Visible to the public Smart Locks: Lessons for Securing Commodity Internet of Things Devices

TitleSmart Locks: Lessons for Securing Commodity Internet of Things Devices
Publication TypeConference Paper
Year of Publication2016
AuthorsHo, Grant, Leung, Derek, Mishra, Pratyush, Hosseini, Ashkan, Song, Dawn, Wagner, David
Conference NameProceedings of the 11th ACM on Asia Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4233-9
Keywordscps privacy, Cyber-physical systems, data privacy, Human Behavior, iobt, IoT, Key Management, Metrics, pubcrawl, Resiliency, security
Abstract

We examine the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers. We present two categories of attacks against smart locks and analyze the security of five commercially-available locks with respect to these attacks. Our security analysis reveals that flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access. To guide future development of smart locks and similar Internet of Things devices, we propose several defenses that mitigate the attacks we present. One of these defenses is a novel approach to securely and usably communicate a user's intended actions to smart locks, which we prototype and evaluate. Ultimately, our work takes a first step towards illuminating security challenges in the system design and novel functionality introduced by emerging IoT systems.

URLhttp://doi.acm.org/10.1145/2897845.2897886
DOI10.1145/2897845.2897886
Citation Keyho_smart_2016