With growing popularity of smart, mobile and IoT devices, wireless has emerged as the primary mode of connectivity for such devices. In order to connect to a user’s network, these devices typically need to authenticate to the network’s Wi-Fi access point. These wireless APs typically useWPA-PSK based authentication, which requires the devices to be authenticated using pre-shared keys (PSKs), as shown in Fig. 36. WPA-PSK based authentication is widely popular choice for setting up Wi-Fi networks because it does not assume any security associations between users and device manufacturers and is relatively to setup.
6.7.1 Limitations of WPA
The primary draw back of this technique is that authentication reliability is dependent on the confidentiality of PSK, as any entity with access toPSK will be able to authenticate itself with AP. Currently, the number of devices associate to Wi-Fi networks is relatively small for typical SOHO networks.
With the emergence of IoT devices, the number of connected devices will grow by an order of magnitude. These devices are developed by fast moving teams in large enterprises or independent start-up teams who have limited resources and hard deadlines to launch their devices.
Therefore, security get little to no consideration in product design and
Network 1 PSK: SecretKey1
Network 2 PSK: SecretKey2 Wired
link
Figure 36: Typical WPA-PSK based wireless network setup. In these setups, each device is authenticated using same PSK.
development process. Mostly, these devices do not have a device life cycle support, which leads to likelihood of having many IoT devices with a number of security vulnerability and no support cycle to provide security updates or software patches [72]. Attackers and hackers can exploit these vulnerabilities obtain thePSK, this compromising the security of device authentication [81, 116, 119].
Using one PSKs for setting up Wi-Fi networks has many other issues undermining the reliability of usingPSKas network security parameters e.g. if an employee leaves the enterprise, thePSKneeds to be updated, which means re-associating all devices with newPSK. It can be a tedious task to perform in large networks and become more troublesome if happens frequently. Similarly, the PSKs typically used to setup SOHO networks are not very strong and can easily be broken by an attacker [109]. Since Wi-Fi connectivity is not bounded by physical parameters, attacker can get authenticated connectivity to the targeted network without need to break into target premises. Once attacker devices authenticate to target network using compromisedPSK, it can snoop on other device activity, infect other devices and perform a number of other attacks [22].
The compromise of PSK confidentiality can have adversely affect the security of targeted network, as an attacker is able to join the network and attack other devices in the network. Therefore, we require a Wi-Fi deployment framework which resolves the security issues raised by compromised PSKs.
IEEE 802.1X system allows Wi-Fi networks to setup a RADIUS server for managing client and device authentication. Such a setup uses user credentials to allow connectivity for a device once it joins the network. However, this technique requires setting up authentication and authorization servers in the network and may not work with typical APs deployed in SOHO environments.
6.7.2 State of the Art
Another technique to mitigate this problem is to user device specific PSKs to connect different devices to the network. Ruckus networks have proposed a patented scheme to use device specific Dynamic PSK (DPSK) [97]. This setup generates dynamic keys for each connected device and updates them automatically on user devices. However, this technique only works with proprietary hardware from Ruckus networks. Also, it requires to setup a authentication service and an application on smart-phone or laptops to operate. Therefore, its usability in greatly limited in IoT case and typical SOHO networks.
Aerohive networks have also proposed a similar scheme of using private PSKs (PPSK) [73]. This scheme allows the network manager to generate a set of PSKs which are used for associating devices (one device per key). This technique also works only with proprietary Aerohive APs and Hive Manager.
Both these technique provide support to revoke key if the key or device is compromised, but they do not provide support to setup dynamic access control based on device behavior. Therefore, an attacker can still successfully impersonate any device and use the compromised key to authenticate with the network and infect other devices.
6.7.3 Proposed Solution
Using our proposed system, we provide a solution for network deployments which can resolve security issues raised by compromised PSKs (including DPSK, PPSK). Our system utilizes PSKs and other techniques for device identification and dynamic access control to limit device connectivity in the network. In most cases, IoT devices have only a specific functionality which requires only limited network interactions for operations e.g. a smart kettle requires to connect to smartphone for getting coffee making instructions but it does not need to connect to any other device in the network e.g. smart fridge or smart TV.
