IIT Kgp develops solution to check hacking into IoT devices

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

IIT Kgp develops solution to check hacking into IoT devicesNEW DELHI: A team of researchers at Indian Institute of Technology, Kharagpur has come up with a solution that prevents hacking into devices supporting Internet of Things, addressing a big concern even as manufacturers roll out a host of products with internet connectivity.

Internet of Things (IoT) refers to inter-networking of physical devices and appliances, vehicles and even buildings embedded with electronics, software, sensors, etc. to enable these objects to collect and exchange data.

While such devices make life easier by allowing one to control them through voice or smartphone, experts point out that security is a big concern. For instance, a Wi-Fi camera that connects with other devices such as a computer or mobile phone can easily fall prey to hacking, said Debdeep Mukhopadhyay, computer science professor at IIT Kharagpur.

Researchers at the institute used routine sniffers (programme/device that monitors data traveling over a network) to attack a video the Wi-Fi camera was streaming and transferring to a PC, by first spoofing the IP of the camera and then injecting its own videos. “The PC starts recording a wrong streaming file, which can be utilised by the attacker in several ways,” Mukhopadhyay said.

“Our solution binds a unique PUF (physically unclonable functions)-based identity to the Wi-Fi camera,” he said. “As the attacker does not have any knowledge of the PUF solution (which cannot be cloned), it cannot communicate with the receiver PC.

In simple terms, no device (without PUF) can communicate with the PC and this stops the attack.” This is crucial as IoT has already led to billions of connected devices and gradually all new devices are expected to be IoT-enabled.

IIT Kharagpur’s PUF solution works as lightweight fingerprints of the devices and consumes less power. “These PUFs by design cannot be cloned, and cannot be described by a computer program,” Mukhopadhyay said.

Mukhopadhyay and his fellow researchers Rajat Subhra Chakraborty, Durga Prasad Sahoo, Urbi Chatterjee, Rajat Sadhukhan, Vidya Govindan, Sikhar Patranabis, and Harishma Boyapally have spent the last five years to design these components.

The PUFs provide a unique identity which is verified using the principles of Identity-based encryption (IBE). This solution can be used in video surveillance, smart grids, smart homes, tactical networks, medical IoT, and industrial IoT applications.