Show simple item record

dc.contributor.advisorDu, Xiaojiang
dc.creatorFu, Chenglong
dc.date.accessioned2022-05-26T18:07:13Z
dc.date.available2022-05-26T18:07:13Z
dc.date.issued2022
dc.identifier.urihttp://hdl.handle.net/20.500.12613/7667
dc.description.abstractRecent advancements in low-cost and low-power hardware facilitate the prevalence of Internet of Things (IoT) to be adopted in various smart environments. Although our works mainly take the smart home as the target application scenario, they can be easily applied to other smart environments such as smart office and industry. These devices and systems bring higher-level context sensing capability and enable intelligent and autonomous actions. However, these advantages are greatly undermined by concerns over the systems’ security issues. Due to constraints on cost, power, and size, a large number of high-risk vulnerabilities of IoT/CPS (Cyber Physical System) systems are being discovered every year, which allow attackers to exploit them and expand their attacks from cyberspace to the physical world and causes severe damages. To cope with these emerging threats, we systematically investigate constituent components of IoT systems. Based on our exploration, we reveal new vulnerabilities and propose effective defense and detection mechanisms. In one work, we propose a novel semantic-aware anomaly detection scheme for smart home IoT systems, which provides timely anomaly alerts with a very low false alarm rate. In this scheme, we innovatively present the inter-device correlations as a uniform representation for profiling normal behaviors of smart home IoT systems. We utilize semantic information such as automation rules and device attributes to generate hypothetical correlations and then test them using collected event logs. The accepted correlations are then applied to the real-time events stream which can raise alarms when there is violation. We build a prototype anomaly detection system and evaluate it on four real-world testbeds. The evaluation results show that the accuracies are higher than 97%. In another work, we design an audio adversarial examples (AEs) detection system that can protect any system that uses audio speech recognition (ASR), such as smart speakers. We observe that existing audio AEs cannot transfer among different speech recognition model. Based on this observation, we propose to apply multiple speech recognition models to an input audio samples concurrently and detect AEs as those have inconsistent transcripts. We evaluate the our prototype detector on 1,125 benign audio samples and 1,125 AE samples. The results show an detection accuracy of over 98%. We conduct detailed investigation of IoT messaging protocols. We discover a new vulnerability of the IoT message timeout handling mechanism that broadly affects a large number of IoT devices and is not due to implementation flaws. We summarize our discovery as two attack primitives that can stealthily delay event and command messages, respectively. Further, we build three types of attacks based on them, which can manipulate the execution of automation rules to trigger erroneous actions or disable actions of safety-critical devices. We extensively evaluate the vulnerability on 50 IoT devices (belonging to 8 types) construct 11 proof-of-concept attacking cases that are collected from real-world user forums. The results show the effectiveness of the attack. We have reported the discovered vulnerability to major IoT vendors, including Apple, Google, Amazon, Ring, SmartThings, and SimpliSafe, and some vendors have discussed their counter measurements. We also develop a blockchain-assisted distributed relay sharing scheme for smart home IoT systems. The scheme can effectively resolve the single points of failure (SPOF) problem of existing cloud based service architecture and prevent malicious behaviors through financial punishment.
dc.format.extent167 pages
dc.language.isoeng
dc.publisherTemple University. Libraries
dc.relation.ispartofTheses and Dissertations
dc.rightsIN COPYRIGHT- This Rights Statement can be used for an Item that is in copyright. Using this statement implies that the organization making this Item available has determined that the Item is in copyright and either is the rights-holder, has obtained permission from the rights-holder(s) to make their Work(s) available, or makes the Item available under an exception or limitation to copyright (including Fair Use) that entitles it to make the Item available.
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/
dc.subjectComputer science
dc.titleEffective Security Schemes for Smart Home Internet of Things
dc.typeText
dc.type.genreThesis/Dissertation
dc.contributor.committeememberWang, Yu
dc.contributor.committeememberWang, Yan
dc.contributor.committeememberZeng, Qiang
dc.description.departmentComputer and Information Science
dc.relation.doihttp://dx.doi.org/10.34944/dspace/7639
dc.ada.noteFor Americans with Disabilities Act (ADA) accommodation, including help with reading this content, please contact scholarshare@temple.edu
dc.description.degreePh.D.
dc.identifier.proqst14751
dc.creator.orcid0000-0001-6555-9858
dc.date.updated2022-05-11T16:08:10Z
refterms.dateFOA2022-05-26T18:07:14Z
dc.identifier.filenameFu_temple_0225E_14751.pdf


Files in this item

Thumbnail
Name:
Fu_temple_0225E_14751.pdf
Size:
2.373Mb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record