Quick links
Login | Register

Towards Efficient Device-State Integrity Verification in Smart Homes using Device-App Causality Relationships

Title:

Towards Efficient Device-State Integrity Verification in Smart Homes using Device-App Causality Relationships

Ghorbanian, Mahdieh (2025) Towards Efficient Device-State Integrity Verification in Smart Homes using Device-App Causality Relationships. Masters thesis, Concordia University.

[thumbnail of Ghorbanian_MA_F2025.pdf]
Text (application/pdf)
Ghorbanian_MA_F2025.pdf - Accepted Version
Restricted to Repository staff only until 31 December 2025.
Available under License Spectrum Terms of Access.
8MB

Abstract

The device-state in smart homes depends on both its physical channel (sensing and actuating in the environment) and its cyber-physical channel (interactions with apps and other devices). Ensuring device-state integrity is crucial for proper operation but can be compromised by security threats from devices, apps, and their interactions due to vulnerabilities and misconfigurations, posing risks to users. Existing works focus on either devices or apps, but none comprehensively address device-state integrity across device-app interactions. Furthermore, there exist several challenges in offering device-state integrity verification for smart homes. First, efficiently and comprehensively collecting data (that is an essential verification step) becomes more difficult as code instrumentation (used in several existing works) becomes impossible by changes in platform design and existing logging mechanisms (if any) generate humongous amount of data (including security unaware data). Second, efficiently and accurately verifying the device state integrity needs device-specific analysis to account for all interacting apps and devices. In this thesis, we tackle these challenges by presenting an efficient device-state integrity verification approach for smart homes. Specifically, our key ideas are to: model the interactions of all components in a smart home using causality relationships that affect a specific device, and verify device state based on this model. We implement our approach on SmartThings, build a new smart home dataset, and evaluate its effectiveness (e.g., 81.34% reduction in verification time and 56.49% reduction in response time).

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Ghorbanian, Mahdieh
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:16 April 2025
Thesis Supervisor(s):Majumdar, Suryadipta
Keywords:Smart home security, device-app interactions, device-state integrity
ID Code:995562
Deposited By: Mahdieh Ghorbanian
Deposited On:04 Nov 2025 16:48
Last Modified:04 Nov 2025 16:48

References:

