物联网安全研究综述：威胁、检测与防御

doi:10.11959/j.issn.1000-436x.2021124

通信学报 ›› 2021, Vol. 42 ›› Issue (8): 188-205.doi: 10.11959/j.issn.1000-436x.2021124

物联网安全研究综述：威胁、检测与防御

杨毅宇¹, 周威¹, 赵尚儒¹, 刘聪², 张宇辉³, 王鹤³, 王文杰¹, 张玉清¹^,²^,³^,⁴

¹ 中国科学院大学国家计算机网络入侵防范中心，北京 101408
² 西安邮电大学网络空间安全学院，陕西西安 710121
³ 西安电子科技大学网络与信息安全学院，陕西西安 710071
⁴ 海南大学计算机与网络空间安全学院，海南海口 570228

修回日期:2021-04-14 出版日期:2021-08-25 发布日期:2021-08-01
作者简介:杨毅宇（1987- ），男，云南大理人，中国科学院大学博士生，主要研究方向为网络与系统安全
周威（1993- ），男，河北保定人，中国科学院大学博士生，主要研究方向为网络与系统安全
赵尚儒（1995- ），男，广东广州人，中国科学院大学博士生，主要研究方向为网络与系统安全
刘聪（1997- ），男，陕西宝鸡人，西安邮电大学硕士生，主要研究方向为网络与系统安全
张宇辉（1997- ），男，山西临汾人，西安电子科技大学硕士生，主要研究方向为网络与系统安全
王鹤（1987- ），女，河南滑县人，博士，西安电子科技大学讲师，主要研究方向为网络与系统安全、密码学
王文杰（1964- ），男，陕西西安人，博士，中国科学院大学副教授，主要研究方向为信息安全与智能信息处理
张玉清（1966- ），男，陕西西安人，博士，中国科学院大学教授，主要研究方向为网络与系统安全
基金资助:
国家重点研发计划基金资助项目(2018YFB0804701);国家自然科学基金资助项目(U1836210)

Survey of IoT security research: threats, detection and defense

Yiyu YANG¹, Wei ZHOU¹, Shangru ZHAO¹, Cong LIU², Yuhui ZHANG³, He WANG³, Wenjie WANG¹, Yuqing ZHANG¹^,²^,³^,⁴

¹ National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China
² School of Cyberspace Security, Xi’an University of Posts ＆Telecommunications, Xi’an 710121, China
³ School of Cyber Engineering, Xidian University, Xi’an 710071, China
⁴ School of Computer Science and Cyberspace Security, Hainan University, Haikou 570228, China

Revised:2021-04-14 Online:2021-08-25 Published:2021-08-01
Supported by:
The National Key Research and Development Program of China(2018YFB0804701);The National Natural Science Foundation of China(U1836210)

摘要/Abstract

摘要：

基于近5年网安国际会议（ACM CCS、USENIX Security、NDSS、IEEE S＆amp;P）中发表的物联网安全文献，以及其他部分高水平研究工作，从威胁、检测、防御的视角对物联网安全研究工作进行了系统的整理和分析。首先，介绍了物联网系统的基本架构。然后，将当前研究中提出的主要威胁分为8种类型，并分析了威胁的成因和危害。之后，介绍了针对这些威胁所提出的6种威胁检测和5种防御方案，并对比了它们的技术原理和优缺点。最后，提出了当前研究依然面临的主要挑战，并指出了未来研究发展的方向。

关键词: 物联网, 安全, 威胁, 检测, 防御

Abstract:

Based on the IoT security literatures published in the international conferences on network security (ACM CCS, USENIX Security, NDSS, IEEE S＆amp;P) in recent five years, and other prominent researches, the works from the perspective of ＆quot;threat, detection, defense＆quot; were systematically summarized and analyzed.Firstly the basic architecture of the IoT system was introduced.Then the main threats proposed in these works were classified into eight categories, and the causes and hazards of the threats were analyzed.After that, six detection and five defense schemes against these threats were introduced, and their technical principles, advantages and disadvantages were compared.At last, on the basis of the above analysis, the main challenges that the current research still faces were put forward, and the research directions of future works were point out.

Key words: IoT, security, threat, detection, defense

中图分类号:

TP391.44

杨毅宇, 周威, 赵尚儒, 刘聪, 张宇辉, 王鹤, 王文杰, 张玉清. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021, 42(8): 188-205.

Yiyu YANG, Wei ZHOU, Shangru ZHAO, Cong LIU, Yuhui ZHANG, He WANG, Wenjie WANG, Yuqing ZHANG. Survey of IoT security research: threats, detection and defense[J]. Journal on Communications, 2021, 42(8): 188-205.

图/表 10

图1

图2

表1

图3

表2

表3

表4

表5

表6

图4

参考文献 110

[1]	ZHOU W , JIA Y , PENG A N ,et al. The effect of IoT new features on security and privacy:new threats,existing solutions,and challenges yet to be solved[J]. IEEE Internet of Things Journal, 2019,6(2): 1606-1616.
[2]	ALRAWI O , LEVER C , ANTONAKAKIS M ,et al. SoK:security evaluation of home-based IoT deployments[C]// 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 1362-1380.
[3]	ANTONAKAKIS M , APRIL T , BAILEY M ,et al. Understanding the Mirai botnet[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2017: 1093-1110.
[4]	GUO Z , LIN Z , LI P ,et al. SkillExplorer:understanding the behavior of skills in large scale[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 2649-2666.
[5]	张玉清, 周威, 彭安妮 . 物联网安全综述[J]. 计算机研究与发展, 2017,54(10): 2130-2143.
	ZHANG Y Q , ZHOU W , PENG A N . Survey of Internet of things security[J]. Journal of Computer Research and Development, 2017,54(10): 2130-2143.
[6]	彭安妮, 周威, 贾岩 ,等. 物联网操作系统安全研究综述[J]. 通信学报, 2018,39(3): 22-34.
	PENG A N , ZHOU W , JIA Y ,et al. Survey of the Internet of things operating system security[J]. Journal on Communications, 2018,39(3): 22-34.
[7]	王基策, 李意莲, 贾岩 ,等. 智能家居安全综述[J]. 计算机研究与发展, 2018,55(10): 2111-2124.
	WANG J C , LI Y L , JIA Y ,et al. Survey of smart home security[J]. Journal of Computer Research and Development, 2018,55(10): 2111-2124.
[8]	HE W , GOLLA M , PADHI R ,et al. Rethinking access control and authentication for the home Internet of things (IoT)[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 255-272.
[9]	FERNANDES E , JUNG J , PRAKASH A . Security analysis of emerging smart home applications[C]// 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2016: 636-654.
[10]	FERNANDES E , RAHMATI A , JUNG J ,et al. Decentralized action integrity for trigger-action IoT platforms[C]// Proceedings 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-16.
[11]	YUAN B , JIA Y , XING L ,et al. Shattered chain of trust:understanding security risks in cross-cloud IoT access delegation[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 1183-1200.
[12]	CELIK Z B , BABUN L , SIKDER A K ,et al. Sensitive information tracking in commodity IoT[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 1687-1704.
[13]	CELIK Z B , MCDANIEL P , TAN G . Soteria:automated IoT safety and security analysis[C]// USENIX Annual Technical Conference. Berkeley:USENIX Association, 2018: 147-158.
[14]	CELIK Z B , TAN G , MCDANIEL P . IoTGuard:dynamic enforcement of security and safety policy in commodity IoT[C]// Proceedings 2019 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2019: 1-15.
[15]	BASTYS I , BALLIU M , SABELFELD A . If this then what?:controlling flows in IoT Apps[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1102-1119.
[16]	ZHANG N , MI X H , FENG X ,et al. Dangerous skills:understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems[C]// 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 1381-1396.
[17]	KUMAR D , PACCAGNELLA R , MURLEY P ,et al. Skill squatting attacks on Amazon Alexa[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 33-47.
[18]	ZHOU W , JIA Y , YAO Y ,et al. Discovering and understanding the security hazards in the Interactions between IoT devices,mobile APPs,and clouds on smart home platforms[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2019: 1133-1150.
[19]	CHEN J Y , ZUO C S , DIAO W R ,et al. Your IoTs are (not) mine:on the remote binding between IoT devices and users[C]// 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Piscataway:IEEE Press, 2019: 222-233.
[20]	WANG Q , DATTA P , YANG W ,et al. Charting the attack surface of trigger-action IoT platforms[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 1439-1453.
[21]	JIA Y , XING L Y , MAO Y H ,et al. Burglars’ IoT paradise:understanding and mitigating security risks of general messaging protocols on IoT clouds[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 465-481.
[22]	CAO X H , SHILA D M , CHENG Y ,et al. Ghost-in-ZigBee:energy depletion attack on ZigBee-based wireless networks[J]. IEEE Internet of Things Journal, 2016,3(5): 816-829.
[23]	FAWAZ K , KIM K-H , SHIN K G . Protecting privacy of BLE device users[C]// SENIX Security Symposium. Berkeley:USENIX Association, 2016: 1205-1221.
[24]	ANTONIOLI D , TIPPENHAUER N O , RASMUSSEN K . BIAS:bluetooth impersonation attacks[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 549-562.
[25]	SETHI M , PELTONEN A , AURA T . Misbinding attacks on secure device pairing and bootstrapping[C]// Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. New York:ACM Press, 2019: 453-464.
[26]	OCONNOR T J , ENCK W , REAVES B . Blinded and confused:uncovering systemic flaws in device telemetry for smart-home Internet of things[C]// Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2019: 140-150.
[27]	WEN H , CHEN Q A , LIN Z . Plug-N-Pwned:comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 949-965.
