Skip to content

Instantly share code, notes, and snippets.

@fripSide

fripSide/IoT.bib

Created February 16, 2024 09:48
Show Gist options
  • Save fripSide/757b5108f96dd7b68faa9814d57ec99d to your computer and use it in GitHub Desktop.
Save fripSide/757b5108f96dd7b68faa9814d57ec99d to your computer and use it in GitHub Desktop.
Download ZIP
Most Used References for IoT Paper
Raw
IoT.bib
% ----------------------------------
% IoT 论文常用引用
% ----------------------------------
% https://azure.microsoft.com/es-es/blog/iot-device-authentication-options/
@Misc{iot_auth,
Title = {{IoT Authentication}},
HowPublished = {\url{https://www.nabto.com/iot-device-authentication-comparison-guide/}},
}
% https://www.okta.com/identity-101/what-is-token-based-authentication/
% https://clonemykey.com/
@Misc{clone_key,
Title = {{A product for clone PKE fob.}},
HowPublished = {\url{https://clonemykey.com/}},
}
% https://mcuxpresso.nxp.com/api_doc/dev/2194/a00217.html
% https://www.intrinsic-id.com/nxp-strengthens-smartmx2-security-chips-with-puf-anti-cloning-technology/
@Misc{nxp_puf,
Title = {{NXP adds PUF to its next generation SmartMX2 microcontroller.}},
HowPublished = {\url{https://www.intrinsic-id.com/nxp-adds-puf-anti-cloning-technology-next-generation-smartmx2-microcontroller/}},
}
% https://thehackernews.com/2015/11/iot-device-crypto-keys.html
@Misc{share_keys,
Title = {{Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys.}},
HowPublished = {\url{https://thehackernews.com/2015/11/iot-device-crypto-keys.html}},
}
% https://news.bitcoin.com/how-to-use-u2f-key-crypto/
@Misc{u2f_key,
Title = {{Use a U2F Key to Secure Your Crypto Accounts}},
HowPublished = {\url{https://news.bitcoin.com/how-to-use-u2f-key-crypto/}},
}
% https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/
@Misc{u2f_clone,
Title = {{New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys}},
HowPublished = {\url{https://thehackernews.com/2021/01/new-attack-could-let-hackers-clone-your.html}},
}
% https://electronics.howstuffworks.com/gadgets/automotive/unlock-car-door-remote1.htm
@Misc{rolling_code,
Title = {{Rolling Codes and Encryption}},
HowPublished = {\url{https://electronics.howstuffworks.com/gadgets/automotive/unlock-car-door-remote1.htm}},
}
@Misc{ble_relay_attack,
Title = {Tesla Cars and Smart Home Locks Vulnerable to Bluetooth Low Energy Relay Attacks},
HowPublished = {\url{https://www.spiceworks.com/it-security/threat-reports/news/bluetooth-low-energy-relay-attack/}},
}
% https://securityaffairs.co/wordpress/76112/hacking/tesla-s-relay-attack.html
@Misc{tesla_key_clone,
Title = {Hackers Can Clone Tesla Key Fobs in Seconds},
HowPublished = {\url{https://www.esat.kuleuven.be/cosic/news/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/}},
}
%
@Misc{safetynet,
Title = {Android SafetyNet Attestation},
HowPublished = {\url{https://developer.android.com/training/safetynet/attestation}},
}
% https://fidoalliance.org/internet-of-things/
@Misc{fido_iot,
Title = {Webinar: Securing IoT with FIDO Authentication},
HowPublished = {\url{https://fidoalliance.org/securing-iot-with-fido-authentication/}},
}
@Misc{jwt,
Title = {{JSON Web Tokens}},
HowPublished = {\url{https://jwt.io/}},
}
% U2F Key
% https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/
% https://zhuanlan.zhihu.com/p/47577107
@inproceedings{DeMiCPU,
author = {Cheng, Yushi and Ji, Xiaoyu and Zhang, Juchuan and Xu, Wenyuan and Chen, Yi-Chao},
title = {{DeMiCPU}: Device Fingerprinting with Magnetic Signals Radiated by CPU},
year = {2019},
isbn = {9781450367479},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3319535.3339810},
doi = {10.1145/3319535.3339810},
booktitle = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1149–1170},
numpages = {22},
keywords = {cpu, electromagnetic radiation, device fingerprinting, smart devices},
location = {London, United Kingdom},
series = {CCS '19}
}
@article{wearable_pair,
author = {WANG, Wei and Yang, Lin and Zhang, Qian},
title = {Resonance-Based Secure Pairing for Wearables},
year = {2018},
issue_date = {Nov. 2018},
publisher = {IEEE Educational Activities Department},
address = {USA},
volume = {17},
number = {11},
issn = {1536-1233},
url = {https://doi.org/10.1109/TMC.2018.2809736},
doi = {10.1109/TMC.2018.2809736},
month = {nov},
pages = {2607–2618},
numpages = {12}
}
@inproceedings{impersonate_service,
author = {Campobasso, Michele and Allodi, Luca},
title = {Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale},
year = {2020},
isbn = {9781450370899},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3372297.3417892},
doi = {10.1145/3372297.3417892},
booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1665–1680},
numpages = {16},
keywords = {user profiling, impersonation-as-a-service, threat modeling, impersonation attacks},
location = {Virtual Event, USA},
series = {CCS '20}
}
@INPROCEEDINGS{secure_crypt,
author={Pearson, Bryan and Zou, Cliff and Zhang, Yue and Ling, Zhen and Fu, Xinwen},
booktitle={2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS)},
title={SIC2: Securing Microcontroller Based IoT Devices with Low-cost Crypto Coprocessors},
year={2020},
volume={},
number={},
pages={372-381},
doi={10.1109/ICPADS51040.2020.00057}}
@InProceedings{side_channel_puf,
author="Merli, Dominik
and Schuster, Dieter
and Stumpf, Frederic
and Sigl, Georg",
editor="McCune, Jonathan M.
and Balacheff, Boris
and Perrig, Adrian
and Sadeghi, Ahmad-Reza
and Sasse, Angela
and Beres, Yolanta",
title="Side-Channel Analysis of PUFs and Fuzzy Extractors",
booktitle="Trust and Trustworthy Computing",
year="2011",
}
@inproceedings {iot_firmware,
author = {Andrei Costin and Jonas Zaddach and Aur{\'e}lien Francillon and Davide Balzarotti},
title = {A {Large-Scale} Analysis of the Security of Embedded Firmwares},
booktitle = {USENIX Security},
year = {2014},
}
@inproceedings{bias,
author={Antonioli, Daniele and Tippenhauer, Nils Ole and Rasmussen, Kasper},
title={BIAS: {Bluetooth} Impersonation AttackS},
booktitle={Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
month={May},
year={2020}
}
@inproceedings{knob,
author = {Antonioli, Daniele and Tippenhauer, Nils Ole and Rasmussen, Kasper},
booktitle = {Proceedings of the USENIX Security Symposium (USENIX Security)},
month = {August},
project = {CISPA},
title = {The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR},
year = {2019}
}
@inproceedings{pke_relay,
title={Relay attacks on passive keyless entry and start systems in modern cars},
author={Francillon, Aur{\'e}lien and Danev, Boris and Capkun, Srdjan},
booktitle={Proceedings of the Network and Distributed System Security Symposium (NDSS)},
year={2011},
organization={Eidgen{\"o}ssische Technische Hochschule Z{\"u}rich, Department of Computer Science}
}
% 利用左右手之间电阻来进行认证
@inproceedings{contauth,
title = "Authentication Using Pulse-Response Biometrics",
author = "Rasmussen, Kasper Bonne and Roeschlin, Marc and Martinovic, Ivan and Tsudik, Gene",
year = "2014",
booktitle = "The Network and Distributed System Security Symposium ({NDSS})",
month = "2",
}
@INPROCEEDINGS{sensor_data_privacy,
author={De Oliveira Nunes, Ivan and Hwang, Seoyeon and Jakkamsetti, Sashidhar and Tsudik, Gene},
booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
title={Privacy-from-Birth: Protecting Sensed Data from Malicious Sensors with VERSA},
year={2022},
volume={},
number={},
pages={2413-2429},
doi={10.1109/SP46214.2022.9833737}}
@inproceedings {in_band,
author = {Shyamnath Gollakota and Nabeel Ahmed and Nickolai Zeldovich and Dina Katabi},
title = {Secure {In-Band} Wireless Pairing},
booktitle = {20th USENIX Security Symposium (USENIX Security 11)},
year = {2011},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/usenix-security-11/secure-band-wireless-pairing},
publisher = {USENIX Association},
month = aug,
}
@InProceedings{dtap18,
author = {Earlence Fernandes and Amir Rahmati and Jaeyeon Jung and Atul Prakash},
title = {{Decentralized Action Integrity for Trigger-Action IoT Platforms}},
booktitle = {22nd Network and Distributed Security Symposium (NDSS 2018)},
month = Feb,
year = 2018
}
@INPROCEEDINGS{trigger_action2,
author={Fan, Jingwen and He, Yi and Tang, Bo and Li, Qi and Sandhu, Ravi},
booktitle={IEEE INFOCOM 2021 - IEEE Conference on Computer Communications},
title={Ruledger: Ensuring Execution Integrity in Trigger-Action IoT Platforms},
year={2021},
volume={},
number={},
pages={1-10},
doi={10.1109/INFOCOM42981.2021.9488687}}
@inproceedings {mirai_botnet,
author = {Manos Antonakakis and Tim April and Michael Bailey and Matt Bernhard and Elie Bursztein and Jaime Cochran and Zakir Durumeric and J. Alex Halderman and Luca Invernizzi and Michalis Kallitsis and Deepak Kumar and Chaz Lever and Zane Ma and Joshua Mason and Damian Menscher and Chad Seaman and Nick Sullivan and Kurt Thomas and Yi Zhou},
title = {Understanding the Mirai Botnet},
booktitle = {26th USENIX Security Symposium (USENIX Security 17)},
year = {2017},
isbn = {978-1-931971-40-9},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis},
}
@inproceedings {iot_hazards,
author = {Wei Zhou and Yan Jia and Yao Yao and Lipeng Zhu and Le Guan and Yuhang Mao and Peng Liu and Yuqing Zhang},
title = {Discovering and Understanding the Security Hazards in the Interactions between {IoT} Devices, Mobile Apps, and Clouds on Smart Home Platforms},
booktitle = {28th USENIX Security Symposium (USENIX Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/zhou},
}
@InProceedings{blackhat_soft_attack,
author = {Sergei Volokitin and Riscure Alyssa Milburn},
title = {{Software Attacks on Hardware Wallets}},
booktitle = {Blackhat},
month = Feb,
year = 2018
}
@article{telsa_car_key_clone, title={Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars}, volume={2019}, url={https://tches.iacr.org/index.php/TCHES/article/view/8289}, DOI={10.13154/tches.v2019.i3.66-85}, number={3}, journal={IACR Transactions on Cryptographic Hardware and Embedded Systems}, author={Wouters, Lennert and Marin, Eduard and Ashur, Tomer and Gierlichs, Benedikt and Preneel, Bart}, year={2019}, month={May}, pages={66–85} }
@INPROCEEDINGS {delay_attack,
author = {H. Chi and C. Fu and Q. Zeng and X. Du},
booktitle = {2022 2022 IEEE Symposium on Security and Privacy (SP) (SP)},
title = {Delay Wreaks Havoc on Your Smart Home: Delay-based: Automation Interference Attacks},
year = {2022},
volume = {},
issn = {2375-1207},
pages = {1575-1575},
keywords = {},
doi = {10.1109/SP46214.2022.00146},
url = {https://doi.ieeecomputersociety.org/10.1109/SP46214.2022.00146},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {may}
}
@INPROCEEDINGS{mqtt_attack2,
author={Xu, Huikai and Yu, Miao and Wang, Yanhao and Liu, Yue and Hou, Qinsheng and Ma, Zhenbang and Duan, Haixin and Zhuge, Jianwei and Liu, Baojun},
booktitle={2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)},
title={Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers},
year={2022},
volume={},
number={},
pages={171-187},
doi={10.1109/EuroSP53844.2022.00019}}
@INPROCEEDINGS{time-print, author={Cronin, Patrick and Gao, Xing and Wang, Haining and Cotton, Chase}, booktitle={2022 IEEE Symposium on Security and Privacy (SP)}, title={Time-Print: Authenticating USB Flash Drives with Novel Timing Fingerprints}, year={2022}, volume={}, number={}, pages={1002-1017}, doi={10.1109/SP46214.2022.9833595}}
@INPROCEEDINGS{IoT-ID, author={Vaidya, Girish and Nambi, Akshay and Prabhakar, T.V. and Kumar T, Vasanth and Sudhakara, Suhas}, booktitle={2020 IEEE/ACM Fifth International Conference on Internet-of-Things Design and Implementation (IoTDI)}, title={{IoT-ID}: A Novel Device-Specific Identifier Based on Unique Hardware Fingerprints}, year={2020}, volume={}, number={}, pages={189-202}, doi={10.1109/IoTDI49375.2020.00026}}
@ARTICLE{puf_suervey, author={Mall, Priyanka and Amin, Ruhul and Das, Ashok Kumar and Leung, Mark T. and Choo, Kim-Kwang Raymond}, journal={IEEE Internet of Things Journal}, title={PUF-Based Authentication and Key Agreement Protocols for IoT, WSNs, and Smart Grids: A Comprehensive Survey}, year={2022}, volume={9}, number={11}, pages={8205-8228}, doi={10.1109/JIOT.2022.3142084}}
@inproceedings {attack_u2f,
author = {Katharina Pfeffer and Alexandra Mai and Adrian Dabrowski and Matthias Gusenbauer and Philipp Schindler and Edgar Weippl and Michael Franz and Katharina Krombholz},
title = {On the Usability of Authenticity Checks for Hardware Security Tokens},
booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {37--54},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/pfeffer},
publisher = {USENIX Association},
month = aug,
}
@inproceedings{ai_model_aging1,
author = {Zhang, Xiaohan and Zhang, Yuan and Zhong, Ming and Ding, Daizong and Cao, Yinzhi and Zhang, Yukun and Zhang, Mi and Yang, Min},
title = {Enhancing State-of-the-Art Classifiers with API Semantics to Detect Evolved Android Malware},
year = {2020},
isbn = {9781450370899},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3372297.3417291},
doi = {10.1145/3372297.3417291},
booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
pages = {757–770},
numpages = {14},
keywords = {api semantics, model aging, evolved malware detection},
location = {Virtual Event, USA},
series = {CCS '20}
}
