SlideShare ist ein Scribd-Unternehmen logo

A Threat Model for Extensible Smart Home Gateways

Luca Mannella
Luca Mannella

The document presents a threat model for extensible smart home gateways. It outlines 11 potential threats from malicious plugins, divided into categories of confidentiality, integrity, availability, authentication, and authorization. It describes a reference smart home architecture and potential attack targets. Two proofs-of-concept malicious plugins are developed that exploit threats by accessing private data, altering device states and functionality, and interacting anonymously on the network. The model aims to help programmers evaluate plugin security and guide the development of more reliable smart home systems.

Ingenieurwesen
1 von 22
Downloaden Sie, um offline zu lesen
A Threat Model for Extensible Smart Home Gateways Fulvio CORNO and Luca MANNELLA e-Lite research group Department of Control and Computer Engineering Politecnico di Torino, Turin, Italy 7th International Conference On Smart and Sustainable Technologies Split, July 6, 2022
OUTLINE • Introduction • Reference Smart Home Architecture • Proposed Threat Model • Use Case & Proofs of Concept • Conclusions & Future Work 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 2
INTRODUCTION • Smart Home (SH) systems are in a dangerous situation • At least 40% houses have an IoT device (70% in the USA) • In 62% of involved houses, at least one device has a known vulnerability • A compromised device could affect other SH devices • To manage them, Smart Home gateways are often involved • Such solutions are often extensible (EvenGhost, Home Assistant, OpenHAB, Pimatic, etc.) • Extending something developed by a third-party is never an easy task • Therefore, a compromised IoT gateway in a SH is particularly critical • Goal: supporting programmers during development (or evaluation) of plug-ins for SH gateways • Proposing a threat model with a twofold purpose 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 3
REFERENCE SMART HOME ARCHITECTURE SpliTech 2022 — Fulvio Corno and Luca Mannella 2022-07-06 4
A SMART HOME ARCHITECTURE 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 5
2022-07-05 SpliTech 2022 — Fulvio Corno and Luca Mannella 11 • The gateway OS • The smart home gateway application • Other plug-ins • Other applications running on the gateway • A device belonging to the smart home POSSIBLE ATTACK TARGETS
A THREAT MODEL FOR EXTENSIBLE SMART HOME GATEWAYS 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 12
THREAT MODEL INTRODUCTION • The 11 threats are labeled with the letter “T” and a digit • The model considers menaces originated from a plug-in • Plug-in scope: • Set of variables, files, or resources that the plug-in can legitimately access • Accessed resources must be declared in plug-in documentation • Resources must be accessed through the modalities envisaged by the platform (e.g., API) 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 13
THREATS DIVIDED BY CATEGORIES • Confidentiality • T1: a plug-in could access and use private data of other attack targets • T2: a plug-in could access and spread private data of other attack targets • Integrity • T3: a plug-in could alter the state of other smart home devices outside its scope • T4: a plug-in could alter private data of other attack targets outside its scope • Availability • T5: a plug-in could delay the regular functionality of an attack target • T6: a plug-in could alter one of the regular functionalities of an attack target • T7: a plug-in could alter the regular functionality of an attack target, preventing the users from using it • T8: a plug-in could physically damage an attack target 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 14
THREATS DIVIDED BY CATEGORIES • Authentication • T9: a plug-in could interact with an attack target, pretending to be a different entity • Authorization • T10: a plug-in could access an authorization level higher than expected • Non-Repudiation • T11: a plug-in could anonymously communicate with an attack target (i.e., there is no way to know that the plug-in establishes a specific communication). 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 15
USE CASE & PROOFS OF CONCEPT SpliTech 2022 — Fulvio Corno and Luca Mannella 2022-07-06 16
USE CASE • Home Assistant (HAss) — https://www.home-assistant.io/ • A Python-based open-source smart home gateway software • Developed since 2013 and released in 2016 • More than 150.000 active installations (estimated to be four-fold) • Four different types of release (additional features with respect to core version) • Extensible through two different kind of plug-ins: integrations and add-ons • Focus on Integrations — https://www.home-assistant.io/integrations • Available in all Home Assistant releases • Closer to “traditional” plug-in concept • Deeply integrated in Hass • Impacting only other integrations 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 17