[28]	ZHU Y Z , XIAO Z J , CHEN Y X ,et al. Et tu alexa? when commodity Wi-Fi devices turn into adversarial motion sensors[C]// Proceedings 2020 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2020: 1-15.
[29]	LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A , ,et al. Network traffic classifier with convolutional and recurrent neural networks for Internet of things[J]. IEEE Access, 2017,5: 18042-18050.
[30]	SIVANATHAN A , GHARAKHEILI H H , LOI F ,et al. Classifying IoT devices in smart environments using network traffic characteristics[J]. IEEE Transactions on Mobile Computing, 2019,18(8): 1745-1759.
[31]	WOOD D , APTHORPE N , FEAMSTER N . Cleartext data transmissions in consumer IoT medical devices[C]// Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. New York:ACM Press, 2017: 7-12.
[32]	ACAR A , FEREIDOONI H , ABERA T ,et al. Peek-a-Boo:I see your smart home activities,even encrypted![C]// Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2020: 207-218.
[33]	TRIMANANDA R , VARMARKEN J , MARKOPOULOU A ,et al. packet-level signatures for smart home devices[C]// Proceedings 2020 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2020: 1-18.
[34]	CLEMENTS A A , ALMAKHDHUB N S , SAAB K S ,et al. Protecting bare-metal embedded systems with privilege overlays[C]// 2017 IEEE Symposium on Security and Privacy. IEEE Press, 2017: 289-303.
[35]	PEWNY J , GARMANY B , GAWLIK R ,et al. Cross-architecture bug search in binary executables[C]// 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2016: 709-724.
[36]	QUARTA D , POGLIANI M , POLINO M ,et al. An experimental security analysis of an industrial robot controller[C]// 2017 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2017: 268-286.
[37]	ALMAKHDHUB N S , CLEMENTS A A , BAGCHI S ,et al. μRAI:securing embedded systems with return address integrity[C]// Proceedings 2020 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2020: 1-18.
[38]	ZHOU J , DU Y , SHEN Z ,et al. Silhouette:efficient protected shadow stacks for embedded systems[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 1219-1236.
[39]	REDINI N , MACHIRY A , WANG R ,et al. Karonte:detecting insecure multi-binary interactions in embedded firmware[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 1544-1561.
[40]	YAO Y , ZHOU W , JIA Y ,et al. Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution[C]// European Symposium on Research in Computer Security. Berlin:Springer, 2019: 638-657.
[41]	MüLLER J , MLADENOV V , SOMOROVSKY J ,et al. SoK:exploiting network printers[C]// 2017 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2017: 213-230.
[42]	CARLINI N , MISHRA P , VAIDYA T ,et al. Hidden voice commands[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2016: 513-530.
[43]	ZHANG G M , YAN C , JI X Y ,et al. DolphinAttack:inaudible voice commands[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 103-117.
[44]	YUAN X , CHEN Y , ZHAO Y ,et al. Commandersong:a systematic approach for practical adversarial voice recognition[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 49-64.
[45]	YAN Q B , LIU K H , ZHOU Q ,et al. SurfingAttack:interactive hidden attack on voice assistants using ultrasonic guided waves[C]// Proceedings 2020 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2020: 1-18.
[46]	ROY N , SHEN S , HASSANIEH H ,et al. Inaudible voice commands:the long-range attack and defense[C]// USENIX Symposium on Networked Systems Design and Implementation. Berkeley:USENIX Association, 2018: 547-560.
[47]	CHEN T , SHANGGUAN L , LI Z J ,et al. Metamorph:injecting inaudible commands into over-the-air voice controlled systems[C]// Proceedings 2020 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2020: 1-17.
[48]	GRIFFIOEN H , DOERR C . Examining mirai's battle over the Internet of Things[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020.
[49]	SOLTAN S , MITTAL P , POOR H V . BlackIoT:IoT botnet of high wattage devices can disrupt the power grid[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 15-32.
[50]	HUANG B , CARDENAS A A , BALDICK R . Not everything is dark and gloomy:power grid protections against IoT demand attacks[C]// Proceedings of the 28th USENIX Conference on Security Symposium. Berkeley:USENIX Association, 2019: 1115-1132.
[51]	RONEN E , SHAMIR A , WEINGARTEN A O ,et al. IoT goes nuclear:creating a ZigBee chain reaction[C]// 2017 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2017: 195-212.
[52]	WANG Q , HASSAN W U , BATES A ,et al. Fear and logging in the Internet of things[C]// Proceedings 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-16.
[53]	SURBATOVICH M , ALJURAIDAN J , BAUER L ,et al. Some recipes can do more than spoil your appetite:analyzing the security and privacy risks of IFTTT recipes[C]// Proceedings of the 26th International Conference on World Wide Web. New York:ACM Press, 2017: 1501-1510.
[54]	ZHANG Y Y , XU L , MENDOZA A ,et al. Life after speech recognition:fuzzing semantic misinterpretation for voice assistant applications[C]// Proceedings 2019 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2019: 1-15.
[55]	DING W B , HU H X . On the safety of IoT device physical interaction control[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 832-846.
[56]	SUBRAMANYAN P , MALIK S , KHATTRI H ,et al. Verifying information flow properties of firmware using symbolic execution[C]// Proceedings of the 2016 Design,Automation ＆ Test in Europe Conference ＆ Exhibition. Piscataway:IEEE Press, 2016: 337-342.
[57]	HERNANDEZ G , FOWZE F , TIAN D ,et al. Firmusb:vetting USB device firmware using domain informed symbolic execution[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 2245-2262.
[58]	CHENG K , LI Q , WANG L ,et al. DTaint:detecting the taint-style vulnerability in embedded device firmware[C]// 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Piscataway:IEEE Press, 2018: 430-441.
[59]	ESCHWEILER S , YAKDAN K , GERHARDS-PADILLA E , . discovRE:efficient cross-architecture identification of bugs in binary code[C]// Proceedings 2016 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2016: 1-15.
[60]	FENG Q , ZHOU R D , XU C C ,et al. Scalable graph-based bug search for firmware images[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 480-491.
[61]	CHEN D D , EGELE M , WOO M ,et al. Towards automated dynamic analysis for linux-based embedded firmware[C]// Proceedings 2016 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2016: 1-16.
[62]	ZHENG Y , DAVANIAN A , YIN H ,et al. FIRM-AFL:high-throughput greybox fuzzing of IoT firmware via augmented process emulation[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2019: 1099-1114.
[63]	ZHU L P , FU X T , YAO Y ,et al. FIoT:detecting the memory corruption in lightweight IoT device firmware[C]// 2019 18th IEEE International Conference On Trust,Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. Piscataway:IEEE Press, 2019: 248-255.
[64]	MUENCH M , STIJOHANN J , KARGL F ,et al. What you corrupt is not what you crash:challenges in fuzzing embedded devices[C]// Proceedings 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-15.
[65]	CLEMENTS A A , GUSTAFSON E , SCHARNOWSKI T ,et al. HALucinator:firmware re-hosting through abstraction layer emulation[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 1-18.
[66]	FENG B , MERA A , LU L . P2IM:scalable and hardware-independent firmware testing via automatic peripheral interface modeling[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 1237-1254.
[67]	CAO C , GUAN L , MING J ,et al. Device-agnostic firmware execution is possible:a concolic execution approach for peripheral emulation[C]// Annual Computer Security Applications Conference. New York:ACM Press, 2020: 746-759.
[68]	ZHOU W , GUAN L , LIU P ,et al. Automatic firmware emulation through invalidity-guided knowledge inference[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2021: 1-19.
[69]	CHEN J Y , DIAO W R , ZHAO Q C ,et al. IoTFuzzer:discovering memory corruptions in IoT through app-based fuzzing[C]// Proceedings 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-15.
[70]	NILO R , ANDREA C , DIPANJAN D ,et al. DIANE:identifying fuzzing triggers in Apps to generate under-constrained inputs for IoT devices[C]// 2021 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2021: 484-500.
[71]	ZUO C S , WEN H H , LIN Z Q ,et al. Automatic fingerprinting of vulnerable BLE IoT devices with static UUIDs from mobile Apps[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 1469-1483.
[72]	WANG X , SUN Y , NANDA S ,et al. Looking from the mirror:evaluating IoT device security through mobile companion apps[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2019: 1151-1167.
[73]	FENG X , LI Q , WANG H ,et al. Acquisitional rule-based engine for discovering internet-of-things devices[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 327-341.
[74]	YU L , LUO B , MA J ,et al. You are what you broadcast:identification of mobile and IoT devices from (Public) Wi-Fi[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 55-72.
[75]	ZHANG W , MENG Y , LIU Y G ,et al. HoMonit:monitoring smart home Apps from encrypted traffic[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1074-1088.
[76]	CHO K-T , SHIN K G . Fingerprinting electronic control units for vehicle intrusion detection[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2016: 911-927.
[77]	CHO K T , SHIN K G . Viden:attacker identification on in-vehicle networks[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 1109-1123.
[78]	CHOI H , LEE W C , AAFER Y ,et al. Detecting attacks against robotic vehicles:a control invariant approach[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 801-816.
[79]	BIRNBACH S , EBERZ S , MARTINOVIC I . Peeves:physical event verification in smart homes[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 1455-1467.
[80]	FENG C , PALLETI V R , MATHUR A ,et al. A systematic framework to generate invariants for anomaly detection in industrial control systems[C]// Proceedings 2019 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2019: 1-15.
[81]	FERNANDES E , PAUPORE J , RAHMATI A ,et al. FlowFence:practical data protection for emerging IoT application frameworks[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2016: 531-548.
[82]	WEN H H , LIN Z Q , ZHANG Y Q . FirmXRay:detecting bluetooth link layer vulnerabilities from bare-metal firmware[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020: 167-180.
[83]	JIA Y J , CHEN Q A , WANG S Q ,et al. ContexIoT:towards providing contextual integrity to appified IoT platforms[C]// Proceedings 2017 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2017: 1-15.
[84]	TIAN Y , ZHANG N , LIN Y-H ,et al. SmartAuth:user-centered authorization for the internet of things[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2017: 361-378.
[85]	DEMETRIOU S , ZHANG N , LEE Y ,et al. HanGuard:SDN-driven protection of smart home Wi-Fi devices from malicious mobile apps[C]// Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2017: 122-133.
[86]	SCHUSTER R , SHMATIKOV V , TROMER E . Situational access control in the Internet of things[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1056-1073.
[87]	ZENG E , ROESNER F . Understanding and improving security and privacy in multi-user smart homes:a design exploration and in-home user study[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2019: 159-176.
[88]	WANG W C , CICALA F , HUSSAIN S R ,et al. Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users' privacy[C]// Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2020: 133-143.
[89]	ALSHAHRANI M , TRAORE I , WOUNGANG I . Anonymous mutual IoT interdevice authentication and key agreement scheme based on the ZigBee technique[J]. Internet of Things, 2019,7:100061.
[90]	KUMAR S , HU Y , ANDERSEN M P ,et al. JEDI:many-to-many end-to-end encryption and key delegation for IoT[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2019: 1519-1536.
[91]	XI W , QIAN C , HAN J S ,et al. Instant and robust authentication and key agreement among mobile devices[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 616-627.
[92]	HAN J , CHUNG A J , SINHA M K ,et al. Do you feel what I hear? Enabling autonomous IoT device pairing using different sensor types[C]// 2018 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2018: 836-852.
[93]	JIN W Q , LI M , MURALI S ,et al. Harnessing the ambient radio frequency noise for wearable device pairing[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020: 1135-1148.
[94]	LI X P , ZENG Q , LUO L N ,et al. T2Pair:secure and usable pairing for heterogeneous IoT devices[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020: 309-323.
[95]	APTHORPE N , HUANG D Y , REISMAN D ,et al. Keeping the smart home private with smart(er) IoT traffic shaping[J]. Proceedings on Privacy Enhancing Technologies, 2019,2019(3): 128-148.
[96]	OCONNOR T J , MOHAMED R , MIETTINEN M ,et al. HomeSnitch:behavior transparency and control for smart home IoT devices[C]// Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2019: 128-138.
[97]	KIM C H , KIM T , CHOI H ,et al. Securing real-time microcontroller systems through customized memory view switching[C]// Proceedings 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-15.
[98]	CLEMENTS A A , ALMAKHDHUB N S , BAGCHI S ,et al. ACES:automatic compartments for embedded systems[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2018: 65-82.
[99]	ABERA T , ASOKAN N , DAVI L ,et al. C-FLAT:control-flow attestation for embedded systems software[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 743-754.
[100]	SUN Z C , FENG B , LU L ,et al. OAT:attesting operation integrity of embedded devices[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 1433-1449.
[101]	ABERA T , BAHMANI R , BRASSER F ,et al. DIAT:data integrity attestation for resilient collaboration of autonomous systems[C]// Proceedings 2019 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2019: 1-15.
[102]	MENG Y , WANG Z C , ZHANG W ,et al. WiVo:enhancing the security of voice control system via wireless signal in IoT environment[C]// Proceedings of the Eighteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing. New York:ACM Press, 2018: 81-90.
[103]	SHEZAN F H , CHENG K M , ZHANG Z ,et al. TKPERM:cross-platform permission knowledge transfer to detect overprivileged third-party applications[C]// Proceedings 2020 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2020: 1-15.
[104]	EMAMI-NAEINI P , AGARWAL Y , FAITH CRANOR L ,et al. Ask the experts:what should be on an IoT privacy and security label?[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 447-464.
[105]	YU H , LIM J , KIM K ,et al. Pinto:enabling video privacy for commodity IoT cameras[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1089-1101.
[106]	NASSI B , BEN-NETANEL R , SHAMIR A ,et al. Drones' cryptanalysis-smashing cryptography with a flicker[C]// 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 1397-1414.
[107]	APTHORPE N J , VARGHESE S , FEAMSTER N . Evaluating the contextual integrity of privacy regulation:parents' IoT toy privacy norms versus COPPA[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2019: 123-140.
[108]	JULIE H , YASEMIN A , SUSANNE F . “It's the company,the government,you and I”:user perceptions of responsibility for smart home privacy and security[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2021: 1-18.
[109]	ZONG P , LV T , WANG D ,et al. FuzzGuard:filtering out unreachable inputs in directed grey-box fuzzing through deep learning[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2020: 2255-2269.
[110]	MANANDHAR S , MORAN K , KAFLE K ,et al. Towards a natural perspective of smart homes for practical security and safety analyses[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 482-499.

威胁类型	漏洞成因	主要危害	文献	文献数量/篇
云平台访问控制缺陷	授权粒度过粗，授权标准不对称	越权控制、事件窃听、隐私泄露	文献[8-11]	4
云平台恶意应用	恶意用户上传应用，应用审核机制不完善	隐私泄露、非法控制	文献[4,9,12-17]	8
云平台实体和应用交互漏洞	实体和应用交互复杂，执行冲突难以检测	设备劫持、拒绝服务、隐私泄露	文献[13-14,18-20]	5
通信协议漏洞	协议缺乏内建安全机制，厂商忽略安全因素	拒绝服务、设备劫持、重放攻击、隐私泄露	文献[18-19,21-27]	9
通信流量侧信道信息泄露	物联网通信流量具有突出特征	隐私泄露	文献[28-33]	6
设备固件漏洞	有限的计算和存储资源，缺乏有效检测工具，缺乏内存和权限管理	系统崩溃、保护绕过、恶意命令、隐私泄露	文献[34-41]	8
基于语音信道的攻击	藏匿在语音信道中的命令	越权控制、隐私泄露	文献[42-47]	6
基于物联网设备的僵尸网络	设备规模庞大，设备漏洞广泛存在	大规模拒绝服务、恶意软件分发	文献[48-50]	3

文献	采用特征	识别方法	攻击效果
文献[28]	Wi-Fi信号强度	Wi-Fi多路信号传播波动模型	①
文献[29]	端口号、负载大小、TCP窗口值等	CNN（convolutional neural network）+RNN（recurrent neural network）	①②
文献[30]	DNS查询目标、NTP请求数、SSL/TLS加密套件	朴素贝叶斯多项式分类和随机森林	①②
文献[31]	方向、包长、发包时间间隔平均值和标准差	随机森林、DBSCAN（density-based spatial clustering of applications with noise）	①②③④
文献[32]	包长平均值和方差、时间间隔平均值、tsfresh和特征工程提取的特征	k近邻、随机森林、隐式马尔可夫模型	①②③④⑤
文献[33]	方向和包长	DBSCAN	①②③④⑤
注：①判断设备/目标存在，②识别设备类型，③判断设备事件发生，④识别事件，⑤推断用户行为

检测方案	面向威胁类型	主要技术原理	主要优点	主要缺点	文献	文献数量/篇
云平台恶意应用检测	云平台恶意应用	基于敏感信息的数据流追踪，语音黑盒测试	自动化、大规模检测，有效识别恶意应用	依赖平台特性	文献[4,12, 15-16, 52-54]	7
云平台实体和应用交互漏洞检测	云平台实体和应用交互漏洞	模型检测	识别实体交互复杂过程中的逻辑漏洞	需要人工分析，且对交互解析的方法存在局限性	文献[13-14, 18-20, 55]	6
基于静态分析的固件漏洞检测	设备固件漏洞、基于物联网设备的僵尸网络	符号执行，污点分析，二进制相似性比较	自动化检测固件漏洞	对编译优化和混淆敏感，固件难以获取和自动加载	文献[39-40,42, 56-60]	8
基于动态分析的固件漏洞检测	设备固件漏洞、基于物联网设备的僵尸网络	基于 QEMU（quick Emulator）仿真，推断外设输入	动态调试、准确识别漏洞原因和位置	需要人工分析，面向有限固件类型，仿真效果受限	文献[40, 61-68]	9
基于手机 App 的固件漏洞检测	设备固件漏洞	基于App的模糊测试，App代码相似性分析	不用分析设备和解析固件	需要设备拥有对应App，App 与设备较强的关联性	文献[69-72]	4
基于侧信道的设备异常检测	设备固件漏洞、基于物联网设备的僵尸网络	基于流量特征，基于物理特征，环境上下文特征	识别设备异常行为、非侵入式方案	容易受到信号强弱、协议类型和通信模式的影响，对设备环境有要求	文献[73-80]	8

文献	建模方式和检测方法	检测平台	检测效果
文献[13]	通过解析源代码得到多个应用状态转换模型组合，基于安全策略检测动作冲突	SmartThings	在28种SmartApp组合中识别出3种组合违背11项安全策略
文献[14]	通过代码插桩在运行过程中动态建立多个应用状态转换模型，基于安全策略检测动作冲突	SmartThings、IFTTT	在 16个 SmartApp和 9个 Applet的组合中识别出3种组合违背9项安全策略
文献[20]	基于自然语言处理建立自动执行规则之间的交互模型，基于SMT求解技术检测规则间漏洞	IFTTT	在31.5万个Applet应用中，根据安装数量组成可信的规则集，发现规则集中66%具有交互漏洞
文献[55]	通过解析应用源代码和文本描述，建立应用之间通过共同物理信道连接的动作模型，基于不同物理信道的风险值计算应用组合风险	SmartThings	在185个SmartApp中发现162种基于共同物理信道的隐式关联，其中37种关联可能产生安全隐患

