检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:冯超 陈炯峄 张斌[1] FENG Chao;CHEN Jiongyi;ZHANG Bin(College of Electronic Science and Technology,National University of Defense Technology,Changsha 410073,China)
机构地区:[1]国防科技大学电子科学学院,湖南长沙410073
出 处:《信息对抗技术》2023年第3期18-34,共17页Information Countermeasures Technology
摘 要:为了对智能家电进行远程管理,移动端应用程序得到了广泛应用,智能家电设备、用户和云端之间的远程绑定成为实现设备安全远程访问的关键。为此,主要研究了智能家居远程绑定中的安全威胁问题。首先,建立了远程绑定的全过程状态机模型;然后,基于该模型,系统分析了针对10款远程家居设备的远程绑定方案,并发现了多个安全缺陷;最后,提出了一个增强的远程绑定方案IoTBinder,该方案针对现有远程绑定中静态设备ID容易被暴力破解或泄露问题,从云端生成动态设备ID并通过用户传递给设备完成远程绑定。通过安全协议分析工具ProVerif的验证表明,IoTBinder可有效保护远程绑定过程,性能开销可以忽略不计。Smart home applications have been increasingly deployed to help users remotely manage smart home appliances.The communication architecture in smart home usually involves the smart home device,the user and the cloud.To enable remote access,communication between a user and a device is relayed through the cloud.In this paper,we studied security threats in the remote binding of smart home.First,we proposed a state-machine model to describe the life cycle of remote binding,and to demystify complexity in various remote binding designs.With such a state-machine model,we systematically examined 10 real-world remote binding designs and exposed their attack surfaces.On the other hand,to mitigate the security threats,we presented a new remote binding solution called IoTBinder.One fundamental cause of the remote binding risk is the nature of static device IDs used in smart home devices,which could be easily leaked by brute-forcing or through ownership transfer.IoTBinder addresses this issue by generating a dynamic device ID from the cloud and delivering it to the device through the user.Further evaluation demonstrated that IoTBinder was effective in protecting remote binding attacks with negligible performance overhead.
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.220.23.205