[1] Aeotec. Aeotec Smart Home Hub, 2024. Accessed: March 3, 2025.
[2] M. Alhanahnah, C. Stevens, B. Chen, Q. Yan, and H. Bagheri. IoTCom: Dissecting interaction threats in IoT systems. IEEE Transactions on Software Engineering, 49(4):1523–1539, 2022.
[3] Amazon. Amazon Alexa: Smart Home products and services. https://www. amazon.com/Alexa-Smart-Home/b ie=UTF8&node=21576558011, 2023.
[4] Amazon. Alexa skills kit. https://developer.amazon.com/alexa/
skills-kit, 2025.
[5] Apple. Homekit push notifications. https://developer.apple.com/ documentation/homekit/hkaccessorydelegate, 2025.
[6] H. Assistant. Home assistant. https://www.home-assistant.io, 2025.
[7] M. Azure. What is a cloud server?, 2025.
[8] L. Babun, A. K. Sikder, A. Acar, and A. S. Uluagac. The truth shall set thee free: Enabling practical forensic capabilities in smart environments. In NDSS, 2022.
[9] S. Birnbach and S. Eberz. Peeves: Physical event verification in Smart Homes. 2019.
[10] S. Birnbach, S. Eberz, and I. Martinovic. Haunted house: physical Smart Home event verification in the presence of compromised sensors. ACM Transactions on Internet of Things, 3(3):1–28, 2022.
[11] A. Borhani and H. R. Zarandi. ThingsDND: IoT device failure detection and diagnosis for multi-user Smart Homes. In 2022 18th European Dependable Computing Conference (EDCC), pages 113–116. IEEE, 2022.
[12] L. Bu,W. Xiong, C.-J. M. Liang, S. Han, D. Zhang, S. Lin, and X. Li. Systematically ensuring the confidence of real-time home automation IoT systems. TCPS, 2(3):1–23, 2018.
[13] Z. B. Celik, L. Babun, A. K. Sikder, H. Aksu, G. Tan, P. McDaniel, and A. S. Uluagac. Sensitive information tracking in commodity IoT. In USENIX Security 18, pages 1687–1704, 2018.
[14] Z. B. Celik, P. McDaniel, and G. Tan. Soteria: Automated IoT safety and security analysis. In USENIX ATC 18, pages 147–158, 2018.
[15] Z. B. Celik, G. Tan, and P. D. McDaniel. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In NDSS, 2019. [16] H. Chi, Q. Zeng, X. Du, and L. Luo. PFirewall: Semantics aware customizable data flow control for Smart Home privacy protection. arXiv preprint arXiv:2101.10522, 2021.
[17] H. Chi, Q. Zeng, X. Du, and J. Yu. Cross-app interference threats in Smart Homes: Categorization, detection and handling. In DSN, pages 411–423. IEEE, 2020.
[18] J. Choi, H. Jeoung, J. Kim, Y. Ko, W. Jung, H. Kim, and J. Kim. Detecting and identifying faulty IoT devices in Smart Home with context extraction. In DSN, pages 610–621. IEEE, 2018.
[19] G. Cloud. Google Cloud IoT core, 2023.
[20] Cloudflare. Cloudflare one network connection documentation, 2025. Accessed: 2025-03-16.
[21] CloudPanel. Benefits of edge computing, 2025.
[22] S. Community. SmartThings community, 2025. Accessed: 2025-03 16.
[23] A. Companies. 4 critical Smart Home devices that improve safety, 2023. Accessed: 2025-03-15.
[24] N. Developers. Graph composition, 2023. Accessed: 2025-02-25.
[25] S. Developers. SmartThings developer documentation, 2025. Accessed: Mar. 3, 2025.
[26] W. Ding and H. Hu. On the safety of IoT device physical interaction control. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 832–846, 2018.
[27] W. Ding, H. Hu, and L. Cheng. IotSafe: Enforcing safety and security policy with real IoT physical interaction discovery. In NDSS, 2021.
[28] W. Documentation. Logging in WebSockets. https://websockets. readthedocs.io/en/stable/topics/logging.html. Accessed: 2025-03-10.
[29] J. Doe and A. Smith. System and method for continuously verifying device state integrity, 2021. U.S. Patent 11,018,693 B2.
[30] S. Electronics. IoTER: Internet of Things event recognition. https://github.com/Samsung/ioter, 2024. Accessed: Month Day, 2024.
[31] Y. Fan, Y. Li, M. Zhan, H. Cui, and Y. Zhang. IoTDefender: A federated transfer learning intrusion detection framework for 5g IoT. In BigDataSE, pages 88–95. IEEE, 2020.
[32] C. Fu, Q. Zeng, and X. Du. HAWatcher: Semantics-Aware anomaly detection for appified Smart Homes. In USENIX Security 21, pages 4223–4240, 2021.
[33] GeeksforGeeks. Union and intersection of two graphs. Online, 2024. Accessed: 15-Mar-2025.
[34] Google. Google Nest: Connected home products. https://store.google.com/us/category/connected_home, 2023.
[35] H. HaddadPajouh, A. Dehghantanha, R. M. Parizi, M. Aledhari, and H. Karimipour. A survey on Internet of Things security: Requirements, challenges, and solutions. Internet of Things, 14:100129, 2021.
[36] A. A. Hagberg, D. A. Schult, and P. J. Swart. NetworkX: Network analysis library in Python, 2008.
[37] K.-H. Hsu, Y.-H. Chiang, and H.-C. Hsiao. SafeChain: Securing trigger-action programming from attack chains. IEEE Transactions on Information Forensics and Security, 14(10):2607–2622, 2019.
[38] Hubitat. Hubitat. https://hubitat.com, 2025.
[39] P. Hue. Philips hue smart lighting, 2024. Accessed: March 3, 2025.
[40] IFTTT. IFTTT Automation Platform. https://ifttt.com/, 2025. Accessed: March 7, 2025.
[41] IoTPrune. SmartApps repository. https://github.com/IoTPrune/ SmartApps, 2024. Accessed: March 16, 2025.
[42] Y. J. Jia, Q. A. Chen, S. Wang, A. Rahmati, E. Fernandes, Z. M. Mao, A. Prakash, and S. Unversity. ContexloT: Towards providing contextual integrity to appified IoT platforms. In NDSS, volume 2, pages 2–2. San Diego, 2017.
