ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (11): 2349-2364.doi: 10.7544/issn1000-1239.2019.20190412

所属专题: 2019密码学与智能安全研究专题

• 信息安全 • 上一篇    下一篇

面向智能家居平台的信息物理融合系统安全

孟岩1,李少锋1,张亦弛1,朱浩瑾1,张新鹏2,3   

  1. 1(上海交通大学计算机科学与工程系 上海 200240);2(上海先进通信与数据科学研究院 上海 200444);3(上海大学通信与信息工程学院 上海 200444) (yan_meng@sjtu.edu.cn)
  • 出版日期: 2019-11-12
  • 基金资助: 
    国家重点研发计划项目(2018YFC0910500);国家自然科学基金面上项目(61672350)

Cyber Physical System Security of Smart Home Platform

Meng Yan1, Li Shaofeng1, Zhang Yichi1, Zhu Haojin1, Zhang Xinpeng2,3   

  1. 1(Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240);2(Shanghai Institute for Advanced Communication and Data Science, Shanghai 200444);3(School of Communication and Information Engineering, Shanghai University, Shanghai 200444)
  • Online: 2019-11-12

摘要: 作为物联网技术的典型应用,智能家居平台正逐步走进千家万户,但其存在的安全问题阻碍了其进一步的部署.研究者对智能家居平台的安全问题研究处于起步阶段,同时大量安全威胁被迅速提出.回顾了当前智能家居平台的典型架构,并分析了其各个组成部分存在的攻击接口.在信息接口安全方面,分析了存在于如智能摄像头的图像接口与语音控制系统的对抗样本攻击问题;在云端后台安全方面,分析了执行云端智能应用时对安全规则的破坏,以及造成的隐私泄露等问题.回顾了对这些安全问题所提出的解决方案,并指出现有工作存在的问题.针对存在于智能家居中的恶意应用问题,提出了一种基于无线流量分析的第三方恶意软件检测系统,能够在不修改智能家居平台的情况下,实现对恶意应用的精准检测.介绍了该系统的相关设计方案,并在三星SmartThings平台上验证了其准确性,并针对该系统给出一个隐私保护机制.

关键词: 智能家居平台, 安全分析, 隐私保护, 对抗机器学习, 恶意应用检测

Abstract: As a typical application of Internet of things (IoT) technology, smart home platform is gradually entering thousands of households. However, the security issues of smart home platforms have hindered their further market expanding. The research on the security of smart home platforms is still at early stages, but many security threats have been proposed by researchers recently. In this paper, we review the typical the architectures of current popular smart home platforms, and analyze their attack interfaces on all components. In the area of information interface security, this paper analyzes the data steganography problems existing in the smart camera’s image interface, as well as the adversarial examples aiming at the voice control interface. In the aspect of cloud backend security, this paper analyses the security rulers’ breaches and the data leakage when running the smart applications. For these security problems, this paper reviews some existing solutions and their limitations. Furthermore, for smart home platform, this paper proposes a third-party malicious application detection system using wireless traffic analysis without any modification on the current platform. This paper introduces the design details of the proposed system, and demonstrates its effectiveness on the Samsung SmartThings platform, and proposes a privacy protection mechanism for this system.

Key words: smart home platform, security analysis, privacy protection, adversarial machine learning, malicious application detection

中图分类号: