WO2021057053A1 - 一种智能家居物联网系统受攻击安全验证的方法和装置 - Google Patents
一种智能家居物联网系统受攻击安全验证的方法和装置 Download PDFInfo
- Publication number
- WO2021057053A1 WO2021057053A1 PCT/CN2020/091829 CN2020091829W WO2021057053A1 WO 2021057053 A1 WO2021057053 A1 WO 2021057053A1 CN 2020091829 W CN2020091829 W CN 2020091829W WO 2021057053 A1 WO2021057053 A1 WO 2021057053A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- smart home
- attack
- intensity
- parameters
- home device
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000012795 verification Methods 0.000 title claims abstract description 15
- 230000009329 sexual behaviour Effects 0.000 claims description 34
- 230000005012 migration Effects 0.000 claims description 14
- 238000013508 migration Methods 0.000 claims description 14
- 230000007704 transition Effects 0.000 claims description 6
- 230000000135 prohibitive effect Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 description 4
- 238000004378 air conditioning Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- IJJWOSAXNHWBPR-HUBLWGQQSA-N 5-[(3as,4s,6ar)-2-oxo-1,3,3a,4,6,6a-hexahydrothieno[3,4-d]imidazol-4-yl]-n-(6-hydrazinyl-6-oxohexyl)pentanamide Chemical compound N1C(=O)N[C@@H]2[C@H](CCCCC(=O)NCCCCCC(=O)NN)SC[C@@H]21 IJJWOSAXNHWBPR-HUBLWGQQSA-N 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B15/00—Systems controlled by a computer
- G05B15/02—Systems controlled by a computer electric
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0218—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
- G05B23/0224—Process history based detection method, e.g. whereby history implies the availability of large amounts of data
- G05B23/0227—Qualitative history assessment, whereby the type of data acted upon, e.g. waveforms, images or patterns, is not relevant, e.g. rule based assessment; if-then decisions
- G05B23/0235—Qualitative history assessment, whereby the type of data acted upon, e.g. waveforms, images or patterns, is not relevant, e.g. rule based assessment; if-then decisions based on a comparison with predetermined threshold or range, e.g. "classical methods", carried out during normal operation; threshold adaptation or choice; when or how to compare with the threshold
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/26—Pc applications
- G05B2219/2642—Domotique, domestic, home control, automation, smart house
Definitions
- the invention relates to the safety assessment and verification of a smart home Internet of Things system.
- Smart home devices are limited by capacity and resources, and there are many security vulnerabilities, and after many devices leave the factory, their built-in operating systems will not change and are not supervised. Therefore, smart home devices are more vulnerable to external network attacks than traditional computer smart home devices. Common forms of attacks include information leakage, device imitation, DoS attacks, etc. The final attack result is reflected in the control of the data of the sensor device and the destruction of the data link connecting the device. Therefore, the smart home system not only provides users with diverse and powerful functions, but also provides hackers with new possibilities. Due to the interconnected nature of the smart home system, one or two weak nodes may be compromised, which may cause irreversible consequences, and all of this It may even happen without the user's knowledge.
- IFTTT IF THIS THEN THAT
- THIS a certain condition
- THAT a certain operation in another device
- IFTTT is to trigger another device to perform a certain operation when a certain event occurs in a smart home device according to prescribed rules. This trend has received widespread attention because it can better connect a variety of smart home devices and meet the complex requirements of users, allowing each user to participate in writing their own rules.
- IFTTT smart home device interconnection rules are uncertain, and there may even be security issues. Due to the uncertainty of IFTTT rules, the situation when smart home devices are attacked by external networks is more complicated. Therefore, ordinary methods cannot verify the security of the smart home system.
- the problem to be solved by the present invention the security verification of the smart home system under the IFTTT rules.
- a method for verifying the security of a smart home Internet of Things system under attack includes the following steps:
- S1 Acquire description information of smart home devices, set IFTTT rules between smart home devices, and set parameters for prohibited sexual behaviors of attack intensity devices;
- the prohibited sexual behavior parameters of attack severity devices include attack severity thresholds and smart home device parameters And a prohibited state parameter to indicate that when the attack intensity does not exceed the attack intensity threshold, the smart home device pointed to by the smart home device parameter cannot appear in the state indicated by the prohibited state parameter;
- the attack intensity is The number of smart home devices that are under attack;
- S3 Construct a formal specification on the attack intensity according to the preset attack intensity protocol template and the said attack intensity equipment prohibition of sexual behavior parameters;
- the attack intensity protocol template describes the attack intensity within the parameters of the equipment prohibition of sexual behavior.
- the intensity threshold, the smart home device parameters, and the prohibitive state parameters indicate the protocol template for the prohibited sexual behavior of the attack intensity device;
- the smart home device parameter is a device type.
- a device for verifying the security of a smart home IoT system under attack includes the following modules:
- M1 is used to: obtain description information of smart home devices, set IFTTT rules between smart home devices, and set parameters for prohibited sexual behaviors of attack intensity devices; the prohibited sexual behavior parameters of attack severity devices include attack severity thresholds, intelligence
- the home equipment parameter and the prohibition state parameter are used to indicate that the smart home device pointed to by the smart home device parameter cannot appear in the state indicated by the prohibition state parameter when the attack intensity does not exceed the attack intensity threshold; Attack intensity is the number of devices in a smart home device that are under attack;
- M2 is used to: according to the description information of the smart home device, the IFTTT rules between the smart home devices, whether the smart home device is under attack, and the smart home device cannot accept external migration instructions and Restrictive assumptions of untrue device data, build a finite state machine model of smart home device state transitions;
- M3 used for: constructing a formal specification related to the attack severity according to the preset attack severity protocol template and the said attack severity equipment prohibition of sexual behavior parameters;
- the attack severity protocol template describes the prohibition of sexual behavior of the attack severity equipment
- M4 used to: convert the content of the model description document corresponding to the input format of the model checking tool according to the finite state machine model and the formal specification related to attack intensity;
- M5 is used to: use the model checking tool to verify the correctness of the protocol for the content of the model description document; if the protocol is verified correctly, it means that the system is safe, otherwise output a counterexample path;
- M6 is used to: according to the counterexample path output by the model checking tool, find out the smart home equipment and related IFTTT rules that cause the system to be insecure.
- the smart home device parameter is a device type.
- the present invention introduces the attacked state parameter for each smart home device, and introduces the attack intensity parameter globally to construct the finite state machine model and corresponding formal specifications, and then use the model checking tool to compare the finite state machine model and form
- the verification of the correctness of the chemical protocol is to verify whether the smart home IoT system is safe when it is attacked by common external networks.
- the present invention can find out the smart home equipment and related IFTTT rules that cause the system to be insecure, so as to provide help to the user.
- the method of the present invention has good adaptability to the uncertainty of user-defined IFTTT rules.
- the method of the present invention does not require users to have specific professional knowledge, and ordinary users can also use it according to fixed rules.
- Fig. 1 is an automata model constructed by an example of an embodiment of the present invention.
- the method for verifying the security of a smart home Internet of Things system under attack of the present invention includes the following steps:
- S6 Steps to find out the smart home devices and related IFTTT rules that cause the system to be insecure.
- Step S1 The "data" in the data acquisition step consists of three parts: the first part is the description of the smart home device, the second part is the IFTTT rules between the smart home devices, and the third part is the sexual behavior prohibited parameters of the attack intensity device.
- the description information of the smart home device is defined by the smart home devices themselves of various manufacturers, and can be automatically provided by the smart home device, or can be obtained through manual editing. It should be pointed out that the description information of the smart home device here represents the device description information of multiple smart home devices.
- the device description information of each smart home device includes the definition of basic information of the device, the definition of the data that the device can access, the definition of the working status of the device, the definition of the device transition, and the definition of the API interface that the device can operate.
- the description information of the smart home device includes but is not limited to: name, type, serial number, location, etc. The following text is an example of description information of two smart home devices, temperature sensor and air conditioner:
- IFTTT rules between smart home devices are edited and input by the user.
