A Forensic Analysis of Home Automation Devices (FAHAD) Model: Kasa Smart Light Bulb and Eufy Floodlight Camera as Case Studies

""

Fahad E. Salamh  (1*) - [ https://orcid.org/0000-0001-7076-2543 ]

(1) Purdue University, United States
(*) Corresponding Author

Abstract

The adoption of Internet of Things (IoT) devices is rapidly increasing with the advancement of network technology, these devices carry sensitive data that require adherence to minimum security practices. The adoption of smart devices to migrate homeowners from traditional homes to smart homes has been noticeable. These smart devices share value with and are of potential interest to digital forensic investigators, as well. Therefore, in this paper, we conduct comprehensive security and forensic analysis to contribute to both fields—targeting a security enhancement of the selected IoT devices and assisting the current IoT forensics approaches. Our work follows several techniques such as forensic analysis of identifiable information, including connected devices and sensor data. Furthermore, we perform security assessment exploring insecure communication protocols, plain text credentials, and sensitive information. This will include reverse engineering some binary files and manual analysis techniques. The analysis includes a data-set of home automation devices provided by the VTO labs: (1) the eufy floodlight camera, and (2) the Kasa smart light bulb. The main goal of the technical experiment in this research is to support the proposed model.

Keywords

IoT Forensic; Security; Reverse Engineering; Non-Traditional Model; Eufy Security Camera; Kasa Smart Light Bulb

Citation Metrics



Full Text:

PDF PDF

References

Alrawi, O., Lever, C., Antonakakis, M., & Monrose, F. (2019). Sok: Security evaluation of home-based iot deployments. In 2019 IEEE symposium on security and privacy (sp) (pp. 1362-1380). https://doi.org/10.1109/SP.2019.00013

Atlam, H. F., Alenezi, A., Alassafi, M. O., Alshdadi, A. A., & Wills, G. B. (2020). Security, cybercrime, and digital forensics for IoT. In Principles of internet of things (IoT) ecosystem: Insight paradigm (pp. 551-577). Springer. https://doi.org/10.1007/978-3-030-33596-0_22

Awasthi, A., Read, H. O., Xynos, K., & Sutherland, I. (2018). Welcome pwn: Almond smart home hub forensics. Digital Investigation, 26, S38-S46. https://doi.org/10.1016/j.diin.2018.04.014

Azmoodeh, A., Dehghantanha, A., Conti, M., & Choo, K.-K. R. (2018). Detecting crypto-ransomware in IoT networks based on energy consumption footprint. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1141-1152. https://doi.org/10.1007/s12652-017-0558-5

Evans, D. (2011). The internet of things: How the next evolution of the internet is changing everything. CISCO white paper, 1(2011), 1-11.

Hung, M. (2017). Leading the IoT, Gartner Insights on how to lead in a connected world. Gartner Research, 1-29.

Hutchinson, S., Yoon, Y. H., Shantaram, N., & Karabiyik, U. (n.d.). Internet of things forensics in smart homes: Design, implementation, and analysis of smart home laboratory.

Karabiyik, U., & Akkaya, K. (2019). Digital forensics for IoT and WSNS. In Mission-oriented sensor networks and systems: Art and science (pp. 171-207). Springer. https://doi.org/10.1007/978-3-319-92384-0_6

Kim, S., Park, M., Lee, S., & Kim, J. (2020). Smart home forensics-data analysis of IoT devices. Electronics, 9(8), 1215. https://doi.org/10.3390/electronics9081215

Li, S., Choo, K.-K. R., Sun, Q., Buchanan, W. J., & Cao, J. (2019). Iot forensics: Amazon Echo as a use case. IEEE Internet of Things Journal, 6(4), 6487-6497. https://doi.org/10.1109/JIOT.2019.2906946

Mattern, F., & Floerkemeier, C. (2010). From the internet of computers to the internet of things. in From active data management to event-based systems and more (pp. 242-259). Springer. https://doi.org/10.1007/978-3-642-17226-7_15

Mundt, T., Dähn, A., & Glock, H. W. (2014). Forensic analysis of home automation systems. In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2014).

Plachkinova, M., Vo, A., & Alluhaidan, A. (2016). Emerging trends in smart home security, privacy, and digital forensics.

Satoh, K. (2012). Ieee proof. IEEE vEhIcular tEchnology magazInE.

Servida, F., & Casey, E. (2019). IoT forensic challenges and opportunities for digital traces. Digital Investigation, 28, S22-S29. https://doi.org/10.1016/j.diin.2019.01.012

Watson, S., & Dehghantanha, A. (2016). Digital forensics: the missing piece of the internet of things promise. Computer Fraud & Security, 2016(6), 5-8. https://doi.org/10.1016/S1361-3723(15)30045-2

Yaqoob, I., Ahmed, E., ur Rehman, M. H., Ahmed, A. I. A., Al-garadi, M. A., Imran, M., & Guizani, M. (2017). The rise of ransomware and emerging security challenges in the internet of things. Computer Networks, 129, 444-458. https://doi.org/10.1016/j.comnet.2017.09.003

Yaqoob, I., Hashem, I. A. T., Ahmed, A., Kazmi, S. A., & Hong, C. S. (2019). Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges. Future Generation Computer Systems, 92, 265-275. https://doi.org/10.1016/j.future.2018.09.058

Zahra, A., & Shah, M. A. (2017). Iot based ransomware growth rate evaluation and detection using command and control blacklisting. In 2017 23rd international conference on automation and computing (icac) (pp. 1-6). https://doi.org/10.23919/IConAC.2017.8082013

Zahra, S. R., & Chishti, M. A. (2019). Ransomware and internet of things: A new security nightmare. In 2019 9th international conference on cloud computing, data science & engineering (confluence) (pp. 551-555). https://doi.org/10.1109/CONFLUENCE.2019.8776926