物联网安全研究综述：威胁、检测与防御

杨毅宇; 周威; 赵尚儒; 刘聪; 张宇辉; 王鹤; 王文杰; 张玉清

doi:10.11959/j.issn.1000-436x.2021124

您当前的位置：

首页 >

文章列表页 >

物联网安全研究综述：威胁、检测与防御

综述 | 更新时间：2024-06-05

- 物联网安全研究综述：威胁、检测与防御
- Survey of IoT security research: threats, detection and defense
- 通信学报 2021年42卷第8期页码：188-205
- 作者机构：
  
  1. 中国科学院大学国家计算机网络入侵防范中心，北京 101408
  2. 西安邮电大学网络空间安全学院，陕西西安 710121
  3. 西安电子科技大学网络与信息安全学院，陕西西安 710071
  4. 海南大学计算机与网络空间安全学院，海南海口 570228
- 作者简介：
  
  [ "杨毅宇（1987- ），男，云南大理人，中国科学院大学博士生，主要研究方向为网络与系统安全" ]
  [ "周威（1993- ），男，河北保定人，中国科学院大学博士生，主要研究方向为网络与系统安全" ]
  [ "赵尚儒（1995- ），男，广东广州人，中国科学院大学博士生，主要研究方向为网络与系统安全" ]
  [ "刘聪（1997- ），男，陕西宝鸡人，西安邮电大学硕士生，主要研究方向为网络与系统安全" ]
  [ "张宇辉（1997- ），男，山西临汾人，西安电子科技大学硕士生，主要研究方向为网络与系统安全" ]
  [ "王鹤（1987- ），女，河南滑县人，博士，西安电子科技大学讲师，主要研究方向为网络与系统安全、密码学" ]
  [ "王文杰（1964- ），男，陕西西安人，博士，中国科学院大学副教授，主要研究方向为信息安全与智能信息处理" ]
  [ "张玉清（1966- ），男，陕西西安人，博士，中国科学院大学教授，主要研究方向为网络与系统安全" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFB0804701);国家自然科学基金资助项目(U1836210)
- DOI：10.11959/j.issn.1000-436x.2021124
  中图分类号： TP391.44
- 网络出版日期：2021-08，
  
  纸质出版日期：2021-08-25
- 稿件说明：
移动端阅览
杨毅宇, 周威, 赵尚儒, 等. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021,42(8):188-205.

Yiyu YANG, Wei ZHOU, Shangru ZHAO, et al. Survey of IoT security research: threats, detection and defense[J]. Journal on communications, 2021, 42(8): 188-205.
杨毅宇, 周威, 赵尚儒, 等. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021,42(8):188-205. DOI： 10.11959/j.issn.1000-436x.2021124.

Yiyu YANG, Wei ZHOU, Shangru ZHAO, et al. Survey of IoT security research: threats, detection and defense[J]. Journal on communications, 2021, 42(8): 188-205. DOI： 10.11959/j.issn.1000-436x.2021124.

摘要

基于近5年网安国际会议（ACM CCS、USENIX Security、NDSS、IEEE S＆amp;P）中发表的物联网安全文献，以及其他部分高水平研究工作，从威胁、检测、防御的视角对物联网安全研究工作进行了系统的整理和分析。首先，介绍了物联网系统的基本架构。然后，将当前研究中提出的主要威胁分为8种类型，并分析了威胁的成因和危害。之后，介绍了针对这些威胁所提出的6种威胁检测和5种防御方案，并对比了它们的技术原理和优缺点。最后，提出了当前研究依然面临的主要挑战，并指出了未来研究发展的方向。

Abstract

Based on the IoT security literatures published in the international conferences on network security (ACM CCS

USENIX Security

NDSS

IEEE S＆amp;P) in recent five years

and other prominent researches

the works from the perspective of ＆quot;threat

detection

defense＆quot; were systematically summarized and analyzed.Firstly the basic architecture of the IoT system was introduced.Then the main threats proposed in these works were classified into eight categories

and the causes and hazards of the threats were analyzed.After that

six detection and five defense schemes against these threats were introduced

and their technical principles

advantages and disadvantages were compared.At last

on the basis of the above analysis

the main challenges that the current research still faces were put forward

and the research directions of future works were point out.

关键词

Keywords

references

ZHOU W , JIA Y , PENG A N , et al . The effect of IoT new features on security and privacy:new threats,existing solutions,and challenges yet to be solved [J ] . IEEE Internet of Things Journal , 2019 , 6 ( 2 ): 1606 - 1616 .

ALRAWI O , LEVER C , ANTONAKAKIS M , et al . SoK:security evaluation of home-based IoT deployments [C ] // 2019 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2019 : 1362 - 1380 .

ANTONAKAKIS M , APRIL T , BAILEY M , et al . Understanding the Mirai botnet [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2017 : 1093 - 1110 .

GUO Z , LIN Z , LI P , et al . SkillExplorer:understanding the behavior of skills in large scale [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 2649 - 2666 .

张玉清 , 周威 , 彭安妮 . 物联网安全综述 [J ] . 计算机研究与发展 , 2017 , 54 ( 10 ): 2130 - 2143 .

ZHANG Y Q , ZHOU W , PENG A N . Survey of Internet of things security [J ] . Journal of Computer Research and Development , 2017 , 54 ( 10 ): 2130 - 2143 .

彭安妮 , 周威 , 贾岩 , 等 . 物联网操作系统安全研究综述 [J ] . 通信学报 , 2018 , 39 ( 3 ): 22 - 34 .

PENG A N , ZHOU W , JIA Y , et al . Survey of the Internet of things operating system security [J ] . Journal on Communications , 2018 , 39 ( 3 ): 22 - 34 .

王基策 , 李意莲 , 贾岩 , 等 . 智能家居安全综述 [J ] . 计算机研究与发展 , 2018 , 55 ( 10 ): 2111 - 2124 .

WANG J C , LI Y L , JIA Y , et al . Survey of smart home security [J ] . Journal of Computer Research and Development , 2018 , 55 ( 10 ): 2111 - 2124 .

HE W , GOLLA M , PADHI R , et al . Rethinking access control and authentication for the home Internet of things (IoT) [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 255 - 272 .

FERNANDES E , JUNG J , PRAKASH A . Security analysis of emerging smart home applications [C ] // 2016 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2016 : 636 - 654 .

FERNANDES E , RAHMATI A , JUNG J , et al . Decentralized action integrity for trigger-action IoT platforms [C ] // Proceedings 2018 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2018 : 1 - 16 .

YUAN B , JIA Y , XING L , et al . Shattered chain of trust:understanding security risks in cross-cloud IoT access delegation [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 1183 - 1200 .

CELIK Z B , BABUN L , SIKDER A K , et al . Sensitive information tracking in commodity IoT [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 1687 - 1704 .

CELIK Z B , MCDANIEL P , TAN G . Soteria:automated IoT safety and security analysis [C ] // USENIX Annual Technical Conference . Berkeley:USENIX Association , 2018 : 147 - 158 .

CELIK Z B , TAN G , MCDANIEL P . IoTGuard:dynamic enforcement of security and safety policy in commodity IoT [C ] // Proceedings 2019 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2019 : 1 - 15 .

BASTYS I , BALLIU M , SABELFELD A . If this then what?:controlling flows in IoT Apps [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2018 : 1102 - 1119 .

ZHANG N , MI X H , FENG X , et al . Dangerous skills:understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems [C ] // 2019 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2019 : 1381 - 1396 .

KUMAR D , PACCAGNELLA R , MURLEY P , et al . Skill squatting attacks on Amazon Alexa [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 33 - 47 .

ZHOU W , JIA Y , YAO Y , et al . Discovering and understanding the security hazards in the Interactions between IoT devices,mobile APPs,and clouds on smart home platforms [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2019 : 1133 - 1150 .

CHEN J Y , ZUO C S , DIAO W R , et al . Your IoTs are (not) mine:on the remote binding between IoT devices and users [C ] // 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks . Piscataway:IEEE Press , 2019 : 222 - 233 .

WANG Q , DATTA P , YANG W , et al . Charting the attack surface of trigger-action IoT platforms [C ] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2019 : 1439 - 1453 .