- the following examples of IFTTT rules are based on the aforementioned smart home system consisting of four smart home devices: temperature sensors, air conditioners, motion sensors, and windows:
- the above IFTTT rules contain two IFTTT rules. The first one indicates that when the temperature sensor detects that the temperature is lower than 26 degrees, the air conditioner will be turned off; the second one indicates that when the air conditioner is turned off and the motion sensor detects movement, the air conditioner will be turned off. Open the window.
- Attack intensity device prohibited sexual behavior parameters include attack intensity threshold, smart home device parameters, and prohibition state parameters, which are used to indicate that when the attack intensity does not exceed the attack intensity threshold, the smart home device parameters pointed to by the smart home device parameters cannot appear prohibited state parameters The state represented.
- Attack intensity is the number of devices in the smart home system whose smart home devices are under attack.
- prohibited sexual behavior parameters of attack intensity devices are based on the aforementioned smart home system composed of four smart home devices: temperature sensors, air conditioners, motion sensors, and windows:
- intensity_Threshold represents the attack intensity threshold, and the specific value is "2"
- device_Type represents the smart home device parameter, the specific value is "Window”, and “Window” is the device type, which is The parameter of the smart home device in this example adopts the device type
- state_Forbidden represents the forbidden state parameter, and the specific value is "open”.
- the above example of the attack intensity device prohibited sexual behavior parameter indicates that when the attack intensity does not exceed 2, the smart home device with the device type "Window” cannot appear in the "open” state, that is, when the attack intensity does not exceed 2, the window cannot Is open.
- the attack intensity here is the number of devices in a smart home device that are under attack.
- the input of step S2 is the IFTTT rules between the smart home device description information obtained in step S1 and the smart home device, and whether the set smart home device is under attack and the smart home device cannot accept external migration in the attacked state Restrictive assumptions that the instructions and device data are not true.
- the finite automata model constructed in step S2 can refer to the "hybrid automata model” in the patent document CN 106055318A "A Method and Device for Verification and Repair of a Smart Home Internet of Things System", and the "hybrid automata model” is this The finite automata model referred to by the invention.
- the difference between the present invention and the "hybrid automata model" in the patent document CN 106055318A is that the present invention also introduces the state of whether the smart home device is under attack and the smart home device cannot accept external migration instructions and device data in the attacked state.
- Real restrictive assumptions "The state of whether the smart home device is attacked” is configurable, specifically: each smart home device adds an "attacked” parameter variable to each smart home device under the premise of its own state parameters.
- the "attacked” parameter is a boolean quantity, used to indicate whether the smart home device is under attack: when the "attacked" parameter variable is true, the smart home device is attacked; when the "attacked” parameter variable is false, the smart home device is not attacked .
- the restrictive assumptions that smart home devices cannot accept external migration instructions and device data in an attacked state contains two restrictive assumptions: “Smart home devices cannot accept external migration instructions in an attacked state” and "The device data is untrue in the attacked state.”
- the restrictive assumption that “smart home devices cannot accept external migration instructions in an attacked state” shows that when smart home devices change, the “attacked” parameter variable must be false. For example, after the air conditioner receives the external command "turn on”, it changes from the "off” state to the "on” state under normal circumstances.
- the restrictive assumptions that “smart home devices cannot accept external migration instructions under attack” only when the “attacked” parameter variable is false, the air conditioner can be turned on after the external instruction “turn on” is accepted.
- the "off” state changes to the "on” state.
- the restrictive hypothesis "device data is not real in the attacked state” is manifested as the device data is controlled not to display the true value when the "attacked” parameter variable of the smart home device is true. For example, when the "attacked" parameter variable of a temperature sensor is true, its reported value temperature is controlled by the attacker and can be any value.
- FIG. 1 shows an example of a smart home system composed of four smart home devices including temperature sensors, air conditioners, motion sensors, and windows, and an automaton model constructed according to the aforementioned example of IFTTT rules.
