Advertisement

Securing the Smart Home via a Two-Mode Security Framework

  • Devkishen SisodiaEmail author
  • Samuel Mergendahl
  • Jun Li
  • Hasan Cam
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 254)

Abstract

The growth of the Internet of Things (IoT) is contributing to the rise in cyber attacks on the Internet. Unfortunately, the resource-constrained IoT devices and their networks make many traditional security systems less effective or inapplicable. We present TWINKLE, a framework for smart home environments that considers the unique properties of IoT networks. TWINKLE utilizes a two-mode adaptive security model that allows an IoT device to be in regular mode for most of the time which incurs a low resource consumption rate and only when suspicious behavior is detected, switch to vigilant mode which potentially incurs a higher overhead. We show the efficacy of TWINKLE in two case studies that address two types of attacks: distributed denial-of-service (DDoS) and sinkhole attacks. We examine two existing intrusion detection and prevention systems and transform both into new, improved systems using TWINKLE. Our evaluations show that TWINKLE is not only friendly to resource-constrained devices, but can also successfully detect and prevent the two types of attacks, with a significantly lower overhead and detection latency than the existing systems.

Keywords

Internet of Things Smart home Security Resource consumption 

References

  1. 1.
    Abduvaliyev, A., Pathan, A.S.K., Zhou, J., Roman, R., Wong, W.C.: On the vital areas of intrusion detection systems in wireless sensor networks. IEEE Commun. Surv. Tutor. 15(3), 1223–1237 (2013)CrossRefGoogle Scholar
  2. 2.
    Abie, H., Balasingham, I.: Risk-based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, pp. 269–275. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2012)Google Scholar
  3. 3.
    Bernal Bernabe, J., Hernández, J.L., Moreno, M.V., Skarmeta Gomez, A.F.: Privacy-preserving security framework for a social-aware Internet of Things. In: Hervás, R., Lee, S., Nugent, C., Bravo, J. (eds.) UCAmI 2014. LNCS, vol. 8867, pp. 408–415. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13102-3_67CrossRefGoogle Scholar
  4. 4.
    Cervantes, C., Poplade, D., Nogueira, M., Santos, A.: Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things. In: IFIP/IEEE International Symposium on Integrated Network Management, pp. 606–611. IEEE (2015)Google Scholar
  5. 5.
    Denning, T., Kohno, T., Levy, H.M.: Computer security and the modern home. ACM Commun. 56(1), 94–103 (2013)CrossRefGoogle Scholar
  6. 6.
    Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE Symposium on Security and Privacy, pp. 636–654. IEEE (2016)Google Scholar
  7. 7.
    Hilton, S.: Dyn analysis summary of Friday October 21 attack (2016). https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
  8. 8.
    IETF: Routing over low power and lossy networks (2012)Google Scholar
  9. 9.
    Kalofonos, D.N., Shakhshir, S.: Intuisec: a framework for intuitive user interaction with smart home security using mobile devices. In: IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications, pp. 1–5. IEEE (2007)Google Scholar
  10. 10.
    Kang, W.M., Moon, S.Y., Park, J.H.: An enhanced security framework for home appliances in smart home. Human-cent. Comput. Inf. Sci. 7(1), 6 (2017)CrossRefGoogle Scholar
  11. 11.
    Kumar, P., Braeken, A., Gurtov, A., Iinatti, J., Ha, P.: Anonymous secure framework in connected smart home environments. IEEE Trans. Inf. Forensics Secur. 12, 968–979 (2017)CrossRefGoogle Scholar
  12. 12.
    van der Meulen, R.: Gartner says 6.4 billion connected “things” will be in use in 2016, up 30 percent from 2015 (2015). http://www.gartner.com/newsroom/id/3165317
  13. 13.
    Mirkovic, J., Reiher, P.: D-ward: a source-end defense against flooding denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 2(3), 216–232 (2005)CrossRefGoogle Scholar
  14. 14.
    Neisse, R., Steri, G., Baldini, G.: Enforcement of security policy rules for the internet of things. In: IEEE 10th International Conference on Wireless and Mobile Computing, pp. 165–172. IEEE (2014)Google Scholar
  15. 15.
    Nordrum, A.: Popular internet of things forecast of 50 billion devices by 2020 is outdated (2016). http://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated
  16. 16.
    Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: IEEE Conference on Communications and Network Security, pp. 79–84. IEEE (2014)Google Scholar
  17. 17.
    Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the internet of things. Ad hoc Netw. 11(8), 2661–2674 (2013)CrossRefGoogle Scholar
  18. 18.
    Roman, R., Zhou, J., Lopez, J.: Applying intrusion detection systems to wireless sensor networks. In: IEEE Consumer Communications & Networking Conference (CCNC 2006) (2006)Google Scholar
  19. 19.
    Sehgal, A., Perelman, V., Kuryla, S., Schonwalder, J.: Management of resource constrained devices in the internet of things. IEEE Commun. Mag. 50(12), 144–149 (2012)CrossRefGoogle Scholar
  20. 20.
    Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 551–556. IEEE (2017)Google Scholar
  21. 21.
    Team, O.P.: Ossec: open source hids security (2010–2017). https://ossec.github.io/index.html
  22. 22.
    Wallgren, L., Raza, S., Voigt, T.: Routing attacks and countermeasures in the RPL-based internet of things. Int. J. Distrib. Sens. Netw. 9(8), 794326 (2013)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Devkishen Sisodia
    • 1
    Email author
  • Samuel Mergendahl
    • 1
  • Jun Li
    • 1
  • Hasan Cam
    • 2
  1. 1.University of OregonEugeneUSA
  2. 2.United States Army Research LabAdelphiUSA

Personalised recommendations