The Internet of Things has changed the way we interact with the environment around us in our daily life, and it is increasingly common to find more than one IoT device in our home. However, the current design approaches adopted by the vendors are more oriented towards customer usability than to security. This often results in more and more devices exposing serious security problems. This work focuses on the security implications, i.e. the threats and the risks, of the current IoT pairing mechanisms and represents a step forward in the definition of our automated penetration testing methodology. In addition to the general threat model for a general IoT pairing process, we present the analysis of a QR code-based pairing mechanism implemented by a class of devices taken from the real market, which led to the identification of two vulnerabilities, one of which publicly disclosed as CVE-2021-27941.

Security in IoT pairing & authentication protocols, a threat model and a case study analysis / Granata, D.; Rak, M.; Salzillo, G.; Barbato, U.. - 2940:(2021), pp. 207-218. (Intervento presentato al convegno 5th Italian Conference on Cybersecurity, ITASEC 2021 nel 2021).

Security in IoT pairing & authentication protocols, a threat model and a case study analysis

Granata D.;Rak M.;
2021

Abstract

The Internet of Things has changed the way we interact with the environment around us in our daily life, and it is increasingly common to find more than one IoT device in our home. However, the current design approaches adopted by the vendors are more oriented towards customer usability than to security. This often results in more and more devices exposing serious security problems. This work focuses on the security implications, i.e. the threats and the risks, of the current IoT pairing mechanisms and represents a step forward in the definition of our automated penetration testing methodology. In addition to the general threat model for a general IoT pairing process, we present the analysis of a QR code-based pairing mechanism implemented by a class of devices taken from the real market, which led to the identification of two vulnerabilities, one of which publicly disclosed as CVE-2021-27941.
2021
Security in IoT pairing & authentication protocols, a threat model and a case study analysis / Granata, D.; Rak, M.; Salzillo, G.; Barbato, U.. - 2940:(2021), pp. 207-218. (Intervento presentato al convegno 5th Italian Conference on Cybersecurity, ITASEC 2021 nel 2021).
File in questo prodotto:
File Dimensione Formato  
paper18.pdf

non disponibili

Licenza: Non specificato
Dimensione 714.11 kB
Formato Adobe PDF
714.11 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/986009
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact