ArticlePDF Available

Abstract and Figures

The concept of Internet of Things (IoT) has become more popular in the modern era of technology than ever before. From small household devices to large industrial machines, the vision of IoT has made it possible to connect the devices with the physical world around them. This increasing popularity has also made the IoT devices and applications in the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of the IoT devices. One interesting emerging threat vector is the attacks that abuse the use of sensors on IoT devices. IoT devices are vulnerable to sensor-based threats due to the lack of proper security measurements available to control use of sensors by apps. By exploiting the sensors (e.g., accelerometer, gyroscope, microphone, light sensor, etc.) on an IoT device, attackers can extract information from the device, transfer malware to a device, or trigger a malicious activity to compromise the device. In this survey, we explore various threats targeting IoT devices and discuss how their sensors can be abused for malicious purposes. Specifically, we present a detailed survey about existing sensor-based threats to IoT devices and countermeasures that are developed specifically to secure the sensors of IoT devices. Furthermore, we discuss security and privacy issues of IoT devices in the context of sensor-based threats and conclude with future research directions.
Content may be subject to copyright.
A Survey on Sensor-based Threats to
Internet-of-Things (IoT) Devices and Applications
Amit Kumar Sikder1, Giuseppe Petracca2, Hidayet Aksu1, Trent Jaeger2, and A. Selcuk Uluagac1
1Cyber-Physical Systems Security Lab (CSL) 2Systems and Internet Infrastructure Security Lab (SIIS)
Department of Electrical and Computer Engineering Department of Computer Science and Engineering
Florida International University, Miami, Florida-33199, USA Penn State University, University Park, Pennsylvania-16801, USA
Email: {asikd003, haksu, suluagac}@fiu.edu Email: {gxp18, tjaeger}@cse.psu.edu
Abstract—The concept of Internet of Things (IoT) has become
more popular in the modern era of technology than ever before.
From small household devices to large industrial machines, the
vision of IoT has made it possible to connect the devices with the
physical world around them. This increasing popularity has also
made the IoT devices and applications in the center of attention
among attackers. Already, several types of malicious activities
exist that attempt to compromise the security and privacy of
the IoT devices. One interesting emerging threat vector is the
attacks that abuse the use of sensors on IoT devices. IoT devices
are vulnerable to sensor-based threats due to the lack of proper
security measurements available to control use of sensors by
apps. By exploiting the sensors (e.g., accelerometer, gyroscope,
microphone, light sensor, etc.) on an IoT device, attackers can
extract information from the device, transfer malware to a device,
or trigger a malicious activity to compromise the device. In
this survey, we explore various threats targeting IoT devices
and discuss how their sensors can be abused for malicious
purposes. Specifically, we present a detailed survey about existing
sensor-based threats to IoT devices and countermeasures that
are developed specifically to secure the sensors of IoT devices.
Furthermore, we discuss security and privacy issues of IoT
devices in the context of sensor-based threats and conclude with
future research directions.
Index Terms—Sensory side-channel attacks, CPS attacks, IoT
threats, IoT device security.
I. INTRODUCTION
INTERNET OF THINGS (IoT) is a concept that describes
a network of interconnected devices which has advanced
capabilities to interact with devices and also with human
beings and its surrounding physical world to perform a variety
of tasks [1]. In this context, the use of sensors on IoT devices
ensures a seamless connection between the devices and the
physical world. Indeed, modern IoT devices come with a wide
range of sensors (e.g., accelerometer, gyroscope, microphone,
light sensor, etc.) which enable more efficient and user-friendly
applications [2]. Using these sensors, IoT devices can sense
any changes in their surrounding and take necessary actions to
improve any ongoing task efficiently [3]. The ability to sense
changes in the physical world have made IoT devices able to
make autonomous decisions, whereas, efficient communication
between the devices and the physical world have made the
IoT devices very popular in various application areas: from
personal healthcare to home appliances, from big industrial
applications to smart cities. IoT devices are in many possible
application domain. The increasing popularity and utility of
IoT devices in divergent application domains made the IoT
industry to grow at a tremendous rate. According to a report
by Business Insider, there will be 30 billion devices connected
to the Internet by 2020 and more than 6 trillion dollars will
be invested in manufacturing of IoT devices in the next five
years [4].
The use of sensors in IoT devices inevitably increases the
functionality of the devices; however, the sensors can also be
used as vehicles to launch attacks on the devices or applica-
tions. For instance, recently, there have been several attempts
to exploit the security of IoT devices via their sensors [5]–[7].
Attackers can use the sensors to transfer malicious code or
trigger message to activate a malware planted in an IoT device
[8], [9], capture sensitive personal information shared between
devices (e.g., smartphone, smartwatch, etc.) [10]–[12], or even
extract encrypted information by capturing encryption and
decryption keys [13]. These sensor-based threats can pose
significant risk to the IoT systems and applications than the
conventional attacks as the manufacturers are not fully aware
of these threats yet [14]. Indeed, sensor-based threats are
becoming more prevalent with time because of the easy access
to the sensors and limited security measures that consider
these threats [15]–[18]. Furthermore, attackers do not need
any complicated tools to access the sensors which makes
sensor-based threats easier to execute [10], [19]. Hence, trivial
execution, easy access to the sensors, and lack of knowledge
about the sensor-based threats constitute significant risks for
the IoT devices and applications. Understanding these sensor-
based threats is necessary for researchers to design reliable
solutions to detect and prevent these threats efficiently.
Contributions—In this paper, we provide a survey on
threats that can be exploited to attack sensors in IoT devices
and applications. The contributions of this paper are:
First, we present a detailed discussion about sensor
management systems in various IoT operating systems
and identify the important shortcomings of the existing
systems.
Second, we provide a detailed taxonomy of sensor-based
threats in the IoT world.
Third, we discuss existing security solutions for IoT
devices and their shortcomings in the context of sensor-
based threats.
Fourth, we articulate several open issues and discuss
arXiv:1802.02041v1 [cs.CR] 6 Feb 2018
Sensor Type Sensor Name Description
Motion Sensors Accelerometer An electro-mechanical device which can measure changes in acceleration
forces along x, y, and z-axis.
• Detects various types of motion like shake, tilt, etc. and adjusts the display
of the device accordingly.
Linear Acceleration Sensor An accelerometer which can detect acceleration along one axis without
considering the effect of gravitational force.
• Helps to adjust the display with motion.
Gyroscope • Measures the rate of change of angular momentum in all three axes.
• Detects rotational movement of the device and adjusts display accordingly.
Environmental
Sensors
Light Sensor A photodiode which changes characteristics with the change of light intensity.
• adjusts brightness and contrast of the display of the device.
Controls automatic lighting system.
Proximity Sensor • IR-based sensor to detect the presence of nearby objects without any physical
contact.
• Reduces power consumption of the display by disabling the LCD backlight
and avoids inadvertent touches.
Temperature Sensor • Measures temperature of the device as well as ambient temperature.
• Controls and sets the temperature in a device.
Audio Sensor • Two types of audio sensor: microphone and speaker.
• Microphone: Detects acoustic signal.
• Speaker: Playbacks audio signal.
Camera Deals with light intensity, device ambiance, etc. to capture pictures and videos
of surroundings.
Provides live video feeds.
Barometer • Measures the pressure of the device peripheral.
Heart rate • Measures the heart rate of the user in beat per second.
Position Sensors GPS • Captures signal from the satellite to infer the location of the device.
• Helps in navigation systems.
Magnetic Sensor • Measures device’s magnetic field with respect to earth’s magnetic field.
• It is also used to fix display position by considering the magnetic field.
TABLE I: Sensors available in most IoT devices.
future research direction that could contribute to secure
sensors in IoT devices and applications.
Organization—The rest of the paper is organized as fol-
lows. We give the definition and general architecture of IoT
devices in Section II. In Section III, we briefly discuss existing
sensor management system of IoT OSes and their shortcom-
ings in detecting sensor-based threats. We present a set of
sensor-based threats in Section IV. In Section V, we articulate
security approaches that have been proposed to secure sensors
of IoT devices. Future research in the area of sensor-based
threats and security of IoT devices are described in Section
VI. Finally, we conclude this paper in Section VII.
II. BACKGROUND: COMPONENTS OF IOT
In this section, we identify the components of IoT devices
as it is relevant to understand the significance of sensor-
based threats on IoT devices and applications. In general, an
IoT device can be explained as a network of things which
consists of hardware, software, network connectivity, and
sensors [20]. Hence, the architecture of IoT devices comprises
four major components: sensing, network, data processing, and
application layers (as depicted in Figure 1) [21]. A detailed
description of these layers is given below.
A. Sensing Layer
The main purpose of the sensing layer is to identify any
phenomena in the devices’ peripheral and obtain data from
the real world. This layer consists of several sensors. Using
multiple sensors for applications is one of the primary features
of IoT devices [22]. Sensors in IoT devices are usually
integrated through sensor hubs [23]. A sensor hub is a common
connection point for multiple sensors that accumulate and
forward sensor data to the processing unit of a device. A
sensor hub uses several transport mechanisms (Inter-Integrated
Circuit (I2C) or Serial Peripheral Interface (SPI)) for data flow
between sensors and applications. These transport mechanisms
depend on IoT devices and create a communication channel
between the sensors and the applications to collect sensor data.
Sensors in IoT devices can be classified in three broad cate-
gories as described below. A detailed description of various
IoT sensors is given in Table I.
1) Motion Sensors: Motion sensors measure the change in
motion as well as the orientation of the devices. There are
two types of motions one can observe in a device: linear
and angular motions. The linear motion refers to the linear
displacement of an IoT device while the angular motion refers
to the rotational displacement of the device.
2) Environmental Sensors: Sensors such as Light sensor,
Pressure sensor, etc. are embedded in IoT devices to sense the
change in environmental parameters in the device’s peripheral.
The primary purpose of using environmental sensors in IoT
devices is to help the devices to take autonomous decisions
according to the changes of a device’s peripheral. For instance,
environment sensors are used in many applications to improve
user experience (e.g., home automation systems, smart locks,
2
Fig. 1: IoT Architecture Layers and Components.
smart lights, etc.).
3) Position sensors: Position sensors of IoT devices deal
with the physical position and location of the device. Most
common position sensors used in IoT devices are magnetic
sensors and Global Positioning System (GPS) sensors. Mag-
netic sensors are usually used as digital compass and helps to
fix orientation of device display. On the other hand, GPS is
used for navigation purposes in IoT devices.
B. Network Layer
The network layer acts as a communication channel to
transfer data, collected in the sensing layer, to other connected
devices. In IoT devices, the network layer is implemented by
using diverse communication technologies (e.g., Wi-Fi, Blue-
tooth, Zigbee, Z-Wave, LoRa, cellular network, etc.) to allow
data flow between other devices within the same network.
C. Data Processing Layer
The data processing layer consists of the main data pro-
cessing unit of IoT devices. The data processing layer takes
data collected in the sensing layer and analyses the data
to take decisions based on the result. In some IoT devices
(e.g., smartwatch, smart home hub, etc.), the data processing
layer also saves the result of the previous analysis to improve
the user experience. This layer may share the result of data
processing with other connected devices via the network layer.
D. Application Layer
The application layer implements and presents the results of
the data processing layer to accomplish disparate applications
of IoT devices. The application layer is a user-centric layer
which executes various tasks for the users. There exist diverse
IoT applications, which include smart transportation, smart
home, personal care, healthcare, etc. [24].
