发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2017 Workshop on Internet of Things Security and Privacy最新文献

筛选
英文 中文
Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices 智能解决方案,缺乏保护:智能家居设备开发和部署中的安全和隐私问题的实证研究
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139948
Hui Liu, Changyu Li, Xuancheng Jin, Juanru Li, Yuanyuan Zhang, Dawu Gu
{"title":"Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices","authors":"Hui Liu, Changyu Li, Xuancheng Jin, Juanru Li, Yuanyuan Zhang, Dawu Gu","doi":"10.1145/3139937.3139948","DOIUrl":"https://doi.org/10.1145/3139937.3139948","url":null,"abstract":"The concept of Smart Home drives the upgrade of home devices from traditional mode to an Internet-connected version. Instead of developing the smart devices from scratch, manufacturers often utilize existing smart home solutions released by large IT companies (e.g., Amazon, Google) to help build the smart home network. A smart home solution provides components such as software development kit (SDK) and relevant management system to boost the development and deployment of smart home devices. Nonetheless, the participating of third-party SDKs and management systems complicates the workflow of such devices. If not meticulously assessed, the complex workflow often leads to the violation of privacy and security to both the consumer and the manufacturer. In this paper, we illustrate how the security and privacy of smart home devices are affected by JoyLink, a widely used smart home solution. We demonstrate a concrete analysis combined with network traffic interception, source code audit, and binary code reverse engineering to evince that the design of smart home solution is error-prone. We argue that if the security and privacy issues are not considered, devices using the solution are inevitably vulnerable and thus the privacy and security of smart home are seriously threatened.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130200744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Security & Privacy in Smart Toys 智能玩具的安全和隐私
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139947
J. Valente, A. Cárdenas
{"title":"Security & Privacy in Smart Toys","authors":"J. Valente, A. Cárdenas","doi":"10.1145/3139937.3139947","DOIUrl":"https://doi.org/10.1145/3139937.3139947","url":null,"abstract":"We analyze the security practices of three smart toys that communicate with children through voice commands. We show the general communication architecture, and some general security and privacy practices by each of the devices. Then we focus on the analysis of one particular toy, and show how attackers can decrypt communications to and from a target device, and perhaps more worryingly, the attackers can also inject audio into the toy so the children listens to any arbitrary audio file the attacker sends to the toy. This last attack raises new safety concerns that manufacturers of smart toys should prevent.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114540216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
Computer Security and Privacy for the Physical World 物理世界的计算机安全和隐私
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139956
Earlence Fernandes
{"title":"Computer Security and Privacy for the Physical World","authors":"Earlence Fernandes","doi":"10.1145/3139937.3139956","DOIUrl":"https://doi.org/10.1145/3139937.3139956","url":null,"abstract":"Many physical processes today are augmented with computerized control. Everything ranging from homes to cities are being digitally connected to each other, and to software. Although these connections have resulted in many useful benefits, malicious entities have exploited this new Internet of Things (IoT) to cause damage. In this talk, I'll briefly discuss recent results in securing these emerging IoT systems. I will also outline a few open questions in the field.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123468326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Secure Event Logging System for Smart Homes 智能家居的安全事件记录系统
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139945
S. Avizheh, Tam Thanh Doan, Xi Liu, R. Safavi-Naini
{"title":"A Secure Event Logging System for Smart Homes","authors":"S. Avizheh, Tam Thanh Doan, Xi Liu, R. Safavi-Naini","doi":"10.1145/3139937.3139945","DOIUrl":"https://doi.org/10.1145/3139937.3139945","url":null,"abstract":"Smart homes include hundreds of devices that generate messages, and communicate with each other and the world outside the home, to provide a highly functional, optimized and personalized environment for residents. A secure and reliable event logging system is an essential component of smart homes with a wide range of applications such as fault detection, forensics and accounting. Existing smart home IoT frameworks are cloud-based and privacy of fine-grained log data is a real concern. In this paper we propose a host-based conceptual framework for storing and processing data in smart homes, analyze security requirements of such environments and design a forward secure event logging system that satisfies these environments. We give an overview of our implementation of a message (event) logging system for a typical home, and present efficiency evaluation of our cryptographic design.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117333186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Enabling Multi-user Controls in Smart Home Devices 在智能家居设备中启用多用户控制
