Detecting rogue attacks on commercial wireless Insteon home automation systems

Abstract

The Internet of Things (IoT) and commercial wireless home automation applications are expanding as technical capability evolves and implementation costs continue to decrease. However, many home automation devices lack robust security and are vulnerable to a multitude of bit-level attacks. This was highlighted during the first successful Insteon network intrusion demonstration that occurred at DEF CON 23 using a Software Defined Radio (SDR) with YARD Stick One devices. In response, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is introduced here as a counter-hacking approach for augmenting network bit-level Identity (ID) authentication using Physical Layer (PHY) waveform features. An RF-DNA Fingerprinting process is adopted here and applied to wireless Insteon home automation devices. Rogue device detection is addressed using a Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) ID verification process. Rogue assessments include attacks by like-model Insteon Switch (IS) devices and YARD Stick One SDR devices programmed to present actual (false) bit-level credentials for authorized Insteon devices while functionally controlling the state of an unprotected (no RF-DNA discrimination) targeted end point device. Device classification and Rogue Rejection Rate (RRR) performance is assessed using Time Domain (TD) and Slope-Based Frequency Shift Keyed (SB-FSK) Fingerprinting with features extracted from a variant (data dependent) signal response region. The Rogue Rejection Rate (RRR) for SB-FSK Fingerprinting was superior to TD Fingerprinting and included RRR ≈ 95% for 25 like-model IS attacks and RRR ≈ 100% for 36 YARD Stick One SDR attacks. SB-FSK Fingerprinting is more computationally efficient (70% fewer features) than TD Fingerprinting and provides an added benefit of being implementable using features extracted from variant data dependent FSK signal response regions.