III. SENSOR MANAGEMENT SYSTEMS IN IOT OSES
Emerging IoT systems create a many-to-many relationship
between apps and sensors that OSes manage. Most IoT sys-
tems use more than one sensor to perform a task; thus, it
is impractical to implement a standalone management system
for each sensor. Moreover, to perform a task, an application
usually needs to access data from multiple sensors. A separate
sensor management for each sensor can cause delay in the
data flow from the sensors to the application, which hampers
user experience [25]. Hence, a sensor management system is
needed to manage and ensure secure data acquisition from
all the sensors. In this section, we discuss existing sensor
management systems implemented by current IoT OSes.
IoT devices may run one of a variety of OSes (i.e., Android,
iOS, Windows Phone OS, Blackberry OS, etc.). Most of these
OSes follow a permission-based sensor management system to
control access and data flow between the applications and the
sensors [26], [27]. As Android OS holds the highest market
share in IoT domain (approximately 37%), we briefly discuss
Android sensor management system in this section [28]. A
detailed overview of Android sensor management system is
given in Figure 2. Whenever an application wants to access
a sensor in Android OS, it has to communicate via a sensor
manager software. An application first sends a request to the
sensor manager to register the desired sensor. This registration
request includes the desired sensor parameters (e.g., frequency,
delay, etc.) and the SensorEventListener for the desired sensor.
After receiving the request, the sensor manager creates a
ListenerService for the application and maps the request with
the designed sensor driver to acquire sensor data. If more
than one App requests access for the same sensor, sensor
management system runs a multiplexing process to register
one sensor to multiple Apps. This data acquisition path from
the application to the sensor driver is initiated by the Hardware
Abstraction Layer (HAL) in the Android OS as shown in
Figure 2. HAL mainly binds the sensor hardware with the
device driver to acquire data. The sensor driver then activates
the requested sensor and creates a data flow path from the
sensor to the app [29]. On the other hand, Windows and
Blackberry OSes use Sensor Class Extension to connect sensor
hardware with the device driver [30], [31]. Windows OS
also uses User Mode Driver Framework to detect sensor
access request and create a data acquisition path between
sensor API and the APP. In iOS, the sensor management
system is divided into four core services: Core Motion, Core
Audio, Core Location, and Core Video [32]. The Core Motion
service provides access to the motion sensors and some of
the environmental sensors (e.g., barometer, light, proximity,
etc.). The audio sensors (microphone and speakers), GPS, and
the camera can be accessed via the Core Audio, the Core
Location, and the Core Video services, respectively. These
services provide data flow between sensors and apps according
to the requests.
Recently, Samsung introduced a new platform for smart
devices named Samsung SmartThings [33]. This platform
connects and controls all the IoT devices used in a home
automation system. The sensor management systems of several
devices can be controlled from one common platform (a hub
or smartphone). Unlike other systems, Samsung SmartThings
offers a capability-based sensor management system. With
SmartThings, applications interact with smart devices based
on their capabilities, so once the capabilities that are needed
3
Fig. 2: Example of Sensor Management System for Android.
by a SmartApp are specified, and once the capabilities that
are provided by an IoT device are identified, the devices -
based on the device’s declared capabilities - are selected for
use within a specific SmartApp.
The main shortcoming of the existing sensor management
systems is the dependency on the user’s consent for sensor
access. Most OSes used in IoT devices rely on a permission-
based access control for a specific subset of the supported
sensors including camera, microphone, and GPS. Whenever
an application is installed in an IoT device, it asks the
users to grant permission to access various sensors (e.g.,
camera, microphone, and GPS). Thus, malicious applications
may trick the user in granting access to sensitive sensors to
launch sensor-based attacks [5], [10], [19]. Users are typically
unaware of what the malicious applications are actually doing
with the sensed data [15], [17]. Furthermore, permissions are
imposed on selected sensors only (e.g., camera, microphone,
and GPS); thus, applications can easily access other no-
permission imposed sensors such as accelerometer, gyroscope,
light sensor, etc., as discussed in the following sections in
further details. These sensors can be exploited maliciously
and various sensor-based threats (e.g., information leakage,
denial-of-service, etc.) can be launched on IoT devices [34]–
[36]. Hence, existing sensor management systems of various
IoT OSes are unable to prevent the abuse of sensors in IoT
devices.
IV. SEN SO R-BASED THREATS TO IOT DEVICES
As existing sensor management systems and security
schemes cannot provide adequate security to the sensors,
attackers can exploit these sensors in various ways. In this
section, we provide a discussion about sensor-based threats on
IoT devices and survey the existing attack scenarios confirmed
by researchers [10], [15]–[19].
In general, sensor-based threats refer to passive or active
malicious actions which try to accomplish its malicious intents
by exploiting the sensors. Sensor-based threats can be passive
like observing the behavior of the device without obstructing
the normal operations of the device or active such as false
sensor data injection, transferring malicious sensor code to
the device. Further, sensor-based threats in IoT devices can be
categorized into four broad categories based on the purpose
and nature of the threats: The categories are: (1) Informa-
tion Leakage, (2) Transmitting Malicious Sensor Patterns or
Commands, (3) False Sensor Data Injection, and (4) Denial-
of-Service. These threats are described below.
A. Information Leakage
Information leakage is the most common sensor-based threat
in the context of IoT devices and applications. Sensors on
IoT devices can reveal sensitive data like passwords, secret
keys of a cryptographic system, credit card information, etc.
This information can be used directly to violate user privacy
or to build a database for future attacks. Only one sensor
can be enough for information leakage (e.g., eavesdropping
using microphone [10]) or multiple sensors can be exploited to
create a more complex attack (e.g., keystroke inference using
gyroscope and audio sensors [37]). In general, information
leakage can be accomplished for (1) keystroke inference, (2)
task inference, (3) location inference, or (4) eavesdropping as
explained below.
1) Keystroke inference: Keystroke inference is a generic
threat on IoT devices. Most of the IoT devices provide input
medium such as the touchscreen, touchpad, keyboard (external
or built-in virtual or real). Whenever a user types or gives input
to a device, the device tilts and turns which creates deviations
in data recorded by sensors (e.g., accelerometer, gyroscope,
microphone, light sensor, etc.). These deviations in sensor data
can be used to infer keystrokes in an IoT device. Keystroke
inference can be performed on the device itself or on a nearby
device using sensors of an IoT device.
Keystroke Inference using Light Sensors - Light sensors in
IoT devices are usually associated with the display unit. In
general, the display unit of the IoT devices is touch sensitive
and provides a user interface to take inputs. For a constant state
and unchangeable ambiance, the readings of the light sensor
are constant. Each time a user touches and uses the touch
screen to interact with the device, he/she tilts and changes
the orientation of the device, which causes changes in the
readings of the light sensor. Eeach input may have a dissimilar
light intensity recorded by the sensor. These changes in the
readings of the light sensor of a device can be utilized to infer
keystrokes of that particular device. An attacker can derive
the various light intensities recorded by the sensor by trying
several keystroke in a device and then construnct a database.
When users put their PINs or type something in the touchpad,
attackers can capture the data maliciously from the device
and collate these data with the database to decode keystroke
information. Raphael Spreitzer developed a method named
PIN Skimming to use the data from ambient light sensor and
RGBW (red, green, blue and white) sensor to extract PIN input
of the smartphone [38]. Markus G. Kuhn showed that input
intensity changed in a cathode ray tube (CRT) display can be
used to infer what is written on the screen by a photosensor
of a nearby device [39]. In this attack, a fast photosensor
4
of an IoT device with high-frequency components is placed
in front of the CRT display to capture the signals emitted
from the screen. These captured signals can be deconvoluted
to reconstruct the text typed in the device.
Keystroke Inference using Motion Sensors - The main pur-
pose of using the motion sensors (e.g., accelerometer, gy-
roscope, linear acceleration sensor) in IoT devices is to de-
tect changes in motion of the devices such as shake, tilt,
etc.. Accelerometer and linear acceleration sensor measure
acceleration force that is applied to a device while gyroscope
measures the rate of rotation in the devices. In IoT devices, the
value given by the motion sensors depends on the orientation
of the device and user interactions (striking force of the finger
on the device display, resistance force of the hand, the location
of the finger on the touchpad of the device, etc.). Thus, when a
user gives inputs to a device, the motion sensors’ data changes
accordingly. Generally, IoT devices use two types of user
interface to take user input – on-screen user interface (e.g.,
touchpad) and external user interface (e.g., keyboard, keypad,
etc.). For both user interfaces, input keys are in fixed position
and for a single keystroke, the motion sensors give a specific
value [40]. As, attackers do not need any user permission to
access the motion sensors, it is easy to access the motion
sensor data.
One common keystroke inference attack can be performed
by exploiting accelerometer. As mentioned above, accelerom-
eter gives a specific reading for each user input on an IoT
device, thus, attackers can build a database of pre-processed
accelerometer readings with diverse input scenarios and make
a matching vector of sensor data and keystrokes to extract
users’ input [41]. The data extracted from these attacks vary
from text inputs to PINs and numbers typed in the touchpad
which is much more serious as attackers can acquire the PIN
or credit card information [34], [42]. Owusu et al. developed
an app named ACCessory which can identify the area of the
touchscreen by analyzing accelerometer data of smart devices
[35]. ACCessory can infer PIN input on smart devices based
on the detected area from accelerometer data. Accelerometer
data can also be used to infer keystroke from a nearby
keyboard. Marquardt et al. presented an attack scenario where
accelerometer data of an IoT device can be used to guess
input on a nearby keyboard [36]. Whenever a user types on
the keyboard, a small vibration occurs and accelerometer of
the IoT devices can catch this vibration and keystrokes can be
identified correctly by analyzing this data [43].
Another method of keystroke inference can be achieved by
analyzing gyroscope data of an IoT device. Gyroscope mea-
sures the angles of rotation in all the three axes which varies
based on the specific area of the touch on the screen. Many
IoT devices have a feature when users input something on the
touchpad the device vibrates and gyroscope is also sensitive
to this vibrational force. The orientation angle recorded in the
gyroscope and the vibration caused by the input can be used to
distinguish different inputs given by the users. Moreover, the
data of the gyroscope can be combined with the tap sound of
each key recorded via the microphone which can increase the
accuracy of inferring keystrokes [37], [44]. The combination
of accelerometer and gyroscope data can also be used for
keystroke inference which yields more accurate results [45]–
[47].
In most wearables (smart bands, smartwatches, etc.), the
motion sensors are utilized for monitoring the movement of
the devices. A smartwatch, which is one of the most common
wearables, maintains constant connectivity with smartphones
via Bluetooth. While wearing a smartwatch, if a user moves
his/her hands from an initial position, the motion sensor
calculates the deviation and provides the data regarding the
change of the position of the smartwatch [48]. Typing in the
touchpad of an IoT device while wearing a smartwatch will
change the data recorded by the motion sensors of the smart-
watch depending on user gestures. For a specific user input
interface such as QWERTY keyboard of smartphones which
has specific distance between keys, the motion sensors’ data
of the smartwatch can be used to infer the keystrokes [49]–
[52].
Keystroke Inference using Audio Sensors -High precision
microphones used in IoT devices can sense the acoustic signals
emanating from keyboards (built-in or nearby) which can be
used to infer the keystrokes on an IoT device. Asonov et al.
proposed an experiment to record the sound of key tapping
and infer the correct key from it [53]. In this experiment, the
attacker is assumed to record the acoustic signal emanating
from the device while the user types on the keyboard. Then,
the attacker matches this signal with a training dataset recorded
stealthily while the same user was typing in the training period.
Zhuang et al. showed that it would be possible to infer
keystrokes by just analyzing the acoustic emanation without
having a training data set [11]. In this attack scenario, a
different key is assigned to a pre-defined class according to
the frequency of the acoustic signal it generates while being
typed. The attacker then takes a ten-minute of recording of the
acoustic signal of typing on a keyboard. This recorded signal
is analyzed using machine learning and speech recognition
feature named Cepstrum to match with the previously defined
key classes and infer the input of a keyboard.