@ARTICLE{puf_mutual, author={Aman, Muhammad Naveed and Chua, Kee Chaing and Sikdar, Biplab}, journal={IEEE Internet of Things Journal}, title={Mutual Authentication in IoT Systems Using Physical Unclonable Functions}, year={2017}, volume={4}, number={5}, pages={1327-1340}, doi={10.1109/JIOT.2017.2703088}}
@article{multi-factor-puf,
title = {Multifactor authentication scheme using physically unclonable functions},
journal = {Internet of Things},
volume = {13},
pages = {100343},
year = {2021},
issn = {2542-6605},
doi = {https://doi.org/10.1016/j.iot.2020.100343},
url = {https://www.sciencedirect.com/science/article/pii/S2542660520301748},
author = {Moneer Fakroon and Fayez Gebali and Mohammad Mamun},
}
@INPROCEEDINGS{rf-puf, author={Chatterjee, Baibhab and Das, Debayan and Sen, Shreyas}, booktitle={2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)}, title={RF-PUF: IoT security enhancement through authentication of wireless nodes using in-situ machine learning}, year={2018}, pages={205-208}, doi={10.1109/HST.2018.8383916}}
@article{lightweight_multi_factor,
author = {Melki, Reem and Noura, Hassan N. and Chehab, Ali},
title = {Lightweight Multi-Factor Mutual Authentication Protocol for IoT Devices},
year = {2019},
issue_date = {Dec 2020},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
volume = {19},
number = {6},
issn = {1615-5262},
url = {https://doi.org/10.1007/s10207-019-00484-5},
doi = {10.1007/s10207-019-00484-5},
journal = {International Journal of Information Security},
month = {dec},
pages = {679–694},
numpages = {16},
}
@inproceedings{attack_telsa,
author = {Xie, Xinyi and Jiang, Kun and Dai, Rui and Lu, Jun and Wang, Lihui and Li, Qing and Yu, Jun},
year = {2023},
booktitle = {NDSS},
title = {Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3},
}
@article{rf_fingerprint,
title = {A comprehensive survey on radio frequency (RF) fingerprinting: Traditional approaches, deep learning, and open challenges},
journal = {Computer Networks},
volume = {219},
pages = {109455},
year = {2022},
author = {Anu Jagannath and Jithin Jagannath and Prem Sagar Pattanshetty Vasanth Kumar},
}
@article{lightweight_puf,
author = {Nimmy, K. and Sankaran, Sriram and Achuthan, Krishnashree},
year = {2021},
month = {08},
pages = {},
title = {A novel lightweight PUF based authentication protocol for IoT without explicit CRPs in verifier database},
journal = {Journal of Ambient Intelligence and Humanized Computing},
doi = {10.1007/s12652-021-03421-4}
}
@inproceedings{t2pair,
author = {Li, Xiaopeng and Zeng, Qiang and Luo, Lannan and Luo, Tongbo},
title = {T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices},
year = {2020},
isbn = {9781450370899},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3372297.3417286},
doi = {10.1145/3372297.3417286},
booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
pages = {309–323},
numpages = {15},
keywords = {pairing, internet of things, pake, fuzzy commitment},
location = {Virtual Event, USA},
series = {CCS '20}
}
@ARTICLE{puf_resist,
author={Chen, Zhuojun and Lee, Wenshang and Hong, Qinhui and Gu, Chongyan and Guan, Zhenyu and Ding, Lin and Zhang, Jiliang},
journal={IEEE Transactions on Circuits and Systems II: Express Briefs},
title={A Lightweight and Machine-Learning-Resistant PUF Using Obfuscation-Feedback-Shift-Register},
year={2022},
volume={69},
number={11},
pages={4543-4547},
doi={10.1109/TCSII.2022.3193002}}
@article{puf_lessons,
author = {Lounis, Karim and Zulkernine, Mohammad},
title = {Lessons Learned: Analysis of PUF-Based Authentication Protocols for IoT},
year = {2022},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
issn = {2692-1626},
url = {https://doi.org/10.1145/3487060},
doi = {10.1145/3487060},
journal = {Digital Threats},
month = {feb},
keywords = {Thing-to-Thing authentication, PUF-based authentication., IoT Security, PUFs}
}
@inproceedings{puf_attack,
author = {R\"{u}hrmair, Ulrich and Sehnke, Frank and S\"{o}lter, Jan and Dror, Gideon and Devadas, Srinivas and Schmidhuber, J\"{u}rgen},
title = {Modeling Attacks on Physical Unclonable Functions},
year = {2010},
isbn = {9781450302456},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1866307.1866335},
doi = {10.1145/1866307.1866335},
booktitle = {Proceedings of the 17th ACM Conference on Computer and Communications Security},
pages = {237–249},
numpages = {13},
keywords = {cryptanalysis, physical unclonable functions, physical cryptography, machine learning},
location = {Chicago, Illinois, USA},
series = {CCS '10}
}
@INPROCEEDINGS{puf_pipe_dream,
author={Vijayakumar, Arunkumar and Patil, Vinay C. and Prado, Charles B. and Kundu, Sandip},
booktitle={2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)},
title={Machine learning resistant strong PUF: Possible or a pipe dream?},
year={2016},
volume={},
number={},
pages={19-24},
doi={10.1109/HST.2016.7495550}}
@INPROCEEDINGS{improve_puf,
author={Maiti, Abhranil and Schaumont, Patrick},
booktitle={2009 International Conference on Field Programmable Logic and Applications},
title={Improving the quality of a Physical Unclonable Function using configurable Ring Oscillators},
year={2009},
volume={},
number={},
pages={703-707},
doi={10.1109/FPL.2009.5272361}}
@ARTICLE{recurrence_puf,
author={Shah, Nimesh and Chatterjee, Durba and Sapui, Brojogopal and Mukhopadhyay, Debdeep and Basu, Arindam},
journal={IEEE Journal on Emerging and Selected Topics in Circuits and Systems},
title={Introducing Recurrence in Strong PUFs for Enhanced Machine Learning Attack Resistance},
year={2021},
volume={11},
number={2},
pages={319-332},
doi={10.1109/JETCAS.2021.3075767}}
@INPROCEEDINGS{dac_adc_puf,
author={Zajc, Christian and Haberler, Markus and Holweg, Gerald and Steger, Christian},
booktitle={2021 International Symposium on Networks, Computers and Communications (ISNCC)},
title={Generating a PUF Fingerprint from an on-Chip Resistive Ladder DAC and ADC},
year={2021},
volume={},
number={},
pages={1-7},
doi={10.1109/ISNCC52172.2021.9615696}}
@ARTICLE{puf_set_defense, author={Zhang, Jiliang and Shen, Chaoqun}, journal={IEEE Transactions on Circuits and Systems I: Regular Papers}, title={Set-Based Obfuscation for Strong PUFs Against Machine Learning Attacks}, year={2021}, volume={68}, number={1}, pages={288-300}, doi={10.1109/TCSI.2020.3028508}}
@INPROCEEDINGS{drawnapart_gpu,
author = {Tomer Laor and Naif Mehanna and Antonin Durey and Vitaly Dyadyuk and Pierre Laperdrix and Cl{\'{e}}mentine Maurice and Yossi Oren and Romain Rouvoy and Walter Rudametkin and Yuval Yarom},
title = {{DRAWNAPART:} {A} Device Identification Technique based on Remote {GPU} Fingerprinting},
booktitle = {Network and Distributed Security Symposium (NDSS 2022)},
year = 2022
}
@inproceedings{oat_integrity,
author = {Sun, Zhichuang and Feng, Bo and Lu, Long and Jha, Somesh},
booktitle = {Proceedings of the 41st IEEE Symposium on Security and Privacy},
month = {May},
series = {S&P/Oakland'20},
title = {OAT: Attesting Operation Integrity of Embedded Devices},
year = {2020}
}
@inproceedings{true2f,
title={True2F: Backdoor-resistant authentication tokens},
author={Dauterman, Emma and Corrigan-Gibbs, Henry and Mazi{\`e}res, David and Boneh, Dan and Rizzo, Dominic},
booktitle={2019 IEEE Symposium on Security and Privacy (SP)},
pages={398--416},
year={2019},
organization={IEEE}
}
@inproceedings{smart_lock_attacks,
author = {Ho, Grant and Leung, Derek and Mishra, Pratyush and Hosseini, Ashkan and Song, Dawn and Wagner, David},
title = {Smart Locks: Lessons for Securing Commodity Internet of Things Devices},
year = {2016},
isbn = {9781450342339},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2897845.2897886},
doi = {10.1145/2897845.2897886},
booktitle = {Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security},
pages = {461–472},
numpages = {12},
keywords = {IoT, security, cyber-physical systems},
location = {Xi'an, China},
series = {ASIA CCS '16}
}
@inproceedings{mqtt_mitm,
author = {Wong, Henry and Luo, Tony},
year = {2020},
month = {08},
pages = {},
booktitle = {KDD 2020 AIoT Workshop},