JIA Y , XING L Y , MAO Y H , et al . Burglars’ IoT paradise:understanding and mitigating security risks of general messaging protocols on IoT clouds [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2020 : 465 - 481 .

CAO X H , SHILA D M , CHENG Y , et al . Ghost-in-ZigBee:energy depletion attack on ZigBee-based wireless networks [J ] . IEEE Internet of Things Journal , 2016 , 3 ( 5 ): 816 - 829 .

FAWAZ K , KIM K-H , SHIN K G . Protecting privacy of BLE device users [C ] // SENIX Security Symposium . Berkeley:USENIX Association , 2016 : 1205 - 1221 .

ANTONIOLI D , TIPPENHAUER N O , RASMUSSEN K . BIAS:bluetooth impersonation attacks [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2020 : 549 - 562 .

SETHI M , PELTONEN A , AURA T . Misbinding attacks on secure device pairing and bootstrapping [C ] // Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security . New York:ACM Press , 2019 : 453 - 464 .

OCONNOR T J , ENCK W , REAVES B . Blinded and confused:uncovering systemic flaws in device telemetry for smart-home Internet of things [C ] // Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks . New York:ACM Press , 2019 : 140 - 150 .

WEN H , CHEN Q A , LIN Z . Plug-N-Pwned:comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 949 - 965 .

ZHU Y Z , XIAO Z J , CHEN Y X , et al . Et tu alexa? when commodity Wi-Fi devices turn into adversarial motion sensors [C ] // Proceedings 2020 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2020 : 1 - 15 .

LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A , , et al . Network traffic classifier with convolutional and recurrent neural networks for Internet of things [J ] . IEEE Access , 2017 , 5 : 18042 - 18050 .

SIVANATHAN A , GHARAKHEILI H H , LOI F , et al . Classifying IoT devices in smart environments using network traffic characteristics [J ] . IEEE Transactions on Mobile Computing , 2019 , 18 ( 8 ): 1745 - 1759 .

WOOD D , APTHORPE N , FEAMSTER N . Cleartext data transmissions in consumer IoT medical devices [C ] // Proceedings of the 2017 Workshop on Internet of Things Security and Privacy . New York:ACM Press , 2017 : 7 - 12 .

ACAR A , FEREIDOONI H , ABERA T , et al . Peek-a-Boo:I see your smart home activities,even encrypted! [C ] // Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks . New York:ACM Press , 2020 : 207 - 218 .

TRIMANANDA R , VARMARKEN J , MARKOPOULOU A , et al . packet-level signatures for smart home devices [C ] // Proceedings 2020 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2020 : 1 - 18 .

CLEMENTS A A , ALMAKHDHUB N S , SAAB K S , et al . Protecting bare-metal embedded systems with privilege overlays [C ] // 2017 IEEE Symposium on Security and Privacy . IEEE Press , 2017 : 289 - 303 .

PEWNY J , GARMANY B , GAWLIK R , et al . Cross-architecture bug search in binary executables [C ] // 2016 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2016 : 709 - 724 .

QUARTA D , POGLIANI M , POLINO M , et al . An experimental security analysis of an industrial robot controller [C ] // 2017 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2017 : 268 - 286 .

ALMAKHDHUB N S , CLEMENTS A A , BAGCHI S , et al . μRAI:securing embedded systems with return address integrity [C ] // Proceedings 2020 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2020 : 1 - 18 .

ZHOU J , DU Y , SHEN Z , et al . Silhouette:efficient protected shadow stacks for embedded systems [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 1219 - 1236 .

REDINI N , MACHIRY A , WANG R , et al . Karonte:detecting insecure multi-binary interactions in embedded firmware [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2020 : 1544 - 1561 .

YAO Y , ZHOU W , JIA Y , et al . Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution [C ] // European Symposium on Research in Computer Security . Berlin:Springer , 2019 : 638 - 657 .

MÜLLER J , MLADENOV V , SOMOROVSKY J , et al . SoK:exploiting network printers [C ] // 2017 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2017 : 213 - 230 .

CARLINI N , MISHRA P , VAIDYA T , et al . Hidden voice commands [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2016 : 513 - 530 .

ZHANG G M , YAN C , JI X Y , et al . DolphinAttack:inaudible voice commands [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 103 - 117 .

