└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # IoT Security 2 | 3 | ## 0x01 Paper 4 | 5 | ### 1.Cloud Security 6 | 7 | #### [Cloud Platform] 8 | - 2016, IEEE S&P, [Security Analysis of Emerging Smart Home Applications](http://iotsecurity.eecs.umich.edu/img/Fernandes_SmartThingsSP16.pdf) 9 | - 2017, IoT S&P, [Smart solution, poor protection: An empirical study of security and privacy issues in developing and deploying smart home devices](https://dl.acm.org/doi/abs/10.1145/3139937.3139948) 10 | - 2019, Usenix Security,[Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms](https://www.usenix.org/conference/usenixsecurity19/presentation/zhou) 11 | - 2020, IEEE S&P, [Burglars' iot paradise: Understanding and mitigating security risks of general messaging protocols on iot clouds](https://ieeexplore.ieee.org/abstract/document/9152619) 12 | - 2021,ACM,[Who's In Control? On Security Risks of Disjointed IoT Device Management Channels](https://dl.acm.org/doi/abs/10.1145/3460120.3484592) 13 | #### [Cross Cloud] 14 | - 2020, Usenix Security,[Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation](https://www.researchgate.net/profile/Bin_Yuan3/publication/342804736_Shattered_Chain_of_Trust_Understanding_Security_Risks_in_Cross-Cloud_IoT_Access_Delegation/links/5f0700de299bf188160e70af/Shattered-Chain-of-Trust-Understanding-Security-Risks-in-Cross-Cloud-IoT-Access-Delegation.pdf) 15 | 16 | ### 2.Communication security 17 | 18 | - 2022,AsiaCCS,[Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things](https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf) 19 | 20 | 21 | ### 3.Vulnerability Discovery on Device 22 | #### [Fuzzing] 23 | - 2010, IEEE S&P, [Experimental security analysis of a modern automobile.](https://ieeexplore.ieee.org/abstract/document/5504804/) 24 | - 2013, IJINS, [Analysis of HTTP protocol implementation in smart card embedded web server.](https://pdfs.semanticscholar.org/b2e2/3984c8a2ff489e8c129574ed34ea7613ecda.pdf) 25 | - 2014, HPCS, [Analysis of embedded applications by evolutionary fuzzing.](https://ieeexplore.ieee.org/abstract/document/6903734) 26 | - 2015, AINA, [Fuzzing can packets into automobiles.](https://ieeexplore.ieee.org/abstract/document/7098059/) 27 | - 2016, ACM, [ A. Automated dynamic firmware analysis at scale: A case study 28 | on embedded web interfaces](https://dl.acm.org/doi/abs/10.1145/2897845.2897900) 29 | - 2018, NDSS, [IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing](http://web.cse.ohio-state.edu/~lin.3021/file/NDSS18b.pdf) 30 | - 2019, ACM Workshop, [FirmFuzz: Automated IoT Firmware Introspection and Analysis](https://dl.acm.org/doi/abs/10.1145/3338507.3358616) 31 | - 2019, USENIX Security, [FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation](https://www.usenix.org/conference/usenixsecurity19/presentation/zheng) 32 | - 2022, EuroS&P, [Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers](https://github.com/ReAbout/Trampoline-Over-the-Air/blob/main/Trampoline%20Over%20the%20Air%20-%20Breaking%20in%20IoT%20Devices%20Through%20MQTT%20Brokers_validated.pdf) 33 | #### [Symbolic Execution] 34 | - 2020, IEEE S&P, [KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware.](https://conand.me/publications/redini-karonte-2020.pdf) 35 | - 2021,USENIX Security, [Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems](https://www.usenix.org/conference/usenixsecurity21/presentation/chen-libo) 36 | 37 | #### other 38 | - 2021,ACSAC, [argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Cortex-M Binaries](https://dl.acm.org/doi/pdf/10.1145/3485832.3488007) 39 | - 2022, WWW, [Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices](https://dl.acm.org/doi/pdf/10.1145/3485447.3512213) 40 | 41 | 42 | ### 4.Vulnerability Analysis Framework on Device 43 | #### [Emulation] 44 | - 