Home IoT Security

Fork from: https://github1s.com/ReAbout/References-of-IoT-Security

0x00 Paper

1.Cloud Security

[Cloud Platform]

• 2016, IEEE S&P, Security Analysis of Emerging Smart Home Applications
• 2017, IoT S&P, Smart solution, poor protection: An empirical study of security and privacy issues in developing and deploying smart home devices
• 2019, Usenix Security,Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms
• 2020, IEEE S&P, Burglars' iot paradise: Understanding and mitigating security risks of general messaging protocols on iot clouds

[Cross Cloud]

• 2020, Usenix Security,Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation

2.Vulnerability Discovery on Device

[Fuzzing]

• 2010, IEEE S&P, Experimental security analysis of a modern automobile.
• 2013, IJINS, Analysis of HTTP protocol implementation in smart card embedded web server.
• 2014, HPCS, Analysis of embedded applications by evolutionary fuzzing.
• 2015, AINA, Fuzzing can packets into automobiles.
• 2016, ACM, [ A. Automated dynamic firmware analysis at scale: A case study
  on embedded web interfaces](https://dl.acm.org/doi/abs/10.1145/2897845.2897900)
• 2018, NDSS, IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
• 2019, ACM Workshop, FirmFuzz: Automated IoT Firmware Introspection and Analysis
• 2019, USENIX Security, FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation

[Symbolic Execution]

• 2020, IEEE S&P, KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware.
• 2021,USENIX Security, Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems

0x01.Vulnerability Analysis Framework on Device

[Emulation]

• 2014, NDSS, AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares
• 2014, ACM, Prospect: peripheral proxying supported embedded code testing.
• 2015, WOOT, SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
• 2016, NDSS, Towards Automated Dynamic Analysis for Linux-based Embedded Firmware.
• 2018, NDSS Workshop, Avatar 2: A Multi-target Orchestration Platform.
• 2020, ACSAC ,FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

0x02.Vulnerability Mitigation

[Sensitive Information]

• 2016, USENIX Security, FlowFence: Practical Data Protection for Emerging IoT Application Frameworks
• 2018, USENIX Security, Sensitive Information Tracking in Commodity IoT

[Authentication and Access Control]

• 2017, IEEE S&P, Security Implications of Permission Models in Smart-Home Application Frameworks
• 2017, NDSS, ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms
• 2017, USENIX Security, SmartAuth: User-Centered Authorization for the Internet of Things
• 2017, Access Control Models, FACT: Functionality-centric Access Control System for IoT Programming Frameworks
• 2018, USENIX Security, Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
• 2018, IEEE SecDev, Tyche: Risk-Based Permissions for Smart Home Platforms
• 2019, NDSS, IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

[Privacy Inference via Sensors and Defenses]

• 2017, arXiv, Spying on the Smart Home Privacy Attacks and Defenses on Encrypted IoT Traffic
• 2017, arXiv, Detecting Spies in IoT Systems using Cyber-Physical Correlation
• 2018, arXiv, Peek-a-Boo: I see your smart home activities even encrypted
• 2018, arXiv, Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers
• 2018, arXiv, A Developer-Friendly Library for Smart Home IoT Privacy Preserving Traffic Obfuscation

5.IoT Surveys

• 2017, arXiv, A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security
• 2017, arXiv, Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be
• 2017, IEEE S&P Magazine, Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges
• 2018, BlackHat, IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
• 2018, arXiv, A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications
• 2018，信息安全学术，IoT 智能设备安全威胁及防护技术综述
• 2018, arXiv, IoT Security: An End-to-End View and Case Study
• 2019, arXiv, Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
• 2019, IEEE S&P, SoK: Security Evaluation of Home-Based IoT Deployments
• 2020, MDPI, A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices

6. Other

• 2019, USENIX Security,Looking from the mirror: evaluating IoT device security through mobile companion apps

0x03 Website

• 知道创宇IoT专栏
• UMICH IoT
• IoT Security Wiki
• 物联网安全百科

Communication Security

• Researchers exploit ZigBee security flaws that compromise security of smart homes
• KCon 2018 议题解读：智能家居安全——身份劫持

Device Security

• 智能门锁网络安全分析报告
• 智能家居行业网络安全风险分析报告

App Security

Platform Security

0x04 Topic of Xiaomi

• 小米IoT开发者平台

MIDC

• MIDC • 2017 小米IoT安全峰会议题 PPT 公布

  list:
  解密人脸解锁
  IoT 固件安全的设计和攻防
  僵尸网络 Hajime 的攻防逻辑
  IoT 被遗忘的攻击面
  特斯拉安全研究：从一次到两次的背后
  小米 IoT 安全之路
  IoT与隐私保护

• MIDC • 2018 小米IoT安全峰会议题 PPT 公布

  list：
  小米 IoT 安全思考与实践
  小米IoT隐私数据合规实践
  IoT + AI + 安全 =？
  IoT 安全战地笔记
  智能门锁，让居住更安全
  IoT Reverse Engineering
  大安全下的 IoT 安全威胁演变与应对

Communication Security

• 绿米网关局域网通信协议V1.1.1
• 网关局域网通信协议V2.0
• 小米智能家居设备流量分析及脚本控制
• 小米接入教程
• 智能家居设备的另一种打开方式——如何控制局域网中的小米设备

Device Security

• Reverse Engineering 101 of the Xiaomi IoT ecosystem HITCON Community 2018 Dennis Giese
• 如何成功劫持小米Mi扫地机器人

Ref:

https://github.com/Beerkay/IoTResearch