论文标题
Iotgaze:通过无线上下文分析的IoT安全执行
IoTGaze: IoT Security Enforcement via Wireless Context Analysis
论文作者
论文摘要
物联网(物联网)已成为服务自动化,监视和互连等最有前途的技术。但是,由于物联网引起的问题引起的安全性和隐私问题。最近的研究重点是通过查看内部平台和应用程序来解决安全问题。在这项工作中,我们创造性地改变了从无线上下文的角度考虑安全问题的角度。我们提出了一个名为Iotgaze的新型框架,该框架可以通过无线流量分析发现物联网系统中的潜在异常和漏洞。通过嗅探加密的无线流量,Iotgaze可以自动确定应用程序和设备之间事件的顺序交互。我们发现了时间事件依赖关系,并为物联网系统生成无线上下文。同时,我们从IoT应用程序的描述和用户界面中提取物联网上下文,这反映了用户的期望。如果无线上下文与预期的IoT上下文不符,则Iotgaze报告异常。此外,Iotgaze可以通过隐藏的通道(例如温度和照明)来发现由APP相互作用引起的漏洞。我们在Samsung Smartthings平台上提供了概念概念的实现和评估。评估表明,物种可以有效地发现异常和漏洞,从而大大提高了物联网系统的安全性。
Internet of Things (IoT) has become the most promising technology for service automation, monitoring, and interconnection, etc. However, the security and privacy issues caused by IoT arouse concerns. Recent research focuses on addressing security issues by looking inside platform and apps. In this work, we creatively change the angle to consider security problems from a wireless context perspective. We propose a novel framework called IoTGaze, which can discover potential anomalies and vulnerabilities in the IoT system via wireless traffic analysis. By sniffing the encrypted wireless traffic, IoTGaze can automatically identify the sequential interaction of events between apps and devices. We discover the temporal event dependencies and generate the Wireless Context for the IoT system. Meanwhile, we extract the IoT Context, which reflects user's expectation, from IoT apps' descriptions and user interfaces. If the wireless context does not match the expected IoT context, IoTGaze reports an anomaly. Furthermore, IoTGaze can discover the vulnerabilities caused by the inter-app interaction via hidden channels, such as temperature and illuminance. We provide a proof-of-concept implementation and evaluation of our framework on the Samsung SmartThings platform. The evaluation shows that IoTGaze can effectively discover anomalies and vulnerabilities, thereby greatly enhancing the security of IoT systems.
