Home


HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps

A. Overview

YouTube Video


B. Real World Attack/Defense Examples

Application-Level Protection

ATTACKS

  • Unauthorized access by a malicious application on trusted device succeeds without HanFence. Here we demonstrate how a malicious app on an authorized phone can get unfettered access to unprotected IoT devices in a Home Area Network:
App-Level Adversary for WeMo Devices

YouTube Video



App-Level Adversary for the "My N3rd" device ("My N3rd" can connect to any other device to enable the user to control it form the "My N3rd" app. For the purposes of demonstration we attached an LED to the "My N3rd" device to show when it turns on/off.)

YouTube Video



DEFENCES
  • Unauthorized access by a malicious application on a trusted device fails with HanFence enabled. Here we demonstrate how HanFence can protect an IoT device in a Home Area Network. HanFence achieves this by cooperation of a userspace app with no-system privileges on the user's phone and a security enhanced router in the HAN:
HanFence thwarting the App-Level Adversary for WeMo Devices

YouTube Video


HanFence thwarting the App-Level Adversary for the "My N3rd" device ("My N3rd" can connect to any other device to enable the user to control it form the "My N3rd" app. For the purposes of demonstration we attached an LED to the "My N3rd" device to show when it turns on/off.

YouTube Video


Phone-Level Protection

HanFence has a second line of defence to ensure that traffic for IoT devices is only allowed when it originates from a phone that it is allowed by the policy to access the target IoT device. Here we demonstrate how with the current state of affairs any phone (e.g a guest phone) can access all vulnerable IoT devices on a HAN. Then we show how this is controlled by HanFence.

ATTACKS
  • Unauthorized phone access succeeds without HanFence. This video demonstrates that any phone on the local network can control vulnerable home IoT devices.

Phone-Level Adversary for WeMo Devices

YouTube Video


Phone-Level Adversary for My N3rd

YouTube Video




DEFENCES
  • Unauthorized phone access fails with HanFence enabled. This video shows that with HanFence enabled, the untrusted phone is blocked. The untrusted phone in the video is assumed to be a device that does not belong to a HAN user (e.g. a guest phone). In essence that device, does not have the necessary triple: MAC address; HanFence Monitor certificate; and the user credentials. 
HanFence thwarting the Phone-Level Adversary for WeMo Devices

YouTube Video


HanFence thwarting the Phone-Level Adversary for My N3rd

YouTube Video



*Note that even if the trusted phone is compromised, it won't be able to access other IoT devices that is not allowed by the policy. This is because, HanFence enforces device-level policies at the router. This means that HanFence does not need to trust the phone HanFence Monitor to guarantee device-level protection. The triple (MAC address; HanFence Monitor certificate; and the user credentials) is used to authenticate the device to the router. However, requests from an authenticated device to access IoT devices not allowed by the admin-confirmed policy are rejected and the admin is notified out of band (through email).



C. Manual Categorization of IoT Products

Dataset: 353 IoT products web-crawled from iotlist.co.

Categories with sub-categories: Wearables; Home Automation, Home Entertainment; Home Security;