In this project you will investigate the state of the art of smart-home/building/campus technology and its (in)security. You are expected to survey commercial and academic standards and proposals in the field. You are also expected to collect attacks that have been published on off-the-shelf equipment. Finally you will be asked to assess the security and privacy of a few off-the-shelf equipment.

Smart-homes are all the rage these days for end-users with commercial offerings from Google (Google Home), Amazon (Alexa), Apple (HomeKit) for instance. More industry-oriented systems also exist for smart-buildings and campuses. Such systems rely on sensors and actuators disseminated in a building or its surroundings, and controllers, which all communicate through frequently wireless networks, and using specific protocols (MQTT, ONVIF,…). It is also well known that smart-home or smart-building or smart-campus equipment have long been the target of attacks ranging from cameras (IZON STEM for instance) to connected fridges or smart televisons (LG). These attacks aim either at the security of connected equipment, for instance unlocking a smart-lock, or penetrating the wireless LAN to which a connected appliance is connected, or at the privacy of the dwellers and users, as illustrated by surveillance cameras breaches for instance exposed through the Shodan service.

In this project, you will first survey the attacks that have been performed in the field, especially in recent years. You will also survey the security mechanisms that have been designed in the industry and whether these have been successful so far. You will also investigate whether the smart-home protocols and standards that have been devised by industrials and DIY-ers and technology enthusiasts may be vulnerable to security or privacy breaches.

Further to this state of the art, you will foolproof several existing off-the-shelf commercial smart-home appliances> We might for instance provide you with simple connected appliances like SONOFF outlets, connected lights, IP cameras, or JEEDOM hub. You will then have to understand the architecture of the solution in which those appliances are deployed and to decide on your security assessment (which tests? Software or Hardware? Selecting appropriate tools, etc.). You will finally provide us with an assessment report on at least one of those appliances. Other equipment - for instance originating from research projects - might be evaluated depending on your investigations and its availability in the lab.

This project will be co-supervised by Jean-Yves Tigli and Karima Boudaoud.

Compétences Requises

You are expected to have some expertise about software, system and/or network security, as well as some knowledge or understanding of smart-home/building/campus technology. Groups combining students from the CASPAR and IAM tracks will be preferred due to their expertise.

Besoins Clients

  • investigate recent trends in smart-home/building/campus hacking
  • investigate the security of some equipment and consequences of a breach if observed
  • report and publish findings if security breach is discovered

Résultats Attendus

  • survey about smart-home/building/campus architectures and their security/privacy risks and liabilities (known attacks)
  • report on the security assessment of the selected connected appliances

Références

Informations Administratives

  • Contact : Yves ROUDIER Yves.Roudier@i3s.unice.fr
  • Identifiant sujet : Y1819-S031
  • Effectif : entre 2 et 3 étudiant(e)s
  • Parcours Recommandés : CASPAR,IAM
  • Équipe: SPARKS