- Each smart home device builds a model based on its description information. Take the air conditioner and temperature sensor as an example. The air conditioner transfers the state to "on” through “turn_on”, and “turn_off” transfers the state to "off", and the air conditioner is "on” The state's influence rate on the temperature is -1, and it becomes 0 in the "off” state, and the temperature sensed by the temperature sensor is affected by the environment and air conditioning, so the influence rate of the environment and air conditioning is added.
- the IFTTT rule associates the devices.
- the model is represented as a state machine model for the rule.
- the rule model has two states “Ready” and “Waiting". The initial state is "Ready”.
- the rule model receives the device information related to the rule conditions. If the conditions are met, the state will be migrated to "Waiting", and the next step will be migrated to the "Ready” state.
- the migration label is Rule_Command. According to the command, the target device is ordered to add the corresponding state transition.
- the migration label is also Rule_Command, through the shared label rule
- the model can then convey the rule execution instructions. Take the aforementioned rule one in the smart home system as an example to determine whether the temperature sensor sensed temperature is lower than 26 degrees.
- the model state will migrate from "Ready” to "Waiting", and then the Rule1_Command migration will be triggered to switch back to the "Ready” state.
- the Rule1_Command migration is executed at the same time through the shared variable air conditioning model, and the state is migrated to "off".
- Step S3 the step of constructing a formal protocol, specifically: constructing a formal protocol related to the attack intensity according to the preset attack intensity protocol template and the attack intensity device prohibited sexual behavior parameters.
- the sexual behavior prohibited parameter of the attack intensity device is input in step S1.
- the attack intensity protocol template is a protocol template that describes the attack intensity threshold within the forbidden behavior parameters of the attack intensity device, the parameters of the smart home device, and the forbidden status parameter to indicate the prohibited behavior of the attack intensity device.
- the "intensity” parameter variable is the attack intensity.
- the meaning of this formal statute is the aforementioned "when the attack intensity does not exceed 2, the window cannot be opened.” That is, in this step, the aforementioned parameters of the prohibited sexual behavior of the attack intensity device are converted into a corresponding formal specification used to indicate "the prohibited sexual behavior of the attack severity device".
- attack intensity is the number of devices in a smart home device under attack
- the "intensity” parameter variable is the number of smart home devices that the "attacked” parameter variable added by the aforementioned smart home device is true.
- Step S4 the step of constructing the content of the model description document, specifically: converting into the description document parameters corresponding to the input format of the model checking tool according to the finite state machine model and the formal specification related to attack intensity.
- model checking tools such as SMV, Spin, BACH, etc.
- SMV has multiple versions, such as: NuSMV, CMU-SMV, Cadence-SMV.
- NuSMV that is, the finite state machine model constructed in step S2 is described in SMV language, and the formal specification output in step S3 is added to construct a model description document.
- the model description document generated by SMV language description is generated.
- the content is as follows:
- Step S5 the step of verifying system security by the model checking tool, that is, inputting the model description document obtained in step S4 into the model checking tool to verify the correctness of the protocol.
- the model description document described in the SMV language is input into the NuSMV tool to verify the correctness of the protocol.
- the NuSMV tool verifies the correctness of the model description document described in the above SMV language and outputs two results: the first is the correctness of the protocol; the second is that the protocol is incorrectly verified.
- the NuSMV tool output protocol verification is correct, it means the system is safe; when the NuSMV tool output protocol verification error, the counterexample path will be output at the same time.
- the counterexample path is composed of a number of tracking nodes arranged in sequence, and each tracking node contains the variable values and state values of the various parameters of all smart home devices.
- Step S6 the steps to find out the smart home devices and related IFTTT rules that cause the system to be insecure.