title = {Man-in-the-Middle Attacks on MQTT-based IoT Using BERT Based Adversarial Message Generation}
}
@inbook{mitm_attack,
author = {OConnor, TJ and Jessee, Dylan and Campos, Daniel},
title = {Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks},
year = {2021},
isbn = {9781450390651},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3474718.3474729},
booktitle = {Cyber Security Experimentation and Test Workshop},
pages = {58–62},
numpages = {5}
}
@ARTICLE{iot_ssl,
author={Díaz-Sánchez, Daniel and Marín-Lopez, Andrés and Mendoza, Florina Almenárez and Cabarcos, Patricia Arias and Sherratt, R. Simon},
journal={IEEE Communications Surveys & Tutorials},
title={TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications},
year={2019},
volume={21},
number={4},
pages={3502-3531},
doi={10.1109/COMST.2019.2914453}}
@INPROCEEDINGS{attack_iot_mqtt,
author={Jia, Yan and Xing, Luyi and Mao, Yuhang and Zhao, Dongfang and Wang, XiaoFeng and Zhao, Shangru and Zhang, Yuqing},
booktitle={2020 IEEE Symposium on Security and Privacy (SP)},
title={Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds},
year={2020},
volume={},
number={},
pages={465-481},
doi={10.1109/SP40000.2020.00051}}
@article{puf-taxonomy,
title={A PUF taxonomy},
author={Thomas McGrath and Ibrahim Ethem Bagci and Zhiming M. Wang and Utz Roedig and Robert James Young},
journal={Applied Physics Reviews},
year={2019}
}
@ARTICLE{modern_iot_auth,
author={Ahvanooey, Milad Taleby and Zhu, Mark Xuefang and Li, Qianmu and Mazurczyk, Wojciech and Choo, Kim-Kwang Raymond and Gupta, Birij B. and Conti, Mauro},
journal={IEEE Internet of Things Journal},
title={Modern Authentication Schemes in Smartphones and IoT Devices: An Empirical Survey},
year={2022},
volume={9},
number={10},
pages={7639-7663},
doi={10.1109/JIOT.2021.3138073}}
@INPROCEEDINGS{auth_merge_state,
author={Rabiah, Abdulrahman Bin and Shashwat, Yugarshi and Alharbi, Fatemah and Richelson, Silas and Abu-Ghazaleh, Nael},
booktitle={2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)},
title={MSS: Lightweight network authentication for resource constrained devices via Mergeable Stateful Signatures},
year={2021},
volume={},
number={},
pages={282-292},
doi={10.1109/ICDCS51616.2021.00035}}
@inproceedings{attack_hw_wallet,
author = {Dabrowski, Adrian and Pfeffer, Katharina and Reichel, Markus and Mai, Alexandra and Weippl, Edgar R. and Franz, Michael},
title = {Better Keep Cash in Your Boots - Hardware Wallets Are the New Single Point of Failure},
year = {2021},
isbn = {9781450385404},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3464967.3488588},
doi = {10.1145/3464967.3488588},
booktitle = {Proceedings of the 2021 ACM CCS Workshop on Decentralized Finance and Security},
pages = {1–8},
numpages = {8},
keywords = {hardware wallets, decentralized finance, cryptocurrencies, collaborative protocols},
location = {Virtual Event, Republic of Korea},
series = {DeFi '21}
}
@inproceedings {usb-mitm,
title = {The Impostor Among {US(B)}: {Off-Path} Injection Attacks on {USB} Communications},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
address = {Anaheim, CA},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/dumitru},
publisher = {USENIX Association},
month = aug,
}
@inproceedings{time-stamp,
title={Device Fingerprinting with Peripheral Timestamps},
author={Monaco, John V},
booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
pages={1018--1033},
year={2022},
organization={IEEE}
}
@inproceedings{flash-memory,
title={Flash memory for ubiquitous hardware security functions: True random number generation and device fingerprints},
author={Wang, Yinglei and Yu, Wing-kei and Wu, Shuo and Malysa, Greg and Suh, G Edward and Kan, Edwin C},
booktitle={2012 IEEE Symposium on Security and Privacy},
pages={33--47},
year={2012},
organization={IEEE}
}
@inproceedings{clockAroundClock,
title={Clock around the clock: Time-based device fingerprinting},
author={Sanchez-Rola, Iskander and Santos, Igor and Balzarotti, Davide},
booktitle={Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
pages={1502--1514},
year={2018}
}
@inproceedings{SensorID,
title={Sensorid: Sensor calibration fingerprinting for smartphones},
author={Zhang, Jiexin and Beresford, Alastair R and Sheret, Ian},
booktitle={2019 IEEE Symposium on Security and Privacy (SP)},
pages={638--655},
year={2019},
organization={IEEE}
}
@inproceedings{Accelprint,
title={AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable.},
author={Dey, Sanorita and Roy, Nirupam and Xu, Wenyuan and Choudhury, Romit Roy and Nelakuditi, Srihari},
booktitle={NDSS},
volume={14},
pages={23--26},
year={2014},
organization={Citeseer}
}
@article{BLE/Tracking,
title={Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices},
year = {2022},
month = {05},
booktitle = {2022 2022 IEEE Symposium on Security and Privacy (SP) (SP)},
author={Givehchian, Hadi and Bhaskar, Nishant and Herrera, Eliana Rodriguez and Soto, H{\'e}ctor Rodrigo L{\'o}pez and Dameff, Christian and Bharadia, Dinesh and Schulman, Aaron}
}
@inproceedings{RFID,
title={Physical-layer Identification of RFID Devices.},
author={Danev, Boris and Heydt-Benjamin, Thomas S and Capkun, Srdjan},
booktitle={USENIX security symposium},
pages={199--214},
year={2009}
}
@inproceedings{HODOR,
title={Hold the door! fingerprinting your car key to prevent keyless entry car theft},
author={Joo, Kyungho and Choi, Wonsuk and Lee, Dong Hoon},
booktitle={NDSS},
year={2020}
}
@inproceedings{ECU,
title={Fingerprinting electronic control units for vehicle intrusion detection},
author={Cho, Kyong-Tak and Shin, Kang G},
booktitle={25th USENIX Security Symposium (USENIX Security 16)},
year={2016}
}
@misc{sram-puf-white-paper,
title={White Paper-SRAM-PUF: The Secure Silicon Fingerprint},
author={Intrinsic, ID},
year={2017},
publisher={Eindhoven}
}
@article{bio_auth,
author = {Lien, Chi-Wei and Vhaduri, Sudip},
title = {Challenges and Opportunities of Biometric User Authentication in the Age of IoT: A Survey},
year = {2023},
publisher = {Association for Computing Machinery},
journal = {ACM Comput. Surv.},
}
@article{breakmi,
title={BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem},
author={Casagrande, Marco and Losiouk, Eleonora and Conti, Mauro and Payer, Mathias and Antonioli, Daniele},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
pages={330--366},
year={2022}
}
@article{data_poison,
title={Intriguing properties of neural networks},
author={Szegedy, Christian and Zaremba, Wojciech and Sutskever, Ilya and Bruna, Joan and Erhan, Dumitru and Goodfellow, Ian and Fergus, Rob},
journal={arXiv preprint arXiv:1312.6199},
year={2013}
}
@article{scikit-learn,
title={Scikit-learn: Machine Learning in {P}ython},
author={Pedregosa, F. and Varoquaux, G. and Gramfort, A. and Michel, V.
and Thirion, B. and Grisel, O. and Blondel, M. and Prettenhofer, P.
and Weiss, R. and Dubourg, V. and Vanderplas, J. and Passos, A. and
Cournapeau, D. and Brucher, M. and Perrot, M. and Duchesnay, E.},
journal={Journal of Machine Learning Research},
volume={12},
pages={2825--2830},
year={2011}
}
<!-- 密会的一篇 -->
@article{singh2017uwb,
title={UWB with pulse reordering: Securing ranging against relay and physical-layer attacks},
author={Singh, Mridula and Leu, Patrick and Capkun, Srdjan},
journal={Cryptology ePrint Archive},
year={2017}
}
% <!-- 很老的一篇 -->
@inproceedings{reid2007detecting,
title={Detecting relay attacks with timing-based protocols},
author={Reid, Jason and Nieto, Juan M Gonzalez and Tang, Tee and Senadji, Bouchra},
booktitle={Proceedings of the 2nd ACM symposium on Information, computer and communications security},
pages={204--213},
year={2007}
}
% https://www.emnify.com/developer-blog/at-command-cheat-sheet-for-iot-communication
@Misc{SmartThings,
Title = {{SmartThings: One simple home system. A world of possibilities.}},
HowPublished = {\url{https://www.smartthings.com/}},
}
% Pleavr. Frida. https://frida.re/, 2021.