In another work, Halevi et al. introduced a new technique
named Time-Frequency Decoding to improve the accuracy of
keystroke inference from the acoustic signal [54]. In this tech-
nique, machine learning and the frequency-based calculations
are combined to match the recorded acoustic signal data from
an IoT device with a training dataset and increase the accuracy
of the attack scenario. This technique also considers typing
style of users to minimize the error rate of keystroke inference.
Berger et al. divided a PC keyboard in regions based
on tap sound generated by keys and modeled a dictionary
attack [55]. This attack utilizes signal processing and cross-
correlation functions to process acoustic signal emanations
from a nearby keyboard. Kune et al. proposed a timing attack
on a number pad used in smart phone and ATMs using the
audio feedback beeps generated while entering PIN [56]. Inter-
keystroke timing and distance between the numbers on the
keypad are the main two features which are used to infer
the input PIN in this attack. By analyzing the audio feedback
recorded using microphone of a nearby IoT device, these two
features are extracted and using Hidden Markov Model, the
input numbers and PINs are inferred.
5
Backes et al. showed that acoustic signal emanated from a
dot matrix printer which was collected by a nearby microphone
of an IoT device can be analyzed to predict the text printed
on a paper [57]. In the training phase of this attack, words
from a list are being printed, the acoustic signal is recorded
and the data is stored. The audio signal processing and speech
recognition techniques are used to extract the features of the
acoustic signal to create a correlation between the number of
needles used in the printer and the intensity of the audio signal.
In the real attack scenario, the audio signal is captured by a
nearby audio sensor and matched with previous dataset to infer
the printed text.
Zhu et al. showed a context-free attack scenario using the
keyboard's acoustic emanation recorded in a smartphone to
infer keystrokes [58]. In this attack scenario, the acoustic
signals emanated from the keyboards are recorded by two or
more smartphones. For each pair of microphones of smart-
phones, the recorded acoustic signal strength will depend on
the distance between the typed key and the smartphones. By
calculating the time-difference of the arrival of the acoustic
signal, the position of the key can be inferred.
In a similar attack, Chhetri et al. introduced a method to
reconstruct the design source code sent to a 3-D printer [59].
In this attack scenario, the acoustic signal emanated the 3-
D printer is being recorded by a recorder placed in a close
proximity of a 3-D printer and the recorded file is processed for
extracting time and frequency domain features. These features
are then cross-matched with a training dataset collected in a
learning phase to infer the correct design.
Keystroke Inference using Video Sensors - Modern IoT de-
vices come with powerful cameras which can both take still
pictures and record high definition videos. By applying image
processing techniques in captured images, keystroke inference
can be done. Simon et al. developed a malware named PIN
skimmer which uses the front camera of a smartphone and
microphone to infer PIN input in a smartphone [60]. PIN skim-
mer records the tap sound on the touchpad of a smartphone and
records video using front camera of the phone. The movement
recorded in the video is then analyzed to detect which part of
the touchscreen is used. This information is then combined
with the tap sound to infer the inputs correctly.
Another potential malware attack to the IoT devices using
the camera is Juice Filming Attack [61]. In this attack scenario,
a malicious app uses the camera to take screenshots when any
user-input is given in the touchpad and save the images on
storage unit (internal ROM or external memory card) of the
device. Most of the IoT devices use USB for heterogeneous
applications (e.g., charging, data transfer, etc.) and when the
compromised device is connected to the laptop or any other
device with a storage unit, the app transfers the stored pictures
to the storage device from which attackers can easily extract
the information.
Shukla et al. showed a method to infer the PIN input by
analyzing the hand position using the recorded video [62]. In
this method, a background application gets access to camera of
smartphone and records a video when a user starts typing in a
touchpad. Then, analyzing the hand position and the position
of the smartphone, an attacker can extract the inputs given
in a touchpad. Another version of this attack is to record the
typing scenario using an external camera. In this scenario, a
camera of an IoT device (e.g., smartphone, smart glass, smart
surveillance system, etc.) is used to record the video of typing
the PIN. In both cases, the input PIN can be inferred with
high accuracy.
Adam J. Aviv introduced another type of attack named
Smudge Attack using an external camera to infer pattern
lock of an IoT device [63]. In this attack scenario, an IoT
device is placed in between two cameras of other IoT devices
(smartphone or smart glass) and high definition pictures are
taken. Whenever the user gives the unlock pattern in the
touchpad, some smudge marks are left on the screen, and
captured by the cameras, which leak information about the
unlock pattern to an attacker.
Raguram et al. developed a process named iSpy which can
reconstruct the typed text by analyzing the reflection of the
touchscreen in a reflective surface such as sunglass or smart
glass [64]. The experimental setup of iSpy includes a high
definition camera which can capture the video of the reflective
surface while a user types in the touchpad of a phone. The
reflection of the phone is being extracted from the video
and consecutive frames are analyzed to extract stable pictures
of the phone screen. Features (hand position, motion in the
screen, etc.) are extracted from stable pictures extracted from
the video and by using machine learning techniques, key press
detection is done and typed text can be inferred successfully.
Keystroke Inference using Magnetic Sensors - Besides the
aforementioned attack scenarios, electromagnetic emanations
from the keyboard can be used to infer the input of a
computer. As magnetic sensors of IoT devices are sensitive
to electromagnetic emanations, they can be used as the attack
medium. Vuagnoux et al. showed that both wired and wireless
keyboards emit electromagnetic signals when a user types
and this signal can be further processed to infer keystroke
[65]. In this method, electromagnetic radiation is measured
by magnetic sensor of an IoT device when a key is pressed
and using the falling edge transition technique, an attacker can
infer the keystrokes.
2) Task inference: Task inference refers to a type of attack
which reveals the information of an ongoing task or an ap-
plication in an IoT device. Task inference reveals information
about the state of the device and attackers can replicate this
device state to launch an attack without alerting security
policies implemented in the device. Sensors associated with
IoT devices show deviation in the reading for various tasks
running on the devices. This deviation in the reading can
be used to infer the running process inside a device and
application of the device.
Task Inference using Magnetic Sensors - Magnetic sensors
in IoT devices have the role to fix the orientation of the
device with respect to Earth's magnetic field. Data recorded
by a magnetic sensor change in the presence of an external
magnetic field in the device's peripheral. This deviation in
data can be used to identify the tasks running on a device.
Many IoT devices have a storage unit and whenever data
is written or read from this storage unit, a change in the
reading of magnetic sensor can be observed. Magnetic sensors
6
of an IoT device can be used not only to infer information of
the device itself, but can also be used as a medium to fetch
information from a nearby device. Biedermann et al. showed
that magnetic sensor of a smartphone could be used to infer
on-going tasks in a storage unit like the hard drives of the
computers and servers [66]. When an application is running
on a computer, the hard drives generate a magnetic field which
can be sensed by a magnetic sensor of a smartphone. Different
actions cause specific readings on the magnetic sensor which
can be used to track the users’ action. This can be considered
as a serious threat to the device and attackers can fetch
valuable information in this way.
An electromagnetic (EM) emanation is a common phe-
nomenon for IoT devices. Electromagnetic emanations occur
whenever current passes through a device and a task is running
on a device. EM emanation attacks can also be observed
in FPGA1-based IoT devices [67]–[69]. Attackers can record
electromagnetic emission data generated from the FPGA-
based IoT devices to deduct which kind of application is
running in the system and also the states of logic blocks
of the devices. Such information leakages make the system
vulnerable to the user. Smart cards also emit EM waves while
performing various tasks which can be captured by a radio
frequency (RF) antenna and task can be inferred from the
radiation [70].
Task Inference using Power Analysis - Power analysis is a
form of sensor-based threat where an attacker studies the
power consumption and power traces of the sensors for
extracting information from the devices [71]. O’Flynn et al.
introduced an attack scenario where the power analysis attack
is launched against IEEE 802.15.4 nodes [72], which is a
standard low power wireless protocol used in IoT devices.
Low power IoT devices use this protocol standard for various
communication purposes such as connecting to a network,
communicating with other devices, etc.. In this attack scenario,
an attacker uses differential power analysis in the sensors. As
packets transmitted from the IoT devices are encrypted, power
analysis on the sensors can infer which encryption process is
running in the device. Again, diverse encryption process leads
to diverse power profiles which reveal associated information
(e.g., key size, block size, etc.) about encryption process.
Encryption process also depends on the packet size which can
be observed in the power profile and attackers can infer what
type of information is being transmitted based on the packet
size.
3) Location Inference: Researcher developed a novel
location-privacy attack based on acoustic side-channels [73].
The attack is based on acoustic information embedded within
foreground-audio disseminated in a close environment (i.e.,
conference room). The researchers studied how audio, gener-
ated by secure messaging clients in voice-call mode, can be
abused to generate a location fingerprint. The attack leverages
the pattern of acoustic reflections of human voice at the
user's location and does not depend on any characteristic
background sounds. The attack can be used to compromise
location privacy of participants of an anonymous VoIP session,
1Field-programmable gate array.
or, even to carry out confirmation attacks that verify if a pair
of audio recordings originated from same location regardless
of the speakers. Other researchers have also shown that several
heuristics can be used to identify sensitive locations (i.e., home
and work locations) of a victim whose personal device is under
an adversary control [16].
4) Eavesdropping: Many IoT devices use audio sensors
for making calls, recording audio messages, receiving voice
commands, etc. Eavesdropping refers to a type of attack where
a malicious app records a conversation stealthily by exploiting
audio sensors and extract information from the conversation.
An attacker can save the recorded conversation on a device
or listen to the conversation in real-time. One of the recent
example of eavesdropping via the microphone of a smartphone
is Soundcomber [10]. In this example, a malicious app covertly
records when a conversation is initiated from the device. As the
recording is done in the background, a user does not have any
idea about the recording. Several companies like banks, social
security office, credit card companies, etc. have automated
voice messaging system and users have to say their private
information such as credit card number or social security
number at the beginning of the call. Thus, Soundcomber does
not have to record all the conversation to extract data. Only
the beginning part of the conversation will be enough for
extracting private information of the user. Moreover, a specific
conversation can also be recorded by identifying the dialed
number on a smartphone. The touchpad of the smartphone
creates corresponding tones when any number is dialed. This
tone can be recorded and processed to identify the dialed
number. After that, when a desired number is dialed, the
conversation can be recorded and then processed to extract
information.
Another way to exploit microphones is to attack through
voice assistant apps, e.g., Apple’s Siri and Google Voice
Search. Most of the IoT devices (smartphone, smart home
automation, smartwatches, etc.) nowadays have built-in voice
search apps. Diao et al. developed a malware named VoicEm-
ployer which can be installed on the device to record the voice
command given in a smartphone [74]. This malware can use
the recorded command for various malicious activities such
as replicate malicious voice command, transfer information
to paired devices, etc. Cyber Physical Voice privacy Theft
Trojan horse (CPVT) is another malware which uses the
microphone of smartphones to record conversations [75]. The
recording of conversation can be controlled by external control
channels like SMS, Wi-Fi, or Sensory channels [14]. An
attacker can trigger CPVT and create command about when
to start recording and when to stop recording using SMS,
Wi-FI, or even sensors. Recorded conversations are stored in
the device and the attacker can gain the stored files using
Email, SMS, or connecting via USB. Carlini et al. showed
that it is possible to exploit voice assistant apps by inserting
hidden voice commands [76]. In this attack, the attacker first
records voice commands of the user and extracts features from
the recorded audio clips. From the extracted features, new
command is generated which is not understandable by humans,
but recognized by the voice assistant apps.