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139941
William Jang, Adil Chhabra, Aarathi Prasad
{"title":"Enabling Multi-user Controls in Smart Home Devices","authors":"William Jang, Adil Chhabra, Aarathi Prasad","doi":"10.1145/3139937.3139941","DOIUrl":"https://doi.org/10.1145/3139937.3139941","url":null,"abstract":"The Internet of Things (IoT) devices have expanded into many aspects of everyday life. As these smart home devices grow more popular, security concerns increase. Researchers have modeled the privacy and security threats for smart home devices, but have yet to fully address the problem of unintended user access within the home. Often, smart home devices are purchased by one of the family members and associated with the same family member's account, yet are shared by the entire home. Currently most devices implement a course-grained access control model where someone in the home either has complete access or no access. We provide scenarios that highlight the need for exible authorization control and seamless authentication in IoT devices, especially in multi-user environments. We present design recommendations for IoT device manufacturers to provide fine-grained access control and authentication and describe the challenges to meeting the expectations of all users within a home.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121017841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Low-Cost Standard Public Key Cryptography Services for Wireless IoT Systems 无线物联网系统的低成本标准公钥加密服务
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139940
Muslum Ozgur Ozmen, A. Yavuz
{"title":"Low-Cost Standard Public Key Cryptography Services for Wireless IoT Systems","authors":"Muslum Ozgur Ozmen, A. Yavuz","doi":"10.1145/3139937.3139940","DOIUrl":"https://doi.org/10.1145/3139937.3139940","url":null,"abstract":"Internet of Things (IoT) is an integral part of application domains such as smart-home and digital healthcare. Various standard public key cryptography techniques (e.g., key exchange, public key encryption, signature) are available to provide fundamental security services for IoTs. However, despite their pervasiveness and well-proven security, they also have been shown to be highly energy costly for embedded devices. Hence, it is a critical task to improve the energy efficiency of standard cryptographic services, while preserving their desirable properties simultaneously. In this paper, we exploit synergies among various cryptographic primitives with algorithmic optimizations to substantially reduce the energy consumption of standard cryptographic techniques on embedded devices. Our contributions are: (i) We harness special precomputation techniques, which have not been considered for some important cryptographic standards to boost the performance of key exchange, integrated encryption, and hybrid constructions. (ii) We provide self-certification for these techniques to push their performance to the edge. (iii) We implemented our techniques and their counterparts on 8-bit AVR ATmega 2560 and evaluated their performance. We used microECC library and made the implementations on NIST-recommended secp192 curve, due to its standardization. Our experiments confirmed significant improvements on the battery life (up to 7x) while preserving the desirable properties of standard techniques. Moreover, to the best of our knowledge, we provide the first open-source framework including such set of optimizations on low-end devices.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128709300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family 通过发现四轴飞行器家族的镜头了解消费无人机的安全威胁
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139943
J. Valente, A. Cárdenas
{"title":"Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family","authors":"J. Valente, A. Cárdenas","doi":"10.1145/3139937.3139943","DOIUrl":"https://doi.org/10.1145/3139937.3139943","url":null,"abstract":"In this paper we identify new threats to drones in an effort to have a better public discussion of realistic attacks that vendors need to take into consideration when designing their products. In particular we study in detail the security of a new drone family (U818A) released in 2016, which is quickly becoming a best-selling brand, and is re-purposed and sold by a variety of drone vendors. We implemented and tested several attacks and considered privacy issues (e.g., remotely accessing someone else's drone to take video or images of a private setting), security issues (e.g., stealing a drone mid-flight), and safety issues (e.g., taking down a drone operated by someone else). We finish the paper by recommending basic steps to improve the security of drones.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130126282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy 2017物联网安全与隐私研讨会论文集
