SoK: Security Evaluation of Home-Based IoT Deployments

2019 IEEE Symposium on Security and Privacy (SP) Pub Date : 2019-05-19 DOI:10.1109/SP.2019.00013

Omar Alrawi, Chaz Lever, M. Antonakakis, F. Monrose

{"title":"SoK: Security Evaluation of Home-Based IoT Deployments","authors":"Omar Alrawi, Chaz Lever, M. Antonakakis, F. Monrose","doi":"10.1109/SP.2019.00013","DOIUrl":null,"url":null,"abstract":"Home-based IoT devices have a bleak reputation regarding their security practices. On the surface, the insecurities of IoT devices seem to be caused by integration problems that may be addressed by simple measures, but this work finds that to be a naive assumption. The truth is, IoT deployments, at their core, utilize traditional compute systems, such as embedded, mobile, and network. These components have many unexplored challenges such as the effect of over-privileged mobile applications on embedded devices. Our work proposes a methodology that researchers and practitioners could employ to analyze security properties for home-based IoT devices. We systematize the literature for home-based IoT using this methodology in order to understand attack techniques, mitigations, and stakeholders. Further, we evaluate \\numDevices devices to augment the systematized literature in order to identify neglected research areas. To make this analysis transparent and easier to adapt by the community, we provide a public portal to share our evaluation data and invite the community to contribute their independent findings.","PeriodicalId":272713,"journal":{"name":"2019 IEEE Symposium on Security and Privacy (SP)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"280","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2019.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 280

Abstract

Home-based IoT devices have a bleak reputation regarding their security practices. On the surface, the insecurities of IoT devices seem to be caused by integration problems that may be addressed by simple measures, but this work finds that to be a naive assumption. The truth is, IoT deployments, at their core, utilize traditional compute systems, such as embedded, mobile, and network. These components have many unexplored challenges such as the effect of over-privileged mobile applications on embedded devices. Our work proposes a methodology that researchers and practitioners could employ to analyze security properties for home-based IoT devices. We systematize the literature for home-based IoT using this methodology in order to understand attack techniques, mitigations, and stakeholders. Further, we evaluate \numDevices devices to augment the systematized literature in order to identify neglected research areas. To make this analysis transparent and easier to adapt by the community, we provide a public portal to share our evaluation data and invite the community to contribute their independent findings.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SoK:家庭物联网部署的安全评估

基于家庭的物联网设备在安全实践方面名声不佳。从表面上看，物联网设备的不安全似乎是由集成问题引起的，这些问题可以通过简单的措施解决，但这项工作发现这是一个天真的假设。事实是，物联网部署的核心是利用传统的计算系统，如嵌入式、移动和网络。这些组件有许多未开发的挑战，例如对嵌入式设备的过度特权移动应用程序的影响。我们的工作提出了一种方法，研究人员和从业人员可以使用它来分析基于家庭的物联网设备的安全属性。我们使用这种方法对基于家庭的物联网的文献进行了系统化，以便了解攻击技术、缓解措施和利益相关者。此外，我们评估\numDevices设备，以增加系统化的文献，以确定被忽视的研究领域。为了使分析透明，更容易被社区采用，我们提供了一个公共门户网站来分享我们的评估数据，并邀请社区贡献他们的独立发现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2019 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量