{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:46:09Z","timestamp":1770227169071,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2021M691673"],"award-info":[{"award-number":["2021M691673"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61902138,U1836210"],"award-info":[{"award-number":["61902138,U1836210"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key Research and Development Science and Technology of Hainan Province","award":["ZDYF202012"],"award-info":[{"award-number":["ZDYF202012"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484592","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:27Z","timestamp":1636805127000},"page":"1289-1305","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["Who's In Control? On Security Risks of Disjointed IoT Device Management Channels"],"prefix":"10.1145","author":[{"given":"Yan","family":"Jia","sequence":"first","affiliation":[{"name":"Nankai University & Xidian University & Indiana University Bloomington, Tianjin, China"}]},{"given":"Bin","family":"Yuan","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology & Indiana University Bloomington, Wuhan, China"}]},{"given":"Luyi","family":"Xing","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}]},{"given":"Dongfang","family":"Zhao","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}]},{"given":"Yifan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}]},{"given":"XiaoFeng","family":"Wang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}]},{"given":"Yijing","family":"Liu","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}]},{"given":"Kaimin","family":"Zheng","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"given":"Peyton","family":"Crnjak","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}]},{"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Chinese Academy of Sciences & Xidian University & Hainan University, Beijing, China"}]},{"given":"Deqing","family":"Zou","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"given":"Hai","family":"Jin","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2016. BLE Bonding."},{"key":"e_1_3_2_2_2_1","unstructured":"2017. The best smart home devices for your rental property. https:\/\/cozy.co\/blog\/the-best-smart-home-devices-for-your-rental-property\/."},{"key":"e_1_3_2_2_3_1","unstructured":"2019. https:\/\/www.airbnb.com\/partner."},{"key":"e_1_3_2_2_4_1","unstructured":"2019. https:\/\/smartrent.com\/product\/access-control\/."},{"key":"e_1_3_2_2_5_1","unstructured":"2019. Local Technologies for the Smart Home (Google I\/O'19). https:\/\/www.youtube.com\/watch?v=Y6Ue5hQ9meM&t=2044s"},{"key":"e_1_3_2_2_6_1","unstructured":"2020. abode: the top-rated smart home security system in USA. https:\/\/goabode.com."},{"key":"e_1_3_2_2_7_1","unstructured":"2020. Abode's HomeKit certification. https:\/\/help.goabode.com\/hc\/en-us\/articles\/360038823531-Homekit-FAQ."},{"key":"e_1_3_2_2_8_1","unstructured":"2020. Amazon Alexa. https:\/\/developer.amazon.com\/en-US\/alexa."},{"key":"e_1_3_2_2_9_1","unstructured":"2020. Apple Bonjour. https:\/\/developer.apple.com\/bonjour."},{"key":"e_1_3_2_2_10_1","unstructured":"2020. Apple Home app. https:\/\/support.apple.com\/en-us\/HT204893."},{"key":"e_1_3_2_2_11_1","unstructured":"2020. Apple HomeKit. https:\/\/www.apple.com\/ios\/home\/."},{"key":"e_1_3_2_2_12_1","unstructured":"2020. August Smart Lock. https:\/\/august.com."},{"key":"e_1_3_2_2_13_1","unstructured":"2020. AWS IoT device SDK - embedded C. https:\/\/github.com\/aws\/aws-iot-device-sdk-embedded-C."},{"key":"e_1_3_2_2_14_1","unstructured":"2020. Bluetooth Low Energy. https:\/\/en.wikipedia.org\/wiki\/Bluetooth_Low_Energy."},{"key":"e_1_3_2_2_15_1","unstructured":"2020. Channel Guard Github. https:\/\/github.com\/ChannelGuard\/CGuard."},{"key":"e_1_3_2_2_16_1","unstructured":"2020. Frida. https:\/\/frida.re."},{"key":"e_1_3_2_2_17_1","unstructured":"2020. Google Home. https:\/\/store.google.com\/us\/product\/google_home."},{"key":"e_1_3_2_2_18_1","unstructured":"2020. Google Home mini. https:\/\/store.google.com\/product\/google_nest_mini?gclid=CjwKCAjw-YT1BRAFEiwAd2WRtn7q4mSlQ-S-OBd_0kjZBbP6jnN5IvrrDWKKenIT4CPjHCqannddwhoChZUQAvD_BwE&gclsrc=aw.ds."},{"key":"e_1_3_2_2_19_1","unstructured":"2020. HomeKit Accessory Protocol Specification. https:\/\/developer.apple.com\/support\/homekit-accessory-protocol."},{"key":"e_1_3_2_2_20_1","unstructured":"2020. HomeKit ADK. https:\/\/github.com\/apple\/HomeKitADK."},{"key":"e_1_3_2_2_21_1","unstructured":"2020. Hue works with the Google Assistant for easy voice control. https:\/\/www2.meethue.com\/en-us\/works-with\/google-home-products."},{"key":"e_1_3_2_2_22_1","unstructured":"2020. Human Interface Guidelines - Setup. https:\/\/developer.apple.com\/design\/human-interf ace-guidelines\/homekit\/overview\/setup\/."},{"key":"e_1_3_2_2_23_1","unstructured":"2020. ismartgate Garage\/Gate Controller. https:\/\/ismartgate.com."},{"key":"e_1_3_2_2_24_1","unstructured":"2020. LIFX. https:\/\/www.lifx.com."},{"key":"e_1_3_2_2_25_1","unstructured":"2020. MFi Program. https:\/\/developer.apple.com\/programs\/mfi."},{"key":"e_1_3_2_2_26_1","unstructured":"2020. Most Advanced Smart Locks in Amazon: August Lock. https:\/\/www.amazon.com\/s?k=smart+lock&ref =nb_sb_noss_2."},{"key":"e_1_3_2_2_27_1","unstructured":"2020. Philips Hue app. https:\/\/play.google.com\/store\/apps\/details?id=com.philips.lighting.hue2."},{"key":"e_1_3_2_2_28_1","unstructured":"2020. Philips Hue Bluetooth app. https:\/\/play.google.com\/store\/apps\/details?id=com.signif y.hue.blue."},{"key":"e_1_3_2_2_29_1","unstructured":"2020. Philips Hue bridge. https:\/\/www2.meethue.com\/en-us\/p\/hue-bridge\/046677458478."},{"key":"e_1_3_2_2_30_1","unstructured":"2020. Philips Hue Bulb. https:\/\/www2.meethue.com\/en-us\/p\/hue-white-1-pack-e26\/046677555689."},{"key":"e_1_3_2_2_31_1","unstructured":"2020. Philips Hue bulb ranks # 4 in Best Seller in LED Bulbs and # 1 in Smart Bulbs on Amazon. https:\/\/www.amazon.com\/gp\/bestsellers\/hpc\/2314207011\/ref=pd_zg_hrsr_hpc."},{"key":"e_1_3_2_2_32_1","unstructured":"2020. Philips Hue Smart Plug. https:\/\/www2.meethue.com\/en-us\/p\/hue-smart-plug\/046677552343."},{"key":"e_1_3_2_2_33_1","unstructured":"2020. Set up HomeKit accessory devices. https:\/\/support.apple.com\/en-us\/HT204893."},{"key":"e_1_3_2_2_34_1","unstructured":"2020. Smart Home Gadgets: 6 Additions That Will Revolutionize Your Vacation Rental. https:\/\/www.lodgif y.com\/blog\/smart-home-gadgets-vacation-rental."},{"key":"e_1_3_2_2_35_1","unstructured":"2020. updateAuthorizationData:completionHandler. https:\/\/developer.apple.com\/documentation\/homekit\/hmcharacteristic\/1624193-updateauthorizationdata?language=objc."},{"key":"e_1_3_2_2_36_1","unstructured":"2020. Yale iM1 (HomeKit) Network Module and Secure App FAQs. https:\/\/www.yalehome.com\/en\/support\/yale-im1-homekit-network-module-secure-app-faqs."},{"key":"e_1_3_2_2_37_1","unstructured":"2020. Z-Wave Alliance. https:\/\/z-wavealliance.org."},{"key":"e_1_3_2_2_38_1","unstructured":"2020. Zigbee ADK. https:\/\/www.ti.com\/tool\/Z-STACK."},{"key":"e_1_3_2_2_39_1","unstructured":"2020. Zigbee Alliance. https:\/\/zigbeealliance.org."},{"key":"e_1_3_2_2_40_1","unstructured":"2020. Zigbee Protocol. https:\/\/en.wikipedia.org\/wiki\/Zigbee."},{"key":"e_1_3_2_2_41_1","unstructured":"2021. Alexa Gadgets Raspberry Pi Samples. https:\/\/github.com\/alexa-samples\/Alexa-Gadgets-Raspberry-Pi-Samples."},{"key":"e_1_3_2_2_42_1","unstructured":"2021. Control your home remotely with iPhone. https:\/\/support.apple.com\/guide\/iphone\/control-your-home-remotely-iph1d10f 7f 2b\/ios."},{"key":"e_1_3_2_2_43_1","unstructured":"2021. MQTT: The Standard for IoT Messaging. https:\/\/mqtt.org\/"},{"key":"e_1_3_2_2_44_1","unstructured":"2021. OAuth. https:\/\/oauth.net\/2"},{"key":"e_1_3_2_2_45_1","unstructured":"2021. Philips Hue. https:\/\/www2.meethue.com."},{"key":"e_1_3_2_2_46_1","unstructured":"2021. Set up and control Seamless setup smart devices. https:\/\/support.google.com\/googlenest\/answer\/9367121?hl=en"},{"key":"e_1_3_2_2_47_1","unstructured":"2021. SmartConfig. https:\/\/docs.espressif .com\/projects\/esp-idf\/en\/latest\/esp32\/api-reference\/network\/esp_smartconfig.html#: :text=The%20SmartConfig%20TM%20is%20a%20provisioning%20technology%20developed or%20a%20tablet%2C%20to%20an%20un-provisioned%20Wi-Fi%20device."},{"key":"e_1_3_2_2_48_1","unstructured":"2021. SmartThings App. https:\/\/play.google.com\/store\/apps\/details?id=com.samsung.android.oneconnect"},{"key":"e_1_3_2_2_49_1","unstructured":"2021. Who's In Control? On Security Risks of Disjointed IoT Device Management Channels. https:\/\/sites.google.com\/view\/cguard."},{"key":"e_1_3_2_2_50_1","unstructured":"2021. Z-Wave Protocol. https:\/\/en.wikipedia.org\/wiki\/Z-Wave."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_3_2_2_52_1","volume-title":"The EGRBAC Model for Smart Home IoT. In 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). IEEE, 457--462","author":"Ameer Safwa","year":"2020","unstructured":"Safwa Ameer, James Benson, and Ravi Sandhu. 2020. The EGRBAC Model for Smart Home IoT. In 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). IEEE, 457--462."},{"key":"e_1_3_2_2_53_1","volume-title":"WAVE: A Decentralized Authorization Framework with Transitive Delegation. In 28th USENIX Security Symposium. 1375--1392","author":"Andersen Michael P.","year":"2019","unstructured":"Michael P. Andersen, Sam Kumar, Moustafa AbdelBaky, Gabe Fierro, John Kolb, Hyung-Sin Kim, David E. Culler, and Raluca Ada Popa. 2019. WAVE: A Decentralized Authorization Framework with Transitive Delegation. In 28th USENIX Security Symposium. 