2014, NDSS, [AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares](https://www.researchgate.net/profile/Jonas_Zaddach/publication/269197057_Avatar_A_Framework_to_Support_Dynamic_Security_Analysis_of_Embedded_Systems'_Firmwares/links/5e0b2725299bf10bc3852355/Avatar-A-Framework-to-Support-Dynamic-Security-Analysis-of-Embedded-Systems-Firmwares.pdf) 45 | - 2014, ACM, [Prospect: peripheral proxying supported embedded code testing.](https://dl.acm.org/doi/abs/10.1145/2590296.2590301) 46 | - 2015, WOOT, [SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems](https://www.usenix.org/conference/woot15/workshop-program/presentation/koscher) 47 | - 2016, NDSS, [Towards Automated Dynamic Analysis for Linux-based Embedded Firmware.](https://www.ndss-symposium.org/wp-content/uploads/2017/09/towards-automated-dynamic-analysis-linux-based-embedded-firmware.pdf) 48 | - 2018, NDSS Workshop, [Avatar 2: A Multi-target Orchestration Platform.](http://s3.eurecom.fr/docs/bar18_muench.pdf) 49 | - 2020, ACSAC ,[FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis](https://dl.acm.org/doi/abs/10.1145/3427228.3427294) 50 | - 2021, USENIX Security, [Automatic Firmware Emulation through Invalidity-guided Knowledge Inference](https://www.usenix.org/system/files/sec21fall-zhou.pdf) 51 | ### 5.Vulnerability Mitigation 52 | 53 | #### [Hotpatch] 54 | - 2021, NDSS, [HERA: Hotpatching of Embedded Real-time Applications](https://www.ndss-symposium.org/ndss-paper/hera-hotpatching-of-embedded-real-time-applications/) 55 | - 2022, USENIX Security, [RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices](https://www.usenix.org/system/files/sec22summer_he-yi.pdf) 56 | #### [Sensitive Information] 57 | - 2016, USENIX Security, [FlowFence: Practical Data Protection for Emerging IoT Application Frameworks](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_fernandes.pdf) 58 | - 2018, USENIX Security, [Sensitive Information Tracking in Commodity IoT](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-celik.pdf) 59 | #### [Authentication and Access Control] 60 | - 2017, IEEE S&P, [Security Implications of Permission Models in Smart-Home Application Frameworks](https://www.infoq.com/articles/smart-home-permission-models) 61 | - 2017, NDSS, [ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms](https://amir.rahmati.com/dl/ndss17/ContexIoT_NDSS17.pdf) 62 | - 2017, USENIX Security, [SmartAuth: User-Centered Authorization for the Internet of Things](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tian.pdf) 63 | - 2017, Access Control Models, [FACT: Functionality-centric Access Control System for IoT Programming Frameworks](http://www.corelab.or.kr/Pubs/sacmat17_fact.pdf) 64 | - 2018, USENIX Security, [Rethinking Access Control and Authentication for the Home Internet of Things (IoT)](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-he.pdf) 65 | - 2018, IEEE SecDev, [Tyche: Risk-Based Permissions for Smart Home Platforms](https://arxiv.org/pdf/1801.04609) 66 | - 2019, NDSS, [IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT](https://cs.uwaterloo.ca/~yaafer/teaching/papers/ndss2019_07A-1_Celik_paper.pdf) 67 | #### [Privacy Inference via Sensors and Defenses] 68 | - 2017, arXiv, [Spying on the Smart Home Privacy Attacks and Defenses on Encrypted IoT Traffic](https://arxiv.org/pdf/1708.05044.pdf) 69 | - 2017, arXiv, [Detecting Spies in IoT Systems using Cyber-Physical Correlation](https://faculty.washington.edu/lagesse/publications/HiddenSensorDetection.pdf) 70 | - 2018, arXiv, [Peek-a-Boo: I see your smart home activities even encrypted](https://arxiv.org/pdf/1808.02741) 71 | - 2018, arXiv, [Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers](https://arxiv.org/pdf/1705.06809.pdf) 72 | - 2018, arXiv, [A Developer-Friendly Library for Smart Home IoT Privacy Preserving Traffic Obfuscation](https://arxiv.org/pdf/1808.07432.pdf) 73 | - 2022, USENIX Security,[Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment](https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-rahul) 74 | ### 