introduced by emerging IoT systemsread more
Citations
More filters
Journal ArticleDOI
A Survey on Security and Privacy Issues in Internet-of-Things
TL;DR: This survey will explore the most relevant limitations of IoT devices and their solutions, and present the classification of IoT attacks, and analyze the security issues in different layers.
Journal ArticleDOI
Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations
TL;DR: A unique taxonomy is provided, which sheds the light on IoT vulnerabilities, their attack vectors, impacts on numerous security objectives, attacks which exploit such vulnerabilities, corresponding remediation methodologies and currently offered operational cyber security capabilities to infer and monitor such weaknesses.
Posted Content
Blockchain in internet of things: Challenges and Solutions.
TL;DR: A new secure, private, and lightweight architecture for IoT, based on BC technology that eliminates the overhead of BC while maintaining most of its security and privacy benefits is proposed.
Journal ArticleDOI
Edge Computing Security: State of the Art and Challenges
TL;DR: This paper provides a comprehensive survey on the most influential and basic attacks as well as the corresponding defense mechanisms that have edge computing specific characteristics and can be practically applied to real-world edge computing systems.
Proceedings ArticleDOI
SoK: Security Evaluation of Home-Based IoT Deployments
TL;DR: This work systematize the literature for home-based IoT using this methodology in order to understand attack techniques, mitigations, and stakeholders, and evaluates
umDevices devices to augment the systematized literature inorder to identify neglected research areas.
References
More filters
Journal ArticleDOI
Body Area Networks: A Survey
TL;DR: This paper provides a detailed investigation of sensor devices, physical layer, data link layer, and radio technology aspects of BAN research, and presents a taxonomy of B Ban projects that have been introduced/proposed to date.
Journal ArticleDOI
A survey on wireless body area networks
TL;DR: This paper offers a survey of the concept of Wireless Body Area Networks, focusing on some applications with special interest in patient monitoring and the communication in a WBAN and its positioning between the different technologies.
Journal ArticleDOI
CAP twelve years later: How the "rules" have changed
TL;DR: The featured Web extra is a podcast from Software Engineering Radio, in which the host interviews Dwight Merriman about the emerging NoSQL movement, the three types of nonrelational data stores, Brewer's CAP theorem, and much more.
Proceedings ArticleDOI
On the requirements for successful GPS spoofing attacks
TL;DR: This paper investigates the requirements for successful GPS spoofing attacks on individuals and groups of victims with civilian or military GPS receivers and finds the minimal precision of the attacker's spoofing signals required for covert satellite-lock takeover.