Research On The Security Of The Wireless Network Configuration Process Of Smart Home Equipment

With the continuous development of the Internet of Things(IoT)technology,IoT devices have been applied to all walks of life,and the most common one is smart home devices.However,the security of smart home devices is generally not high.They usually transmit data wirelessly,and it is easy for an attacker to steal the transmitted information.Smart home devices usually use Wi-Fi to connect to the Internet,but since most of them lack an input interface,it is often necessary for them to get the SSID and password through the mobile APP and auxiliary AP hotspot before connecting to the router.In this process,it is easy for an attacker to obtain Wi-Fi password by fetching wireless packers for analysis.Once the Wi-Fi password is leaked,the attacker can connect to the router at home,and then get the router's management privilege.The attacker can also set a fake AP with the same parameters as the original router,and then force the devices to connect to the fake AP.After that,the attacker can obtain the data sent and received by the smart home devices.Therefore,for the security design of smart home devices,it is necessary to consider the protection measures for Wi-Fi password in the wireless network configuration process.This thesis mainly studies the security of Wi-Fi password transmission during the wireless network configuration process,one of the research aspects of the security of smart home devices.First,we give an introduction to three common ways for the smart home devices that use Wi-Fi to connect to the Internet(Soft AP,SmartConfig,scanning QR code).Then,we use some smart home devices for experiments and analyze the advantages and disadvantages about their protection design of the Wi-Fi password transmission.Finally,we propose improvements for the shortcomings.For Soft AP,the improved scheme proposed in this thesis is to use the negotiated shared key,which is generated by both mobile phone and smart home devices.It is used to encrypt the transmit data between the two parts safely.For SmartConfig,the improved scheme proposed in the thesis is to verify the identity of the user using asymmetric key and some unique value,which can prevent illegal user to connect to the smart home device.For scanning QR code,the improved scheme proposed in this thesis is to encrypt the QR code using asymmetric key,which is generated by the camera.The camerarotate and take pictures that around it,and then process it to generate an key to encrypt the QR code.This key is unique,others can generate or get it.Through the researches above,we found that although smart home device manufacturers have already designed the encryption methods during Wi-Fi password transmission,an attacker still can easily obtain Wi-Fi password information.How to maintain the balance of convenience and security of smart home devices still requires great efforts from manufacturers and researchers.