The gyroscope on IoT devices is also sensitive to an acous-
7
tic signal. Typical sampling rate of gyroscope covers some
frequency of audible range which can be used to reconstruct
the speech of a user. Michalevsky et al. proposed a new way
of eavesdropping by analyzing vibrational noise in gyroscope
caused by an acoustic signal [77]. As gyroscope does not
cover the full audible range, this new process can distinguish
speakers and one-syllable words by using signal processing
and machine learning techniques.
B. Transmitting Malicious Sensor Commands
Sensors available in the IoT devices can be used to transmit
malicious sensor patterns or triggering commands to activate
malware that may have been implanted in a victim’s de-
vice [14]. Sensors may be employed to create unexpected
communication channels between device peripherals. Such
channels can be used to change critical sensor parameters
(e.g., devices’ motion, light intensity, magnetic field, etc.) or
to transmit malicious commands.
Transmitting via Light Sensors - Light sensors can be used
as a potential method of transmitting signals and malicious
commands [78]. It is easier to transfer a bit stream via a light
source by turning it on and off. Since the light sensor of an
IoT device can distinguish the intensity of the light source,
the light intensity change can be decoded as a bit stream in
the device. By controlling the voltage of a light source, an
attacker can easily transfer trigger messages and can activate
malware implanted in a device. Hasan et al. showed that TV
screen or laptop monitor could also be used to transfer trigger
messages to a compromised IoT device by changing the light
intensity of the monitor [9].
Transmitting via Magnetic Sensors - As mentioned earlier,
magnetic sensors of an IoT device are sensitive to the magnetic
fields of the device's peripherals. By changing the magnetic
field of the device ambiance, one can easily change the
readings of the magnetic sensor which can be used as a
triggering message of malware. Triggering messages encoded
by an electromagnet can be sent to an IoT device and there will
be some deviations in the magnetic sensor's readings of the
device due to this message. These deviations can be calculated
and the triggering message can be extracted from this electro-
magnetic signal. Moreover, the magnetic field deviations can
be calculated in x, y, and z-axis and divergent values of
the magnetic field deviations can be interpreted as disparate
triggering messages [9].
Transmitting via Audio Sensors - Audio sensors can be used
to transmit malicious commands to activate a malicious appli-
cation in an IoT device. Hasan et al. showed that a triggering
message embedded in an audio song can be detected by the
microphone and can trigger a malicious app in a smartphone
[9]. Moreover, microphones used in the modern IoT devices
can detect audio signals with a frequency lower than audible
range. Malware can be transferred using this audio channel as
a covert channel to bypass the security measures of the device.
Deshotels et al. showed that the ultrasonic sound could be used
to send information to smartphones without alerting the user
or any security measurement implemented on the device [79].
Subramanian et al. showed that a trojan can be transferred
by encoding it in an audio signal and transferring it using a
buzzer [8].
C. False Sensor Data Injection
The applications of IoT devices largely depend on data
collected by sensors available on the devices. By altering
the sensor data, one can control the applications of IoT
devices. False sensor data injection refers to an attack where
the sensor data used in the IoT applications is forged or
forcefully changed to perform malicious activities. The false
sensor data can be injected in the devices by accessing the
device physically or by using various communication medium
(Bluetooth, Wi-Fi, cellular network, etc.) covertly. Moreover,
the sensors of IoT devices can also be used to alter data typed
or stored on the devices.
Tippenhauer et al. showed a spoof attack scenario in GPS-
enabled devices to change the real location of the device [80].
In this attack scenario, a vehicle with a GPS enabled device is
used. Attacker transmits a forged GPS signal to the device to
alter the location of the vehicle. In this way, the real location
of the vehicle is disguised and the attacker can perform any
physical attack to the disguised vehicle. The GPS data used
in the smartwatches can expose the location of a user and this
GPS data can then be forged and a new location can be given
as a false input in the GPS [81].
The power analysis attack on IoT devices can also be used
for injecting false data. The power analysis on IoT devices
running an encryption algorithm can reveal information about
encryption process including the block size, key size, even
the actual encryption key [83]. This information can be used
to encrypt a false data and replace the original data on the
device. Thus, attackers can inject false encrypted data in the
communication channel to change the action of a device for
specific commands.
Giannetsos et al. introduced a malicious app named Spy-
sense, which monitors the behavior of the sensors in a device
and can manipulate data by deleting or modifying it [82]. Spy-
sense exploits the active memory region of a device and alters
the data structure and reports back important data to a server
covertly.
D. Denial-of-Service
Denial-of-Service (DoS), by definition, is a type of attack
where the normal operation of a device or application is
denied maliciously. DoS attacks can be active attacks where
an application or task is refused forcefully or passive attacks
where attacking one application can stop another on-going task
on the device. Recently, ICS-CERT published an active alert
for a list of accelerometers used in IoT devices which can
be exploited using vibrational force [84]. Every accelerometer
has a working frequency and if an external vibrational force
can match this frequency, it is possible to turn off the devices
forcefully. Son et al. showed that it is possible to obstruct
the flight control of a drone by exploiting gyroscope using a
sound signal [6]. The MEMS Gyroscopes deployed in drones
have a sensing mass inside of the sensor which is constantly
vibrating. The gyroscope measures the rotational motion of the
8
TABLE II: Summary of Existing Sensor-based Threats on IoT Devices.
`````````
Threats
Sensors Light
Sensor
Motion
Sensor
Magnetic
Sensor
Acoustic
Sensor GPS Camera Power
Analysis
Information Leakage [38], [39]
[40], [41], [34], [42],
[48], [35], [36], [37],
[44], [77], [45],
[46], [47], [49],
[50], [51], [52]
[66], [65], [67],
[68], [69], [70]
[53], [11], [54], [55],
[56], [57], [58], [10],
[74], [75], [14], [59],
[15], [18]
[16] [60], [61], [62],
[63], [64], [15] [71], [72]
Transferring Malware
or Malicious Code [9], [78] [9] [9], [8], [79]
False Data Injection [80], [81], [82] [83]
Denial-of-Service [84] [6]
device with respect to the sensing mass. When the resonant
frequency of the gyroscope is matched by an audio signal, an
attacker can obstruct the normal performance of the gyroscope
and change the course of the drone, or even turn it off.
V. EXISTING SECURITY MECHANISMS TO PREV EN T
SENSOR-BAS ED TH RE ATS
Researchers have identified a diverse set of sensor-based
threats for IoT devices. Table 2 lists a summary of existing
sensor-based threats on IoT devices. Although there are several
threats, no comprehensive security mechanism able to prevent
such threats has been developed yet. Indeed, the use of a wide
range of sensors in IoT devices and applications has made
it hard to secure all the sensors by one effective framework.
Furthermore, the lack of knowledge of the existing sensor-
based threats and differences in sensor characteristics make
it hard to establish a complete and comprehensive security
measure to secure all the sensors of IoT devices against the
sensor-based threats [5].
In this section, we discuss two main approaches proposed
by researchers in an attempt to design security mechanisms
for sensor-based threats on IoT devices.
Enhancing Existing Sensor Management Systems. One
approach toward securing the sensors in IoT devices is to
enhance existing sensor management systems of IoT OSes.
For instance, Xu et al. proposed an extension of the Android
sensor management system named Semadroid, which provides
users with a monitoring and logging feature to make the usage
of sensors by apps explicit. Also, with Semadroid, users can
specify policies to control whether and with what level of
precision third party apps can access to sensed data. Moreover,
Semadroid creates mock data to verify how applications,
from unknown vendors, use sensed data and, thus, prevents
malicious behaviors.
Furthermore, system designers have long struggled with the
challenge of determining how to let the user control when
applications may perform operations using privacy-sensitive
sensors securely and effectively. Current commercial systems
request that users authorize such operations once (i.e., on
install or first use), but malicious apps may abuse such
authorizations to collect data stealthily using such sensors.
Proposed research methods enable systems to infer the opera-
tions associated with user input events [85]–[87], but malicious
applications may still trick users into allowing unexpected,
stealthy operations. To prevent users from being tricked, Pe-
tracca et al. proposed to bind applications’ operation requests
to the associated user input events and how such events are
obtained explicitly, enabling users to authorize operations on
privacy-sensitive sensors unambiguously [15], [17]. To demon-
strate this solution, they implemented the AWare authorization
framework for Android, extending the Android Middleware to
control access to privacy-sensitive sensors. They evaluated the
effectiveness of AWare in: (1) a laboratory-based user study,
finding that at most 7% of the users were tricked by examples
of four types of attacks when using AWare, instead of 85% on
average for prior approaches; (2) a field study, showing that the
user authorization effort increases by only 2.28 decisions on
average per application; (3) a compatibility study with 1,000 of
the most-downloaded Android apps, demonstrating that such
applications can operate effectively under AWare. Moreover,
an alternative mechanism is proposed in 6thSense, where
researchers proposed a context-aware framework to detect the
sensor-based threats in IoT devices [5]. This framework is
built upon the observation that for any user activity on an
IoT device, a specific set of sensors becomes active. 6thSense
builds a comprehensive context-aware model for each user ac-
tivity based on this observation. Differently from other works,
6thSense utilizes all the sensor data in real-time and determines
whether the present context of the sensors is malicious or not
using various machine learning-based approaches. Researchers
tested the proposed framework with 50 real-life user data
and confirmed that 6thSense can detect various sensor-based
threats with approximately 97% accuracy and F-score.
Protecting Sensed Data. Another approach toward securing
IoT devices against the sensor-based threats is to protect the
sensed data in transfer and at rest. Indeed, some malicious
applications record sensor data and transmit it later when the
device is locked or when security protection mechanisms are
turned off. For instance, sensed location data may be subject to
inference attacks by cybercriminals that aim to obtain sensitive
locations such as the victim’s home and work locations to
launch a variety of attacks.
Location-Privacy Preserving Mechanisms (LPPMs) exist to
reduce the probability of success of inference attacks on
location data. However, such mechanisms have been shown
to be less effective when the adversary is informed of the
protection mechanism adopted, also known as white-box
attacks. Petracca et al. proposed a novel approach that makes
use of targeted maneuvers to augment real sensors’ data with
synthetic data and obtain a uniform distribution of data points,
which creates a robust defense against white-box attacks [16].
Such maneuvers are systematically activated in response to
9
specific system events to rapidly and continuously control the
rate of change in system configurations and increase diversity
in the space of readings, which would decrease the probability
of success of inference attacks by an adversary. Experimental
results performed on a real data set showed that the adoption
of such maneuvers reduces the probability of success of white-
box attacks to 3% on average compared to 57% when using
the state-of-the-art LPPMs.
Furthermore, power analysis attacks and electromagnetic
emanation attacks exploit information from the power con-
sumption and electromagnetic emissions of active sensors
from the device. One proposed countermeasure to immune
electromagnetic emanation attacks is to use a single inverter
ring oscillator (SIRO) [88]. In this proposed system, a multi-
clock system with cipher embodiment is used with SIRO-
based synchronization. The absence of external oscillator and
unsynchronized nature of SIRO makes the system more im-
mune to electromagnetic emission. Again, SIRO-based system
provides frequency hopping scheme in cipher which increases
immunity to timing and power analysis attacks. Standaert et al.
proposed an approach to minimize the effect of power analysis
attack which is based on the correlation between the power
consumption measurements and a simple prediction developed
on the number of bit transitions within the devices [89]. The
use of random pre-charges in the devices can minimize the
probability of power analysis attack on the FPGA-based IoT
devices.
More general solutions to address the protection of the
sensed data have also been proposed. For example, Roman et
al. proposed the use of public key encryption to secure sensor
data from devices [90]. They proposed the encryption of sensor
data collected and stored it in the device before sharing it with
third party apps or other devices. Devices connected to each
other can share their public key through a key management
system and use their assigned private key to decrypt the sensor
data. Third party apps installed in the device can also use
public key encryption scheme to use sensor data for various
applications.
Trust management frameworks can also be leveraged for
secure information flow among sensors, secure communication
of sensor data with other devices, and to certify authorized
access of sensors by trusted software and apps in the system.
Trust management frameworks can over-access requests on
sensors and take decisions based on whether the requests are
legitimate or not. For instance, a framework named AuDroid
was proposed to secure communications via audio channels
when applications make use of the device’s microphones
and speakers [18]. AuDroid leverages the SELinux kernel
module to build a reference monitor which enforces access
control policies over dynamically created audio channels. It
controls information flows over audio channels and notifies
users whenever an audio channel is created between processes
at runtime.
Shortcomings of Proposed Security Mechanisms —
Although the aforementioned solutions address sensor-based
threats, there are still limitations that need to be overcome.
(1) Most of the proposed security mechanisms for IoT
devices are anomaly detection frameworks at the application
level which are not suitable for detecting sensor-based threats
at the system level [91]–[94]. Sikder et al. analyzed the
performance of several sensor-based threats with respect to
real-life malicious software scanners available in VirusTotal
website and observed that no scanner can recognize sensor-
based threats [5].(2) With the growing popularity of the IoT
concept, more and more devices are being interconnected
with each other and the security of these devices becomes
difficult to manage. Many IoT devices are severely resource-
limited, small devices and it is hard to implement a complex
security mechanism considering the limited resources of the
devices [95]. (3) Proposed security mechanisms only target a
subset of sensitive sensors available in IoT devices nowadays.
For instance, commercial sensor management systems use an
explicit permission-based security model for only some of
the sensors (e.g., camera, GPS, and microphone). Similarly,
AuDroid provides a policy-enforced framework to secure the
audio sensors of IoT devices explicitly [18]; however, such
framework was not designed to protected other sensitive sen-
sors. Other proposed solutions only provide protection against
power analysis and electromagnetic emanation-based attacks,
respectively [88], [89]. A step forward was made with AWare
and 6thSense that covered a wider set of privacy-sensitive
sensors available in current IoT devices to build a context-
aware model and determine whether a sensor usage scenario is
malicious. (4) In solutions where users’ decisions are utilized
to build the sensor use policy for third party apps, such as
in Semadroid and AWare, if a user allows an application to
use a sensor without any restriction, then the application is
blindly treated as secure by the system. (5) Encrypting sensor
data using public key encryption schemes provides protection
to sensor data, but it also consumes high power to run in
smaller IoT devices [90]. This power-performance trade-off is
impractical for resource-limited IoT devices.
In conclusion, a complete and comprehensive solution for
autonomous policy enforcement, comprehensive coverage of
all the sensors, and an efficient power-performance trade-off
is yet to be designed.
VI. OPEN ISSUES AND FURTHER RESEARCH
The concept of IoT is no longer in the developing stage and
new research ideas related to IoT are emerging these days.
In this section, we discuss open issues and future research
directions in the context of sensor-based threats.
Study of Expected Functionality to Identify Threats -
Researchers should study the functionality expected from IoT
systems to identify threats. As the IoT concept is relatively
new, less knowledge about the internal architectures (i.e.,
software and hardware) of IoT devices is available, which
is an obstacle to secure sensors in IoT devices. Additionally,
researchers and users know less about sensor-based threats
which are lucrative for attackers to target IoT devices [96].
Users carelessly install any third party apps with illegitimate
sensor permissions which can compromise IoT devices [97],
[98]. Therefore, to secure sensors in IoT devices, it is im-
portant to understand how users are using the devices and
what their views of sensor-based threats are. Researchers may
10
perform additional usability studies to better understand how
users can contribute to improve sensor access control via their
inputs in IoT devices.
Adoption of Standard Security Mechanisms - Currently,
there exist several operating systems for IoT devices that
manage their on-board sensors in dissimilar ways. These
dissimilarities make it hard to converge for a general security
scheme to protect sensors of the IoT devices [99]. One of
the future research efforts should be the standardization of
development platforms for IoT devices which will make it
easier for researchers to come up with universal security
measures to defend against sensor-based threats. Therefore,
researchers should investigate the possibility of a common
security mechanism for authentication of sensor data as well
as authorization of legitimate sensor access.
Fine-grained Control of Sensors - Existing sensor man-
agement systems of IoT devices offer permission-based sensor
management which completely depends on user consent. Apps
generally ask for permissions to access specific sensors on
installation time and once the permissions are granted, users
have less control over the sensors’ usage by the apps. Again,
the user permission is enforced only to secure limited number
of the on-board sensors (e.g., microphone, camera, GPS).
Granting permission to these sensors automatically grant per-
mission for other sensors such as accelerometer, gyroscope,
light sensor, etc. In addition, in recent years, researchers
have also showed that both permission-enforced (microphone,
camera, GPS) and no permission-enforced (accelerometer,
gyroscope, light sensor, etc.) sensors are vulnerable to sensor-
based threats. Therefore, a fine-grained sensor management
system is needed to verify compliance between sensor access
and user intent.
Control Sharing of Data among Sensors - Communication
on IoT devices become more sensor-to-sensor (i.e., machine-
to-machine) compared to human-to-sensor or sensor-to-human
(human-to-machine or machine-to-human) and the introduc-
tion of huge number of sensors in IoT devices is speeding up
this shift. As IoT devices deal with sensitive personal data,
sensor-to-sensor communication channels should be secured,
which helps in end-to-end security for the devices. Secure end-
to-end communication from sensors to the devices and among
devices are vital to avoid information leakage [100], [101].
Protect Sensor Data when at Rest - IoT applications deal
with multiple sensor data at a time and tampered data in the
IoT devices can impact the normal behavior of applications.
To ensure authenticity of sensor data, various encryption
mechanisms may be applied from the sensors to the program
requesting it. Different security features of the hardware such
as ARM TrustZone may be adopted to achieve secure data
flow inside the devices [102]. Researchers may also invest their
effort in studying the adoption of the blockchain technology
as a way of designing highly distributed systems able to
provide attestation and verification among multiparty and
heterogeneous components part of a larger IoT system.
Prevent Leakage of Secret Data - IoT devices can au-
tonomously sense their surrounding environment which can be
used to prevent information leakage from the devices. Sensors
in IoT devices can anticipate an ongoing task and detect
pattern of information accessed by the task. These sensor
patterns varies for different activities and by observing these
sensor behaviors, it is possible to prevent information leakage
in IoT devices [5].
Protect Integrity of Sensor Operations - The research
community has not invested enough effort in studying the
design and development of tools for automated detection
and analysis of sensors-based threats. For instance, no tool
is available to automatically identify and analyze adversary-
controlled sensors that would compromise the integrity of
sensor operations, as well as, the integrity of the data generated
or modified by such operations. Also, no tool is available to
automatically identify dangerous configurations in enforced
access control policies, which may lead to risky operations
by trusted programs that may compromise the integrity of the
entire IoT system.
Adoption of Intrusion Mechanisms to Detect Attacks -
In recent years, multiple efficient techniques (e.g., machine
learning (ML) and neural network (NN)) were applied to
detect threats in various application domains. These detection
techniques should be explored in detail to design novel intru-
sion detection mechanism, for IoT devices and applications,
able to identify when unsafe operations are authorized. There-
fore, researchers should investigate NN and ML classification
algorithms as viable solutions to identify and differentiate
legitimate from illegal sensing activities.
Summary - In summary, there are several interesting re-
search problems that may be tackled by the research commu-
nity toward improving the security of sensors in IoT devices
and applications. While following the above directions toward
better protection mechanisms against sensor-based threats,
researchers have to identify the key characteristics that dif-
ferentiate IoT security from the commodity system security.
Such unique characteristics may guide toward the design of
innovative mechanisms never thought before.
VII. CONCLUSION
The growing popularity of IoT is increasing attention to-
wards security issues in IoT devices and applications. In this
paper, we surveyed a lesser known yet serious family of
threats: sensor-based threats to IoT devices. We presented
a comprehensive overview of sensors in IoT devices and
existing sensor management systems adopted in commodity
IoT OSes. We provided a detailed analysis of recent sensor-
based threats and discussed how these threats can be used to
exploits various sensors in IoT devices. We also summarized
several security approaches proposed by researchers in the
attempt to address critical shortcomings for the security of
current IoT systems, and discussed some of the challenges for
future research work in this area. In conclusion, we believe this
survey will have a positive impact in the research community
by documenting recent sensor-based threats to IoT devices
and motivating researchers to develop comprehensive security
schemes to secure IoT devices against sensor-based threats.
ACKNOWLEDGMENT
The authors would like to thank US National Science Foun-
dation to support this work under the award NSF-CAREER-
11
CNS-1453647. This research was sponsored by the Army
Research Laboratory and was accomplished under Cooper-
ative Agreement Number W911NF-13-2-0045 (ARL Cyber
Security CRA). The views and conclusions contained in this
document are those of the authors and should not be inter-
preted as representing the official policies, either expressed
or implied, of the Army Research Laboratory or the U.S.
Government. The U.S. Government is authorized to reproduce
and distribute reprints for Government purposes not with
standing any copyright notation here on.
REFERENCES
[1] N. Bari, G. Mani, and S. Berkovich, “Internet of things as a method-
ological concept,” in Fourth International Conference on Computing
for Geospatial Research and Application (COM. Geo), 2013. IEEE,
pp. 48–55.
[2] N. D. Lane, E. Miluzzo, H. Lu, D. Peebles, T. Choudhury, and A. T.
Campbell, “A survey of mobile phone sensing,” IEEE Communications
magazine, vol. 48, no. 9, 2010.
[3] Y. Yu, J. Wang, and G. Zhou, “The exploration in the education of
professionals in applied internet of things engineering,” in 4th Inter-
national Conference on Distance Learning and Education (ICDLE),
2010. IEEE, pp. 74–77.
[4] J. Greenough, “How the ’internet of things’ will impact
consumers, businesses, and governments in 2016 and beyond,
April 2015. [Online]. Available: http://www.businessinsider.com/
how-the-internet-of-things-market-will- grow-2014-10
[5] A. K. Sikder, H. Aksu, and A. S. Uluagac, “6thsense: A context-
aware sensor-based attack detector for smart devices,” in 26th USENIX
Security Symposium (USENIX Security 2017), Vancouver, BC, pp. 397–
414.
[6] Y. Son, H. Shin, D. Kim, Y.-S. Park, J. Noh, K. Choi, J. Choi, Y. Kim
et al., “Rocking drones with intentional sound noise on gyroscopic
sensors.” in USENIX Security, 2015, pp. 881–896.
[7] A. Nahapetian, “Side-channel attacks on mobile and wearable systems,”
in Consumer Communications & Networking Conference (CCNC),
2016 13th IEEE Annual. IEEE, 2016, pp. 243–247.
[8] V. Subramanian, S. Uluagac, H. Cam, and R. Beyah, “Examining the
characteristics and implications of sensor side channels,” in 2013 IEEE
International Conference on Communications (ICC),, pp. 2205–2210.
[9] R. Hasan, N. Saxena, T. Haleviz, S. Zawoad, and D. Rinehart,
“Sensing-enabled channels for hard-to-detect command and control of
mobile devices,” in Proceedings of the 8th ACM SIGSAC symposium on
Information, computer and communications security, 2013, pp. 469–
480.
[10] R. Schlegel, K. Zhang, X.-y. Zhou, M. Intwala, A. Kapadia, and
X. Wang, “Soundcomber: A stealthy and context-aware sound trojan
for smartphones.” NDSS, vol. 11, pp. 17–33, 2011.
[11] L. Zhuang, F. Zhou, and J. D. Tygar, “Keyboard acoustic emanations
revisited,ACM Transactions on Information and System Security
(TISSEC), vol. 13, no. 1, p. 3, 2009.
[12] A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic, “(smart) watch your
taps: side-channel keystroke inference attacks using smartwatches,” in
Proceedings of the 2015 ACM International Symposium on Wearable
Computers. ACM, pp. 27–30.
[13] S. M. Del Pozo, F.-X. Standaert, D. Kamel, and A. Moradi, “Side-
channel attacks from static power: When should we care?” in Proceed-
ings of the 2015 Design, Automation & Test in Europe Conference &
Exhibition. EDA Consortium, pp. 145–150.
[14] A. S. Uluagac, V. Subramanian, and R. Beyah, “Sensory channel threats
to cyber physical systems: A wake-up call,” in 2014 IEEE Conference
on Communications and Network Security (CNS), pp. 301–309.
[15] G. Petracca, A.-A. Reineh, Y. Sun, J. Grossklags, and T. Jaeger, “Aware:
Preventing abuse of privacy-sensitive sensors via operation bindings,”
2017.
[16] G. Petracca, L. M. Marvel, A. Swami, and T. Jaeger, “Agility maneu-
vers to mitigate inference attacks on sensed location data,” in IEEE
Military Communications Conference, MILCOM 2016, pp. 259–264.
[17] G. Petracca, A. Atamli, Y. Sun, J. Grossklags, and T. Jaeger, “Aware:
controlling app access to i/o devices on mobile platforms,arXiv
preprint arXiv:1604.02171, 2016.
[18] G. Petracca, Y. Sun, T. Jaeger, and A. Atamli, “Audroid: Preventing
attacks on audio channels in mobile devices,” in Proceedings of the 31st
Annual Computer Security Applications Conference. ACM, 2015, pp.
181–190.
[19] R. Templeman, Z. Rahman, D. Crandall, and A. Kapadia, “PlaceRaider:
Virtual theft in physical spaces with smartphones,” in The 20th Annual
Network and Distributed System Security Symposium (NDSS), To
appear, Feb 2013.
[20] “Internet of things,” https://en.wikipedia.org/wiki/Internet_of_Things,
accessed: 2015-12-1.
[21] M. Farooq, M. Waseem, A. Khairi, and S. Mazhar, “A critical analysis
on the security concerns of internet of things (iot),” International
Journal of Computer Applications, vol. 111, no. 7, 2015.
[22] R. Khan, S. U. Khan, R. Zaheer, and S. Khan, “Future internet: the
internet of things architecture, possible applications and key chal-
lenges,” in 10th International Conference on Frontiers of Information
Technology (FIT), 2012. IEEE, pp. 257–260.
[23] C. Perera, P. Jayaraman, A. Zaslavsky, P. Christen, and D. Geor-
gakopoulos, “Dynamic configuration of sensors using mobile sensor
hub in internet of things paradigm,” in IEEE Eighth International
Conference on Intelligent Sensors, Sensor Networks and Information
Processing, 2013, pp. 473–478.
[24] L. Atzori, A. Iera, and G. Morabito, “The internet of things: A survey,
Computer networks, vol. 54, no. 15, pp. 2787–2805, 2010.
[25] N. D. Lane, E. Miluzzo, H. Lu, D. Peebles, T. Choudhury, and A. T.
Campbell, “A survey of mobile phone sensing,” IEEE Communications
magazine, vol. 48, no. 9, 2010.
[26] “Apple developer documentation,” https://developer.apple.com/
documentation, accessed: 2015-12-1.
[27] “Sensor overview,” https://developer.android.com/guide/topics/sensors/
sensors_overview.html, accessed: 2017-10-23.
[28] “Who leads os share in internet of things era?”
https://spectrummattersindeed.blogspot.com/2017/04/
who-leads-os-share-in-internet-of.html, accessed: 2017-10-23.
[29] “Sensor stack,” https://source.android.com/devices/sensors/
sensor-stack.html, accessed: 2017-03-10.
[30] “Introduction to the sensor and location platform in windows,”
https://msdn.microsoft.com/en-us/library/windows/desktop/
dd318936(v=vs.85).aspx, accessed: 2017-03-10.
[31] “Sensors,” https://developer.blackberry.com/native/documentation/
device_comm/sensors/, accessed: 2017-03-10.
[32] “Core motion,” https://developer.apple.com/documentation/coremotion,
accessed: 2017-10-23.
[33] “Smartthings developer documentation,” http://docs.smartthings.com/
en/latest/architecture/index.html, accessed: 2017-7-07.
[34] C. Shen, S. Pei, Z. Yang, and X. Guan, “Input extraction via motion-
sensor behavior analysis on smartphones,” Computers & Security,
vol. 53, pp. 143–155, 2015.
[35] E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang, “Accessory: pass-
word inference using accelerometers on smartphones,” in Proceedings
of the Twelfth Workshop on Mobile Computing Systems & Applications.
ACM, 2012, p. 9.
[36] P. Marquardt, A. Verma, H. Carter, and P. Traynor, “(sp) iphone: Decod-
ing vibrations from nearby keyboards using mobile phone accelerom-
eters,” in Proceedings of the 18th ACM conference on Computer and
communications security, 2011, pp. 551–562.
[37] S. Narain, A. Sanatinia, and G. Noubir, “Single-stroke language-
agnostic keylogging using stereo-microphones and domain specific
machine learning,” in Proceedings of the 2014 ACM conference on
Security and privacy in wireless & mobile networks, pp. 201–212.
[38] R. Spreitzer, “Pin skimming: Exploiting the ambient-light sensor in
mobile devices,” in Proceedings of the 4th ACM Workshop on Security
and Privacy in Smartphones & Mobile Devices, 2014, pp. 51–62.
[39] M. G. Kuhn, “Optical time-domain eavesdropping risks of crt displays,”
in IEEE Symposium on Security and Privacy, 2002., pp. 3–18.
[40] L. Cai and H. Chen, On the practicality of motion based keystroke
inference attack. Springer, 2012.
[41] A. Al-Haiqi, M. Ismail, and R. Nordin, “Keystrokes inference attack on
android: A comparative evaluation of sensors and their fusion,Journal
of ICT Research and Applications, vol. 7, no. 2, pp. 117–136, 2013.
[42] A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith, “Practicality of
accelerometer side channels on smartphones,” in Proceedings of the
28th Annual Computer Security Applications Conference. ACM, 2012,
pp. 41–50.
[43] “Waca: Wearable-assisted continuous authentication framework with
motion sensors,” http://web.eng.fiu.edu/selcuk/pubs.html, accessed:
2017-10-23.
12
[44] L. Cai and H. Chen, “Touchlogger: Inferring keystrokes on touch screen
from smartphone motion.” vol. 11, 2011, pp. 9–9.
[45] Z. Xu, K. Bai, and S. Zhu, “Taplogger: Inferring user inputs on smart-
phone touchscreens using on-board motion sensors,” in Proceedings
of the fifth ACM conference on Security and Privacy in Wireless and
Mobile Networks, 2012, pp. 113–124.
[46] E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury,
“Tapprints: your finger taps have fingerprints,” in Proceedings of the
10th international conference on Mobile systems, applications, and
services. ACM, 2012, pp. 323–336.
[47] T. Nguyen, “Using unrestricted mobile sensors to infer tapped and
traced user inputs,” in 12th International Conference on Information
Technology-New Generations (ITNG), 2015. IEEE, pp. 151–156.
[48] Z. Ji, Z.-Y. Li, P. Li, and M. An, “A new effective wearable hand gesture
recognition algorithm with 3-axis accelerometer,” in 12th International
Conference on Fuzzy Systems and Knowledge Discovery (FSKD), 2015.
IEEE, pp. 1243–1247.
[49] X. Liu, Z. Zhou, W. Diao, Z. Li, and K. Zhang, “When good becomes
evil: Keystroke inference with smartwatch,” in Proceedings of the 22nd
ACM SIGSAC Conference on Computer and Communications Security,
2015, pp. 1273–1285.
[50] H. Wang, T. T.-T. Lai, and R. Roy Choudhury, “Mole: Motion leaks
through smartwatch sensors,” in Proceedings of the 21st Annual Inter-
national Conference on Mobile Computing and Networking. ACM,
2015, pp. 155–166.
[51] A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic, “(smart) watch your
taps: side-channel keystroke inference attacks using smartwatches,” in
Proceedings of the 2015 ACM International Symposium on Wearable
Computers, pp. 27–30.
[52] A. Sarkisyan, R. Debbiny, and A. Nahapetian, “Wristsnoop: Smart-
phone pins prediction using smartwatch motion sensors,” in IEEE
International Workshop on Information Forensics and Security (WIFS),
2015, pp. 1–6.
[53] D. Asonov and R. Agrawal, “Keyboard acoustic emanations,” in IEEE
Symposium on Security and Privacy, 2004. IEEE, pp. 3–11.
[54] T. Halevi and N. Saxena, “A closer look at keyboard acoustic ema-
nations: random passwords, typing styles and decoding techniques,”
in Proceedings of the 7th ACM Symposium on Information, Computer
and Communications Security. ACM, 2012, pp. 89–90.
[55] Y. Berger, A. Wool, and A. Yeredor, “Dictionary attacks using keyboard
acoustic emanations,” in Proceedings of the 13th ACM conference on
Computer and communications security. ACM, 2006, pp. 245–254.
[56] D. Foo Kune and Y. Kim, “Timing attacks on pin input devices,” in
Proceedings of the 17th ACM conference on Computer and communi-
cations security, 2010, pp. 678–680.
[57] M. Backes, M. Dürmuth, S. Gerling, M. Pinkal, and C. Sporleder,
“Acoustic side-channel attacks on printers.” in USENIX Security Sym-
posium, 2010, pp. 307–322.
[58] T. Zhu, Q. Ma, S. Zhang, and Y. Liu, “Context-free attacks using
keyboard acoustic emanations,” in Proceedings of the 2014 ACM
SIGSAC Conference on Computer and Communications Security, pp.
453–464.
[59] S. R. Chhetri, A. Canedo, and M. A. Al Faruque, “Poster: Exploiting
acoustic side-channel for attack on additive manufacturing systems,
2016.
[60] L. Simon and R. Anderson, “Pin skimmer: Inferring pins through the
camera and microphone,” in Proceedings of the Third ACM workshop
on Security and privacy in smartphones & mobile devices, 2013, pp.
67–78.
[61] W. Meng, W. H. Lee, S. Murali, and S. Krishnan, “Charging me and
i know your secrets!: towards juice filming attacks on smartphones,
in Proceedings of the 1st ACM Workshop on Cyber-Physical System
Security. ACM, 2015, pp. 89–98.
[62] D. Shukla, R. Kumar, A. Serwadda, and V. V. Phoha, “Beware, your
hands reveal your secrets!” in Proceedings of the 2014 ACM SIGSAC
Conference on Computer and Communications Security. ACM, pp.
904–917.
[63] A. J. Aviv, “Side channels enabled by smartphone interaction,” Ph.D.
dissertation, Pennsylvania State University, 2012.
[64] R. Raguram, A. M. White, D. Goswami, F. Monrose, and J.-M. Frahm,
“ispy: automatic reconstruction of typed input from compromising
reflections,” in Proceedings of the 18th ACM conference on Computer
and communications security, 2011, pp. 527–536.
[65] M. Vuagnoux and S. Pasini, “Compromising electromagnetic emana-
tions of wired and wireless keyboards.” in USENIX security symposium,
2009, pp. 1–16.
[66] S. Biedermann, S. Katzenbeisser, and J. Szefer, “Hard drive side-
channel attacks using smartphone magnetic field sensors,” in Interna-
tional Conference on Financial Cryptography and Data Security, 2015,
pp. 489–496.
[67] J.-J. Quisquater and D. Samyde, “Electromagnetic analysis (ema):
Measures and counter-measures for smart cards.” Springer, 2001,
pp. 200–210.
[68] V. Carlier, H. Chabanne, E. Dottax, and H. Pelletier, “Electromagnetic
side channels of an fpga implementation of aes,” in CRYPTOLOGY
EPRINT ARCHIVE, REPORT 2004/145. Citeseer.
[69] D. Agrawal, B. Archambeault, J. Rao, and P. Rohatgi, “The em
sideâ ˘
Aˇ
Tchannel(s),” in Cryptographic Hardware and Embedded Sys-
tems - CHES 2002, ser. Lecture Notes in Computer Science. Springer
Berlin Heidelberg, 2003, vol. 2523, pp. 29–45.
[70] Y. Ren and L. Wu, “Power analysis attacks on wireless sensor nodes
using cpu smart card,” in 22nd Wireless and Optical Communication
Conference (WOCC), 2013. IEEE, pp. 665–670.
[71] S. B. Örs, E. Oswald, and B. Preneel, “Power-analysis attacks on
an fpga–first experimental results,” in Cryptographic Hardware and
Embedded Systems-CHES 2003. Springer, pp. 35–50.
[72] C. ˘
A´
ZFlynn and Z. Chen, “Power analysis attacks against ieee
802.15. 4 nodes,” pp. 55–70, 2016.
[73] Anonymous.
[74] W. Diao, X. Liu, Z. Zhou, and K. Zhang, “Your voice assistant is mine:
How to abuse speakers to steal information and control your phone,
in Proceedings of the 4th ACM Workshop on Security and Privacy in
Smartphones & Mobile Devices. ACM, 2014, pp. 63–74.
[75] L. Lei, Y. Wang, J. Zhou, D. Zha, and Z. Zhang, “A threat to mobile
cyber-physical systems: Sensor-based privacy theft attacks on android
smartphones,” in 12th IEEE International Conference on Trust, Security
and Privacy in Computing and Communications (TrustCom), 2013.
IEEE, pp. 126–133.
[76] N. Carlini, P. Mishra, T. Vaidya, Y. Zhang, M. Sherr, C. Shields,
D. Wagner, and W. Zhou, “Hidden voice commands,” in 25th USENIX
Security Symposium (USENIX Security 16), Austin, TX, 2016, pp. 513–
530.
[77] Y. Michalevsky, D. Boneh, and G. Nakibly, “Gyrophone: Recognizing
speech from gyroscope signals.” in USENIX Security Symposium, 2014,
pp. 1053–1067.
[78] G. Joy Persial, M. Prabhu, and R. Shanmugalakshmi, “Side channel
attack-survey,” Int J Adva Sci Res Rev, vol. 1, no. 4, pp. 54–57, 2011.
[79] L. Deshotels, “Inaudible sound as a covert channel in mobile devices.”
in WOOT, 2014.
[80] N. O. Tippenhauer, C. Pöpper, K. B. Rasmussen, and S. Capkun, “On
the requirements for successful gps spoofing attacks,” in Proceedings of
the 18th ACM conference on Computer and communications security.
ACM, 2011, pp. 75–86.
[81] J. Coffed, “The threat of gps jamming: The risk to an information
utility,Report of EXELIS, Jan. Chicago, 2014.
[82] T. Giannetsos and T. Dimitriou, “Spy-sense: spyware tool for executing
stealthy exploits against sensor networks,” in Proceedings of the 2nd
ACM workshop on Hot topics on wireless network security and privacy,
2013, pp. 7–12.
[83] M. Yoshikawa and Y. Nozaki, “Hierarchical power analysis attack for
falsification detection cipher,” in IEEE 7th Annual Computing and
Communication Workshop and Conference (CCWC), 2017, pp. 1–6.
[84] “Mems accelerometer hardware design flaws (update a),” https://
ics-cert.us-cert.gov/alerts/ICS-ALERT-17-073-01A, accessed: 2017-5-
30.
[85] K. Onarlioglu, W. Robertson, and E. Kirda, “Overhaul: Input-driven
access control for better privacy on traditional operating systems,
in 46th Annual IEEE/IFIP International Conference on Dependable
Systems and Networks (DSN), 2016, pp. 443–454.
[86] F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and
C. Cowan, “User-driven access control: Rethinking permission granting
in modern operating systems,” in IEEE Symposium on Security and
privacy (SP), 2012, pp. 224–238.
[87] T. Ringer, D. Grossman, and F. Roesner, “Audacious: User-driven
access control with unmodified operating systems,” in Proceedings of
the 2016 ACM SIGSAC Conference on Computer and Communications
Security, pp. 204–216.
[88] Y. Zafar and D. Har, “A novel countermeasure enhancing side channel
immunity in fpgas,” in International Conference on Advances in
Electronics and Micro-electronics, 2008. ENICS’08. IEEE, pp. 132–
137.
13
[89] F.-X. Standaert, F. Macé, E. Peeters, and J.-J. Quisquater, “Updates on
the security of fpgas against power analysis attacks,” in International
Workshop on Applied Reconfigurable Computing, 2006, pp. 335–346.
[90] R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, “Key management
systems for sensor networks in the context of the internet of things,
Computers & Electrical Engineering, vol. 37, no. 2, pp. 147–159, 2011.
[91] X. Wang, Y. Yang, Y. Zeng, C. Tang, J. Shi, and K. Xu, “A novel hybrid
mobile malware detection system integrating anomaly detection with
misuse detection,” in Proceedings of the 6th International Workshop
on Mobile Cloud Computing and Services. ACM, 2015, pp. 15–22.
[92] M. Sun, M. Zheng, J. Lui, and X. Jiang, “Design and implementation
of an android host-based intrusion prevention system,” in Proceedings
of the 30th Annual Computer Security Applications Conference. ACM,
2014, pp. 226–235.
[93] W.-C. Wu and S.-H. Hung, “Droiddolphin: a dynamic android malware
detection framework using big data and machine learning,” in Proceed-
ings of the 2014 Conference on Research in Adaptive and Convergent
Systems. ACM, pp. 247–252.
[94] G. G. Sundarkumar, V. Ravi, I. Nwogu, and V. Govindaraju, “Malware
detection via api calls, topic models and machine learning,” in 2015
IEEE International Conference on Automation Science and Engineer-
ing (CASE),. IEEE, pp. 1212–1217.
[95] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security,
privacy and trust in internet of things: The road ahead,Computer
Networks, vol. 76, pp. 146–164, 2015.
[96] A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy
challenges in industrial internet of things,” in Proceedings of the 52nd
Annual Design Automation Conference. ACM, 2015, p. 54.
[97] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner,
“Android permissions: User attention, comprehension, and behavior,”
in Proceedings of the eighth symposium on usable privacy and security.
ACM, 2012, p. 3.
[98] A. P. Felt, S. Egelman, M. Finifter, D. Akhawe, D. Wagner et al., “How
to ask for permission.” in HotSec, 2012.
[99] M. W. Live, “Analysis: Mobile world congress 2016 wrap-up,”
March 2016. [Online]. Available: http://www.mobileworldlive.com/
mwc16-articles/analysis-mwc16-wrapup/
[100] M. M. Hossain, M. Fotouhi, and R. Hasan, “Towards an analysis of
security issues, challenges, and open problems in the internet of things,”
in IEEE World Congress on Services (SERVICES), 2015, pp. 21–28.
[101] R. H. Weber, “Internet of things–new security and privacy challenges,”
Computer law & security review, vol. 26, no. 1, pp. 23–30, 2010.
[102] C. Namiluko, A. J. Paverd, and T. De Souza, “Towards enhancing web
application security using trusted execution.” in WASH, 2013.
Amit Kumar Sikder is currently a PhD student and
Research Assistant in the Department of Electrical
and Computer Engineering at Florida International
University, as a member of the Cyber-Physical Sys-
tems Security Lab (CSL). He previously completed
his Bachelors in Electrical and Electronic Engi-
neering from Bangladesh University of Engineering
and Technology (BUET). His research interests are
focused on the security of Cyber-Physical Systems
(CPS) and Internet of Things (IoT). He also has
worked in areas related to security of smart devices,
security of smart home, smart city, wireless communication. More information
can be obtained from: http://web.eng.fiu.edu/asikd003/.
Giuseppe Petracca is currently a PhD student and
Research Assistant in the Department of Computer
Science and Engineering at The Pennsylvania State
University. He also collaborates for the Cyber Secu-
rity Collaborative Research Alliance (CRA), spon-
sored by the Army Research Laboratory (ARL).
Giuseppe has a B.S. and a M.S. in Computer Science
and Engineering from Sapienza University of Rome,
Italy. Giuseppe’s research interest focuses on mobile
systems and cloud computing security. His industry
experience includes a summer internship in 2013
as Graduate Researcher at Intel, a summer internship in 2014 as Graduate
Technical Engineer at Intel Labs, a summer internship in 2016 as Software
Engineer and Security Researcher at Samsung Research America, and a
summer internship in 2017 as Software Engineer and Security Researcher at
Google. More information can be obtained from: http://sites.psu.edu/petracca/.
Hidayet Aksu received his Ph.D., M.S. and B.S.
degrees from Bilkent University, all in Department
of Computer Engineering, in 2014, 2008 and 2005,
respectively. He is currently a Postdoctoral Associate
in the Department of Electrical & Computer En-
gineering at Florida International University (FIU).
Before that, he worked as an Adjunct Faculty in
the Computer Engineering Department of Bilkent
University. He conducted research as visiting scholar
at IBM T.J. Watson Research Center, USA in 2012-
2013. He also worked for Scientific and Technolog-
ical Research Council of Turkey (TUBITAK). His research interests include
security for cyber-physical systems, internet of things, security for critical
infrastructure networks, IoT security, security analytics, social networks, big
data analytics, distributed computing, wireless networks, wireless ad hoc and
sensor networks, localization, and p2p networks.
Dr. Trent Jaeger is a Professor in the Computer Sci-
ence and Engineering Department at The Pennsyl-
vania State University and the Co-Director of PSU’s
Systems and Internet Infrastructure Security (SIIS)
Lab. Trent’s research interests include systems secu-
rity and the application of programming language
techniques to improve security. He has published
over 100 refereed papers on these topics and the
book "Operating Systems Security," which exam-
ines the principles behind secure operating systems
designs. Trent has made a variety of contributions
to open source systems security, particularly to the Linux Security Modules
framework, SELinux, integrity measurement in Linux, and the Xen security
architecture. He was previously the Chair of the ACM Special Interest Group
on Security, Audit, and Control (SIGSAC). Trent has an M.S. and a Ph.D.
from the University of Michigan, Ann Arbor in Computer Science and
Engineering in 1993 and 1997, respectively, and spent nine years at IBM
Research prior to joining Penn State. More information can be obtained from:
http://www.cse.psu.edu/~ trj1/.
Dr. A. Selcuk Uluagac is currently an Assistant
Professor in the Department of Electrical and Com-
puter Engineering (ECE) at Florida International
University (FIU). Before joining FIU, he was a
Senior Research Engineer in the School of Elec-
trical and Computer Engineering (ECE) at Georgia
Institute of Technology. Prior to Georgia Tech, he
was a Senior Research Engineer at Symantec. He
earned his Ph.D. with a concentration in information
security and networking from the School of ECE,
Georgia Tech in 2010. He also received an M.Sc.
in Information Security from the School of Computer Science, Georgia Tech
and an M.Sc. in ECE from Carnegie Mellon University in 2009 and 2002,
respectively. The focus of his research is on cyber security topics with
an emphasis on its practical and applied aspects. He is interested in and
currently working on problems pertinent to the security of Cyber-Physical
Systems and Internet of Things. In 2015, he received a Faculty Early Career
Development (CAREER) Award from the US National Science Foundation
(NSF). In 2015, he was awarded the US Air Force Office of Sponsored
Research (AFOSR)’s 2015 Summer Faculty Fellowship. In 2016, he received
the Summer Faculty Fellowship from the University of Padova, Italy. He
is also an active member of IEEE (senior grade), ACM, and ASEE and a
regular contributor to national panels and leading journals and conferences
in the field. Currently, he is the area editor of Elsevier Journal of Network
and Computer Applications and serves on the editorial board of the IEEE
Communication Surveys and Tutorials. More information can be obtained
from: http://web.eng.fiu.edu/selcuk.
14
... Currently, there is no universal consensus on the IoT architecture. However, based on the reviewed literature, the standard IoT architecture has four layers, namely, the perception, network, middleware and application layer [31][32][33][34][35]. Fig. 2 depicts an outline of the typical IoT architecture. ...
... As a result, these challenges can contribute to multiple vulnerabilities in each layer of the IoT architecture. Surveys on vulnerabilities of IoT layers can be found in [32,33,35]. These vulnerabilities can facilitate access to ML-based systems residing in the IoT ecosystem and hence can make the adversarial perturbations easier compared to perturbating the MLbased system residing in traditional systems, which are more secure against malicious access. ...
Article
Full-text available
With the rapid progress and significant successes in various applications, machine learning has been considered a crucial component in the Internet of Things ecosystem. However, machine learning models have recently been vulnerable to carefully crafted perturbations, so-called adversarial attacks. A capable insider adversary can subvert the machine learning model at either the training or testing phase, causing them to behave differently. The vulnerability of machine learning to adversarial attacks becomes one of the significant risks. Therefore, there is a need to secure machine learning models enabling the safe adoption in malicious insider cases. This paper reviews and organizes the body of knowledge in adversarial attacks and defense presented in IoT literature from an insider adversary point of view. We proposed a taxonomy of adversarial methods against machine learning models that an insider can exploit. Under the taxonomy, we discuss how these methods can be applied in real-life IoT applications. Finally, we explore defensive methods against adversarial attacks. We believe this can draw a comprehensive overview of the scattered research works to raise awareness of the existing insider threats landscape and encourages others to safeguard machine learning models against insider threats in the IoT ecosystem.
Article
Full-text available
The overwhelming acceptance and growing need for Internet of Things (IoT) products in each aspect of everyday living is creating a promising prospect for the involvement of humans, data, and procedures. The vast areas create opportunities from home to industry to make an automated lifecycle. Human life is involved in enormous applications such as intelligent transportation, intelligent healthcare, smart grid, smart city, etc. A thriving surface is created that can affect society, the economy, the environment, politics, and health through diverse security threats. Generally, IoT devices are susceptible to security breaches, and the development of industrial systems could pose devastating security vulnerabilities. To build a reliable security shield, the challenges encountered must be embraced. Therefore, this survey paper is primarily aimed to assist researchers by classifying attacks/vulnerabilities based on objects. The method of attacks and relevant countermeasures are provided for each kind of attack in this work. Case studies of the most important applications of the IoT are highlighted concerning security solutions. The survey of security solutions is not limited to traditional secret key-based cryptographic solutions, moreover physical unclonable functions (PUF)-based solutions and blockchain are illustrated. The pros and cons of each security solution are also discussed here. Furthermore, challenges and recommendations are presented in this work.
Chapter
The Internet of Things (IoT) comprises the interconnection of a wide range of different devices, from Smart Bluetooth speakers to humidity sensors. The great variety of devices enables applications in several contexts, including Smart Cities and Smart Industry. IoT devices collect and process a large amount of data on machines and the environment and even monitor people's activities. Due to their characteristics and architecture, IoT devices and networks are potential targets for cyberattacks. Indeed, cyberattacks can lead to malfunctions of the IoT environment and access and misuse of private data. This chapter addresses security concerns in the IoT ecosystem. It identifies common threats for each of IoT layers and presents advantages, challenges, and limitations of promising countermeasures based on new technologies and strategies, like Blockchain and Machine Learning. It also contains a more in-depth discussion on Intrusion Detection Systems (IDS) for IoT, a promising solution for cybersecurity in IoT ecosystems.
Article
Connected healthcare systems face more and more cyber attacks recently. With the development of technology, people use intrusion detection systems (IDS) to detect network attacks and achieve effective results. The existing methods do not take into account the limited storage and computing power of wireless devices on connected healthcare systems. IDSs in the connected healthcare systems need to be real-time and lightweight. This paper proposes an IDS method based on stacked sparse autoencoder (sSAE) and sliced gated recurrent unit (SGRU). The sSAE reduces the dimensionality of the original traffic data and the memory required to calculate the covariance matrix. We slice the original data and input the processed data into the SGRU networks which are paralleled. Therefore, SGRU networks achieve real-time response. The method uses the AWID dataset. The experimental results show that our scheme is better than deep neural network (DNN), recurrent neural network (RNN), long short-term memory (LSTM) and other methods. Especially, the F1-score of the method is 2–5% higher than existing schemes, the detection time is 5–13 times shorter than other solutions, and the model size is smaller than the size of other models by at least 4 times.
Article
Full-text available
The versatility of IoT devices increases the probability of continuous attacks on them. The low processing power and low memory of IoT devices have made it difficult for security analysts to keep records of various attacks performed on these devices during forensic analysis. The forensic analysis estimates how much damage has been done to the devices due to various attacks. In this paper, we have proposed an intelligent forensic analysis mechanism that automatically detects the attack performed on IoT devices using a machine-to-machine (M2M) framework. Further, the M2M framework has been developed using different forensic analysis tools and machine learning to detect the type of attacks. Additionally, the problem of an evidence acquisition (attack on IoT devices) has been resolved by introducing a third-party logging server. Forensic analysis is also performed on logs using forensic server (security onion) to determine the effect and nature of the attacks. The proposed framework incorporates different machine learning (ML) algorithms for the automatic detection of attacks. The performance of these models is measured in terms of accuracy, precision, recall, and F1 score. The results indicate that the decision tree algorithm shows the optimum performance as compared to the other algorithms. Moreover, comprehensive performance analysis and results presented validate the proposed model.
Article
Full-text available
Bluetooth Low Energy (BLE) has become the de facto communication protocol for the Internet of Things (IoT) and smart wearable devices for its ultra-low energy consumption, ease of development, good enough network coverage, and data transfer speed. Due to the simplified design of this protocol, there have been lots of security and privacy vulnerabilities. As billions of health care, personal fitness wearable, smart lock, industrial automation devices adopt this technology for communication, its vulnerabilities should be dealt with high priority. Some segregated works on BLE were performed focusing on various vulnerabilities, such as the insecure implementation of encryption, device authentication, user privacy, etc. However, there has been no comprehensive survey on the security vulnerabilities of this protocol. In this survey paper, we present a comprehensive taxonomy for the security and privacy issues of BLE. We present possible attack scenarios for different types of vulnerabilities, classify them according to their severity, and list possible mitigation techniques. We also provide case studies regarding how different vulnerabilities can be exploited in real BLE devices.
Conference Paper
Full-text available
We show that the MEMS gyroscopes found on modern smartphones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone. The resulting signals contain only very low-frequency information (<200Hz). Nevertheless, we show, using signal processing and machine learning, that this information is sufficient to identify speaker information and even parse speech. Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone.
Conference Paper
Full-text available
Sensors (e.g., light, gyroscope, accelerometer) and sensing enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any App can get access to other sensors by just accessing the generic sensor API. In this way, attackers can exploit these sensors in numerous ways: they can extract or leak users’ sensitive information, transfer malware, or record or steal sensitive information from other nearby devices. In this paper, we propose 6thSense, a context-aware intrusion detection system which enhances the security of smart devices by observing changes in sensor data for different tasks of users and creating a contextual model to distinguish benign and malicious behavior of sensors. 6thSense utilizes three different Machine Learning-based detection mechanisms (i.e., Markov Chain, Naive Bayes, and LMT) to detect malicious behavior associated with sensors. We implemented 6thSense on a sensor-rich Android smart device (i.e., smartphone) and collected data from typical daily activities of 50 real users. Furthermore, we evaluated the performance of 6thSense against three sensor-based threats: (1) a malicious App that can be triggered via a sensor (e.g., light), (2) a malicious App that can leak information via a sensor, and (3) a malicious App that can steal data using sensors. Our extensive evaluations show that the 6thSense framework is an effective and practical approach to defeat growing sensor-based threats with an accuracy above 96% without compromising the normal functionality of the device. Moreover, our framework costs minimal overhead.
Conference Paper
Full-text available
IEEE 802.15.4 is a wireless standard used by a variety of higher-level protocols, including many used in the Internet of Things (IoT). A number of system on a chip (SoC) devices that combine a radio transceiver with a microcontroller are available for use in IEEE 802.15.4 networks. IEEE 802.15.4 supports the use of AES-CCM* for encryption and authentication of messages, and a SoC normally includes an AES accelerator for this purpose. This work measures the leakage characteristics of the AES accelerator on the Atmel ATMega128RFA1, and then demonstrates how this allows recovery of the encryption key from nodes running an IEEE 802.15.4 stack. While this work demonstrates the attack on a specific SoC, the results are also applicable to similar wireless nodes and to protocols built on top of IEEE 802.15.4.
Conference Paper
The risk of IoT devices to be attacked by external networks has been reported. Therefore, falsification detection ciphers that can realize encryption and authentication simultaneously have attracted the attention of many researchers as a measure to prevent these attacks. Many studies have been reported on power analysis against AES. However, there are very few studies on power analysis against falsification detection ciphers. The present study proposes a method of power analysis against Minalpher, a falsification detection cipher. Experiments using an actual device prove the validity of the proposed method.
Conference Paper
User-driven access control improves the coarse-grained access control of current operating systems (particularly in the mobile space) that provide only all-or-nothing access to a resource such as the camera or the current location. By granting appropriate permissions only in response to explicit user actions (for example, pressing a camera button), user-driven access control better aligns application actions with user expectations. Prior work on user-driven access control has relied in essential ways on operating system (OS) modifications to provide applications with uncompromisable access control gadgets, distinguished user interface (UI) elements that can grant access permissions. This work presents a design, implementation, and evaluation of user-driven access control that works with no OS modifications, thus making deployability and incremental adoption of the model more feasible. We develop (1) a user-level trusted library for access control gadgets, (2) static analyses to prevent malicious creation of UI events, illegal flows of sensitive information, and circumvention of our library, and (3) dynamic analyses to ensure users are not tricked into granting permissions. In addition to providing the original user-driven access control guarantees, we use static information flow to limit where results derived from sensitive sources may flow in an application. Our implementation targets Android applications. We port open-source applications that need interesting resource permissions to use our system. We determine in what ways user-driven access control in general and our implementation in particular are good matches for real applications. We demonstrate that our system is secure against a variety of attacks that malware on Android could otherwise mount.
Conference Paper
Imagine a user typing on a laptop keyboard while wearing a smart watch. This paper asks whether motion sensors from the watch can leak information about what the user is typing. While its not surprising that some information will be leaked, the question is how much? We find that when motion signal processing is combined with patterns in English language, the leakage is substantial. Reported results show that when a user types a word $W$, it is possible to shortlist a median of 24 words, such that $W$ is in this shortlist. When the word is longer than $6$ characters, the median shortlist drops to $10$. Of course, such leaks happen without requiring any training from the user, and also under the (obvious) condition that the watch is only on the left hand. We believe this is surprising and merits awareness, especially in light of various continuous sensing apps that are emerging in the app market. Moreover, we discover additional "leaks" that can further reduce the shortlist -- we leave these exploitations to future work.