Improving Home Automation Security; Integrating Device Fingerprinting into Smart Home
Abstract:
The paper explains the importance of accessing modern smart homes over the internet, and highlights various security issues associated with it. The work explains the evolution of Device Fingerprinting concept over time, and discusses various pitfalls in existing device fingerprinting approaches. In this paper, we propose a two stage verification process for smart homes, using Device Fingerprints and Login Credentials, which verifies the user device as well as the user accessing the home over the internet. Unlike any other previous approaches, our Device Fingerprinting algorithm considers a device’s geographical location while computing its fingerprint. In our device identification experiment we were able to successfully identify 97.93% of the devices that visited our webpage using JavaScript, Flash and Geolocation
EXISTING SYSTEM:
They exploited this clock skew feature to fingerprint a remote physical device by stealthily recording and analyzing its Internet Control Message Protocol (ICMP) or Transmission Control Protocol (TCP) timestamps. Using ICMP and TCP timestamps has their limitation, ICMP timestamps are blocked by numerous firewalls, and some operating systems by default disable TCP timestamps. Later Zander and Murdoch [34] developed a device identification technique with synchronized sampling which significantly reduces the quantization error. It reduces the heavy network traffic which was necessary for previous identifications, their work was the first to calculate clock skew estimation through Hyper Text Transfer Protocol (HTTP) protocol. However, their approach could not be directly implemented at the server side for device identification. Inspired by this work, D.-J. Huang et al. [35] developed a client device identification in cloud computing scenario, which relay on JavaScript to send periodic timestamp back to the server for device fingerprinting. G. Nakibly et al. [36] proposed a device fingerprinting technique by exploiting the uniqueness of hardware features like, speaker/microphones, motion sensors, Global Positioning System (GPS) accuracy, battery charge and discharge time and GPU clock skew. Most of their proposed techniques remain purely theoretical at the moment.
PROPOSED SYSTEM:
The system is at its most vulnerable when the home is online. Our work utilizes device fingerprinting and legitimate login credentials as a part of double verification process for authorized user and their device identification. Various approaches for Remote Physical Device Fingerprinting are considered before we settled on fingerprinting using JavaScript, Flash and Geo-Location. Our reliance on JavaScript was justified by a study [54] which showed that, 98% of internet users had their JavaScript enabled when they visited Yahoo‘s homepage. According to Adobe, more than 1 billion devices were using Flash by the end of 2015. The algorithm implemented in this paper avoided using Java Plugin for device fingerprinting because of their known security vulnerabilities. To the best of our knowledge, this is the first attempt that incorporates HTML 5‘s Geo-Location capability into device fingerprinting.
CONCLUSION
The device fingerprint along with username/password based security proposed in this paper, enables the verification of user as well as the device used to access the home, which significantly improves home security when they are accessed over the internet. In our work, the device fingerprinting algorithm was able to uniquely identify 97.93% of devices accessing our test website with an entropy of over 22 bits. Unlike any previous approaches to device fingerprinting, we use geolocation data in our algorithm which improves the fingerprint accuracy. The UA verification, screen parameter verification and client‘s date object verification proposed in our work drastically improves the legitimacy of the fingerprints generated. For future works, we plan to improve the identification accuracy of our fingerprints when our website is visited using different web clients from the same machine; Adding more fingerprint parameters such as clock skew and other hardware specific parameters for improving the accuracy of the device fingerprint is also an idea worth pursuing.
REFERENCES
[1] R. Malekian, D. C. Bogatinoska, A. Karadimce, J. Trengoska, W. A. Nyako, “A Novel Smart ECO model for Energy Consumption Optimization”, Elektronika ir Elektrotechnika, Vol. 21, No.6, pp.75-80, 2015.
[2] J. Shao, L. Wang, W. Zhao, Y. Zhong, R. Malekian, “An improved Synchronous Control Strategy based on Fuzzy controller for PMSM”, Elektronika ir Elektrotechnika, Vol. 20, No. 6, pp. 7-23, 2014.
[3] C. Karlof, D. Wagner, ―Secure routing in wireless sensor networks: attacks and countermeasures‖, Ad Hoc Networks, vol. 1, pp. 293–315, 2003.
[4] Y. Hu, A. Perrig, D. Johnson, ―Wormhole attacks in wireless networks‖, IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 370–380, Feb. 2006.
[5] J. Wright, ―Practical ZigBee Exploitation Framework‖, Toorcon, Oct. 2011.
[6] T. Gong, H. Huang, P. Chen, R. Malekian , T. Chen, ―Secure Two-party Distance Computation Protocol Based on Privacy Homomorphism and Scalar Product in Wireless Sensor Networks‖, Tsinghua Science and Technology (IEEE), Vol.21, No.4, pp. 385-396, 2016.
[7] S. Xie, Y. Wang, “Construction of Tree Network with Limited Delivery Latency in Homogeneous Wireless Sensor Networks,” Wireless Personal Communications, vol. 78, no. 1, pp. 231-246, 2014.
[8] P. Guo, J. Wang, B. Li, S. Lee, “A Variable Threshold-value