POSTER: iTieProbe: Is IoT Device Provisioning secure against MAC Layer authentication-token based replay attacks?
Pages 1958 - 1960
Abstract
IoT device provisioning is the process of setting up headless IoT devices with their companion mobile apps. IoT vendors and manufacturers have the flexibility of different provisioning methods, one of them being the Access Point (AP) pairing mode over Wi-Fi, and hence, they can derive existing Wi-Fi threats and add new ones. AP pairing mode provisioning shares critical information about the Wi-Fi router or sends an authentication token associated with the user's cloud account, which may lead to vulnerabilities. In this paper, we have designed and developed a vulnerability testing tool called "iTieProbe". iTieProbe captures the Wi-Fi traffic to check the provisioning of commercial IoT devices and has the capability to extract critical security parameters. Further, iTieprobe selectively crafts the captured Wi-Fi packets and replays them to test three different vulnerabilities (V1- V3): i) In V1- iTieprobe replays the Wi-Fi packets outside the lifetime of the authentication token without any manipulation, ii) In V2 - iTieprobe replays within the lifetime of the authentication token without any manipulation in the Wi-Fi packets, iii) In V3- iTieprobe meticulously crafts the selected UDP packets and then replays it within the lifetime of the authentication token. The effect of these vulnerabilities ranges from a simple denial of service by a legitimate user not being able to provision the IoT device to a more severe one, where an adversary can set up the IoT devices. We have evaluated the efficacy of iTieprobe against two commercial IoT devices, IoT Haat Smart Plug and Wipro Smart Plug, that are using Tuya-based implementations for their provisioning. We believe this work will help the vendors to improve their provisioning methods.
References
[1]
Abbas A, Hossein F, Tigist A, Amit Kumar S, Markus M, Hidayet Aksu, M Conti, Ahmad-Reza S, and Selcuk U. 2020. Peek-a-Boo: I See Your Smart Home Activities, Even Encrypted! (WiSec '20). ACM, New York, NY, USA, 207--218.
[2]
Tuya Smart Life APP SDK Developer. Last Updated: Jan, 2022. IoT Device Pairing.
[3]
Rostand A. K. Fezeu, Timo J. Salo, A Zhang, and Zhi-Li Zhang. 2021. Poster: Unveiling IoT Devices Provisioning Process.
[4]
Gartner. Last Updated: June 2021. Global Government IoT Revenue for Endpoint Electronics and Communications to Total USD 21 Billion in 2022.
[5]
Silicon Labs. 2024. Tuya Smart Brings No-Code IoT Development to Anyone Using Silicon Labs' Wireless Solutions.
[6]
Gil Reiter. Last Updated: 2019. A primer to Wi-Fi provisioning for IoT applications.
[7]
Trend Micro Research. Last Updated: Dec 2021. TOWARD A NEW MOMENTUM Trend Micro Security Predictions for 2022.
[8]
M Sethi, A Peltonen, and T Aura. [n.d.]. Misbinding Attacks on Secure Device Pairing and Bootstrapping (Asia CCS '19). New York, NY, USA.
[9]
Y Zhang, S Ma, J Li, D Gu, and E Bertino. 2022. KingFisher: Unveiling Insecurely Used Credentials in IoT-to-Mobile Communications. In Proc. of 52nd (DSN) (2022).
Index Terms
- POSTER: iTieProbe: Is IoT Device Provisioning secure against MAC Layer authentication-token based replay attacks?
Recommendations
Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks
MicroScope and other similar microarchitectural replay attacks take advantage of the characteristics of speculative execution to trap the execution of the victim application in a loop, enabling the attacker to amplify a side-channel attack by executing it ...
Reconfigurable Binding against FPGA Replay Attacks
The FPGA replay attack, where an attacker downgrades an FPGA-based system to the previous version with known vulnerabilities, has become a serious security and privacy concern for FPGA design. Current FPGA intellectual property (IP) protection ...
Design guidelines for security protocols to prevent replay & parallel session attacks
This work is concerned with the design of security protocols. These protocols are susceptible to intruder attacks and their security compromised if weaknesses in the protocols' design are evident. In this paper a new analysis is presented on the reasons ...
Comments
Information & Contributors
Information
Published In
July 2024
1987 pages
ISBN:9798400704826
DOI:10.1145/3634737
- Chair:
- Jianying Zhou,
- Co-chair:
- Tony Q. S. Quek,
- Program Chairs:
- Debin Gao,
- Alvaro Cardenas
Copyright © 2024 Copyright held by the owner/author(s).
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Check for updates
Author Tags
Qualifiers
- Poster
Funding Sources
Conference
ASIA CCS '24
Sponsor:
ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security
July 1 - 5, 2024
Singapore, Singapore
Acceptance Rates
Overall Acceptance Rate 418 of 2,322 submissions, 18%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 49Total Downloads
- Downloads (Last 12 months)49
- Downloads (Last 6 weeks)4
Reflects downloads up to 06 Jan 2025
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in