YUAN X , CHEN Y , ZHAO Y , et al . Commandersong:a systematic approach for practical adversarial voice recognition [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 49 - 64 .

YAN Q B , LIU K H , ZHOU Q , et al . SurfingAttack:interactive hidden attack on voice assistants using ultrasonic guided waves [C ] // Proceedings 2020 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2020 : 1 - 18 .

ROY N , SHEN S , HASSANIEH H , et al . Inaudible voice commands:the long-range attack and defense [C ] // USENIX Symposium on Networked Systems Design and Implementation . Berkeley:USENIX Association , 2018 : 547 - 560 .

CHEN T , SHANGGUAN L , LI Z J , et al . Metamorph:injecting inaudible commands into over-the-air voice controlled systems [C ] // Proceedings 2020 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2020 : 1 - 17 .

GRIFFIOEN H , DOERR C . Examining mirai's battle over the Internet of Things [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2020 .

SOLTAN S , MITTAL P , POOR H V . BlackIoT:IoT botnet of high wattage devices can disrupt the power grid [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 15 - 32 .

HUANG B , CARDENAS A A , BALDICK R . Not everything is dark and gloomy:power grid protections against IoT demand attacks [C ] // Proceedings of the 28th USENIX Conference on Security Symposium . Berkeley:USENIX Association , 2019 : 1115 - 1132 .

RONEN E , SHAMIR A , WEINGARTEN A O , et al . IoT goes nuclear:creating a ZigBee chain reaction [C ] // 2017 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2017 : 195 - 212 .

WANG Q , HASSAN W U , BATES A , et al . Fear and logging in the Internet of things [C ] // Proceedings 2018 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2018 : 1 - 16 .

SURBATOVICH M , ALJURAIDAN J , BAUER L , et al . Some recipes can do more than spoil your appetite:analyzing the security and privacy risks of IFTTT recipes [C ] // Proceedings of the 26th International Conference on World Wide Web . New York:ACM Press , 2017 : 1501 - 1510 .

ZHANG Y Y , XU L , MENDOZA A , et al . Life after speech recognition:fuzzing semantic misinterpretation for voice assistant applications [C ] // Proceedings 2019 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2019 : 1 - 15 .

DING W B , HU H X . On the safety of IoT device physical interaction control [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2018 : 832 - 846 .

SUBRAMANYAN P , MALIK S , KHATTRI H , et al . Verifying information flow properties of firmware using symbolic execution [C ] // Proceedings of the 2016 Design,Automation ＆ Test in Europe Conference ＆ Exhibition . Piscataway:IEEE Press , 2016 : 337 - 342 .

HERNANDEZ G , FOWZE F , TIAN D , et al . Firmusb:vetting USB device firmware using domain informed symbolic execution [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 2245 - 2262 .

CHENG K , LI Q , WANG L , et al . DTaint:detecting the taint-style vulnerability in embedded device firmware [C ] // 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks . Piscataway:IEEE Press , 2018 : 430 - 441 .

ESCHWEILER S , YAKDAN K , GERHARDS-PADILLA E , . discovRE:efficient cross-architecture identification of bugs in binary code [C ] // Proceedings 2016 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2016 : 1 - 15 .

FENG Q , ZHOU R D , XU C C , et al . Scalable graph-based bug search for firmware images [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2016 : 480 - 491 .

CHEN D D , EGELE M , WOO M , et al . Towards automated dynamic analysis for linux-based embedded firmware [C ] // Proceedings 2016 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2016 : 1 - 16 .

ZHENG Y , DAVANIAN A , YIN H , et al . FIRM-AFL:high-throughput greybox fuzzing of IoT firmware via augmented process emulation [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2019 : 1099 - 1114 .

ZHU L P , FU X T , YAO Y , et al . FIoT:detecting the memory corruption in lightweight IoT device firmware [C ] // 2019 18th IEEE International Conference On Trust,Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering . Piscataway:IEEE Press , 2019 : 248 - 255 .

MUENCH M , STIJOHANN J , KARGL F , et al . What you corrupt is not what you crash:challenges in fuzzing embedded devices [C ] // Proceedings 2018 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2018 : 1 - 15 .

