A Novel Semi-Automatic Vulnerability Detection System for Smart Home

With increasing popularity of smart homes, there are more and more security problems. Due to the complex communication in the smart home environment, security issues of Internet of Things not only involves in the smart devices, but also in mobile applications and cloud controllers. Some existing researches have focused on the security issues in smart home; however, most of them just paid attention on the smart devices, such as the terminal equipment, and ignored the issues on cloud controllers and mobile applications. In this paper, we first discuss the vulnerabilities in the architecture of smart home, and propose a threat model. Then we describe how to build a semi-automatic vulnerability detection system, which can detect the vulnerabilities from all-round aspects before the device walk out of the factory's door. The extensive experiments and results demonstrate the effectiveness and high efficiency of our proposed semi-automatic vulnerability detection system for smart home.

[1]  Andreas Jacobsson,et al.  On Privacy and Security Challenges in Smart Connected Homes , 2016, 2016 European Intelligence and Security Informatics Conference (EISIC).

[2]  Salim Hariri,et al.  IoT Security Framework for Smart Cyber Infrastructures , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[3]  Johannes Schneider,et al.  Structured system threat modeling and mitigation analysis for industrial automation systems , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[4]  Daniel Minoli,et al.  IoT security (IoTSec) considerations, requirements, and architectures , 2017, 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[5]  Smruti R. Sarangi,et al.  Internet of Things: Architectures, Protocols, and Applications , 2017, J. Electr. Comput. Eng..

[6]  Tadayoshi Kohno,et al.  Securing vulnerable home IoT devices with an in-hub security manager , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[7]  Utkarsh Saxena,et al.  Analysis of security attacks in a smart home networks , 2017, 2017 7th International Conference on Cloud Computing, Data Science & Engineering - Confluence.

[8]  Mike Tanner,et al.  Computing the impact of cyber attacks on complex missions , 2011, 2011 IEEE International Systems Conference.

[9]  Eun-Kyu Lee,et al.  Fine-Grained Access to Smart Building Energy Resources , 2013, IEEE Internet Computing.

[10]  Dianxiang Xu,et al.  Automated Security Test Generation with Formal Threat Models , 2012, IEEE Transactions on Dependable and Secure Computing.