DEVELOPED PROOFS OF CONCEPT • One target integration: switch_target • Two states: on & off • Contains a secret value • It should be accessible only by the integration itself • Note: open source and available on GitHub https://github.com/Sarcares/HAss-TM-Integrations • Two malicious integrations • light_simple_access • light_altering_state • Integrations designed for managing lights • Two states: on & off • A brightness value • With additional malicious side-effects • Both integrations retrieve a reference to the switch_target through the Python’s Garbage Collector 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 18
DEVELOPED PROOFS OF CONCEPT • Two malicious integrations • light_simple_access • light_altering_state • Integrations designed for managing lights • Two states: on & off • A brightness value • With additional malicious side-effects • Both integrations retrieve a reference to the switch_target through the Python’s Garbage Collector 2022-07-06 19 Threat Category Threat Exploited Confidentiality T1 ✔️ T2 ✔️ Integrity T3 ✔️ T4 ✔️ Availability T5 ❌ T6 ✔️ T7 ✔️ T8 ❌ Authentication T9 ✔️ Authorization T10 ❌ Non-Repudiation T11 ✔️
LIGHT_SIMPLE_ACCESS • Access and retrieve the secret from the switch_target • This could lead to T1 or T2 according to malicious developer’s behavior • Confidentiality: “a plug-in could access and use/spread private data of other attack targets” When the light is turned on • Modify the secret stored in the switch_target • T4 (integrity): altering private data • T6 (availability): altering one of the regular functionalities When the light is turned off 2022-07-05 SpliTech 2022 — Fulvio Corno and Luca Mannella 21
LIGHT_ALTERING_STATE • Malicious effect triggered every time a user turns on or off this light • The state of switch_target is toggled • T3: (integrity) alter the state of the switch_target • T7: (integrity) alter the regular functionality: the user partially lose control over the switch_target • T9: (authentication) interacting with the switch_target as the original integration • T11: (non-repudiation) it interacts anonymously with the switch_target 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 22
CONCLUSIONS & FUTURE WORKS SpliTech 2022 — Fulvio Corno and Luca Mannella 2022-07-06 23
CONCLUSIONS • Purposes of the proposed threat model • Understand security issues in plug-ins • helping programmers think about possible countermeasures • Set of guidelines • plug-ins should not act like the reported threats • Exploited some threats through a couple of proofs of concept • Suggestions for Home Assistant: • More isolation among its components • Introducing a permission system (T10) 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 24
FUTURE WORK • Creating proofs of concept addressing other attack targets • Analyzing publicly available Home Assistant plug-ins looking for the presented threats • Can developers accidentally fall into the presented issues? • Provide best practices and/or tools for developing more reliable smart home systems 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 25
THANK YOU FOR YOUR KIND ATTENTION! ANY QUESTIONS? 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 26 fulvio.corno@polito.it luca.mannella@polito.it
1. D. Kumar, et al., “All Things Considered: An Analysis of IoT Devices on Home Networks,” in 28th USENIX Security Symposium (USENIX Security 19), 2019, pp. 1169–1185. 2. K. Kafle, et al., “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” ACM Trans. on Cyber-Phys. Syst., vol. 5, no. 1, jan 2021. 3. F. Pub, “Standards for Security Categorization of Federal Information and Information Systems,” NIST FIPS, vol. 199, 2004. 4. U.S. Congress, “Federal Information Security Modernization Act of 2014,” Public Law, pp. 113–283, 2014. 5. H. Kim and E. A. Lee, “Authentication and Authorization for the Internet of Things,” IT Professional, vol. 19, no. 5, pp. 27–33, 2017. 6. https://analytics.home-assistant.io/ 7. https://www.home-assistant.io/blog/2021/11/12/100k-analytics/ 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 27 REFERENCES
LICENSE • These slides are distributed under a Creative Commons license “Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)” • You are free to: • Share — copy and redistribute the material in any medium or format • Adapt — remix, transform, and build upon the material • The licensor cannot revoke these freedoms as long as you follow the license terms. • Under the following terms: • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. • NonCommercial — You may not use the material for commercial purposes. • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. • No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. • https://creativecommons.org/licenses/by-nc-sa/4.0/ 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 28

