Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
6882681 | Computer Networks | 2018 | 25 Pages |
Abstract
With the growth in the use of Cyber-Physical Systems, such as Internet of Things (IoT) devices, there is a corresponding increase in the potential attack footprint of personal and corporate users. In this paper, we explore the potential for exploiting information retrieved from two IoT devices which, seemingly, are unlikely to store substantial amounts of data. We specifically focus on prominent smart home devices for the purpose of obtaining compromising information. We undertake a collection and analysis process, constrained by the limitations placed upon three types of adversaries, namely: forensic passive, forensic active and real-time active. The former two adversaries aim to comply with the requirements of forensic soundness, whereas the real-time active adversary does not have these constraints and therefore more closely models a malicious real-world attacker. The findings show that a variety of device data is available to even the passive adversary, and this data can be used to determine the actions and/or presence of an individual at a given time based on their interactions with the IoT device. These interactions can be both user initiated (e.g. powering on or off a switch or light) and device initiated (e.g. background polling).
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Quang Do, Ben Martini, Kim-Kwang Raymond Choo,