Skip to main content

Hide Your Hackable Smart Home from Remote Attacks: The Multipath Onion IoT Gateways

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11098)

Abstract

The rapid expansion of IoT-enabled home automation is accompanied by substantial security and privacy risks. A large number of real-world security incidents exploiting various device vulnerabilities have been revealed. The Onion IoT gateways have been proposed to provide strong security protection for potentially vulnerable IoT devices by hiding them behind IoT gateways running the Tor hidden services, in which the gateways can only be accessed by authorized users with the .onion addresses of the gateways and correct credentials. However, the limited bandwidth of Tor makes this approach very impractical and unscalable. To tackle this issue, we present two novel designs of multipath Onion IoT gateway and split channel Onion IoT gateway. The first design implements a customized multipath routing protocol in Tor to construct a multi-circuit anonymous tunnel between the user and the Onion gateway to support applications that require low latency and high bandwidth. The second scheme splits command and data channels so that small-sized command packets are transmitted through the more secure channel over the Tor hidden service, while the less secure data channel over the public network is used for outbound very-high-bandwidth data traffic. Experiment results show that the proposed approaches significantly improve the performance of Onion IoT gateways, so that they can be practically adopted to securely transmit low-latency and high-bandwidth data, such as HD video streams from home surveillance cameras. We also prove the security guarantees of the proposed mechanism through security analysis.

Keywords

  • IoT security
  • Smart homes
  • Tor hidden service

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-99073-6_28
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   79.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-99073-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    To distinguish from the commands in current Tor, all the newly added commands in mTorHS have a suffix m.

References

  1. 9 baby monitors wide open to hacks that expose users’ most private moments. https://arstechnica.com/security/2015/09/9-baby-monitors-wide-open-to-hacks-that-expose-users-most-private-moments/

  2. Hack Samsung Fridge. https://www.pentestpartners.com/security-blog/hacking-defcon-23s-iot-village-samsung-fridge/

  3. Hackers Make the First-Ever Ransomware for Smart Thermostats. https://motherboard.vice.com/en_us/article/aekj9j/internet-of-things-ransomware-smart-thermostat

  4. Hacking 14 IoT Devices. https://www.iotvillage.org/slides_DC23/IoT11-slides.pdf

  5. Home Assistant. https://home-assistant.io/

  6. Intel IoT Gateway. https://www.intel.com/content/www/us/en/internet-of-things/gateway-solutions.html

  7. Let’s Encrypt. https://letsencrypt.org/

  8. Openhab. https://www.openhab.org/

  9. Ransomware Ruins Holiday By Hijacking Family’s LG Smart TV on Christmas Day. https://www.yahoo.com/tech/ransomware-ruins-holiday-hijacking-familys-201136667.html

  10. Raspberry Pi. https://www.raspberrypi.org/

  11. Smartthings. http://www.samsung.com/us/smart-home/smartthings/hubs/f-hub-us-2-f-hub-us-2/

  12. VStarCam Eye4. http://www.eye4.so/

  13. Trendnet cameras - i always feel like somebody’s watching me (2012). http://console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html

  14. AlSabah, M., Bauer, K., Elahi, T., Goldberg, I.: The path less travelled: overcoming Tor’s bottlenecks with traffic splitting. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 143–163. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39077-7_8

    CrossRef  Google Scholar 

  15. AlSabah, M., et al.: DefenestraTor: throwing out windows in Tor. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 134–154. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22263-4_8

    CrossRef  Google Scholar 

  16. Barré, S., Paasch, C., Bonaventure, O.: MultiPath TCP: from theory to practice. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011. LNCS, vol. 6640, pp. 444–457. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20757-0_35

    CrossRef  Google Scholar 

  17. Burke, S.: Massive cyberattack turned ordinary devices into weapons (2016). http://money.cnn.com/2016/10/22/technology/cyberattack-dyn-ddos/index.html

  18. Coldewey, D.: Smart locks yield to simple hacker tricks (2016). https://techcrunch.com/2016/08/08/smart-locks-yield-to-simple-hacker-tricks/

  19. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, August 2004

    Google Scholar 

  20. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceedings of the 37th IEEE Symposium on Security and Privacy (2016)

    Google Scholar 

  21. Freitas, N.: Internet of onion things (2016). https://blog.torproject.org/blog/quick-simple-guide-tor-and-internet-things-so-far

  22. Gartner Inc.: Gartner IoT forecast (2017). http://www.gartner.com/newsroom/id/3598917

  23. Hossain, M.S., Muhammad, G.: Cloud-assisted industrial internet of things (IIoT)-enabled framework for health monitoring. Comput. Netw. 101, 192–202 (2016)

