HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps

Soteris Demetriou, Nan Zhang, Yeonjoon Lee, Xiaofeng Wang, Carl A. Gunter, Xiaoyong Zhou, Michael Grace

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). As verified in our study, those systems tend to rely on the Wi-Fi router to authenticate other devices. This treatment exposes them to the attack from malicious apps, particularly those running on authorized phones, which the router does not have information to control. Mitigating this threat cannot solely rely on IoT manufacturers, which may need to change the hardware on the devices to support encryption, increasing the cost of the device, or software developers who we need to trust to implement security correctly. In this work, we present a new technique to control the communication between the IoT devices and their apps in a unified, backward-compatible way. Our approach, called HanGuard, does not require any changes to the IoT devices themselves, the IoT apps or the OS of the participating phones. HanGuard uses an SDN-like approach to offer fine-grained protection: each phone runs a non-system userspace Monitor app to identify the party that attempts to access the protected IoT device and inform the router through a control plane of its access decision; the router enforces the decision on the data plane after verifying whether the phone should be allowed to talk to the device. We implemented our design over both Android and iOS (> 95% of mobile OS market share) and a popular router. Our study shows that HanGuard is both efficient and effective in practice.

Original languageEnglish (US)
Title of host publicationProceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017
PublisherAssociation for Computing Machinery
Pages122-133
Number of pages12
ISBN (Electronic)9781450350846
DOIs
StatePublished - Jul 18 2017
Event10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017 - Boston, United States
Duration: Jul 18 2017Jul 20 2017

Publication series

NameProceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017

Other

Other10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017
Country/TerritoryUnited States
CityBoston
Period7/18/177/20/17

Keywords

  • Android
  • IoT
  • Security
  • Wireless networks
  • iOS

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps'. Together they form a unique fingerprint.

Cite this