- the input of this step is the counter example path that is output at the same time when the model checking tool outputs a protocol verification error in step S5.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Selective Calling Equipment (AREA)
Abstract
Description
Claims (4)
- 一种智能家居物联网系统受攻击安全验证的方法,其特征在于,包括以下步骤:S1:获取智能家居设备描述信息、设定的智能家居设备之间的IFTTT规则、设定的攻击烈度设备禁止性行为参数;所述攻击烈度设备禁止性行为参数包括攻击烈度阈值、智能家居设备参数和禁止性状态参数,用以表示在攻击烈度不超过所述攻击烈度阈值时所述智能家居设备参数所指向的智能家居设备不能出现所述禁止性状态参数所表示的状态;所述攻击烈度是智能家居设备处于受攻击状态的设备数;S2:根据所述的智能家居设备描述信息、所述的智能家居设备之间的IFTTT规则、智能家居设备是否受攻击的状态以及在受攻击状态下智能家居设备无法接受外部迁移指令和设备数据不真实的限制性假设条件,构建智能家居设备状态变迁的有限状态机模型;S3:根据预先设定的攻击烈度规约模板和所述的攻击烈度设备禁止性行为参数构建有关攻击烈度的形式化规约;所述攻击烈度规约模板是描述所述攻击烈度设备禁止性行为参数内攻击烈度阈值、智能家居设备参数和禁止性状态参数之间表示攻击烈度设备禁止性行为的规约模板;S4:根据所述的有限状态机模型和所述的有关攻击烈度的形式化规约转换成模型检验工具所对应输入格式的模型描述文档内容;S5:采用所述模型检验工具对所述的模型描述文档内容进行规约正确性验证;若规约验证正确,则表示系统安全,否则输出反例路径;S6:根据所述模型检验工具所输出的反例路径,找出导致系统不安全的智能家居设备和相关的IFTTT规则。
- 如权利要求1所述的智能家居物联网系统受攻击安全验证的方法,其特征在于,所述智能家居设备参数为设备类型。
- 一种智能家居物联网系统受攻击安全验证的装置,其特征在于,包括以下模块:M1,用于:获取智能家居设备描述信息、设定的智能家居设备之间的IFTTT规则、设定的攻击烈度设备禁止性行为参数;所述攻击烈度设备禁止性行为参数包括攻击烈度阈值、智能家居设备参数和禁止性状态参数,用以表示在攻击烈度不超过所述攻击烈度阈值时所述智能家居设备参数所指向的智能家居设备不能出现所述禁止性状态参数所表示的状态;所述攻击烈度是智能家居设备处于受攻击状态的设备数;M2,用于:根据所述的智能家居设备描述信息、所述的智能家居设备之间的IFTTT规则、智能家居设备是否受攻击的状态以及在受攻击状态下智能家居设备无法接受外部迁移指令和设备数据不真实的限制性假设条件,构建智能家居设备状态变迁的有限状态机模型;M3,用于:根据预先设定的攻击烈度规约模板和所述的攻击烈度设备禁止性行为参数构建有关攻击烈度的形式化规约;所述攻击烈度规约模板是描述所述攻击烈度设备禁止性行为参数内攻击烈度阈值、智能家居设备参数和禁止性状态参数之间表示攻击烈度设备禁止性行为的规约模板;M4,用于:根据所述的有限状态机模型和所述的有关攻击烈度的形式化规约转换成模型检验工具所对应输入格式的模型描述文档内容;M5,用于:采用所述模型检验工具对所述的模型描述文档内容进行规约正确性验证;若规约验证正确,则表示系统安全,否则输出反例路径;M6,用于:根据所述模型检验工具所输出的反例路径,找出导致系统不安全的智能家居设备和相关的IFTTT规则。
- 如权利要求3所述的智能家居物联网系统受攻击安全验证的装置,其特征在于,所述智能家居设备参数为设备类型。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB2203394.8A GB2603317B (en) | 2019-09-29 | 2020-05-22 | Security verification method and apparatus for attacked smart home internet of things system |
US17/642,994 US11533336B2 (en) | 2019-09-29 | 2020-05-22 | Security verification method and apparatus for attacked smart home Internet of Things system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910930600.0A CN110677413B (zh) | 2019-09-29 | 2019-09-29 | 一种智能家居物联网系统受攻击安全验证的方法和装置 |
CN201910930600.0 | 2019-09-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021057053A1 true WO2021057053A1 (zh) | 2021-04-01 |
Family
ID=69079868
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/091829 WO2021057053A1 (zh) | 2019-09-29 | 2020-05-22 | 一种智能家居物联网系统受攻击安全验证的方法和装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11533336B2 (zh) |
CN (1) | CN110677413B (zh) |
GB (1) | GB2603317B (zh) |
WO (1) | WO2021057053A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113138721A (zh) * | 2021-04-30 | 2021-07-20 | 清华大学 | 旁路攻击漏洞形式化验证方法及装置 |
WO2023082340A1 (zh) * | 2021-11-12 | 2023-05-19 | 浙江大学 | 一种基于形式化验证的嵌入式设备安全启动方案设计方法 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677413B (zh) * | 2019-09-29 | 2021-07-30 | 南京大学 | 一种智能家居物联网系统受攻击安全验证的方法和装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106055318A (zh) * | 2016-05-23 | 2016-10-26 | 南京大学 | 一种智能家居物联网系统验证与修复的方法和装置 |