防御方案	面向威胁类型	主要技术原理	主要优点	主要缺点	文献	文献数量/篇
细粒度的云平台访问控制	云平台访问控制缺陷	提升权限管理粒度	有效识别越权操作，弥补平台审核机制不足	依赖平台特性，需要用户参与	文献[10, 83-87]	6
安全的通信协议	通信协议漏洞	增加内在安全机制，设计新型配对协议	增强协议机密性和完整性	安全配对协议需要感知装置支持，邻近设备不完全可信	文献[21, 88-94]	8
流量特征隐藏	通信流量侧信道信息泄露	数据包封装，流量塑形	有效对抗侧信道信息泄露	增加通信时延和负载，增加流量噪声	文献[30, 32-33, 75, 95-96]	6
基于可信计算的固件安全防护机制	设备固件漏洞、基于物联网设备的僵尸网络	程序组件权限和内存地址空间隔离，控制流完整性保护，远程认证	有效防御传统固件漏洞，大规模管理中有效发现异常设备，设备自组网络安全运行	性能和适用面需要进一步提升，细粒度的控制流认证影响系统实时性	文献[34, 37-38, 97-101]	8
语音攻击防御	基于语音信道的攻击	安全提示和语音确认，声纹识别，信号过滤	有效阻止藏匿的恶意语音命令	面临可用性和成本的额外开销	文献[42-45, 102]	5

物联网安全研究综述：威胁、检测与防御

Survey of IoT security research: threats, detection and defense

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 110

相关文章 15

Metrics

推荐阅读 0

文献	技术原理	主要特点	性能开销
文献[34]	组件权限和内存地址空间隔离	识别与分离特权指令，实现栈保护、代码和数据区域隔离，无法实现进程级别的代码隔离	平均增加1.8%执行时间和0.5%能耗
文献[97]	组件权限和内存地址空间隔离	基于 MPU 实现进程内存空间的隔离，但是划分进程内数据与代码区域的方法不灵活	最高可减少93%进程内存空间
文献[98]	组件权限和内存地址空间隔离	对固件执行单元进行更细粒度的权限划分，基于定制的安全策略对分离的组件灵活实施最小权限模型	最高引入13%的运行开销，比现有技术减少59%的Flash占用，减少84%的内存占用
文献[37]	控制流完整性保护	将函数的有效返回地址集合放到不可写的内存区域中，不需要特殊硬件模块支持	平均运行开销只有0.1%，内存开销可忽略，平均增加54.1%的Flash占用
文献[38]	控制流完整性保护	基于“影子栈”技术，配置内存保护单元来实施内存访问规则，确保程序返回到合法目标地址	平均增加1.3%和3.4%的性能开销，以及8.9%和2.3%的代码体积

[1]	赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56.
[2]	金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL：面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197.
[3]	刘盈泽, 郭渊博, 方晨, 李勇飞, 陈庆礼. 基于有限理性的网络防御策略智能规划方法[J]. 通信学报, 2023, 44(5): 52-63.
[4]	郑金志, 汲如意, 张立波, 赵琛. 基于Transformer解码的端到端场景文本检测与识别算法[J]. 通信学报, 2023, 44(5): 64-78.
[5]	李元诚, 秦永泰. 基于深度强化学习的软件定义安全中台QoS实时优化算法[J]. 通信学报, 2023, 44(5): 181-192.
[6]	周大成, 陈鸿昶, 何威振, 程国振, 扈红超. 基于深度强化学习的微服务多维动态防御策略研究[J]. 通信学报, 2023, 44(4): 50-63.
[7]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[8]	陈晋音, 熊海洋, 马浩男, 郑雅羽. 基于对比学习的图神经网络后门攻击防御方法[J]. 通信学报, 2023, 44(4): 154-166.
[9]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[10]	罗智勇, 张玉, 王青, 宋伟伟. 基于贝叶斯攻击图的SDN入侵意图识别算法的研究[J]. 通信学报, 2023, 44(4): 216-225.
[11]	张进, 葛强, 徐伟海, 江逸茗, 马海龙, 于洪涛. 拟态路由器BGP代理的设计实现与形式化验证[J]. 通信学报, 2023, 44(3): 33-44.
[12]	余雪勇, 邱礼翔, 宋家宁, 朱洪波. 无人机辅助边缘计算中安全通信与能效优化策略[J]. 通信学报, 2023, 44(3): 45-54.
[13]	戴千一, 张斌, 郭松, 徐开勇. 基于多分类器集成的区块链网络层异常流量检测方法[J]. 通信学报, 2023, 44(3): 66-80.
[14]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[15]	张艳硕, 刘宁, 袁煜淇, 杨亚涛. 基于ISRSAC数字签名算法的适配器签名方案[J]. 通信学报, 2023, 44(3): 178-185.