IoTAMU: Protecting Smart Home Networks via Obfuscation and Encryption

Park, Youngjun; Dill, Richard; Mullins, Barry

Home // SECURWARE 2019, The Thirteenth International Conference on Emerging Security Information, Systems and Technologies // View article

IoTAMU: Protecting Smart Home Networks via Obfuscation and Encryption

Authors:
Youngjun Park
Richard Dill
Barry Mullins

Keywords: Internet of Things (IoT); data security; network obfuscation; Wi-Fi camera

Abstract:
In the changing landscape where an increasing number of organizations deploy smart devices to their networks, one of the greatest challenges they face is security. While the use of Internet of Things (IoT) has enabled new capabilities, such as ease of access, remote control, and interoperability, it has also introduced new attack vectors. For example, due to the limited hardware capacity, IoT devices lack the additional computational resources required for security, such as data encryption. As a result, gaining access to the data associated with the IoT devices becomes almost trivial assuming the adversary has physical access to the device or logical access to the network. Unfortunately, the production of the IoT devices cannot be effectively regulated without a governing policy, leaving the burden to secure the devices to the end users. To help mitigate the vulnerabilities stemming from the hardware limitations of IoT devices, we present Internet of Things Active Management Unit (IoTAMU), a defensive model to obscure the sensitive data sent over Wi-Fi. As a proof of concept, we first show that the video stream created by one of the most popular IoT cameras being sold on Amazon can be recreated via passive sniffing. Then, we present an automated tool to extract the video stream from network traffic. In 100 percent of test cases, the tool was able to extract a recognizable video stream from captured network traffic. Finally, we propose IoTAMU, a central management agent which acts as the network proxy for the vulnerable IoT devices to both obfuscate the network traffic by mimicking real devices, and to serve as an encryption agent for the devices with limited computational capacity. The model requires minimum set up for the users, and is compatible with any device that is configurable over Wi-Fi. IoTAMU will help pioneer easily deployable user-end security agents to protect the confidentiality in smart home networks.

Pages: 101 to 106

Copyright: Copyright (c) IARIA, 2019

Publication date: October 27, 2019

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-746-7

Location: Nice, France

Dates: from October 27, 2019 to October 31, 2019