HDMI-Walk: Attacking HDMI devices through the High Definition Media Interface (HDMI)

The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video interfacing between video-enabled devices. Today, almost tens of billions of HDMI devices exist in the world and are widely used to distribute A/V signals in smart homes, offices, concert halls, and sporting events making HDMI one of the most highly deployed systems in the world. An important component in HDMI is the Consumer Electronics Control (CEC) protocol, which allows for the interaction between devices within an HDMI distribution network. Nonetheless, existing network security mechanisms only protect traditional networking components, leaving HDMI-Walk outside of their scope. In this work, we identify and tap into CEC protocol vulnerabilities, using them to implement realistic proof-of-work attacks on HDMI distribution networks.
Project Sponsor: National Science Foundation
Project Duration: 06/15/18-08/23/19

Privacy-Aware Wearable-Assisted Continuous Authentication Framework

Whether it is one-factor or MFA, a one-time login process does not guarantee that the identified user is the real user throughout the login session. Even if it is an insider who has been authorized once, forever access is provided in most cases not to interrupt the current user. Hence, an authentication that re-verifies the user periodically without breaking the continuity of the session is vital. In this project, we introduce a Wearable-Assisted Continuous Authentication framework called WACA, where a wearable device (e.g., smartwatch) is used to authenticate a computer user continuously utilizing the motion sensors of the smartwatch.
       Project Sponsor: National Science Foundation
       Project Duration: 8/15/17-7/31/19

SaINT: Sensitive Information Tracking in IoT Applications

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has had profound effects on society—smart homes, personal monitoring devices, enhanced manufacturing, and other IoT applications have changed the way we live, play and work. Yet extant IoT platforms provide few means of evaluating the use (and potential misuse) of sensitive information. In this project, we present SaINT, a tool for analyzing sensitive data leakage in IoT implementations. SaINT operates in three phases; (a) translation of platform-specific source code into an IR modeling sensor-computation-actuator structures, (b) identifying sensitive sources and sinks, and (c) performing static analysis to identify sensitive data leakage.

Proviz: Sensor Development Software for IoT Devices

Proviz is an Internet of Things application development software. You can use Proviz to create Internet of Things applications without requiring any software or hardware experiences.

Project Sponsor: National Science Foundation

Project Duration: 09/01/13-08/31/17

6thSense: Securing Sensory Side-Channels in Cyber-Physical Systems and IoT Devices and Applications

Modern devices have become “smart” in recent years with the advancement of modern electronics and wireless communication systems. Smart devices such as smartphone, smartwatch, fitness trackers, etc. are equipped with high precision sensors, empowering them to gather information about user characteristics as well as the surrounding environment. These sensor-enriched devices have opened a new domain of sensing-enabled applications. With the rapid growth sensing-enabled applications, smart devices are integrated into every possible application domain, from home security to health care to the military. Some applications can even learn the characteristics of users using sensor data and take automatic decisions to improve the user experience.

Project Sponsor: National Science Foundation

Project Duration: 06/01/15-05/31/20

Compromised Device Detection

The core concept of the smart grid is the realization of two-way communications between smart devices. The integration of complex and heterogeneous networks as well as their devices into the smart grid must be done not only in an efficient but also in a secure manner. Nonetheless, with all its dependency upon device operations and communications, the smart grid is highly vulnerable to any security risk stemming from devices. Especially, the use of compromised devices can wreak havoc on the smart grid’s critical functionalities and can cause catastrophic consequences to the integrity of the smart grid data and/or users’ privacy.

Project Sponsor: Department of Energy

Project Duration: 09/15/15-09/14/20

ct Sponsor: National Science Foundation

Project Duration: 06/01/15-05/31/20

Authors: Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, A. Selcuk Uluagac
Link: https://arxiv.org/pdf/1808.02741.pdf
Corresponding Author: Abbas Acar

In this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying particular types of IoT devices, their actions, states, and ongoing user activities in a cascading style by only observing passively the traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices and sensors utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the real activities of the devices. We also demonstrate that the provided solution provides better protection than existing solutions.

 

Aegis: A Context-aware Security Framework for Smart Home Systems

Our everyday lives are expanding fast with the introduction of new Smart Home Systems (SHSs). Today, a myriad of SHS devices and applications are widely available to users and have already started to re-define our modern lives. Smart home users utilize the apps to control and automate such devices. Users can develop their own apps or easily download and install them from vendor-specific app markets. App-based SHSs offer many tangible benefits to our lives, but also unfold diverse security risks. Several attacks have already been reported for SHSs. However, current security solutions consider smart home devices and apps individually to detect malicious actions rather than the context of the SHS as a whole. The existing mechanisms cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these issues, in this project, we introduce Aegis, a novel context-aware security framework to detect malicious behavior in a SHS.

Project Sponsor: National Science Foundation

Project Duration: 06/01/15-05/31/20

USA