As technology becomes more widely available, millions of users worldwide have
installed some form of smart device in their homes or workplaces. These devices
are often off-the-shelf commodity systems, such as Google Home or Samsung
SmartThings, that are installed by end-users looking to automate a small
deployment. In contrast to these “plug-and-play” systems, purpose-built
Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI,
Savant offer a smart solution for more sophisticated applications (e.g.,
complete lighting control, A/V management, security). In contrast to commodity
systems, E-IoT systems are usually closed source, costly, require certified
installers, and are overall more robust for their use cases. Due to this, E-IoT
systems are often found in expensive smart homes, government and academic
conference rooms, yachts, and smart private offices. However, while there has
been plenty of research on the topic of commodity systems, no current study
exists that provides a complete picture of E-IoT systems, their components, and
relevant threats. As such, lack of knowledge of E-IoT system threats, coupled
with the cost of E-IoT systems has led many to assume that E-IoT systems are
secure. To address this research gap, raise awareness on E-IoT security, and
motivate further research, this work emphasizes E-IoT system components, E-IoT
vulnerabilities, solutions, and their security implications. In order to
systematically analyze the security of E-IoT systems, we divide E-IoT systems
into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and
Applications Layer, and Business Layer. We survey attacks and defense
mechanisms, considering the E-IoT components at each layer and the associated
threats. In addition, we present key observations in state-of-the-art E-IoT
security and provide a list of open research problems that need further
research.

By admin