CLEMENTS A A , GUSTAFSON E , SCHARNOWSKI T , et al . HALucinator:firmware re-hosting through abstraction layer emulation [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 1 - 18 .

FENG B , MERA A , LU L . P2IM:scalable and hardware-independent firmware testing via automatic peripheral interface modeling [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 1237 - 1254 .

CAO C , GUAN L , MING J , et al . Device-agnostic firmware execution is possible:a concolic execution approach for peripheral emulation [C ] // Annual Computer Security Applications Conference . New York:ACM Press , 2020 : 746 - 759 .

ZHOU W , GUAN L , LIU P , et al . Automatic firmware emulation through invalidity-guided knowledge inference [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2021 : 1 - 19 .

CHEN J Y , DIAO W R , ZHAO Q C , et al . IoTFuzzer:discovering memory corruptions in IoT through app-based fuzzing [C ] // Proceedings 2018 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2018 : 1 - 15 .

NILO R , ANDREA C , DIPANJAN D , et al . DIANE:identifying fuzzing triggers in Apps to generate under-constrained inputs for IoT devices [C ] // 2021 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2021 : 484 - 500 .

ZUO C S , WEN H H , LIN Z Q , et al . Automatic fingerprinting of vulnerable BLE IoT devices with static UUIDs from mobile Apps [C ] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2019 : 1469 - 1483 .

WANG X , SUN Y , NANDA S , et al . Looking from the mirror:evaluating IoT device security through mobile companion apps [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2019 : 1151 - 1167 .

FENG X , LI Q , WANG H , et al . Acquisitional rule-based engine for discovering internet-of-things devices [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 327 - 341 .

YU L , LUO B , MA J , et al . You are what you broadcast:identification of mobile and IoT devices from (Public) Wi-Fi [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 55 - 72 .

ZHANG W , MENG Y , LIU Y G , et al . HoMonit:monitoring smart home Apps from encrypted traffic [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2018 : 1074 - 1088 .

CHO K-T , SHIN K G . Fingerprinting electronic control units for vehicle intrusion detection [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2016 : 911 - 927 .

CHO K T , SHIN K G . Viden:attacker identification on in-vehicle networks [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 1109 - 1123 .

CHOI H , LEE W C , AAFER Y , et al . Detecting attacks against robotic vehicles:a control invariant approach [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2018 : 801 - 816 .

BIRNBACH S , EBERZ S , MARTINOVIC I . Peeves:physical event verification in smart homes [C ] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2019 : 1455 - 1467 .

FENG C , PALLETI V R , MATHUR A , et al . A systematic framework to generate invariants for anomaly detection in industrial control systems [C ] // Proceedings 2019 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2019 : 1 - 15 .

FERNANDES E , PAUPORE J , RAHMATI A , et al . FlowFence:practical data protection for emerging IoT application frameworks [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2016 : 531 - 548 .

WEN H H , LIN Z Q , ZHANG Y Q . FirmXRay:detecting bluetooth link layer vulnerabilities from bare-metal firmware [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2020 : 167 - 180 .

JIA Y J , CHEN Q A , WANG S Q , et al . ContexIoT:towards providing contextual integrity to appified IoT platforms [C ] // Proceedings 2017 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2017 : 1 - 15 .

TIAN Y , ZHANG N , LIN Y-H , et al . SmartAuth:user-centered authorization for the internet of things [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2017 : 361 - 378 .

DEMETRIOU S , ZHANG N , LEE Y , et al . HanGuard:SDN-driven protection of smart home Wi-Fi devices from malicious mobile apps [C ] // Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks . New York:ACM Press , 2017 : 122 - 133 .

SCHUSTER R , SHMATIKOV V , TROMER E . Situational access control in the Internet of things [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2018 : 1056 - 1073 .

ZENG E , ROESNER F . Understanding and improving security and privacy in multi-user smart homes:a design exploration and in-home user study [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2019 : 159 - 176 .

WANG W C , CICALA F , HUSSAIN S R , et al . Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users' privacy [C ] // Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks . New York:ACM Press , 2020 : 133 - 143 .

ALSHAHRANI M , TRAORE I , WOUNGANG I . Anonymous mutual IoT interdevice authentication and key agreement scheme based on the ZigBee technique [J ] . Internet of Things , 2019 ,7:100061.

