IoTLS (IMC ’21) – Mon(IoT)r Research Group

Paper accepted at IMC ’21.

IoTLS: Understanding TLS Usage in Consumer IoT Devices

Muhammad Talha Paracha (Northeastern University), Daniel J. Dubois (Northeastern University), Narseo Vallina-Rodriguez (IMDEA Networks / ICSI / AppCensus Inc.),
David Choffnes (Northeastern University)

Last updated: 11/01/2021

ABSTRACT

Consumer IoT devices are becoming increasingly popular, with most leveraging TLS to provide connection security. In this work, we study a large number of TLS-enabled consumer IoT devices to shed light on how effectively they use TLS, in terms of establishing secure connections and correctly validating certificates, and how observed behavior changes over time. To this end, we gather more than two years of TLS network traffic from IoT devices, conduct active probing to test for vulnerabilities, and develop a novel blackbox technique for exploring the trusted root stores in IoT devices by exploiting a side-channel through TLS Alert Messages. We find a wide range of behaviors across devices, with some adopting best security practices but most being vulnerable in one or more of the following ways: use of old/insecure protocol versions and/or ciphersuites, lack of certificate validation, and poor maintenance of root stores. Specifically, we find that at least 8 IoT devices still include distrusted certificates in their root stores, 11/32 devices are vulnerable to TLS interception attacks, and that many devices fail to adopt modern protocol features over time. Our findings motivate the need for IoT manufacturers to audit, upgrade, and maintain their devices’ TLS implementations in a consistent and uniform way that safeguards all of their network traffic.

ABOUT THIS PUBLICATION

Paper title: IoTLS: Understanding TLS Usage in Consumer IoT Devices

Authors: Muhammad Talha Paracha (Northeastern University), Daniel J. Dubois (Northeastern University), Narseo Vallina-Rodriguez (IMDEA Networks / ICSI / AppCensus Inc.), David Choffnes (Northeastern University)

Full Text (PDF): pre-print available.

Citation:

@inproceedings{paracha2021iotls,
  title={IoTLS: Understanding TLS Usage in Consumer IoT Devices},
  author={Paracha, Muhammad Talha and Dubois, Daniel J and Vallina-Rodriguez, Narseo and Choffnes, David},
  booktitle={Proc. of the Internet Measurement Conference},
  year={2021}
}

DATASET AND TOOLS

We used the Mon(IoT)r Testbed to facilitate, organize, and automate the capture of network traffic for IoT devices deployed on a local network.

The dataset and tools specific to this research paper are publicly available at the repository: https://github.com/NEU-SNS/IoTLS/.

ACKNOWLEDGMENTS

This research was partially supported by:
- NSF (BehavIoT CNS-1909020, ProperData SaTC-1955227)
- Consumer Reports (Digital Lab Fellowship for Daniel J. Dubois)
- EU’s H2020 Program (TRUST aWARE, Grant Agreement No. 101021377)
- Spanish National Grant ODIO (PID2019-111429RBC22)