Threat-Based Security Analysis for the Domestic Smart Home Appliance |
Hong, Paul
(고려대학교 정보보호대학원 정보보호학과)
Lee, Sangmin (고려대학교 정보보호대학원 정보보호학과) Park, Minsu (고려대학교 정보보호대학원 정보보호학과) Kim, Seungjoo (고려대학교 사이버국방학과/정보보호대학원) |
1 | ITU, ITU Internet Reports 2005, Internet of Things(2005). |
2 | ITU-T Y.2060, Overview of the Internet of Things(2012). |
3 | 미래창조과학부, "사물인터넷기본계획," 2014 |
4 | STRATEGY ANALYTICS, "About Smart Home," [Internet], https://www.strategyanalytics.com/access-services/devices/ connected-home/smart-home/about-smart-home#.WBmnDfmLRGo. |
5 | Behrang Fouladi and Sahand Ghanoun, 'Honey, I'm Home!!: Hacking Z-Wave Home Automation System', Black Hat 2013, USA, 2013. |
6 | Tobias Zillner, 'Zigbee Exploited: The Good, the Bad, the Ugly,' Black Hat USA 2015, USA, 2015. |
7 | Joseph Hall, 'Breaking Bulbs Briskly by Bogus Broadcasts,' ShmooCon 2016, USA, 2016. |
8 | Daniel Crowley, "Home Invasion V2.0 - Attacking Network-Controlled Hardware," BlackHat USA, USA, 2013. |
9 | Grant Hernandez, "Smart Nest Themostat A Smart Spy in Your Home," Black Hat USA, USA, 2014. |
10 | Mungmung, "Home Network Hacking," SECUINSIDE, Korea, 2015. |
11 | Thomas Reuter, "Security analysis of wireless communication standards for home automation," Technische Universitat Munchen, 2013. |
12 | Fuller, Jonathan D. and Benjamin W. Ramsey, "Rogue Z-Wave controllers: A persistent attack channel," Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, IEEE, 2015. |
13 | E. Fernandes, J. Jung, and A. Prakash, "Security Analysis of Emerging Smart Home Applications," in Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, pp.636-654, 2016. |
14 | OWASP, "OWASP Internet of Things(IoT) Project," [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project. |
15 | OWASP, "OWASP Internet of Things(IoT) Project_Firmware Analysis Project," [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Firmware_Analysis. |
16 | OWASP, "OWASP Internet of Things(IoT) Project_IoT Attack Surface Areas Project," [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Attack_Surface_Areas. |
17 | Noel Poore, "Internet of Things Security Architecture [BOF3029]," ORACLE OPENWOLRD 2014, San Francisco, 2014. |
18 | Yuri Diogenes, "Internet of Things security architecture," 2016 [Internet], https://azure.microsoft.com/en-us/documentation/articles/iot-security-architecture/. |
19 | Shellphish, "Using static binary analysis to find vulnerabilities and backdoors in Firmware," BalckHat USA, USA, 2015. |
20 | Wen Xu, "Ah! Universal Android Rooting is Back!," BlackHat USA, USA, 2015. |
21 | Zachary Cutlip, "SQL Injection to MIPS overflows: Rooting SOHO Routers," BlackHat USA, USA, 2012. |
22 | SM Sajjad, "Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things(IoT)," CIACS, 2014. |
23 | Mike Ryan, "Bluethooth Smart: The Good, The Bad, The Ugly... and The fix," BlackHat USA, USA, 2013. |
24 | Fouladi, Behrang, and Sahand Ghanoun, "Security evaluation of the Z-Wave wireless protocol," Black hat USA 24 (2013). |
25 | John Mcnabb, "KillerBee: Practical ZigBee Exploitation Framework," Boston 2010, Boston, 2010. |
26 | Travis Goodspeed, "A 16 bit Rookit and Second Generation Zigbee Chips," BlackHat USA, USA, 2009. |
27 | LINDNER, "Router Exploitation," BlackHat USA, USA, 2009 |
28 | John Heasman, "Hacking the Extensible Firmware Interface," BlackHat USA, USA, 2007. |
29 | Barnaby Jack, "Exploiting Embedded Systems," BlackHat Amsterdam, Amsterdam, 2006. |
30 | Brendan O'Connor, "Vulnerabilities in Not-So Embedded Systems," BlackHat USA, USA, 2006. |
31 | The MITRE Corporation, "CAPEC CATEGORY: Software," [Internet], https://capec.mitre.org/data/definitions/513.html. |
32 | The MITRE Corporation, "CAPEC CATEGORY: Hardware," [Internet], https://capec.mitre.org/data/definitions/515.html. |
33 | OWASP, "OWASP Top Ten Cheat Sheet" [Internet], https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet. |
34 | SANS, "CWE/SANS TOP 25 Most Dangerous Software Errors," [Internet], https://www.sans.org/top25-software-errors/. |
35 | Breeuwsma, M. F. "Forensic imaging of embedded systems using JTAG (boundary-scan)," digital investigation 3.1 (2006): 32-42. |
36 | Common Vulnerabilities and Exposures, "CVE-2015-4080," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4080. |
37 | Common Vulnerabilities and Exposures, "CVE-2014-8730," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730. |