    CrossRef  Google Scholar 

  24. Huang, Q., Wang, L., Yang, Y.: DECENT: secure and fine-grained data access control with policy updating for constrained IoT devices. World Wide Web 21(1), 151–167 (2018)

    CrossRef  Google Scholar 

  25. Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: Proceedings of The Network and Distributed System Security Symposium, vol. 2017 (2017)

    Google Scholar 

  26. Kim, J.E., Boulos, G., Yackovich, J., Barth, T., Beckel, C., Mosse, D.: Seamless integration of heterogeneous devices and access control in smart homes. In: 2012 8th International Conference on Intelligent Environments (IE), pp. 206–213. IEEE (2012)

    Google Scholar 

  27. Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: DTLS based security and two-way authentication for the internet of things. Ad Hoc Netw. 11(8), 2710–2723 (2013)

    CrossRef  Google Scholar 

  28. Liao, Y.P., Hsiao, C.M.: A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw. 18, 133–146 (2014)

    CrossRef  Google Scholar 

  29. Ling, Z., Luo, J., Xu, Y., Gao, C., Wu, K., Fu, X.: Security vulnerabilities of internet of things: a case study of the smart plug system. IEEE Internet Things J. 4(6), 1899–1909 (2017)

    CrossRef  Google Scholar 

  30. Ning, H., Liu, H., Yang, L.T.: Aggregated-proof based hierarchical authentication scheme for the internet of things. IEEE Trans. Parallel Distrib. Syst. 26(3), 657–667 (2015)

    CrossRef  Google Scholar 

  31. Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: 2014 IEEE Conference on Communications and Network Security (CNS), pp. 79–84. IEEE (2014)

    Google Scholar 

  32. Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: lightweight secure CoAP for the internet of things. IEEE Sens. J. 13(10), 3711–3720 (2013)

    CrossRef  Google Scholar 

  33. Shelby, Z., Bormann, C.: 6LoWPAN: The Wireless Embedded Internet, vol. 43. Wiley, Hoboken (2011)

    Google Scholar 

  34. Shelby, Z., Hartke, K., Bormann, C.: The constrained application protocol (CoAP) (2014)

    Google Scholar 

  35. Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 195–200. ACM (2016)

    Google Scholar 

  36. Sivaraman, V., Gharakheili, H.H., Vishwanath, A., Boreli, R., Mehani, O.: Network-level security and privacy control for smart-home IoT devices. In: 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 163–167. IEEE (2015)

    Google Scholar 

  37. Wang, T., Bauer, K., Forero, C., Goldberg, I.: Congestion-aware path selection for Tor. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 98–113. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_9

    CrossRef  Google Scholar 

  38. Winter, T.: RPL: IPv6 routing protocol for low-power and lossy networks (2012)

    Google Scholar 

  39. Wu, D.J., Taly, A., Shankar, A., Boneh, D.: Privacy, discovery, and authentication for the internet of things. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 301–319. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_16

    CrossRef  Google Scholar 

  40. Yang, L., Humayed, A., Li, F.: A multi-cloud based privacy-preserving data publishing scheme for the internet of things. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 30–39. ACM (2016)

    Google Scholar 

  41. Yang, L., Li, F.: Enhancing traffic analysis resistance for tor hidden services with multipath routing. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 745–746. IEEE (2015)

    Google Scholar 

  42. Yang, L., Li, F.: mTor: a multipath tor routing beyond bandwidth throttling. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 479–487. IEEE (2015)

    Google Scholar 

  43. Yang, L., Xue, H., Li, F.: Privacy-preserving data sharing in smart grid systems. In: 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 878–883. IEEE (2014)

    Google Scholar 

  44. Yang, L., Zheng, Q., Fan, X.: RSPP: a reliable, searchable and privacy-preserving e-healthcare system for cloud-assisted body area networks. In: INFOCOM. IEEE (2017)

    Google Scholar 

Download references

Acknowledgment

This work is sponsored in part by the National Security Agency (NSA) Science of Security Initiative and the US National Science Foundation under NSF CNS-1422206 and DGE-1565570.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fengjun Li .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Yang, L., Seasholtz, C., Luo, B., Li, F. (2018). Hide Your Hackable Smart Home from Remote Attacks: The Multipath Onion IoT Gateways. In: Lopez, J., Zhou, J., Soriano, M. (eds) Computer Security. ESORICS 2018. Lecture Notes in Computer Science(), vol 11098. Springer, Cham. https://doi.org/10.1007/978-3-319-99073-6_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99073-6_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99072-9

  • Online ISBN: 978-3-319-99073-6

  • eBook Packages: Computer ScienceComputer Science (R0)