CN107037736A (zh) * | 2017-03-23 | 2017-08-11 | 美的智慧家居科技有限公司 | 智能家居系统的联动控制方法、红外感应器及智能网关 |
US10181959B2 (en) * | 2015-07-27 | 2019-01-15 | International Business Machines Corporation | Methods and systems for mindful home automation |
CN110677413A (zh) * | 2019-09-29 | 2020-01-10 | 南京大学 | 一种智能家居物联网系统受攻击安全验证的方法和装置 |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101682626A (zh) * | 2007-05-24 | 2010-03-24 | 爱维技术解决方案私人有限公司 | 用于模拟对网络的黑客攻击的方法和系统 |
CN101409621B (zh) * | 2008-11-13 | 2011-05-11 | 中国移动通信集团北京有限公司 | 一种基于设备的多方身份认证方法及系统 |
US8068431B2 (en) * | 2009-07-17 | 2011-11-29 | Satyam Computer Services Limited | System and method for deep packet inspection |
CN102036231B (zh) * | 2010-09-07 | 2013-05-22 | 北京兵港科技发展有限公司 | 一种物联网网络架构安全体系及其安全方法 |
US20160241660A1 (en) * | 2014-08-26 | 2016-08-18 | Hoang Nhu | Sensors and systems for iot and ifttt applications and related methods |
US9699205B2 (en) * | 2015-08-31 | 2017-07-04 | Splunk Inc. | Network security system |
US20180034701A1 (en) * | 2016-08-01 | 2018-02-01 | Cognito Networks, Inc. | Creating and managing dynamic internet of things policies |
CN106911768B (zh) * | 2017-02-06 | 2021-10-15 | 美的智慧家居科技有限公司 | 智能设备、智能家居系统及其设置方法及装置 |
US10397263B2 (en) * | 2017-04-25 | 2019-08-27 | Futurewei Technologies, Inc. | Hierarchical pattern matching for deep packet analysis |
US10586051B2 (en) * | 2017-08-31 | 2020-03-10 | International Business Machines Corporation | Automatic transformation of security event detection rules |
US10128914B1 (en) * | 2017-09-06 | 2018-11-13 | Sony Interactive Entertainment LLC | Smart tags with multiple interactions |
US10771486B2 (en) * | 2017-09-25 | 2020-09-08 | Splunk Inc. | Systems and methods for detecting network security threat event patterns |
US11206278B2 (en) * | 2019-01-29 | 2021-12-21 | Battelle Memorial Institute | Risk-informed autonomous adaptive cyber controllers |
CN109905374B (zh) * | 2019-01-29 | 2021-06-15 | 杭州电子科技大学 | 一种面向智能家庭的具有隐私保护特性的身份认证方法 |
US11843621B2 (en) * | 2019-03-08 | 2023-12-12 | Forescout Technologies, Inc. | Behavior based profiling |
-
2019
- 2019-09-29 CN CN201910930600.0A patent/CN110677413B/zh active Active
-
2020
- 2020-05-22 GB GB2203394.8A patent/GB2603317B/en active Active
- 2020-05-22 WO PCT/CN2020/091829 patent/WO2021057053A1/zh active Application Filing
- 2020-05-22 US US17/642,994 patent/US11533336B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10181959B2 (en) * | 2015-07-27 | 2019-01-15 | International Business Machines Corporation | Methods and systems for mindful home automation |
CN106055318A (zh) * | 2016-05-23 | 2016-10-26 | 南京大学 | 一种智能家居物联网系统验证与修复的方法和装置 |
CN107037736A (zh) * | 2017-03-23 | 2017-08-11 | 美的智慧家居科技有限公司 | 智能家居系统的联动控制方法、红外感应器及智能网关 |
CN110677413A (zh) * | 2019-09-29 | 2020-01-10 | 南京大学 | 一种智能家居物联网系统受攻击安全验证的方法和装置 |
Non-Patent Citations (1)
Title |
---|
