Tesis:
Análisis y mejora de la seguridad y la privacidad de los dispositivos conectados en el hogar digital
- Autor: SOLERA COTANILLA, Sonia
- Título: Análisis y mejora de la seguridad y la privacidad de los dispositivos conectados en el hogar digital
- Fecha: 2023
- Materia:
- Escuela: E.T.S. DE INGENIEROS DE TELECOMUNICACION
- Departamentos: INGENIERIA DE SISTEMAS TELEMATICOS
- Acceso electrónico: https://oa.upm.es/76315/
- Director/a 1º: ÁLVAREZ-CAMPANA FERNÁNDEZ-CORREDOR, Manuel
- Director/a 2º: VEGA BARBAS, Mario
- Resumen: Over the last few decades, the Internet of Things has become so quintessentially relevant in our daily lives, that it would be difficult, if not impossible, to conceive the thought of conducting routine tasks without yielding to the benefits that this paradigm has to offer. Far from being considered a consolidated and regulated paradigm, the Internet of Things has multiple unaddressed challenges that perilously leads to unresolved security and privacy issues.
This dissertation particularly focuses on a specific and extremely vulnerable category of private environments, that of, smart homes. Due to the exposure of this space to multiple security and privacy threats, an individual’s intimate native environment, on innumerable occasions, is compromised. The reality is that just as technology is as uninterruptedly evolving, so have attacks on devices, which in turn, are becoming increasingly sophisticated and complex to detect and prevent.
Despite the existence of security tools and countermeasures, or regulations that promise to protect data privacy, the smart home continues to be an extremely susceptible target for elaborate attacks on connected devices. Therefore, the aim of this Doctoral Thesis is to contribute to the improvement of the security and privacy of connected devices within smart homes. To this end, an evolutionary line of research is proposed by addressing the issue, introducing three contributions to the main framework.
Based on the literature review carried out, a glossary of seven security and three privacy vulnerabilities is proposed, which are conducive to the materialisation of attacks and threatening situations. In order to corroborate the adverse circumstances affecting the smart home, a set of commercial devices has been selected to simulate attacks and test the devices’ response to them. Undoubtably, the results of this partial contribution reveal serious vulnerabilities affecting data integrity, availability and confidentiality.
As a result of the tests carried out, a methodology for vulnerability assessment of connected devices in the smart home is proposed. The main objective is to provide a set of guidelines to assess the security and privacy status of a device by analysing its response in an attack simulation scenario.
The second contribution addresses the still existing security and privacy issues surrounding the smart home, which show a severe lack of protection mechanisms to protect itself from these vulnerabilities. With respect to this situation, a system in charge of managing the security and privacy of connected devices is proposed. This system, which is integrated in the router, is made up of a set of components that address the problem through the tasks of monitoring and data acquisition, information storage, data analysis, event processing, and data visualisation.
As a solution to the aforementioned problems, a set of mechanisms is proposed to further automate the secure integration and continuous monitoring of devices in the smart home. Thus, these mechanisms, which can be integrated into the proposed system, provide the home with real-time management capabilities of the devices and notification of alerts detected in the home network.
In short, this Doctoral Thesis proposes three contributions to the framework of security and privacy of digital home devices focused on the detection, prevention and resolution of problems derived from the vulnerabilities of the devices. To this end, different lines of research have been presented that address the unquestionable adaptation and development of new protective strategies which shields and safeguards the security and privacy of smart home assets.