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937
Peng Liu, Yuqing Zhang, Theophilus A. Benson, S. Sundaresan
{"title":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","authors":"Peng Liu, Yuqing Zhang, Theophilus A. Benson, S. Sundaresan","doi":"10.1145/3139937","DOIUrl":"https://doi.org/10.1145/3139937","url":null,"abstract":"It is our great pleasure to welcome you to the First Workshop on Internet of Things Security & Privacy - IoT S&P'17. This year's workshop begins a tradition of bringing together networking and security researchers to analyze and tackle security and privacy challenges introduced by the growing number of Internet of Things devices and deployments. The mission of the workshop is to share novel measurements, techniques and insights that identify new directions for future research and development. IoT S&P gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of IoT security and privacy \u0000 \u0000We also encourage attendees to attend the keynote and poster presentations. These valuable and insightful talks can and will guide us to a better understanding of the future: \u0000Computer Security and Privacy for the Physical World, Earlence Fernandes (who is currently at University of Washington","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"22 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116320890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Lightweight Vulnerability Mitigation Framework for IoT Devices 物联网设备的轻量级漏洞缓解框架
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139944
Noy Hadar, Shachar Siboni, Y. Elovici
{"title":"A Lightweight Vulnerability Mitigation Framework for IoT Devices","authors":"Noy Hadar, Shachar Siboni, Y. Elovici","doi":"10.1145/3139937.3139944","DOIUrl":"https://doi.org/10.1145/3139937.3139944","url":null,"abstract":"Many of today's Internet of Things (IoT) devices are vulnerable due to the large amount of overhead incurred when their operating systems are patched against emerging vulnerabilities. In addition, legacy IoT devices are no longer supported by their manufacturers, leaving customers with unpatched devices that can be easily exploited by attackers. Thus, there is an urgent need for a solution that provides a lightweight and low-cost mechanism for preventing exploitation of vulnerable IoT devices. In this paper, we propose an innovative cloud-based framework for protecting IoT devices. The proposed framework consists of a cloud service and a designated IoT security appliance. The security appliance controls the network traffic flowing to and from the vulnerable device and verifies that it does not violate a set of rules, represented by a vulnerability mitigation policy, that have been derived and synthesized by the cloud service from public corpora of Common Vulnerabilities and Exposures (CVE). We demonstrate how the proposed solution can be applied as a cost-effective solution capable of preventing exploitation of vulnerable IP cameras as part of a prominent botnet attack called Mirai.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122207404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Source-End DDoS Defense in IoT Environments 物联网环境下的源端DDoS防御
Proceedings of the 2017 Workshop on Internet of Things Security and Privacy Pub Date : 2017-11-03 DOI: 10.1145/3139937.3139954
Samuel Mergendahl, Devkishen Sisodia, Jun Li, H. Çam
{"title":"Source-End DDoS Defense in IoT Environments","authors":"Samuel Mergendahl, Devkishen Sisodia, Jun Li, H. Çam","doi":"10.1145/3139937.3139954","DOIUrl":"https://doi.org/10.1145/3139937.3139954","url":null,"abstract":"While the Internet of Things (IoT) becomes increasingly popular and pervasive in everyday objects, IoT devices often remain unprotected and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. One could attempt to employ traditional DDoS defense solutions, but these solutions are hardly suitable in IoT environments since they seldom consider the resource constraints of IoT devices. This paper presents FR-WARD which defends against DDoS attacks launched from an IoT network. FR-WARD is an adaptation of the classic DDoS defense system D-WARD. While both solutions are situated near the attack sources and drop packets to throttle DDoS traffic, FR-WARD utilizes the fast retransmit mechanism in TCP congestion control to minimize resource penalties on benign IoT devices. Based on our analysis and simulation results, FR-WARD not only effectively throttles DDoS traffic but also minimizes retransmission overhead for benign IoT devices.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"13 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120913343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信