XIAO DING , WANG QIAN-YU , CAI MING , LI XIU: "Research on Implicit Interference Detection Based on Knowledge Graph in Smart Home Automation", CHINESE JOURNAL OF COMPUTERS, vol. 42, no. 6, 1 June 2019 (2019-06-01), pages 1190 - 1204, XP055796574, DOI: 10.11897/SP.J.1016.2019.01190 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113138721A (zh) * | 2021-04-30 | 2021-07-20 | 清华大学 | 旁路攻击漏洞形式化验证方法及装置 |
CN113138721B (zh) * | 2021-04-30 | 2022-11-29 | 清华大学 | 旁路攻击漏洞形式化验证方法及装置 |
WO2023082340A1 (zh) * | 2021-11-12 | 2023-05-19 | 浙江大学 | 一种基于形式化验证的嵌入式设备安全启动方案设计方法 |
Also Published As
Publication number | Publication date |
---|---|
CN110677413B (zh) | 2021-07-30 |
US20220337622A1 (en) | 2022-10-20 |
GB2603317B (en) | 2024-02-14 |
US11533336B2 (en) | 2022-12-20 |
GB2603317A (en) | 2022-08-03 |
GB202203394D0 (en) | 2022-04-27 |
CN110677413A (zh) | 2020-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021057053A1 (zh) | 一种智能家居物联网系统受攻击安全验证的方法和装置 | |
Giua et al. | Observability of place/transition nets | |
McCullough | A hookup theorem for multilevel security | |
Alkar et al. | An Internet based wireless home automation system for multifunctional devices | |
Brooke et al. | Fault trees for security system design and analysis | |
US10198422B2 (en) | Information-processing equipment based on a spreadsheet | |
CN103488568B (zh) | 一种嵌入式软件可信属性建模与验证方法 | |
CN105302055A (zh) | 一种工业控制系统中可编程逻辑控制器的安全监控系统及方法 | |
Ru et al. | Sensor selection for structural observability in discrete event systems modeled by Petri nets | |
CN102624574B (zh) | 一种对协议实现进行安全测试的方法及装置 | |
Garcia et al. | Detecting PLC control corruption via on-device runtime verification | |
McParland et al. | Monitoring security of networked control systems: It's the physics | |
CN108183897B (zh) | 一种信息物理融合系统安全风险评估方法 | |
Basile et al. | Noninterference enforcement via supervisory control in bounded Petri nets | |
WO2022188895A1 (zh) | 基于通用型辅助变量法的det与relap5耦合的动态特性分析方法 | |
Eggert et al. | The complexity of intransitive noninterference | |
Kang et al. | Statistical analysis of energy-aware real-time automotive systems in EAST-ADL/Stateflow | |
Huang et al. | Research on safe communication architecture for real-time ethernet distributed control system | |
Reese | Software deviation analysis | |
CN112650638B (zh) | 一种基于门级污染标签跟踪模型的硬件安全漏洞检测方法 | |
Göbe et al. | Synthesis tool for automation controller supervision | |
Koucham et al. | Cross-domain alert correlation methodology for industrial control systems | |
Bonakdarpour et al. | Automated model repair for distributed programs | |
Gario et al. | Fail-safe testing of safety-critical systems | |
Hotellier et al. | Standard specification-based intrusion detection for hierarchical industrial control systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20870400 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 202203394 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20200522 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20870400 Country of ref document: EP Kind code of ref document: A1 |