Empfohlen

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security Industrial Internet Consortium
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Homeland of Things Framework BSides Augusta 2017
Homeland of Things Framework BSides Augusta 2017Homeland of Things Framework BSides Augusta 2017
Homeland of Things Framework BSides Augusta 2017Daniel West
 
A Gateway based MUD Architecture to Enhance Smart Home Security
A Gateway based MUD Architecture to Enhance Smart Home SecurityA Gateway based MUD Architecture to Enhance Smart Home Security
A Gateway based MUD Architecture to Enhance Smart Home SecurityLuca Mannella
 
Internet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for futureInternet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for futureStartup Europe IoT Accelerator
 

Empfohlen

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security Industrial Internet Consortium
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Homeland of Things Framework BSides Augusta 2017
Homeland of Things Framework BSides Augusta 2017Homeland of Things Framework BSides Augusta 2017
Homeland of Things Framework BSides Augusta 2017Daniel West
 
A Gateway based MUD Architecture to Enhance Smart Home Security
A Gateway based MUD Architecture to Enhance Smart Home SecurityA Gateway based MUD Architecture to Enhance Smart Home Security
A Gateway based MUD Architecture to Enhance Smart Home SecurityLuca Mannella
 
Internet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for futureInternet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for futureStartup Europe IoT Accelerator
 
Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsInductive Automation
 
Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsInductive Automation
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
Secure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingSecure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingVille Seppänen
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...team-WIBU
 
Fiware IoT_intro&scenarios
Fiware IoT_intro&scenariosFiware IoT_intro&scenarios
Fiware IoT_intro&scenariosFIWARE
 
Io t idas_intro_ul20_nobkg
Io t idas_intro_ul20_nobkgIo t idas_intro_ul20_nobkg
Io t idas_intro_ul20_nobkgFIWARE
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsSymantec
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...SonjaChevre
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DayZivaro Inc
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 

Weitere ähnliche Inhalte

Ähnlich wie A Threat Model for Extensible Smart Home Gateways

Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsInductive Automation
 
Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsInductive Automation
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
Secure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingSecure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingVille Seppänen
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...team-WIBU
 
Fiware IoT_intro&scenarios
Fiware IoT_intro&scenariosFiware IoT_intro&scenarios
Fiware IoT_intro&scenariosFIWARE
 
Io t idas_intro_ul20_nobkg
Io t idas_intro_ul20_nobkgIo t idas_intro_ul20_nobkg
Io t idas_intro_ul20_nobkgFIWARE
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsSymantec
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...SonjaChevre
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DayZivaro Inc
 

Ähnlich wie A Threat Model for Extensible Smart Home Gateways (20)

Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise Solutions
 
Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise Solutions
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
 
Secure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingSecure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computing
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
 
Fiware IoT_intro&scenarios
Fiware IoT_intro&scenariosFiware IoT_intro&scenarios
Fiware IoT_intro&scenarios
 
Io t idas_intro_ul20_nobkg
Io t idas_intro_ul20_nobkgIo t idas_intro_ul20_nobkg
Io t idas_intro_ul20_nobkg
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of Things
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
Migrating from OpenTracing to OpenTelemetry - Kubernetes Community Days Munic...
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
 

Kürzlich hochgeladen

Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf203318pmpc
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086anil_gaur
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfRagavanV2
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoordharasingh5698
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 

Kürzlich hochgeladen (20)

Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 

A Threat Model for Extensible Smart Home Gateways

  • 1. A Threat Model for Extensible Smart Home Gateways Fulvio CORNO and Luca MANNELLA e-Lite research group Department of Control and Computer Engineering Politecnico di Torino, Turin, Italy 7th International Conference On Smart and Sustainable Technologies Split, July 6, 2022
  • 2. OUTLINE • Introduction • Reference Smart Home Architecture • Proposed Threat Model • Use Case & Proofs of Concept • Conclusions & Future Work 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 2
  • 3. INTRODUCTION • Smart Home (SH) systems are in a dangerous situation • At least 40% houses have an IoT device (70% in the USA) • In 62% of involved houses, at least one device has a known vulnerability • A compromised device could affect other SH devices • To manage them, Smart Home gateways are often involved • Such solutions are often extensible (EvenGhost, Home Assistant, OpenHAB, Pimatic, etc.) • Extending something developed by a third-party is never an easy task • Therefore, a compromised IoT gateway in a SH is particularly critical • Goal: supporting programmers during development (or evaluation) of plug-ins for SH gateways • Proposing a threat model with a twofold purpose 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 3
  • 4. REFERENCE SMART HOME ARCHITECTURE SpliTech 2022 — Fulvio Corno and Luca Mannella 2022-07-06 4
  • 5. A SMART HOME ARCHITECTURE 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 5
  • 6. 2022-07-05 SpliTech 2022 — Fulvio Corno and Luca Mannella 11 • The gateway OS • The smart home gateway application • Other plug-ins • Other applications running on the gateway • A device belonging to the smart home POSSIBLE ATTACK TARGETS
  • 7. A THREAT MODEL FOR EXTENSIBLE SMART HOME GATEWAYS 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 12
  • 8. THREAT MODEL INTRODUCTION • The 11 threats are labeled with the letter “T” and a digit • The model considers menaces originated from a plug-in • Plug-in scope: • Set of variables, files, or resources that the plug-in can legitimately access • Accessed resources must be declared in plug-in documentation • Resources must be accessed through the modalities envisaged by the platform (e.g., API) 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 13
  • 9. THREATS DIVIDED BY CATEGORIES • Confidentiality • T1: a plug-in could access and use private data of other attack targets • T2: a plug-in could access and spread private data of other attack targets • Integrity • T3: a plug-in could alter the state of other smart home devices outside its scope • T4: a plug-in could alter private data of other attack targets outside its scope • Availability • T5: a plug-in could delay the regular functionality of an attack target • T6: a plug-in could alter one of the regular functionalities of an attack target • T7: a plug-in could alter the regular functionality of an attack target, preventing the users from using it • T8: a plug-in could physically damage an attack target 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 14
  • 10. THREATS DIVIDED BY CATEGORIES • Authentication • T9: a plug-in could interact with an attack target, pretending to be a different entity • Authorization • T10: a plug-in could access an authorization level higher than expected • Non-Repudiation • T11: a plug-in could anonymously communicate with an attack target (i.e., there is no way to know that the plug-in establishes a specific communication). 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 15
  • 11. USE CASE & PROOFS OF CONCEPT SpliTech 2022 — Fulvio Corno and Luca Mannella 2022-07-06 16
  • 12. USE CASE • Home Assistant (HAss) — https://www.home-assistant.io/ • A Python-based open-source smart home gateway software • Developed since 2013 and released in 2016 • More than 150.000 active installations (estimated to be four-fold) • Four different types of release (additional features with respect to core version) • Extensible through two different kind of plug-ins: integrations and add-ons • Focus on Integrations — https://www.home-assistant.io/integrations • Available in all Home Assistant releases • Closer to “traditional” plug-in concept • Deeply integrated in Hass • Impacting only other integrations 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 17