@Misc{frida,
Title = {{Frida • A world-class dynamic instrumentation toolkit}},
HowPublished = {\url{https://frida.re/}},
}
% https://www.telerik.com/fiddler
@Misc{fiddler,
Title = {{Fiddler web debugging proxy}},
HowPublished = {\url{https://www.telerik.com/fiddler}},
}
% https://thehackernews.com/2015/11/iot-device-crypto-keys.html
@Misc{hardcode_key,
Title = {{Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys}},
HowPublished = {\url{https://thehackernews.com/2015/11/iot-device-crypto-keys.html}},
}
@Misc{shared_iot,
Title = {{Shared IoT technology}},
HowPublished = {\url{https://www.omnismartiot.com/}},
}
% https://portswigger.net/burp
@Misc{burp_suite,
Title = {{BurpSuite}},
HowPublished = {\url{https://portswigger.net/burp}},
}
@Misc{frida_objection,
Title = {{SSL Pinning Bypass For Android Using Frida}},
HowPublished = {\url{https://redfoxsec.com/blog/ssl-pinning-bypass-android-frida/}},
}
% https://doc.openluat.com/wiki/29?wiki_page_id=3371
@Misc{at_log,
Title = {{Enable cellular chip's logs}},
HowPublished = {\url{https://doc.openluat.com/wiki/29?wiki_page_id=3371}},
}
@Misc{web_enumeration,
Title = {{What are User Enumeration Attacks?}},
HowPublished = {\url{https://www.virtuesecurity.com/kb/username-enumeration/}},
}
% https://securityboulevard.com/2023/03/opaque-ids-the-ultimate-protection-against-enumeration-attacks/
@Misc{defense_id,
Title = {{Brute force enumerating username}},
HowPublished = {\url{https://securityboulevard.com/2023/03/opaque-ids-the-ultimate-protection-against-enumeration-attacks/}},
}
@Misc{jwt,
Title = {{JSON Web Tokens}},
HowPublished = {\url{https://jwt.io/}},
}
% https://www.pnfsoftware.com/
@Misc{jeb,
Title = {{JEB Decompiler}},
HowPublished = {\url{https://www.pnfsoftware.com/}},
}
% https://www.wieson-auto.com/products-view.php
@Misc{t-box,
Title = {{4G T-Box Car Control}},
HowPublished = {\url{https://www.wieson-auto.com/products-view.php/}},
}
%
@Misc{mini-program-2,
Title = {{What is WeChat Mini-Program?}},
HowPublished = {\url{https://walkthechat.com/wechat-mini-programs-simple-introduction/}},
}
%
@Misc{mcu_protect,
Title = {{Protect MCU firmware}},
HowPublished = {\url{https://hackmag.com/security/protec-stm32/}},
}
% https://www.digi.com/resources/documentation/digidocs/90001546/concept/trustfence/c_secure_jtag.htm
@Misc{protect_jtag,
Title = {{Secure JTAG}},
HowPublished = {\url{https://www.digi.com/resources/documentation/digidocs/90001546/concept/trustfence/c_secure_jtag.htm}},
}
% https://hex-rays.com/blog/findcrypt/
@Misc{ida_findcrypt,
Title = {{FindCrypt}},
HowPublished = {\url{https://hex-rays.com/blog/findcrypt/}},
}
% Teld_web
@Misc{Teld_web,
Title = {{Teld Charger for vehicle}},
HowPublished = {\url{https://www.teld.cn}},
}
@Misc{Starcharge_web,
Title = {{Starcharge Charger for vehicle}},
HowPublished = {\url{https://www.starcharge.com/en}},
}
@Misc{Potevio_web,
Title = {{Potevio Charger for vehicle}},
HowPublished = {\url{http://www.evcard.ptne.cn}},
}
@Misc{Xlvren_web,
Title = {{Xlvren Charger for vehicle}},
HowPublished = {\url{http://www.xlvren.com}},
}
@Misc{Lvcc_web,
Title = {{Lvcc Charger for vehicle}},
HowPublished = {\url{http://www.lvcchong.cn/}},
}
@Misc{MeiTuan_web,
Title = {{MeiTuan Bicycle}},
HowPublished = {\url{https://about.meituan.com/en/detail/87}},
}
@Misc{QiXin_web,
Title = {{QiXin Bicycle}},
HowPublished = {\url{http://www.hfqixin.com/index.html}},
}
@Misc{JieDian_web,
Title = {{JieDian Shared Power Bank}},
HowPublished = {\url{http://www.jiediankeji.com/}},
}
@Misc{HuaQingJieLi_web,
Title = {{HuaQingJieLi Shared Washing Machine}},
HowPublished = {\url{http://cleverwash.cn/}},
}
@Misc{QiSiMiaoXiang_web,
Title = {{QiSiMiaoXiang Shared Vehicles For Sightseeing}},
HowPublished = {\url{http://www.smart-ideas.com.cn/}},
}
@Misc{ofo_bike,
Title = {{The rise and fall of OFO}},
HowPublished = {\url{https://www.scmp.com/tech/start-ups/article/3114932/rise-and-fall-mobike-and-ofo-chinas-bike-sharing-twin-stars}},
}
@Misc{ofo_attack,
Title = {{The security issues of OFO}},
HowPublished = {\url{ http://www.watson-band.com/en/cmsDetail_en.htm?item.id=635cae573122434886c119263640c149}},
}
@Misc{Dadaball_web,
Title = {{Dadaball}},
HowPublished = {\url{https://www.dadaball.com/}},
}
@Misc{NETA_web,
Title = {{NETA}},
HowPublished = {\url{https://www.hozonauto.com/en/en-index.html}},
}
@Misc{DongFeng_web,
Title = {{DongFeng}},
HowPublished = {\url{http://www.dongfeng-global.com/}},
}
% https://www.uber.com/us/en/ride/scooters/
@Misc{uber_scooter,
Title = {{Uber Electric scooters}},
HowPublished = {\url{https://www.uber.com/us/en/ride/scooters/}},
}
@Misc{at_commands,
Title = {{AT commands for Cellular IoT Devices}},
HowPublished = {\url{https://www.emnify.com/developer-blog/at-command-cheat-sheet-for-iot-communication}},
}
% https://www.tatacommunications.com/solutions/mobility-iot/cellular-iot-enablement/
@Misc{yuehuocx,
Title = {{The website of YueHuoChuXing shared E-Bike}},
HowPublished = {\url{http://yuehuocx.com/}},
}
@Misc{vin_pattern,
Title = {{The ISO 3779 standard of Vehicle identification number}},
HowPublished = {\url{https://en.wikipedia.org/wiki/Vehicle_identification_number}},
}
@Misc{cellular_iot,
Title = {{A Guide to Cellular IoT}},
HowPublished = {\url{https://www.tatacommunications.com/solutions/mobility-iot/cellular-iot-enablement/}},
}
% https://hex-rays.com/ida-pro/
@Misc{ida_pro,
Title = {{IDA-Pro: A powerful disassembler and a versatile debugger}},
HowPublished = {\url{https://hex-rays.com/ida-pro/}},
}
% https://auroraevernet.ru/upload/iblock/300/30000bb16135f545d3c358428a5671ba.pdf
@Misc{secure_boot,
Title = {{Secure Boot User Guide for Quectel SC60 LTE MCU}},
HowPublished = {\url{https://auroraevernet.ru/upload/iblock/300/30000bb16135f545d3c358428a5671ba.pdf}},
}
% https://payatu.com/wp-content/uploads/2022/12/c16.pdf
@Misc{i2c_attack,
Title = {{Intra-board attack the I2C.}},
HowPublished = {\url{https://payatu.com/wp-content/uploads/2022/12/c16.pdf}},
}
@Book{arpachiDusseau18:osbook,
author = {Arpaci-Dusseau, Remzi H. and Arpaci-Dusseau Andrea C.},
title = {Operating Systems: Three Easy Pieces},
publisher = {Arpaci-Dusseau Books, LLC},
year = 2015,
edition = {1.00},
note = {\url{http://pages.cs.wisc.edu/~remzi/OSTEP/}}
}
@InProceedings{waldspurger02,
author = {Waldspurger, Carl A.},
title = {Memory resource management in {VMware ESX} server},
booktitle = {{OSDI}},
year = 2002,
}
@inproceedings{C3PO,
author = {Fuller, Jonathan and Kasturi, Ranjita Pai and Sikder, Amit and Xu, Haichuan and Arik, Berat and Verma, Vivek and Asdar, Ehsan and Saltaformaggio, Brendan},
title = {{C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration}},
year = {2021},
booktitle = {CCS}
}
@inproceedings{reverse_parser,
author = {Cojocar, Lucian and Zaddach, Jonas and Verdult, Roel and Bos, Herbert and Francillon, Aur\'{e}lien and Balzarotti, Davide},
title = {PIE: Parser Identification in Embedded Systems},
year = {2015},
booktitle = {ACSAC}
}
@inproceedings{web_pri_escale,
author = {Monshizadeh, Maliheh and Naldurg, Prasad and Venkatakrishnan, V. N.},
title = {MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications},
year = {2014},