Similarly, a smart doorbell only needs to be able to connect to smartphone application but does not need any connectivity with smart kettle or any other device inside home. Using this information, our system can limit the device interactions with other devices in the network.
In order to identify the device, we can use a number of parameters including device registration, device activity fingerprinting and device specific unique PSKs. Device registrations are performed by users when they first connect a device to the network. Based on user preferences, no unregistered device should have access to any device in the network (or not network access at all). When the device is registered, a unique PSK (uPSK) is generated for the device to connect to the network, see Fig. 37. Different techniques to identify a device and its profile are discussed in detail in Sect. 6.1. Device
Securebox
PSK: UjtP3JDGYD
PSK: fpQADGjfD5 PSK: K9h8T34t6d
PSK: 5tJrmdd2pZ
PSK: 2dqLR4Xyrp
PSK: f46sbGZKbd
Figure 37: Securebox based network deployment using uPSK.uPSK based scheme uses unique keys for each of the device. These keys are used to identify the device and limit device access to the network as well.
specific uPSKwill also become on of the parameters to identify the device.
When Securebox identifies a device, it requests SMS to send policy database update including device specific security policies in the network.
These policies limit the device interactions to any other devices and limits its access to the Internet e.g. if user sets up a CCTV camera at his home, SMS will send policy database which would direct Securebox to“not allow any IoT device to connect to CCTV camera from user network” and“donot allow any connections to CCTV camera to/from Internet”. User can specify the file server to record video feed from CCTV camera and that policy will have higher priority then SMS’s injected policies. Therefore, CCTV will be able to connect to user file server but not able to connect to any other server on the Internet.
Dynamic access control greatly limits the attackers ability to infect other devices in the network, even if it gets access touPSK. Firstly, the attacker will not be able to authenticate to the network because Securebox can detect duplicate authenticate connection request using same uPSK and consider it as anomaly. Securebox will raise an alarm and notify the user about
Table 8 Feature comparison of device specific key based solution.
Features DPSK
[97]
PPSK [73]
uPSK
Device specific keys X X X
Proprietary technique X X 5
Require proprietary hardware X X 5
Secure D2D communication 5 5 X
Auto update of keys Limited 5 Limited
Device profiling 5 5 X
Device vulnerability assessment 5 5 X Support keyless wireless
environ-ments
5 5 X
Supports software-defined Wi-Fi 5 5 X
possible key compromise and replace compromiseduPSK. The new uPSK is automatically updated on destination device if the device supports running software application e.g. smartphone, laptops or desktops. Otherwise, user can update this key manually on IoT devices.
Secondly, if the attacker takes down the device from the network and use compromiseduPSKfor that device to authenticate to the network, Securebox will be able to distinguish attacker’s device from the device whose uPSK is compromised. Once again, Securebox will detect the anomaly anduPSK will be updated.
Thirdly, if the attacker is able to impersonate the device well enough to trick device identification mechanism, the access granted to attacker’s device will be greatly limited due to dynamic access control. This limited connectivity will prevent attacker from infecting other devices in the network.
If the attacker tries to perform aggressive network attack, Securebox will detect this activity, block the device from network and notify the user.
Table 8 provides a comparison of features offered by Aerohive PSK and Ruckus DPSK based technique with our proposeduPSK technique. It shows that our proposed technique provides a number of additional features to secure D2D communications within user networks. These features are helpful in cases where an infected device or an attacker tries to connect to user network and infect other devices in the network.
In some cases, Wi-Fi networks can be setup without requiring any PSK.
Such networks will provide open connectivity to any device without requiring prior authentication. Once the device is connected to the network, Securebox runs a security estimation for the device. Combining security estimation along with device registration information, Securebox will generate a trust index for the device. The trust index will be used to setup device specific policies in the network. These policies will dictate the network access level
for the device. The proposed system can support this mechanism as it allows Securebox to implement device and context specific policies on Securebox.