Empirical Study On The Security Of Key Components In Internet Of Things Platforms

The industry of Internet of Things(IoT)becomes a new economic growth engine today.A variety of smart home devices emerge in people's daily lives,such as smart door locks,alarms,smart sockets,and voice assistants.With the increasing popularity of IoT devices,many IoT platforms have emerged to help manufacturers connect their products to the IoT ecosystem by providing services for managing kinds of users and devices.The IoT platform is an entity system employing various applications and components to provide fully IoT services and management of those services.This includes,but not limited to,communication,IoT operations and management,etc.Although the IoT platform plays an extremely important role in the IoT ecosystem,there is no standard on how to design a secure IoT platform system,and there is little work so far systematically analyzing its security.Therefore,we carry out an empirical security study on the key components of international mainstream IoT platforms.Through practical manual analysis on real IoT devices and platform systems,we discover many new design and implementation flaws respect to communication,authorization and device management,which have never been found before.The main contents and contributions of this dissertation are as follows:1.We summarize the important parts of the consumer IoT ecosystem.In recent years,the consumer IoT industry develops rapidly and presents a fragmented characteristic.The existing work often only focuses on some aspects of the ecosystem but lacks a comprehensive understanding of the whole.Therefore,based on the study of popular consumer IoT systems in the past four years,we try to sort out clear clues for the complicated and fragmented consumer IoT ecosystem,which serves as the background of this dissertation and a reference for future researchers.Specifically,we introduce the participants in the ecosystem,common IoT communication architecture,device life cycle involving the IoT platform,and the classification of IoT platforms.2.We find new security flaws when IoT cloud platforms adopting a popular general messaging protocol and propose corresponding design principles for mitigating these risks.The interactions of IoT cloud,devices,and users depend on the messaging protocols,so IoT platforms deploy many security mechanisms to protect this critical component.Less clear,however,is whether such protocols,which are not designed to work in the adversarial environment of IoT,still introduce new risks.In this dissertation,we find that these platforms' security additions to the protocol are all vulnerable,allowing the adversary to gain control of the device,launch large-scale denial-of-service attacks,steal the victim's sensitive information,etc.We further conduct a measurement study,which demonstrates that the security impacts of our attacks are real,severe,and broad.Additionally,we propose new design principles and a message-oriented access control model.Our evaluation shows its high effectiveness and negligible performance overhead.3.We discover new security flaws in the permission delegation processes among IoT clouds and propose a semi-automatic tool based on model checking to discover such flaws.IoT cloud platforms allow users to delegate the permission of devices,which are from different clouds,to a unified user interface through cross-cloud delegation mechanisms.However,considering their specific business applications,different IoT clouds adopt various delegation mechanisms,which are different from theoretical schemes.In this dissertation,we utilize the first semi-automatic tool we proposed for systematically detecting the flaws in cross-cloud delegation processes and successfully find several new vulnerabilities that are caused by the lack of coordination between clouds and the complexity of multilevel delegation.These new flaws can lead to unauthorized access to devices due to incomplete revocation of the adversary's permissions.To eliminate the risks we discovered,we discuss the security principles that should be followed by the cross-cloud IoT delegation mechanisms.4.We discover new security flaws in devices that support multiple device management channels and propose a temporary mitigation solution that can be deployed by the device manufacturers.Today,many smart home devices support more than one device management channel for attracting consumers who are fond of different management channels.Whatever channel a user chooses,each device management channel can fully manage the device itself.When it comes to multiple management channels on one device,however,we find there are new security risks.Our empirical study on the popular smart home devices that support management channels from both manufacturers and third parties reveals that management channels lack sufficient coordination of security policies.An adversary thus can break the security policy of the management channel the device owner is using and get unauthorized access to the device.Then we propose a temporary solution,CGuard,to mitigate the risks,which can be deployed by the manufacturers to manage other channels without communicating with other parties or changing the software of other vendors.