WPI - Computer Science Department , MS Thesis Presentation Shuwen Liu " Leveraging Android OS to Secure Diverse Devices in Residential Network" "


Computer Science


Leveraging Android OS to Secure Diverse Devices in Residential Network


Shuwen Liu

MS Student

WPI – Computer Science


Tuesday, April 18, 2023

Time 1:00 p.m. – 2:00 p.m.

Location: Fuller Labs 141

Advisor: Prof. Craig Shue

Reader: Prof. Robert Walls


As the complexity of home networks grows in recent years, the security of diverse devices connected in the residential environment, such as Internet-of-Things (IoT) devices, is more and more important due to their widespread presence in homes and physical capabilities. Many people show concerns about potential security weaknesses in these devices, since home networks lack the powerful security tools and trained personnel available in enterprise networks. However, securing various devices connected in home networks is challenging due to their different communication protocol, varied designs, multiple manufacturers, and potentially limited availability of long-term firmware updates. Alternatively, home networks could introduce new physical hardware to enable security screening locally for securing in-network devices, but the capital and deployment costs may impede deployment. In this work, we propose several methods to utilize the Android smartphone to secure varied devices connected in home networks.

We explore access control mechanisms that tightly constrain access to IoT devices at the residential router, with the goal of precluding access that is inconsistent with legitimate users' goals. This approach works across device types and manufacturers with straightforward API and state machine construction. The results of experiments show it identifies 100% of malicious traffic while correctly allowing more than 98% of legitimate network traffic. Moreover, we introduce a system to leverage existing available devices which are already inside a home network, such as Android smartphones, to create a platform for traffic inspection. This software-based solution avoids new hardware deployment and allows decryption of traffic without risk of new third parties. In terms of the performance evaluation, we note it outperforms the state-of-the-art method in on-router traffic inspection. We also improve and evaluate an Android-based Software-Defined Networking (SDN) system, which shows promising results on securing network traffic in Android applications