Detecting rogue attacks on commercial wireless Insteon home automation systems
The Internet of Things (IoT) and commercial wireless home automation applications are expanding as technical capability evolves and implementation costs continue to decrease. However, many home automation devices lack robust security and are vulnerable to a multitude of bit-level attacks. This was h...
Gespeichert in:
| Veröffentlicht in: | Computers & security 2018-05, Vol.74, p.296-307 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 307 |
|---|---|
| container_issue | |
| container_start_page | 296 |
| container_title | Computers & security |
| container_volume | 74 |
| creator | Talbot, Christopher M. Temple, Michael A. Carbino, Timothy J. Betances, J. Addison |
| description | The Internet of Things (IoT) and commercial wireless home automation applications are expanding as technical capability evolves and implementation costs continue to decrease. However, many home automation devices lack robust security and are vulnerable to a multitude of bit-level attacks. This was highlighted during the first successful Insteon network intrusion demonstration that occurred at DEF CON 23 using a Software Defined Radio (SDR) with YARD Stick One devices. In response, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is introduced here as a counter-hacking approach for augmenting network bit-level Identity (ID) authentication using Physical Layer (PHY) waveform features. An RF-DNA Fingerprinting process is adopted here and applied to wireless Insteon home automation devices. Rogue device detection is addressed using a Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) ID verification process. Rogue assessments include attacks by like-model Insteon Switch (IS) devices and YARD Stick One SDR devices programmed to present actual (false) bit-level credentials for authorized Insteon devices while functionally controlling the state of an unprotected (no RF-DNA discrimination) targeted end point device. Device classification and Rogue Rejection Rate (RRR) performance is assessed using Time Domain (TD) and Slope-Based Frequency Shift Keyed (SB-FSK) Fingerprinting with features extracted from a variant (data dependent) signal response region. The Rogue Rejection Rate (RRR) for SB-FSK Fingerprinting was superior to TD Fingerprinting and included RRR ≈ 95% for 25 like-model IS attacks and RRR ≈ 100% for 36 YARD Stick One SDR attacks. SB-FSK Fingerprinting is more computationally efficient (70% fewer features) than TD Fingerprinting and provides an added benefit of being implementable using features extracted from variant data dependent FSK signal response regions. |
| doi_str_mv | 10.1016/j.cose.2017.10.001 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2068031081</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404817302055</els_id><sourcerecordid>2068031081</sourcerecordid><originalsourceid>FETCH-LOGICAL-c328t-f0ba33923ca32565ddbfdfc27b2b52500fca42dc05947906d49ab1e42417b0753</originalsourceid><addsrcrecordid>eNp9kE1PxCAURYnRxHH0D7hq4rr1QT-giRszfiYT3eiaUPo6UqdlBKqZfy_NuHZF3n3nAjmEXFLIKNDqus-09ZgxoDwGGQA9IgsqOEsrBuKYLCLE0wIKcUrOvO8jwCshFuTlDgPqYMZN4uxmwkSFoPSnT-yYaDsM6LRR2-THONyi98nz6APG3YcdIjsFO6hg4uz3MR_8OTnp1Nbjxd-5JO8P92-rp3T9-vi8ul2nOmcipB00Ks9rlmuVs7Iq27bp2k4z3rCmZCVAp1XBWg1lXfAaqraoVUOxYAXlDfAyX5Krw707Z78m9EH2dnJjfFIyqATkFASNFDtQ2lnvHXZy58yg3F5SkLM32cvZm5y9zVnUEks3hxLG_38bdNJrg6PGNjrQQbbW_Ff_BZDXdvo</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2068031081</pqid></control><display><type>article</type><title>Detecting rogue attacks on commercial wireless Insteon home automation systems</title><source>Access via ScienceDirect (Elsevier)</source><creator>Talbot, Christopher M. ; Temple, Michael A. ; Carbino, Timothy J. ; Betances, J. Addison</creator><creatorcontrib>Talbot, Christopher M. ; Temple, Michael A. ; Carbino, Timothy J. ; Betances, J. Addison</creatorcontrib><description>The Internet of Things (IoT) and commercial wireless home automation applications are expanding as technical capability evolves and implementation costs continue to decrease. However, many home automation devices lack robust security and are vulnerable to a multitude of bit-level attacks. This was highlighted during the first successful Insteon network intrusion demonstration that occurred at DEF CON 23 using a Software Defined Radio (SDR) with YARD Stick One devices. In response, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is introduced here as a counter-hacking approach for augmenting network bit-level Identity (ID) authentication using Physical Layer (PHY) waveform features. An RF-DNA Fingerprinting process is adopted here and applied to wireless Insteon home automation devices. Rogue device detection is addressed using a Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) ID verification process. Rogue assessments include attacks by like-model Insteon Switch (IS) devices and YARD Stick One SDR devices programmed to present actual (false) bit-level credentials for authorized Insteon devices while functionally controlling the state of an unprotected (no RF-DNA discrimination) targeted end point device. Device classification and Rogue Rejection Rate (RRR) performance is assessed using Time Domain (TD) and Slope-Based Frequency Shift Keyed (SB-FSK) Fingerprinting with features extracted from a variant (data dependent) signal response region. The Rogue Rejection Rate (RRR) for SB-FSK Fingerprinting was superior to TD Fingerprinting and included RRR ≈ 95% for 25 like-model IS attacks and RRR ≈ 100% for 36 YARD Stick One SDR attacks. SB-FSK Fingerprinting is more computationally efficient (70% fewer features) than TD Fingerprinting and provides an added benefit of being implementable using features extracted from variant data dependent FSK signal response regions.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2017.10.001</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Authentication protocols ; Automation ; Cybersecurity ; Devices ; Discriminant analysis ; Feature extraction ; Frequency shift ; Genetic fingerprinting ; Home Automation ; Insteon ; Internet of Things ; IoT ; Malware ; Multi-Factor Authentication ; RF-DNA ; SDR ; Smart houses ; Software radio ; Studies ; Time domain analysis ; Wireless communications</subject><ispartof>Computers & security, 2018-05, Vol.74, p.296-307</ispartof><rights>2017</rights><rights>Copyright Elsevier Sequoia S.A. May 2018</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c328t-f0ba33923ca32565ddbfdfc27b2b52500fca42dc05947906d49ab1e42417b0753</citedby><cites>FETCH-LOGICAL-c328t-f0ba33923ca32565ddbfdfc27b2b52500fca42dc05947906d49ab1e42417b0753</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cose.2017.10.001$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>315,782,786,3554,27933,27934,46004</link.rule.ids></links><search><creatorcontrib>Talbot, Christopher M.</creatorcontrib><creatorcontrib>Temple, Michael A.</creatorcontrib><creatorcontrib>Carbino, Timothy J.</creatorcontrib><creatorcontrib>Betances, J. Addison</creatorcontrib><title>Detecting rogue attacks on commercial wireless Insteon home automation systems</title><title>Computers & security</title><description>The Internet of Things (IoT) and commercial wireless home automation applications are expanding as technical capability evolves and implementation costs continue to decrease. However, many home automation devices lack robust security and are vulnerable to a multitude of bit-level attacks. This was highlighted during the first successful Insteon network intrusion demonstration that occurred at DEF CON 23 using a Software Defined Radio (SDR) with YARD Stick One devices. In response, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is introduced here as a counter-hacking approach for augmenting network bit-level Identity (ID) authentication using Physical Layer (PHY) waveform features. An RF-DNA Fingerprinting process is adopted here and applied to wireless Insteon home automation devices. Rogue device detection is addressed using a Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) ID verification process. Rogue assessments include attacks by like-model Insteon Switch (IS) devices and YARD Stick One SDR devices programmed to present actual (false) bit-level credentials for authorized Insteon devices while functionally controlling the state of an unprotected (no RF-DNA discrimination) targeted end point device. Device classification and Rogue Rejection Rate (RRR) performance is assessed using Time Domain (TD) and Slope-Based Frequency Shift Keyed (SB-FSK) Fingerprinting with features extracted from a variant (data dependent) signal response region. The Rogue Rejection Rate (RRR) for SB-FSK Fingerprinting was superior to TD Fingerprinting and included RRR ≈ 95% for 25 like-model IS attacks and RRR ≈ 100% for 36 YARD Stick One SDR attacks. SB-FSK Fingerprinting is more computationally efficient (70% fewer features) than TD Fingerprinting and provides an added benefit of being implementable using features extracted from variant data dependent FSK signal response regions.</description><subject>Authentication protocols</subject><subject>Automation</subject><subject>Cybersecurity</subject><subject>Devices</subject><subject>Discriminant analysis</subject><subject>Feature extraction</subject><subject>Frequency shift</subject><subject>Genetic fingerprinting</subject><subject>Home Automation</subject><subject>Insteon</subject><subject>Internet of Things</subject><subject>IoT</subject><subject>Malware</subject><subject>Multi-Factor Authentication</subject><subject>RF-DNA</subject><subject>SDR</subject><subject>Smart houses</subject><subject>Software radio</subject><subject>Studies</subject><subject>Time domain analysis</subject><subject>Wireless communications</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNp9kE1PxCAURYnRxHH0D7hq4rr1QT-giRszfiYT3eiaUPo6UqdlBKqZfy_NuHZF3n3nAjmEXFLIKNDqus-09ZgxoDwGGQA9IgsqOEsrBuKYLCLE0wIKcUrOvO8jwCshFuTlDgPqYMZN4uxmwkSFoPSnT-yYaDsM6LRR2-THONyi98nz6APG3YcdIjsFO6hg4uz3MR_8OTnp1Nbjxd-5JO8P92-rp3T9-vi8ul2nOmcipB00Ks9rlmuVs7Iq27bp2k4z3rCmZCVAp1XBWg1lXfAaqraoVUOxYAXlDfAyX5Krw707Z78m9EH2dnJjfFIyqATkFASNFDtQ2lnvHXZy58yg3F5SkLM32cvZm5y9zVnUEks3hxLG_38bdNJrg6PGNjrQQbbW_Ff_BZDXdvo</recordid><startdate>201805</startdate><enddate>201805</enddate><creator>Talbot, Christopher M.