On the safety of IoT device physical interaction control

Wenbo Ding; Hongxin Hu

doi:10.1145/3243734.3243865

On the safety of IoT device physical interaction control

Wenbo Ding
, Hongxin Hu

Department of Computer Science and Engineering

Clemson University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

166 Scopus citations

Abstract

Emerging Internet of Things (IoT) platforms provide increased functionality to enable human interaction with the physical world in an autonomous manner. The physical interaction features of IoT platforms allow IoT devices to make an impact on the physical environment. However, such features also bring new safety challenges, where attackers can leverage stealthy physical interactions to launch attacks against IoT systems. In this paper, we propose a framework called IoTMon that discovers any possible physical interactions and generates all potential interaction chains across applications in the IoT environment. IoTMon also includes an assessment of the safety risk of each discovered inter-app interaction chain based on its physical influence. To demonstrate the feasibility of our approach, we provide a proof-of-concept implementation of IoTMon and present a comprehensive system evaluation on the Samsung SmartThings platform. We study 185 official SmartThings applications and find they can form 162 hidden inter-app interaction chains through physical surroundings. In particular, our experiment reveals that 37 interaction chains are highly risky and could be potentially exploited to impact the safety of the IoT environment.

Original language	English
Title of host publication	CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	832-846
Number of pages	15
ISBN (Electronic)	9781450356930
DOIs	https://doi.org/10.1145/3243734.3243865
State	Published - Oct 15 2018
Event	25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: Oct 15 2018 → …

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	25th ACM Conference on Computer and Communications Security, CCS 2018
Country/Territory	Canada
City	Toronto
Period	10/15/18 → …

Keywords

Internet of Things
Physical Interaction Control
Safety

Access to Document

10.1145/3243734.3243865

Cite this

@inproceedings{f29ba979c50846b49a7d32b73d7ef575,

title = "On the safety of IoT device physical interaction control",

abstract = "Emerging Internet of Things (IoT) platforms provide increased functionality to enable human interaction with the physical world in an autonomous manner. The physical interaction features of IoT platforms allow IoT devices to make an impact on the physical environment. However, such features also bring new safety challenges, where attackers can leverage stealthy physical interactions to launch attacks against IoT systems. In this paper, we propose a framework called IoTMon that discovers any possible physical interactions and generates all potential interaction chains across applications in the IoT environment. IoTMon also includes an assessment of the safety risk of each discovered inter-app interaction chain based on its physical influence. To demonstrate the feasibility of our approach, we provide a proof-of-concept implementation of IoTMon and present a comprehensive system evaluation on the Samsung SmartThings platform. We study 185 official SmartThings applications and find they can form 162 hidden inter-app interaction chains through physical surroundings. In particular, our experiment reveals that 37 interaction chains are highly risky and could be potentially exploited to impact the safety of the IoT environment.",

keywords = "Internet of Things, Physical Interaction Control, Safety",

author = "Wenbo Ding and Hongxin Hu",

note = "Publisher Copyright: {\textcopyright} 2018 Association for Computing Machinery.; 25th ACM Conference on Computer and Communications Security, CCS 2018 ; Conference date: 15-10-2018",

year = "2018",

month = oct,

day = "15",

doi = "10.1145/3243734.3243865",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery ",

pages = "832--846",

booktitle = "CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security",

address = "United States",

}

Ding, W & Hu, H 2018, On the safety of IoT device physical interaction control. in CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery , pp. 832-846, 25th ACM Conference on Computer and Communications Security, CCS 2018, Toronto, Canada, 10/15/18. https://doi.org/10.1145/3243734.3243865

On the safety of IoT device physical interaction control. / Ding, Wenbo; Hu, Hongxin.
CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery , 2018. p. 832-846 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the safety of IoT device physical interaction control

AU - Ding, Wenbo

AU - Hu, Hongxin

PY - 2018/10/15

Y1 - 2018/10/15

N2 - Emerging Internet of Things (IoT) platforms provide increased functionality to enable human interaction with the physical world in an autonomous manner. The physical interaction features of IoT platforms allow IoT devices to make an impact on the physical environment. However, such features also bring new safety challenges, where attackers can leverage stealthy physical interactions to launch attacks against IoT systems. In this paper, we propose a framework called IoTMon that discovers any possible physical interactions and generates all potential interaction chains across applications in the IoT environment. IoTMon also includes an assessment of the safety risk of each discovered inter-app interaction chain based on its physical influence. To demonstrate the feasibility of our approach, we provide a proof-of-concept implementation of IoTMon and present a comprehensive system evaluation on the Samsung SmartThings platform. We study 185 official SmartThings applications and find they can form 162 hidden inter-app interaction chains through physical surroundings. In particular, our experiment reveals that 37 interaction chains are highly risky and could be potentially exploited to impact the safety of the IoT environment.

AB - Emerging Internet of Things (IoT) platforms provide increased functionality to enable human interaction with the physical world in an autonomous manner. The physical interaction features of IoT platforms allow IoT devices to make an impact on the physical environment. However, such features also bring new safety challenges, where attackers can leverage stealthy physical interactions to launch attacks against IoT systems. In this paper, we propose a framework called IoTMon that discovers any possible physical interactions and generates all potential interaction chains across applications in the IoT environment. IoTMon also includes an assessment of the safety risk of each discovered inter-app interaction chain based on its physical influence. To demonstrate the feasibility of our approach, we provide a proof-of-concept implementation of IoTMon and present a comprehensive system evaluation on the Samsung SmartThings platform. We study 185 official SmartThings applications and find they can form 162 hidden inter-app interaction chains through physical surroundings. In particular, our experiment reveals that 37 interaction chains are highly risky and could be potentially exploited to impact the safety of the IoT environment.

KW - Internet of Things

KW - Physical Interaction Control

KW - Safety

UR - https://www.scopus.com/pages/publications/85056864669

U2 - 10.1145/3243734.3243865

DO - 10.1145/3243734.3243865

M3 - Conference contribution

AN - SCOPUS:85056864669

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 832

EP - 846

BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 25th ACM Conference on Computer and Communications Security, CCS 2018

Y2 - 15 October 2018

ER -

On the safety of IoT device physical interaction control

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this