摘要: |
智能家居是物联网的一大发展方向,但其在安全方面表现得不如人意,近年来频频爆发网络安全事件。智能家居相较于传统的嵌入式设备,引入了移动应用程序和云平台服务,使得其暴露出了更多的攻击面。本文围绕智能家居终端设备、云平台、移动应用程序及通信等四个方面,综述针对智能家居的攻击方法和防御措施,并针对性的梳理了目前学术界及工业界关注的研究热点与难点。最后,本文针对现有智能家居设备自动化漏洞挖掘技术与防御监控能力的不足进行了讨论,并提出了基于Docker集群部署的端侧自动化威胁模型系统设计思路。 |
关键词: 物联网 智能家居 攻击 防御 漏洞 |
DOI:10.19363/J.cnki.cn10-1380/tn.2021.07.01 |
投稿时间:2020-10-20修订日期:2020-12-24 |
基金项目:本课题得到NSFC-通用技术基础研究联合基金(No.U1636107);国家自然科学基金(No.61972297)资助。 |
|
Survey on Smart Home Attack and Defense Methods |
YAN Han,PENG Guojun,LUO Yuan,LIU Side |
Key Laboratory of Aerospace Information Security and Trust Computing, Ministry of Education, Wuhan University, Wuhan 430072, China;School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China |
Abstract: |
The smart home is a major development direction of the Internet of Things, but its performance is not satisfying in terms of security. In recent years, network security events erupted repeatedly. Compared with traditional embedded devices, smart home introduces mobile applications and cloud platforms, thus exposing more attack surfaces. This paper focuses on four aspects:smart devices, cloud platforms, mobile applications, and communications. We summarize the attack and defense methods for smart home and summarize the current research hotspots and difficulties between academia and industries. Finally, this paper discusses the limitations of existing automation vulnerability mining and defensive monitoring capabilities of the smart home. Based on these efforts, we propose the design concept of end-side automated threat model system based on Docker cluster deployment. |
Key words: the Internet of Things smart home attack defense vulnerability |