[43] Y.-B. Lin and S.-L. Chou. Spectalk: Conforming iot implementations to sensor specifications. Sensors, 21(16):5260, 2021.
[44] S. Newsroom. 10 years with Samsung smartThings: Revolutionizing the Smart Home. 2024. Accessed: March 12, 2025.
[45] D. T. Nguyen, C. Song, Z. Qian, S. V. Krishnamurthy, E. J. Colbert, and P. McDaniel. IotSan: Fortifying the safety of IoT systems. In CoNEXT, pages 191–203, 2018.
[46] Nordic Semiconductor. Bluetooth Low Energy (BLE), 2024. Accessed: Mar. 3, 2025.
[47] openHAB. openHAB: An open-source home automation platform. https://en.wikipedia.org/wiki/OpenHAB, 2023.
[48] M. O. Ozmen, X. Li, A. Chu, Z. B. Celik, B. Hoxha, and X. Zhang. Discovering IoT physical channel vulnerabilities. In CCS, pages 2415–2428, 2022.
[49] M. O. Ozmen, R. Song, H. Farrukh, and Z. B. Celik. Evasion attacks and defenses on Smart Home physical event verification. In NDSS. Internet Society, 2023.
[50] S. Petrova. Advantages and disadvantages of how to store data from Smart Home devices. In IT&I Workshops, pages 427–431, 2020.
[51] I. Project. IoTBench smartThings Soteria test suite. https://github.com/IoTBench/IoTBench-test-suite/tree/master/smartThings/smartThings-Soteria, 2024. Accessed: Month Day, 2024.
[52] P. Rieger, M. Chilese, R. Mohamed, M. Miettinen, H. Fereidooni, and A.-R. Sadeghi. ARGUS: Context-Based detection of stealthy IoT infiltration attacks. In USENIX Security 23, pages 4301–4318, 2023.
[53] N. Semiconductor. NRF52840, 2025. Accessed: 2025-03-16.
[54] A. W. Services. AWS Lambda, 2023.
[55] V. Shtibin. Accelerating home automation at smartthings with rule engine, 2021. Accessed: 2025-05-18.
[56] A. K. Sikder, H. Aksu, and A. S. Uluagac. {6thSense}: A context-aware sensorbased attack detector for smart devices. In 26th USENIX Security Symposium (USENIX Security 17), pages 397–414, 2017.
[57] SmartThings. Architecture of SmartThings. https://developer. smartthings.com/docs/getting-started/architecture-ofsmartthings. Accessed: 2025-03-10.
[58] SmartThings. SmartThings Architecture. https://stdavedemo. readthedocs.io/en/latest/introduction/smartthingsarchitecture.html. Accessed: 2024-09-10.
[59] SmartThings. SmartThings IDE. https://my.smartthings.com/, 2025. Accessed: March 7, 2025.
[60] SmartThings Developer Workspace. SmartThings Developer Workspace, 2025. Accessed: Mar. 7, 2025.
[61] S. Smolyakova, E. Khodayarseresht, and S. Majumdar. Traditional IoCs meet dynamic app-device interactions for IoT-specific threat intelligence. IEEE Internet of Things Journal, 2024.
[62] S. Sunar, P. Shirani, S. Majumdar, and J. D. Brown. On continuously verifying device-level functional integrity by monitoring correlated Smart Home devices. In WiSec, pages 219–230, 2024.
[63] Telerik. Fiddler Classic, 2025. Accessed: 2025-03-16.
[64] Y. Tian, N. Zhang, Y.-H. Lin, X. Wang, B. Ur, X. Guo, and P. Tague. SmartAuth:User-Centered authorization for the Internet of Things. In USENIX Security 17, pages 361–378, 2017.
[65] V. K. Venkatesh. Anomaly detection techniques: A comprehensive guide with supervised and unsupervised learning. https://medium.com/@venujkvenk/anomaly-detection-techniques-a comprehensive-guide-with-supervised-and-unsupervised-learning 67671cdc9680, 2020. Accessed: 2025-03-27.
[66] T. Verge. Google Home Hubs to offer more local control with Matter. 2025.
[67] Q. Wang, P. Datta, W. Yang, S. Liu, A. Bates, and C. A. Gunter. Charting the attack surface of trigger-action IoT platforms. In CCS, pages 1439–1453, 2019.
[68] Q. Wang, W. U. Hassan, A. Bates, and C. Gunter. Fear and logging in the Internet of Things. In Network and Distributed Systems Symposium, 2018.
[69] Z. Wang, D. Liu, Y. Sun, X. Pang, P. Sun, F. Lin, J. C. Lui, and K. Ren. A survey on IoT-enabled home automation systems: Attacks and defenses. IEEE Communications Surveys & Tutorials, 24(4):2292–2328, 2022.
[70] J. Xiao, Z. Xu, Q. Zou, Q. Li, D. Zhao, D. Fang, R. Li, W. Tang, K. Li, X. Zuo, et al. Make your home safe: Time-aware unsupervised user behavior anomaly detection in smart homes via loss-guided mask. In Proceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pages 3551–3562, 2024.
[71] M. Yahyazadeh, P. Podder, E. Hoque, and O. Chowdhury. Expat: Expectation-based policy analysis and enforcement for appified Smart Home platforms. In SACMAT, pages 61–72, 2019.
[72] R. Yasaei, F. Hernandez, and M. A. A. Faruque. Iot-cad: Context-aware adaptive anomaly detection in IoT systems through sensor association. In ICCAD, pages 1–9, 2020.
[73] K. Zhang, J. Ni, K. Yang, X. Liang, J. Ren, and X. S. Shen. Security and privacy in smart city applications: Challenges and solutions. IEEE communications magazine, 55(1):122–129, 2017.
[74] L. Zhang, W. He, J. Martinez, N. Brackenbury, S. Lu, and B. Ur. AutoTap: Synthesizing and repairing trigger-action programs using LTL properties. In ICSE, pages 281–291. IEEE, 2019.
[75] W. Zhang, Y. Meng, Y. Liu, X. Zhang, Y. Zhang, and H. Zhu. Homonit: Monitoring Smart Home apps from encrypted traffic. In CCS, pages 1074–1088, 2018.
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Download Statistics

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top