booktitle = {CCS}
}
@inproceedings {auto_reverse1,
author = {Weidong Cui and Jayanthkumar Kannan and Helen J. Wang},
title = {Discoverer: Automatic Protocol Reverse Engineering from Network Traces},
booktitle = {{USENIX}, Security},
year = {2007},
}
@inproceedings{auth_scope,
author = {Zuo, Chaoshun and Zhao, Qingchuan and Lin, Zhiqiang},
title = {AUTHSCOPE: Towards Automatic Discovery of Vulnerable Authorizations in Online Services},
year = {2017},
series = {CCS}
}
@inproceedings{snipuzz,
author = {Feng, Xiaotao and Sun, Ruoxi and Zhu, Xiaogang and Xue, Minhui and Wen, Sheng and Liu, Dongxi and Nepal, Surya and Xiang, Yang},
title = {Snipuzz: Black-Box Fuzzing of IoT Firmware via Message Snippet Inference},
year = {2021},
series = {CCS}
}
@inproceedings{rpc_vul,
author = {Liu, Zhuotao and Zhao, Hao and Li, Sainan and Li, Qi and Wei, Tao and Wang, Yu},
title = {Privilege-Escalation Vulnerability Discovery for Large-Scale RPC Services: Principle, Design, and Deployment},
year = {2021},
booktitle = {{AsiaCS}}
}
@inproceedings{MaaG_iot,
author = {Zhou, Xin'an and Guan, Jiale and Xing, Luyi and Qian, Zhiyun},
title = {Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT},
year = {2022},
booktitle = {{CCS}}
}
@inproceedings{NetPlier,
author = {Yapeng Ye and
Zhuo Zhang and
Fei Wang and
Xiangyu Zhang and
Dongyan Xu},
title = {NetPlier: Probabilistic Network Protocol Reverse Engineering from
Message Traces},
booktitle = {{NDSS}},
year = {2021}
}
@INPROCEEDINGS{face_verify,
author={Zhang, Xiaohan and Ye, Haoqi and Huang, Ziqi and Ye, Xiao and Cao, Yinzhi and Zhang, Yuan and Yang, Min},
booktitle={{IEEE S\&P}},
title={Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective},
year={2023}}
@inproceedings{icsref_plcreverse,
author = {Anastasis Keliris and
Michail Maniatakos},
title = {{ICSREF:} {A} Framework for Automated Reverse Engineering of Industrial
Control Systems Binaries},
booktitle = {{NDSS}},
year = {2019}
}
@inproceedings{HEAPSTER_firmware_heapvul,
author = {Fabio Gritti and
Fabio Pagani and
Ilya Grishchenko and
Lukas Dresel and
Nilo Redini and
Christopher Kruegel and
Giovanni Vigna},
title = {{HEAPSTER:} Analyzing the Security of Dynamic Allocators for Monolithic
Firmware Images},
booktitle = {{IEEE S\&P}},
year = {2022}
}
@INPROCEEDINGS{w3c_payment_api,
author={Do, Quoc Huy and Hosseyni, Pedram and Küsters, Ralf and Schmitz, Guido and Wenzler, Nils and Würtele, Tim},
booktitle={{IEEE S\&P}},
title={A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification},
year={2022},
}
@INPROCEEDINGS{diane_iotapp_fuzz,
author={Redini, Nilo and Continella, Andrea and Das, Dipanjan and De Pasquale, Giulio and Spahn, Noah and Machiry, Aravind and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle={{IEEE S\&P}},
title={Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices},
year={2021},
}
@inproceedings{MPInspector_iotprotocol_analysistool,
author = {Qinying Wang and
Shouling Ji and
Yuan Tian and
Xuhong Zhang and
Binbin Zhao and
Yuhong Kan and
Zhaowei Lin and
Changting Lin and
Shuiguang Deng and
Alex X. Liu and
Raheem Beyah},
title = {MPInspector: {A} Systematic and Automatic Approach for Evaluating
the Security of IoT Messaging Protocols},
booktitle = {{USENIX Security}},
year = {2021}
}
@inproceedings{hera_iot_hotpatch,
author = {Christian Niesler and
Sebastian Surminski and
Lucas Davi},
title = {{HERA:} Hotpatching of Embedded Real-time Applications},
booktitle = {{NDSS}},
year = {2021}
}
@inproceedings {rapidpatch,
author = {Yi He and Zhenhua Zou and Kun Sun and Zhuotao Liu and Ke Xu and Qian Wang and Chao Shen and Zhi Wang and Qi Li},
title = {{RapidPatch}: Firmware Hotpatching for {Real-Time} Embedded Devices},
booktitle = {USENIX Security},
year = {2022},
}
@INPROCEEDINGS{DICE_iot_dynamical_analysis,
author={Mera, Alejandro and Feng, Bo and Lu, Long and Kirda, Engin},
booktitle={{IEEE S\&P}},
title={DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis},
year={2021},
}
@inproceedings{reverse_can_cmd,
author = {Haohuang Wen and
Qingchuan Zhao and
Qi Alfred Chen and
Zhiqiang Lin},
title = {Automated Cross-Platform Reverse Engineering of {CAN} Bus Commands
From Mobile Apps},
booktitle = {{NDSS}},
year = {2020}
}
@INPROCEEDINGS{iot_clouds,
author={Jia, Yan and Xing, Luyi and Mao, Yuhang and Zhao, Dongfang and Wang, XiaoFeng and Zhao, Shangru and Zhang, Yuqing},
booktitle={{IEEE S\&P}},
title={Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds},
year={2020},
}
@inproceedings{rev_bluetooth_vul,
author = {Haohuang Wen and
Zhiqiang Lin and
Yinqian Zhang},
title = {FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal
Firmware},
booktitle = {{CCS}},
year = {2020}
}
@inproceedings{iot_access_delegation,
author = {Bin Yuan and
Yan Jia and
Luyi Xing and
Dongfang Zhao and
XiaoFeng Wang and
Deqing Zou and
Hai Jin and
Yuqing Zhang},
title = {Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud
IoT Access Delegation},
booktitle = {{USENIX} Security},
year = {2020}
}
@INPROCEEDINGS{Karonte_static_analysis,
author={Redini, Nilo and Machiry, Aravind and Wang, Ruoyu and Spensky, Chad and Continella, Andrea and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle={{IEEE S\&P}},
title={Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware},
year={2020},
}
@article{BreakMi,
author = {Marco Casagrande and
Eleonora Losiouk and
Mauro Conti and
Mathias Payer and
Daniele Antonioli},
title = {BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking
Ecosystem},
journal = {{IACR} Transactions on Cryptographic Hardware and Embedded Systems (TCHES)},
volume = {2022},
year = {2022},
}
@inproceedings{bleiot_app,
author = {Chaoshun Zuo and
Haohuang Wen and
Zhiqiang Lin and
Yinqian Zhang},
title = {Automatic Fingerprinting of Vulnerable {BLE} IoT Devices with Static
UUIDs from Mobile Apps},
booktitle = {{CCS}},
year = {2019}
}
@inproceedings {mini-program,
author = {Lei Zhang and Zhibo Zhang and Ancong Liu and Yinzhi Cao and Xiaohan Zhang and Yanjun Chen and Yuan Zhang and Guangliang Yang and Min Yang},
title = {Identity Confusion in {WebView-based} Mobile App-in-app Ecosystems},
booktitle = {{USENIX} Security},
year = {2022},
}
@inproceedings{P2IM_firmware_testing,
author = {Bo Feng and
Alejandro Mera and
Long Lu},
title = {{P2IM:} Scalable and Hardware-independent Firmware Testing via Automatic
Peripheral Interface Modeling},
booktitle = {{USENIX} Security},
year = {2020}
}
@inproceedings{iot_pair,
author = {Xiaopeng Li and
Qiang Zeng and
Lannan Luo and
Tongbo Luo},
title = {T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices},
booktitle = {{CCS}},
year = {2020}
}
@inproceedings{iot_hazards,
author = {Wei Zhou and
Yan Jia and
Yao Yao and
Lipeng Zhu and
Le Guan and
Yuhang Mao and
Peng Liu and
Yuqing Zhang},
title = {Discovering and Understanding the Security Hazards in the Interactions
between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms},
booktitle = {{USENIX} Security},
year = {2019}
}
@inproceedings{evaluate_iot_from_app,
author = {Xueqiang Wang and
Yuqiong Sun and
Susanta Nanda and
XiaoFeng Wang},
title = {Looking from the Mirror: Evaluating IoT Device Security through Mobile
Companion Apps},
booktitle = {{USENIX} Security},
