Title: Smart Home Security

Duration: ongoing since April 2022

Research Area: Architectures, Scalability, Security

Currently, Internet-of-Things (IoT) or Smart-Home devices can be found everywhere in everyday life, from electric cars and smart TVs to washing machines and smart toothbrushes. This creates many new risks, e.g., new attack vectors over the Internet, the potential lack of firmware function updates in the future, or device failures at home due to the bankruptcy of a cloud provider abroad. Those risks are particularly challenging because users with no knowledge of cybersecurity operate complex, networked IT devices. Thus, potential security issues are not apparent to the user. For example, the Mirai botnet and its successors have been spreading via insecure IoT devices since 2016, unnoticed by their owners. Often, security loopholes were exploited that are actually effortless to fix, such as factory-default passwords or outdated software packages with known vulnerabilities.

Aims

This project aims for two objectives: First, we want to use machine learning and AI to detect potential security issues automatically, i.e., without the help of a user that does not possess cybersecurity knowledge. This includes not only intrusion detection mechanisms, but also fingerprinting approaches to learn the structure and the context of the Smart Home network. Second, we strive to use generative AI models to deal with the user’s lack of expert knowledge. Thus, the AI might explain detected security issues, potential false alarms and possible security measures in a comprehensible, intuitive language to the user. Because this means that sensitive information from the internal network is sent to an external AI model, approaches such as encryption play an important role.

Problem

Our objectives are challenging. From a processural perspective, a comprehensive risk catalog and adequate measures for Smart Home and IoT devices do not yet exist. Using intrusion detection approaches in the envisioned way requires a different IT Security process and an adapted IT Security lifecycle. From a technical perspective, it is unclear how to replace missing expert knowledge about security issues reliably, without creating new attack vectors. Finally, our approach is connected to various ethical and privacy-related research topics.

Practical example

We have already investigated a broad range of practical use cases. For example, we have developed a risk catalog by using a smart fridge as a prominent example for IoT technologies used in a Smart Home context. We are developing ChatIDS, an intrusion detection system that communicates security issues in a natural language to the user. We have tested the applicability of homomorphic encryption to smart-mobility use cases, and more examples will follow. Furthermore, we have developed a practical lab course to explore our approaches together with students.

Technology

We build on many technologies, such as various intrusion detection systems, large language models or homomorphic encryption libraries.

Outlook

Our research is quite at the beginning. With any new use case, we extend our treasure trove of potential risks, applicable technologies and open issues for upcoming research. In the near future, we will consider further use cases, and we will develop well-explainable demonstrator applications to draw attention to our lines of research and foster interdisciplinary collaborations.

Publications

• JÜTTNER, Victor; GRIMMER, Martin; BUCHMANN, Erik. ChatIDS: Explainable Cybersecurity Using Generative AI. In: Proceedings of the 17th Conference on Emerging Security Information, Systems and Technologies (SECURWARE’23), 2023
  
• JÜTTNER, Victor; GRIMMER, Martin; BUCHMANN, Erik. ChatIDS: Explainable Cybersecurity Using Generative AI. In: arXiv.2306.14504, 2023
  
• HANNEMANN, Anika; BUCHMANN, Erik. Is Homomorphic Encryption Feasible for Smart Mobility? In: Proceedings of the 18th Federated Conference on Computer Science and Information Systems (FedCSIS’23), 2023
  
• JÜTTNER, Victor; BUCHMANN, Erik. Die Entwicklung eines digitalen Praktikums der Cybersicherheit im Bereich “Smart Home”. In: Tagungsband der 21. Fachtagung Bildungstechnologien der GI Fachgruppe Bildungstechnologien (DELFI 2023), 2023
  
• BUCHMANN, Erik. Long-Term Risks of IoT Devices: The Case of the Smart Fridge. In: Proceedings of the 17th Conference on Digital Society (ICDS’23), 2023
  
• HAAR, Christoph; BUCHMANN, Erik. IoT Security With INFINITE: The 3-Dimensional Internet Of Things Maturity Model. In: Proceedings of the 9th IEEE Conference on Internet of Things: Systems, Management and Security (IOTSMS’22), 2022
  
• HAAR, Christoph; BUCHMANN, Erik. IoT Security: A Basic IoT Hardware Security Framework. In: Proceedings of the 7th International Conference on Advances in Computation, Communications and Services (ACCSE’22), 2022

Team

Lead

• Prof. Dr. Erik Buchmann

Team Members

• Anika Hannemann
• Victor Jüttner

Partners

• Martin Grimmer
• Jörn Hoffmann
• Christoph Haar