KUMAR S , HU Y , ANDERSEN M P , et al . JEDI:many-to-many end-to-end encryption and key delegation for IoT [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2019 : 1519 - 1536 .

XI W , QIAN C , HAN J S , et al . Instant and robust authentication and key agreement among mobile devices [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2016 : 616 - 627 .

HAN J , CHUNG A J , SINHA M K , et al . Do you feel what I hear? Enabling autonomous IoT device pairing using different sensor types [C ] // 2018 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2018 : 836 - 852 .

JIN W Q , LI M , MURALI S , et al . Harnessing the ambient radio frequency noise for wearable device pairing [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2020 : 1135 - 1148 .

LI X P , ZENG Q , LUO L N , et al . T2Pair:secure and usable pairing for heterogeneous IoT devices [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2020 : 309 - 323 .

APTHORPE N , HUANG D Y , REISMAN D , et al . Keeping the smart home private with smart(er) IoT traffic shaping [J ] . Proceedings on Privacy Enhancing Technologies , 2019 , 2019 ( 3 ): 128 - 148 .

OCONNOR T J , MOHAMED R , MIETTINEN M , et al . HomeSnitch:behavior transparency and control for smart home IoT devices [C ] // Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks . New York:ACM Press , 2019 : 128 - 138 .

KIM C H , KIM T , CHOI H , et al . Securing real-time microcontroller systems through customized memory view switching [C ] // Proceedings 2018 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2018 : 1 - 15 .

CLEMENTS A A , ALMAKHDHUB N S , BAGCHI S , et al . ACES:automatic compartments for embedded systems [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2018 : 65 - 82 .

ABERA T , ASOKAN N , DAVI L , et al . C-FLAT:control-flow attestation for embedded systems software [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2016 : 743 - 754 .

SUN Z C , FENG B , LU L , et al . OAT:attesting operation integrity of embedded devices [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2020 : 1433 - 1449 .

ABERA T , BAHMANI R , BRASSER F , et al . DIAT:data integrity attestation for resilient collaboration of autonomous systems [C ] // Proceedings 2019 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2019 : 1 - 15 .

MENG Y , WANG Z C , ZHANG W , et al . WiVo:enhancing the security of voice control system via wireless signal in IoT environment [C ] // Proceedings of the Eighteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing . New York:ACM Press , 2018 : 81 - 90 .

SHEZAN F H , CHENG K M , ZHANG Z , et al . TKPERM:cross-platform permission knowledge transfer to detect overprivileged third-party applications [C ] // Proceedings 2020 Network and Distributed System Security Symposium . Virginia:the Internet Society , 2020 : 1 - 15 .

EMAMI-NAEINI P , AGARWAL Y , FAITH CRANOR L , et al . Ask the experts:what should be on an IoT privacy and security label? [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2020 : 447 - 464 .

YU H , LIM J , KIM K , et al . Pinto:enabling video privacy for commodity IoT cameras [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2018 : 1089 - 1101 .

NASSI B , BEN-NETANEL R , SHAMIR A , et al . Drones' cryptanalysis-smashing cryptography with a flicker [C ] // 2019 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2019 : 1397 - 1414 .

APTHORPE N J , VARGHESE S , FEAMSTER N . Evaluating the contextual integrity of privacy regulation:parents' IoT toy privacy norms versus COPPA [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2019 : 123 - 140 .

JULIE H , YASEMIN A , SUSANNE F . “It's the company,the government,you and I”:user perceptions of responsibility for smart home privacy and security [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2021 : 1 - 18 .

ZONG P , LV T , WANG D , et al . FuzzGuard:filtering out unreachable inputs in directed grey-box fuzzing through deep learning [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2020 : 2255 - 2269 .

MANANDHAR S , MORAN K , KAFLE K , et al . Towards a natural perspective of smart homes for practical security and safety analyses [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2020 : 482 - 499 .

浏览量

3193

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

全栈信创电子邮件系统实践

物联网场景下基于蜜场的分布式网络入侵检测系统研究

基于审计博弈的安全协作频谱感知方案

安全雾计算物联网的联合资源配置方法

基于对比学习的图神经网络后门攻击防御方法