year = {2019}
}
@ARTICLE{iot_abnormal_detect,
author={Liu, Yongxin and Wang, Jian and Li, Jianqiang and Niu, Shuteng and Song, Houbing},
journal={IEEE Internet of Things Journal},
title={Machine Learning for the Detection and Identification of Internet of Things Devices: A Survey},
year={2022},
}
@article{anti_tamper,
title={Anti-Tamper Radio: System-Level Tamper Detection for Computing Systems},
author={Paul Staat and Johannes Tobisch and Christian T. Zenger and Christof Paar},
journal={{IEEE S\&P}},
year={2021},
}
@inproceedings{5GReasoner,
author = {Syed Rafiul Hussain and
Mitziu Echeverria and
Imtiaz Karim and
Omar Chowdhury and
Elisa Bertino},
title = {5GReasoner: {A} Property-Directed Security and Privacy Analysis Framework
for 5G Cellular Network Protocol},
booktitle = {{CCS}},
year = {2019}
}
@inproceedings{sms_opt,
title={On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices},
author={Zeyu Lei and Yuhong Nan and Yanick Fratantonio and Antonio Bianchi and Cisco Talos},
booktitle={NDSS},
year={2021}
}
@inproceedings{IoT_applet,
author = {Iulia Bastys and
Musard Balliu and
Andrei Sabelfeld},
title = {If This Then What?: Controlling Flows in IoT Apps},
booktitle = {{CCS}},
year = {2018}
}
@article{iot_ota,
title = {Secure firmware Over-The-Air updates for IoT: Survey, challenges, and discussions},
journal = {Internet of Things},
year = {2022},
author = {Saad {El Jaouhari} and Eric Bouvet},
}
@inproceedings{xom_exe_only,
author = {Kwon, Donghyun and Shin, Jangseop and Kim, Giyeol and Lee, Byoungyoung and Cho, Yeongpil and Paek, Yunheung},
title = {UXOM: Efficient Execute-Only Memory on ARM Cortex-M},
year = {2019},
booktitle = {{USENIX} Security},
}
@inproceedings{iot_saint_tracking,
author = {Z. Berkay Celik and
Leonardo Babun and
Amit Kumar Sikder and
Hidayet Aksu and
Gang Tan and
Patrick D. McDaniel and
A. Selcuk Uluagac},
title = {Sensitive Information Tracking in Commodity IoT},
booktitle = {{USENIX} Security},
year = {2018}
}
@inproceedings{satc,
author = {Libo Chen and
Yanhao Wang and
Quanpu Cai and
Yunfan Zhan and
Hong Hu and
Jiaqi Linghu and
Qinsheng Hou and
Chao Zhang and
Haixin Duan and
Zhi Xue},
title = {Sharing More and Checking Less: Leveraging Common Input Keywords to
Detect Bugs in Embedded Systems},
booktitle = {{USENIX} Security},
year = {2021}
}
@inproceedings{Polyglot,
author = {Juan Caballero and
Heng Yin and
Zhenkai Liang and
Dawn Xiaodong Song},
title = {Polyglot: automatic extraction of protocol message format using dynamic
binary analysis},
booktitle = {{CCS}},
year = {2007}
}
@inproceedings{ssl_pinning,
author = {Pradeep, Amogh and Paracha, Muhammad Talha and Bhowmick, Protick and Davanian, Ali and Razaghpanah, Abbas and Chung, Taejoong and Lindorfer, Martina and Vallina-Rodriguez, Narseo and Levin, Dave and Choffnes, David},
title = {A Comparative Analysis of Certificate Pinning in Android &amp; IOS},
year = {2022},
series = {IMC}
}
@inproceedings{protocol_reverse_context,
author = {Zhiqiang Lin and
Xuxian Jiang and
Dongyan Xu and
Xiangyu Zhang},
title = {Automatic Protocol Format Reverse Engineering through Context-Aware
Monitored Execution},
booktitle = {{NDSS}},
year = {2008}
}
@inproceedings{message_syntax_reverse,
author = {Stephan Kleber and
Henning Kopp and
Frank Kargl},
title = {{NEMESYS:} Network Message Syntax Reverse Engineering by Analysis
of the Intrinsic Structure of Individual Messages},
booktitle = {{WOOT}},
year = {2018}
}
@inproceedings{protocol_semantic_reverse,
author = {Georges Bossert and
Fr{\'{e}}d{\'{e}}ric Guih{\'{e}}ry and
Guillaume Hiet},
title = {Towards automated protocol reverse engineering using semantic information},
booktitle = {AsiaCCS},
year = {2014}
}
@inproceedings{signature_for_iot,
author = {Rahmadi Trimananda and
Janus Varmarken and
Athina Markopoulou and
Brian Demsky},
title = {Packet-Level Signatures for Smart Home Devices},
booktitle = {{NDSS}},
year = {2020}
}
@inproceedings{firmware_rehosting,
author = {Eric Gustafson and
Marius Muench and
Chad Spensky and
Nilo Redini and
Aravind Machiry and
Yanick Fratantonio and
Davide Balzarotti and
Aur{\'{e}}lien Francillon and
Yung Ryn Choe and
Christopher Kruegel and
Giovanni Vigna},
title = {Toward the Analysis of Embedded Firmware through Automated Re-hosting},
booktitle = {{RAID}},
year = {2019}
}
@inproceedings{jetset,
author = {Evan Johnson and
Maxwell Bland and
Yifei Zhu and
Joshua Mason and
Stephen Checkoway and
Stefan Savage and
Kirill Levchenko},
title = {Jetset: Targeted Firmware Rehosting for Embedded Systems},
booktitle = {{USENIX} Security},
year = {2021}
}
% Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps
@inproceedings{iot_spy,
author = {Yuhong Nan and Xueqiang Wang and Luyi Xing and Xiaojing Liao and Ruoyu Wu and Jianliang Wu and Yifan Zhang and XiaoFeng Wang},
title = {Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps},
booktitle = {{USENIX} Security},
year = {2023}
}
@inproceedings{jedi_iot,
author = {Kumar, Sam and Hu, Yuncong and Andersen, Michael P. and Popa, Raluca Ada and Culler, David E.},
title = {JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT},
year = {2019},
booktitle = {{USENIX} Security},
series = {SEC'19}
}
@inproceedings {vcert,
author = {David Koisser and Patrick Jauernig and Gene Tsudik and Ahmad-Reza Sadeghi},
title = {{V{\textquoteright}CER}: Efficient Certificate Validation in Constrained Networks},
booktitle = {{USENIX} Security},
year = {2022},
}
@inproceedings{iot_control,
author = {Jia, Yan and Yuan, Bin and Xing, Luyi and Zhao, Dongfang and Zhang, Yifan and Wang, XiaoFeng and Liu, Yijing and Zheng, Kaimin and Crnjak, Peyton and Zhang, Yuqing and Zou, Deqing and Jin, Hai},
title = {Who's In Control? On Security Risks of Disjointed IoT Device Management Channels},
year = {2021},
series = {CCS '21}
}
@INPROCEEDINGS{message_cluster,
author={Kleber, Stephan and Kargl, Frank and State, Milan and Hollick, Matthias},
booktitle={DSN Workshops (DSN-W)},
title={Network Message Field Type Clustering for Reverse Engineering of Unknown Binary Protocols},
year={2022},
}
@inproceedings{opec,
author = {Zhou, Xia and Li, Jiaqi and Zhang, Wenlong and Zhou, Yajin and Shen, Wenbo and Ren, Kui},
title = {OPEC: Operation-Based Security Isolation for Bare-Metal Embedded Systems},
year = {2022},
series = {EuroSys}
}
@inproceedings{aces,
author = {Abraham A. Clements and
Naif Saleh Almakhdhub and
Saurabh Bagchi and
Mathias Payer},
editor = {William Enck and
Adrienne Porter Felt},
title = {{ACES:} Automatic Compartments for Embedded Systems},
booktitle = {{USENIX} Security},
year = {2018},
}
@inproceedings{5G_in_wild,
author = {Arvind Narayanan and
Xumiao Zhang and
Ruiyang Zhu and
Ahmad Hassan and
Shuowei Jin and
Xiao Zhu and
Xiaoxuan Zhang and
Denis Rybkin and
Zhengxuan Yang and
Zhuoqing Morley Mao and
Feng Qian and
Zhi{-}Li Zhang},
title = {A variegated look at 5G in the wild: performance, power, and QoE implications},
booktitle = {{SIGCOMM}},
year = {2021}
}
@inproceedings{bookworm,
author = {Yi Chen and
Yepeng Yao and
XiaoFeng Wang and
Dandan Xu and
Chang Yue and
Xiaozhong Liu and
Kai Chen and
Haixu Tang and
Baoxu Liu},
