物联网设备安全检测综述  被引量：7

作　　者：张妍[1,2] 黎家通 宋小祎 范钰婷 路晔绵 张若定 王子馨 Zhang Yan;Li Jiatong;Song Xiaoyi;Fan Yuting;Lu Yemian;Zhang Ruoding;Wang Zixin(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049;School of Cyberspace Security,Chengdu University of Information Technology,Chengdu 610000;China Academy of Information and Communications,Beijing 100191)

机构地区：[1]中国科学院信息工程研究所,北京100093 [2]中国科学院大学网络空间安全学院,北京100049 [3]成都信息工程大学网络空间安全学院,成都610000 [4]中国信息通信研究院,北京100191

出　　处：《计算机研究与发展》2023年第10期2271-2290,共20页Journal of Computer Research and Development

基　　金：智慧城市核心算法及软件系统研发项目(E2V0211105);2022年中国信息通信研究院开放课题(E2CK041);2021年中国移动内容分发网络内容管理平台项目(E1V0731105)。

摘　　要：目前,物联网(Internet of things,IoT)设备已广泛应用于人们的日常生活,其安全性与个人、企业甚至国家密切相关.IoT设备重要性提高的同时也招致越来越多的攻击.为应对IoT设备所面临的安全挑战,各国各地区已制定众多和IoT设备安全相关的法律法规、安全测评及认证标准.对该领域现有的研究状况进行了归纳与整理,首先从IoT设备面临的安全威胁出发,按照层次逻辑划分探讨针对IoT设备的不同攻击面,并在此基础上对现有的安全法律法规、安全测评及认证现状进行分析、总结,重点从芯片木马检测、接口安全风险检测、无线协议安全风险检测、固件风险检测及应用与服务安全风险检测5个方面对IoT安全风险检测前沿技术进行研究,并在最后对该领域未来可能的发展方向进行了总结和展望,以期为我国未来IoT设备产品的安全发展提供参考和帮助.At present,IoT(Internet of things)devices have been widely used in people’s daily life,and their security is closely related to individuals,enterprises and even countries.The increasing importance of IoT devices has also attracted a growing number of attacks.To address the security challenges IoT devices faced,various countries and regions have formulated numerous laws and regulations,security evaluation and certification standards related to IoT device security.We summarize and organize the existing research status in this field.We firse discuss the security threats IoT devices faced and explore the different attack surfaces for IoT devices based on a hierarchical logic division.Furthermore,we analyze and summarize the existing security laws,regulations,security evaluation,and certification status,while focusing on the research on IoT security risk detection cutting-edge technologies from five aspects:chip Trojan horse detection,Interface security risk detection,wireless protocol security,firmware risk detection and application,and service security risk detection.Finally,the possible future development direction of this field is summarized and prospected,in order to provide reference and help for the security development of our country’s future IoT device products.

关 键 词：IoT设备安全 法律法规 安全测评 认证标准 风险检测 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]