This HTML5 document contains 29 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Namespace Prefixes

PrefixIRI
dctermshttp://purl.org/dc/terms/
n2https://kar.kent.ac.uk/id/eprint/
n10https://kar.kent.ac.uk/id/eprint/64302#
wdrshttp://www.w3.org/2007/05/powder-s#
dchttp://purl.org/dc/elements/1.1/
n4http://purl.org/ontology/bibo/status/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n9https://kar.kent.ac.uk/id/subject/
n19https://demo.openlinksw.com/about/id/entity/https/raw.githubusercontent.com/annajordanous/CO644Files/main/
n12doi:10.1109/
n7http://eprints.org/ontology/
n21https://kar.kent.ac.uk/id/event/
bibohttp://purl.org/ontology/bibo/
n8https://kar.kent.ac.uk/id/org/
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
owlhttp://www.w3.org/2002/07/owl#
n16https://kar.kent.ac.uk/id/document/
n20https://kar.kent.ac.uk/id/
xsdhhttp://www.w3.org/2001/XMLSchema#
n14https://demo.openlinksw.com/about/id/entity/https/www.cs.kent.ac.uk/people/staff/akj22/materials/CO644/
n6https://kar.kent.ac.uk/id/person/
n18https://kar.kent.ac.uk/64302/

Statements

Subject Item
n2:64302
rdf:type
n7:BookSectionEPrint n7:EPrint bibo:Article bibo:BookSection
rdfs:seeAlso
n18:
owl:sameAs
n12:SIoT.2017.00009
n7:hasAccepted
n16:266855
n7:hasDocument
n16:266855 n16:266860 n16:2942937 n16:2942938 n16:2942939 n16:2942940
dc:hasVersion
n16:266855
dcterms:title
Earworms Make Bad Passwords: An Analysis of the Noke Smart Lock Manual Override
wdrs:describedby
n14:export_kar_RDFN3.n3 n19:export_kar_RDFN3.n3
dcterms:date
2018-06-25
dcterms:creator
n6:ext-85134dc1efa9a128df6163b0b275758f n6:ext-j.c.hernandez-castro@kent.ac.uk n6:ext-b.arief@kent.ac.uk
bibo:status
n4:published n4:peerReviewed
dcterms:publisher
n8:ext-af0a9a5baed87c407844a3f5db44597c
bibo:abstract
This paper presents a security analysis of the manual override feature of the Noke smart lock. The Noke allows its user to operate, monitor and even share his smart lock with others through a smartphone. To counter the risk of being unable to open the lock when the smartphone is unavailable, it provides an override mechanism. Noke implements this override feature using a quick-click scheme, whereby its user can choose a sequence of eight to sixteen short and long shackle presses (similar to a Morse code). To explore the security implications of this feature, we conducted a study collecting human-generated quick-click codes from 100 participants, and analysed and modelled the resulting dataset. Our analysis shows that the override mechanism, at least in its current implementation, presents a significant opportunity for successful guessing attacks. We demonstrate this by building a mechanical brute force tool that on average can test one quick-click code in under three seconds. We conclude that this speed, together with the low entropy of human-generated passcodes, makes this manual override feature one of the most significant weaknesses of the system and constitutes a promising attack vector. We responsibly disclosed our findings to the Noke manufacturer. We also provide a list of potential countermeasures that can help to address this risk. We believe that alternative authentication methods such as quick-click codes will become increasingly popular in ever-expanding Internet of Things devices, so the weaknesses and the countermeasures discussed in this paper are timely and relevant, as they can also apply to other devices and security systems that rely on unconventional user-generated authentication codes.
dcterms:isPartOf
n20:repository
dcterms:subject
n9:QA
bibo:authorList
n10:authors
bibo:presentedAt
n21:ext-1f637be71cf6cd902ac418f98d40c279