title = {Bookworm Game: Automatic Discovery of {LTE} Vulnerabilities Through
Documentation Analysis},
booktitle = {{IEEE S\&P}},
year = {2021}
}
@inproceedings{5G_measurement,
author = {Yang Li and
Hao Lin and
Zhenhua Li and
Yunhao Liu and
Feng Qian and
Liangyi Gong and
Xianlong Xin and
Tianyin Xu},
title = {A nationwide study on cellular reliability: measurement, analysis,
and enhancements},
booktitle = {{SIGCOMM}},
year = {2021}
}
@inproceedings{IMP4GT,
author = {David Rupprecht and
Katharina Kohls and
Thorsten Holz and
Christina P{\"{o}}pper},
title = {{IMP4GT:} IMPersonation Attacks in 4G NeTworks},
booktitle = {{NDSS}},
year = {2020}
}
@inproceedings{LTE_Singal_attack,
author = {Hojoon Yang and
Sangwook Bae and
Mincheol Son and
Hongil Kim and
Song Min Kim and
Yongdae Kim},
title = {Hiding in Plain Signal: Physical Signal Overshadowing Attack on {LTE}},
booktitle = {{USENIX} Security},
year = {2019}
}
@inproceedings{Mohajeri2019ott-tracking,
author = {Mohajeri Moghaddam, Hooman and Acar, Gunes and Burgess, Ben and Mathur, Arunesh and Huang, Danny Yuxing and Feamster, Nick and Felten, Edward W. and Mittal, Prateek and Narayanan, Arvind},
title = {Watching You Watch: The Tracking Ecosystem of Over-the-Top
TV Streaming Devices},
booktitle = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '19},
year = {2019},
location = {London, UK},
publisher = {ACM}
}
@inproceedings{5G_analysis,
author = {David A. Basin and
Jannik Dreier and
Lucca Hirschi and
Sasa Radomirovic and
Ralf Sasse and
Vincent Stettler},
title = {A Formal Analysis of 5G Authentication},
booktitle = {{CCS}},
year = {2018}
}
@inproceedings{handover_attack,
author = {Evangelos Bitsikas and
Christina P{\"{o}}pper},
title = {Don't hand it Over: Vulnerabilities in the Handover Procedure of Cellular
Telecommunications},
booktitle = {{ACSAC}},
year = {2021}
}
@inproceedings{LTEInspector,
title={LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE},
author={Syed Rafiul Hussain and Omar Chowdhury and Shagufta Mehnaz and Elisa Bertino},
booktitle={NDSS},
year={2018}
}
@article{IoTGuard,
title={IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT},
author={Z. Berkay Celik and Gang Tan and Patrick Mcdaniel},
journal={NDSS},
year={2019}
}
@INPROCEEDINGS {FieldHunter,
author = {I. Bermudez and A. Tongaonkar and M. Iliofotou and M. Mellia and M. M. Munafo},
booktitle = {2015 IFIP Networking Conference (IFIP Networking)},
title = {Automatic protocol field inference for deeper protocol understanding},
year = {2015},
volume = {},
issn = {},
pages = {1-9},
keywords = {protocols;correlation;ip networks;entropy;security;servers;radiation detectors},
doi = {10.1109/IFIPNetworking.2015.7145307},
url = {https://doi.ieeecomputersociety.org/10.1109/IFIPNetworking.2015.7145307},
}
@inproceedings{binaryinfer,
author = {Jared Chandler and Adam Wick and Kathleen Fisher},
title = {BinaryInferno: A Semantic-Driven Approach to Field Inference for Binary Message Formats},
booktitle = {{NDSS}},
year = {2023}
}
@inproceedings{break_iot,
title={Breaking All the Things - A Systematic Survey of Firmware Extraction Techniques for IoT Devices},
author={Sebastian Vasile and David F. Oswald and Tom Chothia},
booktitle={Smart Card Research and Advanced Application Conference (CARDIS)},
year={2018},
url={https://api.semanticscholar.org/CorpusID:83457761}
}
@inproceedings{firmware_study,
author = {Costin, Andrei and Zaddach, Jonas and Francillon, Aur\'{e}lien and Balzarotti, Davide},
title = {A Large-Scale Analysis of the Security of Embedded Firmwares},
year = {2014},
booktitle = {USENIX Security},
}
@inproceedings{Honeywords,
author = {Juels, Ari and Rivest, Ronald L.},
title = {Honeywords: Making Password-Cracking Detectable},
year = {2013},
booktitle = {CCS},
}
@inproceedings{ChargePrintAF,
title={ChargePrint: A Framework for Internet-Scale Discovery and Security Analysis of EV Charging Management Systems},
author={Tony Nasr and Sadegh Torabi and Elias Bou-Harb and Claude Fachkha and Chadi M. Assi},
booktitle={NDSS},
year={2023},
}
@inproceedings{Brokenwire,
title={Brokenwire: Wireless Disruption of CCS Electric Vehicle Charging},
author={Sebastian Köhler and Richard Baker and Martin Strohmeier and Ivan Martinovici},
booktitle={NDSS},
year={2023},
}
@inproceedings{phy-insec-in-EVcharging,
author = {Richard Baker and
Ivan Martinovic},
editor = {Nadia Heninger and
Patrick Traynor},
title = {Losing the Car Keys: Wireless PHY-Layer Insecurity in {EV} Charging},
booktitle = {28th {USENIX} Security Symposium, {USENIX} Security 2019, Santa Clara,
CA, USA, August 14-16, 2019},
pages = {407--424},
publisher = {{USENIX} Association},
year = {2019},
}
@inproceedings{Attack_Power_Converter,
author = {G{\"{o}}k{\c{c}}en Yilmaz Dayanikli and
Rees R. Hatch and
Ryan M. Gerdes and
Hongjie Wang and
Regan Zane},
title = {Electromagnetic Sensor and Actuator Attacks on Power Converters for
Electric Vehicles},
booktitle = {2020 {IEEE} Security and Privacy Workshops, {SP} Workshops, San Francisco,
CA, USA, May 21, 2020},
pages = {98--103},
publisher = {{IEEE}},
year = {2020},
}
@inproceedings{RelayAttack,
author = {Mauro Conti and
Denis Donadel and
Radha Poovendran and
Federico Turrin},
editor = {Vijayalakshmi Atluri and
Roberto Di Pietro and
Christian Damsgaard Jensen and
Weizhi Meng},
title = {EVExchange: {A} Relay Attack on Electric Vehicle Charging System},
booktitle = {Computer Security - {ESORICS} 2022 - 27th European Symposium on Research
in Computer Security, Copenhagen, Denmark, September 26-30, 2022,
Proceedings, Part {I}},
series = {Lecture Notes in Computer Science},
volume = {13554},
pages = {488--508},
publisher = {Springer},
year = {2022},
}
@inproceedings{WirelessDisruption,
author = {Sebastian K{\"{o}}hler and
Richard Baker and
Martin Strohmeier and
Ivan Martinovic},
editor = {Heng Yin and
Angelos Stavrou and
Cas Cremers and
Elaine Shi},
title = {Demo: End-to-End Wireless Disruption of {CCS} {EV} Charging},
booktitle = {Proceedings of the 2022 {ACM} {SIGSAC} Conference on Computer and
Communications Security, {CCS} 2022, Los Angeles, CA, USA, November
7-11, 2022},
pages = {3515--3517},
publisher = {{ACM}},
year = {2022},
}
@inproceedings{short_id,
author = {Zhang, Yiwei and Li, Juanru and Gu, Dawu},
title = {Rethinking the Security of IoT from the Perspective of Developer Customized Device-Cloud Interaction},
year = {2022},
booktitle = {SAC},
}
@INPROCEEDINGS{MCU_Token,
author = {Yue Xiao and Yi He and Xiaoli Zhang and Qian Wang and Renjie Xie and Kun Sun and Ke Xu and Qi Li},
title = {From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices},
booktitle = {NDSS},
year = 2024
}
@phdthesis{ssh_enumeration_detection,
title={Detection and prevention of username enumeration attack on SSH protocol: machine learning approach},
author={Agghey, Abel},
year={2022},
school={NM-AIST}
}
@article{cloud_enumeration_detection,
title={Detection of Enumeration Attacks in Cloud Environments Using Infrastructure Log Data},
author={Gharghasheh, Samira Eisaloo and Steinbach, Tim},
journal={Handbook of Big Data Analytics and Forensics},
pages={41--52},
year={2022},
publisher={Springer}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment