Monday, December 23, 2024

BYU: New technology reduces risk of cyberattacks through home devices

Must read


Courtesy BYU Photo

A Brigham Young University professor and a team of students have developed a technology that reduces the risk of devices connected to the internet serving as backdoors into private networks.

It seems like just about every new household device connects to the internet these days. Thermostat? Check. Doorbell? Yup. Washer and dryer? In 2024, of course. Even pet feeders connect to Wi-Fi now to be controlled by an app.

While this is all convenient for the dishwashers and pet owners of the world, this trend also leaves consumers vulnerable to cyberattacks. That’s because Internet of Things (IoT) devices tend to be full of security vulnerabilities, and there are ample examples of IoT devices serving as backdoors into private networks and then being used as botnets (infected malware) in malicious denial of service attacks.

Brigham Young University computer engineering professor Phil Lundrigan says these exploits are possible because of the design of Wi-Fi’s security. That’s because when you connect a device to your Wi-Fi by providing your network name and password, you give the device full access to your network — and just one unsecure device can compromise an entire network.

“When you hook up a device to the network, it can start scanning for vulnerabilities, or maybe it’s a Trojan horse, monitoring the traffic on your network,” Lundrigan said. “You buy this cheap device, but how do you know if you can trust it? We are saying don’t connect it to the network, use our technology instead.”

According to Lundrigan, Wi-Fi has only two modes of trust: complete trust or complete untrust. He likes to use the analogy of having someone come to your house and the only two options are to never answer the door or to give them the keys to the house. “There’s got to be an in-between option,” he said.

An in-between option that grants partial trust would allow consumers to connect simple IoT devices like air quality monitors to their home network without the risk of it compromising the network. That’s exactly what Lundrigan and a team of students — Jacob Johnson, Ashton Palacios and undergraduate student Cody Arvonen — have created.

Their solution allows for communication between a Wi-Fi device that sends little amounts of data, like a sensor, and a trusted Wi-Fi network without connecting the device to the network. Lundrigan and his colleagues achieve communication through the following technical steps:

  • First, they strategically and “surgically” jam the Wi-Fi communications with the device.
  • This jamming causes the time it takes for data to travel across the network (called latency) to increase momentarily.
  • The pattern in which the device jams the network conveys information.
  • A different device on the network detects the changes in latency and receives the data.

The result is a new wireless subprotocol they call “Latency Shift Keying.” Going back to the stranger-on-your-doorstep analogy, Lundrigan says LSK is like having someone knock on your door, but they knock in a particular pattern to convey data. Prior to this new method, there were only two ways of using the (Wi-Fi) door: open it or keep it closed. Now there’s a third way to interact with the person on the other side of the door.

“Communication through knocking requires someone to be home and listening, which is the same as our protocol — you need a device inside the network looking for LSK messages,” Lundrigan said. “Knocking and LSK work because the outsider can affect something about the physical environment that the insider can ‘hear’ and measure. In the case of knocking, it’s the sound it makes; in the case of LSK, it’s the latency.”

The method creates an air gap for safety between the untrusted IoT devices and a secured network and allows communication to go in only one direction and only when the trusted WiFi network needs to receive data. The full technical details can be found in a paper recently accepted for presentation at the 2024 International Conference on Mobile Computing and Networking.

Lundrigan said while other solutions to this problem exist, such as network partitioning using separate Wi-Fi networks, they usually require additional hardware or advanced network configuration, which usually requires some advanced knowledge. Lundrigan’s software-based solution requires no additional hardware and utilizes the main Wi-Fi network.

Read more about Lundrigan’s work here: https://netlab.byu.edu/projects/.

Todd Hollingshead is the media relations manager for University Communications at BYU.



Newsletter

Join thousands already receiving our daily newsletter.






Latest article