1375--1392."},{"key":"e_1_3_2_2_54_1","volume-title":"Procedings of 2018 USENIX Annual Technical Conference. 147--158","author":"Celik Z. Berkay","year":"2018","unstructured":"Z. Berkay Celik, Patrick D. McDaniel, and Gang Tan. 2018. Soteria: Automated IoT Safety and Security Analysis. In Procedings of 2018 USENIX Annual Technical Conference. 147--158."},{"key":"e_1_3_2_2_55_1","volume-title":"Proceedings of the 26th Annual Network and Distributed System Security Symposium.","author":"Celik Z. Berkay","unstructured":"Z. Berkay Celik, Gang Tan, and Patrick D. McDaniel. 2019. IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. In Proceedings of the 26th Annual Network and Distributed System Security Symposium."},{"key":"e_1_3_2_2_56_1","volume-title":"Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. In 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks. 222--233","author":"Chen Jiongyi","year":"2019","unstructured":"Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. 2019. Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. In 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks. 222--233."},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00068"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243865"},{"key":"e_1_3_2_2_59_1","volume-title":"Security Analysis of Emerging Smart Home Applications. In 37th IEEE Symposium on Security and Privacy. 636--654","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security Analysis of Emerging Smart Home Applications. In 37th IEEE Symposium on Security and Privacy. 636--654."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23119"},{"key":"e_1_3_2_2_61_1","volume-title":"27th {USENIX }Security Symposium (USENIX Security 18). 255--272.","author":"He Weijia","unstructured":"Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus D\u00fcrmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home internet of things (IoT). In 27th {USENIX }Security Symposium (USENIX Security 18). 255--272."},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00051"},{"key":"e_1_3_2_2_63_1","volume-title":"Proceedings of the 24th Annual Network and Distributed System Security Symposium.","author":"Jia Yunhan Jack","year":"2017","unstructured":"Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, and Atul Prakash. 2017. ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms. In Proceedings of the 24th Annual Network and Distributed System Security Symposium."},{"key":"e_1_3_2_2_64_1","unstructured":"Silicon Labs. 2017. Introduction to Z-Wave SmartStart."},{"key":"e_1_3_2_2_65_1","volume-title":"Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. 191--203","author":"Nguyen Dang Tu","unstructured":"Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick D. McDaniel. 2018. IotSan: fortifying the safety of IoT systems. In Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. 191--203."},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243817"},{"key":"e_1_3_2_2_67_1","volume-title":"SmartAuth: User-Centered Authorization for the Internet of Things. In 26th USENIX Security Symposium. 361--378","author":"Tian Yuan","year":"2017","unstructured":"Yuan Tian, Nan Zhang, Yue-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. SmartAuth: User-Centered Authorization for the Internet of Things. In 26th USENIX Security Symposium. 361--378."},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345662"},{"key":"e_1_3_2_2_69_1","volume-title":"Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Yuan Bin","year":"2020","unstructured":"Bin Yuan, Yan Jia, Luyi Xing, Dongfang Zhao, XiaoFeng Wang, and Yuqing Zhang. 2020. Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1183--1200. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/yuan"},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243820"},{"key":"e_1_3_2_2_71_1","volume-title":"28th USENIX Security Symposium. 1133--1150","author":"Zhou Wei","year":"2019","unstructured":"Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In 28th USENIX Security Symposium. 1133--1150."},{"key":"e_1_3_2_2_72_1","unstructured":"Zigbee. 2016. Base Device Behavior Specification Version 1.0 [Section 10.1]."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484592","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484592","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:45:34Z","timestamp":1763498734000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484592"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":72,"alternative-id":["10.1145\/3460120.3484592","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484592","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}