A New Approach to Security Analysis of Smart Home Authentication Systems

• Autorzy: Zhang M. , Wang C. , Wang J. , Tian S. , Li Y.

Identyfikatory

DOI

10.3233/FI-2018-1623

• Języki publikacji: EN

Abstrakty

EN

ZigBee networks, with their characteristics of high availability, low power consumption and cost-effective devices, are perfectly appropriate to construct Wireless Sensor Networks (WSNs). Also, the natures of WSN listed above bring significant benefits over traditional communication networks used in smart home systems. A smart home system is meant to improve the quality of life through offering various automated, interactive and comfortable services, such as sensing and communicating the family member’s health information with their doctors, or remotely controlling the appliances via cellular phones, emails etc. These critical services make the security of personal privacy and the authority of control commands vital issues in Smart Home environments. While the smart home system suffer from many attacks, the security of the smart home system become an important and hard problem. And the authentication is the first parclose to the security of the system. However, according to our analysis, most system fail to achieve the authentication between the user and the device, Which leading to the compromise of the whole system. In this paper, we analyze the authentication challenges between the user the device in WSNs and in smart home Systems. To thoroughly detect, defense and foresee the authentication vulnerabilities existing in smart home networks, we proposed a security evaluation technique based on attack graph generation. We discuss the distinction between the attack graphs deployed in traditional networks and in smart home networks. Furthermore, we apply this technique into an experiment, and the results prove its practicality. And we then suggest a widely used protocol to the smart home authentication system.

Słowa kluczowe

EN

attack graph; security; smart home; wireless sensor networks

• Wydawca: IOS Press
• Czasopismo: Fundamenta Informaticae
• Rocznik: 2018
• Tom: Vol. 157, nr 1/2
• Strony: 153--165
• Opis fizyczny: Bibliogr. 12 poz., rys.

Twórcy

autor

Zhang M.

• Beijing University of Posts and Telecommunications, Beijing 100876, China

autor

Wang C.

• Beijing University of Posts and Telecommunications, Beijing 100876, China

autor

Wang J.

• Beijing University of Posts and Telecommunications, Beijing 100876, China

autor

Tian S.

• Beijing University of Posts and Telecommunications, Beijing 100876, China

autor

Li Y.

• National Computer Network Emergency, Response Technical Team/Coordination Center of China, Beijing 100029, China

Bibliografia

• [1] Kamrul I, Weiming S, Xianbin W. Security and privacy considerations for Wireless Sensor Networks in Smart Home Environments. In: 2012 IEEE 16th International Conference on Computer Supported Cooperative Work in Design; 2012. pp. 626-633. doi:10.1109/CSCWD.2012.6221884.
• [2] Kim BK, Hong SH, Jeong YS. The Study of Applying Sensor Networks to a Smart Home. In: Fourth International Conference on Networked Computing and Advanced Information Management; 2008. pp.676-681. doi:10.1109/NCM.2008.221.
• [3] Park J, Moon M. CASS: A Context-Aware Simulation System for Smart Home. In: 5th. International Conference on Software Engineering Research, Management and Applications; 2007. pp. 461-467. doi:10.1109/SERA.2007.60.
• [4] Ingols K, Lippmann R, Piwowarski K. Practical Attack Graph Generation for Network Defense. In: 22nd Annual Computer Security Applications Conference ACSAC 06; 2006. pp. 121-130. doi:10.1109/ACSAC.2006.39.
• [5] Zhou Y, Fang Y, Zhang Y. Securing Wireless Sensor Networks: A Survey. IEEE Communications Surveys and Tutorials. 2008;10(3):6-28. doi:10.1109/COMST.2008.4625802.
• [6] Bergstrom P, Driscoll K, Kimball J. Making Home Automation Communications Secure. Computer. 2002;34(2001):50-56. doi:10.1109/2.955099.
• [7] Zhuge J, Yao R. Security Mechanisms for Wireless Home Network. In: Global Telecommunications Conference, 2003; 2003. pp. 1527-1531. doi:10.1109/GLOCOM.2003.1258493.
• [8] Wood A, Stankovic J. Denial of Service in Sensor Net-works. IEEE Computer Mag. 2002;35(10):54-62. doi:10.1109/MC.2002.1039518.
• [9] Matthew Wojcik and Tiffany Bergeron and Todd Wittbold. Introduction to OVAL: A new language to determine the presence of software vulnerabilities;. Accessed: 2004-10-28. http://oval.mitre.org/documents/docs-03/intro/intro.html.
• [10] National Institute of Standards and Technology. ICAT metabase; Accessed: 2004-10. http://icat.nist.gov/icat.cfm.
• [11] Rao P, Sagonas KF, TerranceSwift. XSB: A system for efficiently computing well-foundedsemantics. In: In Proceedings of the 4th International Conference on Logic Programming and Non-Monotonic Reasoning (LPNMR 97); 1997. pp. 2-17. doi:10.1007/3-540-63255-7-33.
• [12] Ou X, Govindavajha S, Appel AW. MulVAL: A Logic-based Network Security Analyzer. In: 14th USENIX Security Symposium; 2005. pp. 8-8.

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2018).