  • 13. DEVELOPED PROOFS OF CONCEPT • One target integration: switch_target • Two states: on & off • Contains a secret value • It should be accessible only by the integration itself • Note: open source and available on GitHub https://github.com/Sarcares/HAss-TM-Integrations • Two malicious integrations • light_simple_access • light_altering_state • Integrations designed for managing lights • Two states: on & off • A brightness value • With additional malicious side-effects • Both integrations retrieve a reference to the switch_target through the Python’s Garbage Collector 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 18
  • 14. DEVELOPED PROOFS OF CONCEPT • Two malicious integrations • light_simple_access • light_altering_state • Integrations designed for managing lights • Two states: on & off • A brightness value • With additional malicious side-effects • Both integrations retrieve a reference to the switch_target through the Python’s Garbage Collector 2022-07-06 19 Threat Category Threat Exploited Confidentiality T1 ✔️ T2 ✔️ Integrity T3 ✔️ T4 ✔️ Availability T5 ❌ T6 ✔️ T7 ✔️ T8 ❌ Authentication T9 ✔️ Authorization T10 ❌ Non-Repudiation T11 ✔️
  • 15. LIGHT_SIMPLE_ACCESS • Access and retrieve the secret from the switch_target • This could lead to T1 or T2 according to malicious developer’s behavior • Confidentiality: “a plug-in could access and use/spread private data of other attack targets” When the light is turned on • Modify the secret stored in the switch_target • T4 (integrity): altering private data • T6 (availability): altering one of the regular functionalities When the light is turned off 2022-07-05 SpliTech 2022 — Fulvio Corno and Luca Mannella 21
  • 16. LIGHT_ALTERING_STATE • Malicious effect triggered every time a user turns on or off this light • The state of switch_target is toggled • T3: (integrity) alter the state of the switch_target • T7: (integrity) alter the regular functionality: the user partially lose control over the switch_target • T9: (authentication) interacting with the switch_target as the original integration • T11: (non-repudiation) it interacts anonymously with the switch_target 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 22
  • 17. CONCLUSIONS & FUTURE WORKS SpliTech 2022 — Fulvio Corno and Luca Mannella 2022-07-06 23
  • 18. CONCLUSIONS • Purposes of the proposed threat model • Understand security issues in plug-ins • helping programmers think about possible countermeasures • Set of guidelines • plug-ins should not act like the reported threats • Exploited some threats through a couple of proofs of concept • Suggestions for Home Assistant: • More isolation among its components • Introducing a permission system (T10) 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 24
  • 19. FUTURE WORK • Creating proofs of concept addressing other attack targets • Analyzing publicly available Home Assistant plug-ins looking for the presented threats • Can developers accidentally fall into the presented issues? • Provide best practices and/or tools for developing more reliable smart home systems 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 25
  • 20. THANK YOU FOR YOUR KIND ATTENTION! ANY QUESTIONS? 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 26 fulvio.corno@polito.it luca.mannella@polito.it
  • 21. 1. D. Kumar, et al., “All Things Considered: An Analysis of IoT Devices on Home Networks,” in 28th USENIX Security Symposium (USENIX Security 19), 2019, pp. 1169–1185. 2. K. Kafle, et al., “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” ACM Trans. on Cyber-Phys. Syst., vol. 5, no. 1, jan 2021. 3. F. Pub, “Standards for Security Categorization of Federal Information and Information Systems,” NIST FIPS, vol. 199, 2004. 4. U.S. Congress, “Federal Information Security Modernization Act of 2014,” Public Law, pp. 113–283, 2014. 5. H. Kim and E. A. Lee, “Authentication and Authorization for the Internet of Things,” IT Professional, vol. 19, no. 5, pp. 27–33, 2017. 6. https://analytics.home-assistant.io/ 7. https://www.home-assistant.io/blog/2021/11/12/100k-analytics/ 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 27 REFERENCES
  • 22. LICENSE • These slides are distributed under a Creative Commons license “Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)” • You are free to: • Share — copy and redistribute the material in any medium or format • Adapt — remix, transform, and build upon the material • The licensor cannot revoke these freedoms as long as you follow the license terms. • Under the following terms: • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. • NonCommercial — You may not use the material for commercial purposes. • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. • No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. • https://creativecommons.org/licenses/by-nc-sa/4.0/ 2022-07-06 SpliTech 2022 — Fulvio Corno and Luca Mannella 28