6.IoT Surveys 75 | - 2017, arXiv, [A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security](https://arxiv.org/pdf/1807.11023.pdf) 76 | - 2017, arXiv, [Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be](https://arxiv.org/pdf/1703.09809.pdf) 77 | - 2017, IEEE S&P Magazine, [Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges](https://arxiv.org/pdf/1705.08522.pdf) 78 | - 2018, BlackHat, [IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies](https://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies-wp.pdf) 79 | - 2018, arXiv, [A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications](https://arxiv.org/pdf/1802.02041.pdf) 80 | - 2018,信息安全学术,[IoT 智能设备安全威胁及防护技术综述](http://jcs.iie.ac.cn/ch/reader/create_pdf.aspx?file_no=20180104&year_id=2018&quarter_id=1&falg=1) 81 | - 2018, arXiv, [IoT Security: An End-to-End View and Case Study](https://arxiv.org/pdf/1805.05853.pdf) 82 | - 2019, arXiv, [Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities](https://arxiv.org/pdf/1809.06962.pdf) 83 | - 2019, IEEE S&P, [SoK: Security Evaluation of Home-Based IoT Deployments](https://www.computer.org/csdl/proceedings/sp/2019/6660/00/666001a208-abs.html) 84 | - 2019, USENIX Security,[Looking from the mirror: evaluating IoT device security through mobile companion apps](https://www.usenix.org/conference/usenixsecurity19/presentation/wang-xueqiang) 85 | - 2020, MDPI, [A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices](https://www.mdpi.com/1999-5903/12/2/27) 86 | 87 | 88 | ## 0x02 Website 89 | - [知道创宇IoT专栏](https://paper.seebug.org/category/IoT/) 90 | - [UMICH IoT](https://iotsecurity.engin.umich.edu/) 91 | - [IoT Security Wiki](https://iotsecuritywiki.com/) 92 | - [物联网安全百科](https://iot-security.wiki/) 93 | #### Communication Security 94 | - [Researchers exploit ZigBee security flaws that compromise security of smart homes](https://www.csoonline.com/article/2969402/microsoft-subnet/researchers-exploit-zigbee-security-flaws-that-compromise-security-of-smart-homes.html) 95 | - [KCon 2018 议题解读:智能家居安全——身份劫持](https://paper.seebug.org/690/) 96 | #### Device Security 97 | - [智能门锁网络安全分析报告](https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247486313&idx=1&sn=adf4560cfceca1e996cbf173e5bb415f&chksm=fa90bda8cde734bebaa34b9b9fc9414907f2f61b80ffa1af70af31a9c56c1590065ac47c972c&mpshare=1&scene=1&srcid=1113NO91YeEE2SnAbvkDRwah#rd) 98 | - [智能家居行业网络安全风险分析报告 ](https://www.secrss.com/articles/3603) 99 | #### App Security 100 | #### Platform Security 101 | ## 0x03 Topic of Xiaomi 102 | - [小米IoT开发者平台](https://iot.mi.com/new/guide.html?file=%E9%A6%96%E9%A1%B5) 103 | #### MIDC 104 | - [MIDC • 2017 小米IoT安全峰会议题 PPT 公布](http://www.vipread.com/library/list/241) 105 | >list: 106 | 解密人脸解锁 107 | IoT 固件安全的设计和攻防 108 | 僵尸网络 Hajime 的攻防逻辑 109 | IoT 被遗忘的攻击面 110 | 特斯拉安全研究:从一次到两次的背后 111 | 小米 IoT 安全之路 112 | IoT与隐私保护 113 | 114 | - [MIDC • 2018 小米IoT安全峰会议题 PPT 公布](https://paper.seebug.org/761/) 115 | >list: 116 | 小米 IoT 安全思考与实践 117 | 小米IoT隐私数据合规实践 118 | IoT + AI + 安全 =? 119 | IoT 安全战地笔记 120 | 智能门锁,让居住更安全 121 | IoT Reverse Engineering 122 | 大安全下的 IoT 安全威胁演变与应对 123 | #### Communication Security 124 | - [绿米网关局域网通信协议V1.1.1](/files/绿米网关局域网通信协议V1.1.1_2017.12.21.doc) 125 | - [网关局域网通信协议V2.0](https://docs.opencloud.aqara.cn/development/gateway-LAN-communication/) 126 | - [小米智能家居设备流量分析及脚本控制](https://www.freebuf.com/articles/terminal/181846.html) 127 | - [小米接入教程](https://homekit.loli.ren/docs/show/12 ) 128 | - [智能家居设备的另一种打开方式——如何控制局域网中的小米设备](https://paper.seebug.org/616/) 129 | #### Device Security 130 | - [Reverse Engineering 101 of the Xiaomi IoT ecosystem HITCON Community 2018 Dennis Giese](https://hitcon.org/2018/CMT/slide-files/d2_s1_r0.pdf) 131 | - [如何成功劫持小米Mi扫地机器人](https://www.kaspersky.com.cn/blog/xiaomi-mi-robot-hacked/9107/) 132 | ### Ref: 133 | ###### https://github.com/Beerkay/IoTResearch 134 | --------------------------------------------------------------------------------