发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2018 Workshop on IoT Security and Privacy最新文献

筛选
英文 中文
Blockchain‐Based Cyber Physical Trust Systems 基于区块链的网络物理信任系统
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2019-12-13 DOI: 10.1002/9781119527978.ch14
A. Beckmann, Alexander J. M. Milne, J. Razafindrakoto, Pardeep Kumar, Michael Breach, N. Preining
{"title":"Blockchain‐Based Cyber Physical Trust Systems","authors":"A. Beckmann, Alexander J. M. Milne, J. Razafindrakoto, Pardeep Kumar, Michael Breach, N. Preining","doi":"10.1002/9781119527978.ch14","DOIUrl":"https://doi.org/10.1002/9781119527978.ch14","url":null,"abstract":"Cyber Physical Trust Systems (CPTS) are Cyber Physical Systems and Internet of Things enriched with trust as an explicit, measurable, testable system component. In this chapter, we propose to use blockchain technology as the trust enabling system component for CPTS. Our proposed approach shows that a blockchain based CPTS achieves the security properties of data authenticity, identity and integrity. We describe results of a testbed which implements a blockchain based CPTS for physical asset management. extend the testbed into a generic application for supporting Cyber Physical Trust Systems, and conduct in depth performance analysis ranging from theoretical ones based on theoretical performance assumptions of blockchain technology, to practical ones in relation to an enhanced testbed implementation. We will also explore other application domains, in which Cyber Physical Trust Systems can be applied.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84448021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Introduction to IoT 物联网简介
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2019-12-13 DOI: 10.1002/9781119527978.ch1
A. Kalla, Pawani Prombage, Madhusanka Liyanage
{"title":"Introduction to IoT","authors":"A. Kalla, Pawani Prombage, Madhusanka Liyanage","doi":"10.1002/9781119527978.ch1","DOIUrl":"https://doi.org/10.1002/9781119527978.ch1","url":null,"abstract":"","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"38 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85831773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Index 指数
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2019-12-13 DOI: 10.1002/9781119527978.index
{"title":"Index","authors":"","doi":"10.1002/9781119527978.index","DOIUrl":"https://doi.org/10.1002/9781119527978.index","url":null,"abstract":"","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"138 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85540510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation 一个开发人员友好的智能家居物联网隐私保护流量混淆库
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565.3229567
T. Datta, Noah J. Apthorpe, N. Feamster
{"title":"A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation","authors":"T. Datta, Noah J. Apthorpe, N. Feamster","doi":"10.1145/3229565.3229567","DOIUrl":"https://doi.org/10.1145/3229565.3229567","url":null,"abstract":"The number and variety of Internet-connected devices have grown enormously in the past few years, presenting new challenges to security and privacy. Research has shown that network adversaries can use traffic rate metadata from consumer IoT devices to infer sensitive user activities. Shaping traffic flows to fit distributions independent of user activities can protect privacy, but this approach has seen little adoption due to required developer effort and overhead bandwidth costs. Here, we present a Python library for IoT developers to easily integrate privacy-preserving traffic shaping into their products. The library replaces standard networking functions with versions that automatically obfuscate device traffic patterns through a combination of payload padding, fragmentation, and randomized cover traffic. Our library successfully preserves user privacy and requires approximately 4 KB/s overhead bandwidth for IoT devices with low send rates or high latency tolerances. This overhead is reasonable given normal Internet speeds in American homes and is an improvement on the bandwidth requirements of existing solutions.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"31 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85520617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
IP-Based IoT Device Detection 基于ip的物联网设备检测
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565.3229572
Hang Guo, J. Heidemann
{"title":"IP-Based IoT Device Detection","authors":"Hang Guo, J. Heidemann","doi":"10.1145/3229565.3229572","DOIUrl":"https://doi.org/10.1145/3229565.3229572","url":null,"abstract":"Recent IoT-based DDoS attacks have exposed how vulnerable the Internet can be to millions of insufficiently secured IoT devices. To understand the risks of these attacks requires learning about these IoT devices---where are they, how many are there, how are they changing? In this paper, we propose a new method to find IoT devices in Internet to begin to assess this threat. Our approach requires observations of flow-level network traffic and knowledge of servers run by the manufacturers of the IoT devices. We have developed our approach with 10 device models by 7 vendors and controlled experiments. We apply our algorithm to observations from 6 days of Internet traffic at a college campus and partial traffic from an IXP to detect IoT devices.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"20 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82031001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Towards a Resilient Smart Home 迈向弹性智能家居
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565.3229570
Tam Thanh Doan, R. Safavi-Naini, Shuai Li, S. Avizheh, Muni Venkateswarlu K., Philip W. L. Fong
{"title":"Towards a Resilient Smart Home","authors":"Tam Thanh Doan, R. Safavi-Naini, Shuai Li, S. Avizheh, Muni Venkateswarlu K., Philip W. L. Fong","doi":"10.1145/3229565.3229570","DOIUrl":"https://doi.org/10.1145/3229565.3229570","url":null,"abstract":"Today's Smart Home platforms such as Samsung SmartThings and Amazon AWS IoT are primarily cloud based: devices in the home sense the environment and send the collected data, directly or through a hub, to the cloud. Cloud runs various applications and analytics on the collected data, and generates commands according to the users' specifications that are sent to the actuators to control the environment. The role of the hub in this setup is effectively message passing between the devices and the cloud, while the required analytics, computation, and control are all performed by the cloud. We ask the following question: what if the cloud is not available? This can happen not only by accident or natural causes, but also due to targeted attacks. We discuss possible effects of such unavailability on the functionalities that are commonly available in smart homes, including security and safety related services as well as support for health and well-being of home users, and propose RES-Hub, a hub that can provide the required functionalities when the cloud is unavailable. During the normal functioning of the system, RES-Hub will receive regular status updates from cloud, and will use this information to continue to provide the user specified services when it detects the cloud is down. We describe an IoTivity-based software architecture that is used to implement RES-Hub in a flexible and expendable way and discuss our implementation.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"158 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86428504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Combining MUD Policies with SDN for IoT Intrusion Detection 结合MUD策略和SDN实现物联网入侵检测
