This HTML5 document contains 29 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Namespace Prefixes

PrefixIRI
n9https://kar.kent.ac.uk/id/eprint/75895#
n19doi:10.1007/
dctermshttp://purl.org/dc/terms/
n2https://kar.kent.ac.uk/id/eprint/
wdrshttp://www.w3.org/2007/05/powder-s#
dchttp://purl.org/dc/elements/1.1/
n13http://purl.org/ontology/bibo/status/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n7https://demo.openlinksw.com/about/id/entity/https/raw.githubusercontent.com/annajordanous/CO644Files/main/
n10http://eprints.org/ontology/
n12https://kar.kent.ac.uk/id/event/
bibohttp://purl.org/ontology/bibo/
n20https://kar.kent.ac.uk/id/publication/
n21https://kar.kent.ac.uk/id/org/
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
owlhttp://www.w3.org/2002/07/owl#
n16https://kar.kent.ac.uk/75895/
n11https://kar.kent.ac.uk/id/document/
n17https://kar.kent.ac.uk/id/
xsdhhttp://www.w3.org/2001/XMLSchema#
n8https://demo.openlinksw.com/about/id/entity/https/www.cs.kent.ac.uk/people/staff/akj22/materials/CO644/
n5https://kar.kent.ac.uk/id/person/

Statements

Subject Item
n2:75895
rdf:type
bibo:Article n10:ConferenceItemEPrint n10:EPrint bibo:AcademicArticle
rdfs:seeAlso
n16:
owl:sameAs
n19:978-3-030-42048-2_23
n10:hasAccepted
n11:3184897
n10:hasDocument
n11:3184897 n11:3184920 n11:3184926 n11:3184927 n11:3184928 n11:3184929
dc:hasVersion
n11:3184897
dcterms:title
Selective Forwarding Attack on IoT Home Security Kits
wdrs:describedby
n7:export_kar_RDFN3.n3 n8:export_kar_RDFN3.n3
dcterms:date
2020-02-22
dcterms:creator
n5:ext-5318ad94596861fc60a22843cfcfd600 n5:ext-0e0d9b0e7c5952f80eac921f828f02e6 n5:ext-b.arief@kent.ac.uk
bibo:status
n13:peerReviewed n13:published
dcterms:publisher
n21:ext-1c5ddec173ca8cdfba8b274309638579
bibo:abstract
Efforts have been made to improve the security of the Internet of Things (IoT) devices, but there remain some vulnerabilities and misimplementations. This paper describes a new threat to home security devices in which an attacker can disable all functionality of a device, but to the device’s owner, everything still appears to be operational. We targeted home security devices because their security is critical as people may rely on them to protect their homes. In particular, we exploited a feature called “heartbeat”, which is exchanged between the devices and the cloud in order to check that the devices are still connected. Even though network traffic was encrypted, we successfully identified the heartbeats due to their fixed size and periodic nature. Thereafter, we established a man-in-the-middle attack between the device and the cloud and selectively forwarded heartbeats while filtering out other traffic. As a result, the device appears to be still connected (because the heartbeat traffic is being allowed through), while in reality the device’s functionality is disabled (because non-heartbeat traffic is being filtered out). We applied this exploit on a set of six devices, and five were found to be vulnerable. Consequently, an intruder can use this exploit to disable a home security device and break into a house without the awareness of the owner. We carried out a responsible disclosure exercise with the manufacturers of the affected devices, but the response has been limited. This shows that IoT security is still not taken completely seriously and many threats are still undiscovered. Finally, we provide some recommendations on how to detect and prevent the threats posed by insecure IoT devices, which ironically include IoT home security kits.
dcterms:isPartOf
n17:repository n20:ext-03029743
bibo:authorList
n9:authors
bibo:presentedAt
n12:ext-63bccff55a850247264e32cd812e7707