</creator><creator>Temple, Michael A.</creator><creator>Carbino, Timothy J.</creator><creator>Betances, J. Addison</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201805</creationdate><title>Detecting rogue attacks on commercial wireless Insteon home automation systems</title><author>Talbot, Christopher M. ; Temple, Michael A. ; Carbino, Timothy J. ; Betances, J. Addison</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c328t-f0ba33923ca32565ddbfdfc27b2b52500fca42dc05947906d49ab1e42417b0753</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Authentication protocols</topic><topic>Automation</topic><topic>Cybersecurity</topic><topic>Devices</topic><topic>Discriminant analysis</topic><topic>Feature extraction</topic><topic>Frequency shift</topic><topic>Genetic fingerprinting</topic><topic>Home Automation</topic><topic>Insteon</topic><topic>Internet of Things</topic><topic>IoT</topic><topic>Malware</topic><topic>Multi-Factor Authentication</topic><topic>RF-DNA</topic><topic>SDR</topic><topic>Smart houses</topic><topic>Software radio</topic><topic>Studies</topic><topic>Time domain analysis</topic><topic>Wireless communications</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Talbot, Christopher M.</creatorcontrib><creatorcontrib>Temple, Michael A.</creatorcontrib><creatorcontrib>Carbino, Timothy J.</creatorcontrib><creatorcontrib>Betances, J. Addison</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Talbot, Christopher M.</au><au>Temple, Michael A.</au><au>Carbino, Timothy J.</au><au>Betances, J. Addison</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Detecting rogue attacks on commercial wireless Insteon home automation systems</atitle><jtitle>Computers & security</jtitle><date>2018-05</date><risdate>2018</risdate><volume>74</volume><spage>296</spage><epage>307</epage><pages>296-307</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>The Internet of Things (IoT) and commercial wireless home automation applications are expanding as technical capability evolves and implementation costs continue to decrease. However, many home automation devices lack robust security and are vulnerable to a multitude of bit-level attacks. This was highlighted during the first successful Insteon network intrusion demonstration that occurred at DEF CON 23 using a Software Defined Radio (SDR) with YARD Stick One devices. In response, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is introduced here as a counter-hacking approach for augmenting network bit-level Identity (ID) authentication using Physical Layer (PHY) waveform features. An RF-DNA Fingerprinting process is adopted here and applied to wireless Insteon home automation devices. Rogue device detection is addressed using a Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) ID verification process. Rogue assessments include attacks by like-model Insteon Switch (IS) devices and YARD Stick One SDR devices programmed to present actual (false) bit-level credentials for authorized Insteon devices while functionally controlling the state of an unprotected (no RF-DNA discrimination) targeted end point device. Device classification and Rogue Rejection Rate (RRR) performance is assessed using Time Domain (TD) and Slope-Based Frequency Shift Keyed (SB-FSK) Fingerprinting with features extracted from a variant (data dependent) signal response region. The Rogue Rejection Rate (RRR) for SB-FSK Fingerprinting was superior to TD Fingerprinting and included RRR ≈ 95% for 25 like-model IS attacks and RRR ≈ 100% for 36 YARD Stick One SDR attacks. SB-FSK Fingerprinting is more computationally efficient (70% fewer features) than TD Fingerprinting and provides an added benefit of being implementable using features extracted from variant data dependent FSK signal response regions.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2017.10.001</doi><tpages>12</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-4048 |
| ispartof | Computers & security, 2018-05, Vol.74, p.296-307 |
| issn | 0167-4048 1872-6208 |
| language | eng |
| recordid | cdi_proquest_journals_2068031081 |
| source | Access via ScienceDirect (Elsevier) |
| subjects | Authentication protocols Automation Cybersecurity Devices Discriminant analysis Feature extraction Frequency shift Genetic fingerprinting Home Automation Insteon Internet of Things IoT Malware Multi-Factor Authentication RF-DNA SDR Smart houses Software radio Studies Time domain analysis Wireless communications |
| title | Detecting rogue attacks on commercial wireless Insteon home automation systems |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-02T01%3A17%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Detecting%20rogue%20attacks%20on%20commercial%20wireless%20Insteon%20home%20automation%20systems&rft.jtitle=Computers%20&%20security&rft.au=Talbot,%20Christopher%20M.&rft.date=2018-05&rft.volume=74&rft.spage=296&rft.epage=307&rft.pages=296-307&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2017.10.001&rft_dat=%3Cproquest_cross%3E2068031081%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2068031081&rft_id=info:pmid/&rft_els_id=S0167404817302055&rfr_iscdi=true |