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565.3229571
Ayyoob Hamza, H. Gharakheili, V. Sivaraman
{"title":"Combining MUD Policies with SDN for IoT Intrusion Detection","authors":"Ayyoob Hamza, H. Gharakheili, V. Sivaraman","doi":"10.1145/3229565.3229571","DOIUrl":"https://doi.org/10.1145/3229565.3229571","url":null,"abstract":"The IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in the form of access control lists (ACLs) is expected to limit the attack surface on IoT devices; however, little is known about how MUD policies will get enforced in operational networks, and how they will interact with current and future intrusion detection systems (IDS). We believe this paper is the first attempt to translate MUD policies into flow rules that can be enforced using SDN, and in relating exception behavior to attacks that can be detected via off-the-shelf IDS. Our first contribution develops and implements a system that translates MUD policies to flow rules that are proactively configured into network switches, as well as reactively inserted based on run-time bindings of DNS. We use traces of 28 consumer IoT devices taken over several months to evaluate the performance of our system in terms of switch flow-table size and fraction of exception traffic that needs software inspection. Our second contribution identifies the limitations of flow-rules derived from MUD in protecting IoT devices from internal and external network attacks, and we show how our system is able to detect such volumetric attacks (including port scanning, TCP/UDP/ICMP flooding, ARP spoofing, and TCP/SSDP/SNMP reflection) by sending only a very small fraction of exception packets to off-the-shelf IDS.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"53 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90439507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 78
Web-based Attacks to Discover and Control Local IoT Devices 基于web的攻击发现和控制本地物联网设备
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565.3229568
Gunes Acar, D. Huang, Frank H. Li, Arvind Narayanan, N. Feamster
{"title":"Web-based Attacks to Discover and Control Local IoT Devices","authors":"Gunes Acar, D. Huang, Frank H. Li, Arvind Narayanan, N. Feamster","doi":"10.1145/3229565.3229568","DOIUrl":"https://doi.org/10.1145/3229565.3229568","url":null,"abstract":"In this paper, we present two web-based attacks against local IoT devices that any malicious web page or third-party script can perform, even when the devices are behind NATs. In our attack scenario, a victim visits the attacker's website, which contains a malicious script that communicates with IoT devices on the local network that have open HTTP servers. We show how the malicious script can circumvent the same-origin policy by exploiting error messages on the HTML5 MediaError interface or by carrying out DNS rebinding attacks. We demonstrate that the attacker can gather sensitive information from the devices (e.g., unique device identifiers and precise geolocation), track and profile the owners to serve ads, or control the devices by playing arbitrary videos and rebooting. We propose potential countermeasures to our attacks that users, browsers, DNS providers, and IoT vendors can implement.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91201488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
Proceedings of the 2018 Workshop on IoT Security and Privacy 2018物联网安全与隐私研讨会论文集
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565
{"title":"Proceedings of the 2018 Workshop on IoT Security and Privacy","authors":"","doi":"10.1145/3229565","DOIUrl":"https://doi.org/10.1145/3229565","url":null,"abstract":"","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"250 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76988939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Traversing the Quagmire that is Privacy in your Smart Home 穿越智能家居隐私的泥潭
Proceedings of the 2018 Workshop on IoT Security and Privacy Pub Date : 2018-08-07 DOI: 10.1145/3229565.3229573
Chuhan Gao, Varun Chandrasekaran, Kassem Fawaz, Suman Banerjee
{"title":"Traversing the Quagmire that is Privacy in your Smart Home","authors":"Chuhan Gao, Varun Chandrasekaran, Kassem Fawaz, Suman Banerjee","doi":"10.1145/3229565.3229573","DOIUrl":"https://doi.org/10.1145/3229565.3229573","url":null,"abstract":"Voice has become an increasingly popular User Interaction (UI) channel, with voice-activated devices becoming regular fixtures in our homes. The popularity of voice-based assistants (VAs), however, have brought along significant privacy and security threats to their users. Recent revelations have indicated that some VAs record user's private conversations continuously and innocuously. With the VAs being connected to the Internet, they can leak the recorded content without the user's authorization. Moreover, these devices often do not pack authentication mechanisms to check if the voice commands are issued by authorized users. To address both shortcomings, we propose a framework to impose a security and privacy perimeter around the user's VA. Our proposed framework continuously jams the VA to prevent it from innocuously recording the user's speech, unless the user issues a voice command. To prevent unauthorized voice commands, our framework provides a scheme similar to two-factor authentication to only grant access when the authorized user is in its vicinity. Our proposed framework achieves both objectives through a combination of several techniques to (a) continuously jam one (or many) VA's microphones in a manner inaudible to the user, and (b) provide only authenticated users easy access to VAs.","PeriodicalId":20541,"journal":{"name":"Proceedings of the 2018 Workshop on IoT Security and Privacy","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76844687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信