Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.3.143

Threat-Based Security Analysis for the Domestic Smart Home Appliance  

Hong, Paul (고려대학교 정보보호대학원 정보보호학과)
Lee, Sangmin (고려대학교 정보보호대학원 정보보호학과)
Park, Minsu (고려대학교 정보보호대학원 정보보호학과)
Kim, Seungjoo (고려대학교 사이버국방학과/정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.3, 2017 , pp. 143-158 More about this Journal
Abstract
Smart Home Appliance which makes people to operate machines in the home by remote control is service or technology to provide convenience. It is close to home, so it has privacy problem and security problem. If Smart Home Applications is attacked, Scale of damage is anticipated. In case of products from overseas country, various vulnerability has been announced every year. Therefore, It is necessary to identify and to analysis threats of Smart Home Appliance using systematically method for using safe Smart home appliance service. In this paper, we present check list for identifying and analyzing threats using Threat Modeling and then we analyzed the Domestic Smart Home Appliance using check list which we present.
Keywords
Threat Modeling; Smart Home Appliance; Threat Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 ITU, ITU Internet Reports 2005, Internet of Things(2005).
2 ITU-T Y.2060, Overview of the Internet of Things(2012).
3 미래창조과학부, "사물인터넷기본계획," 2014
4 STRATEGY ANALYTICS, "About Smart Home," [Internet], https://www.strategyanalytics.com/access-services/devices/ connected-home/smart-home/about-smart-home#.WBmnDfmLRGo.
5 Behrang Fouladi and Sahand Ghanoun, 'Honey, I'm Home!!: Hacking Z-Wave Home Automation System', Black Hat 2013, USA, 2013.
6 Tobias Zillner, 'Zigbee Exploited: The Good, the Bad, the Ugly,' Black Hat USA 2015, USA, 2015.
7 Joseph Hall, 'Breaking Bulbs Briskly by Bogus Broadcasts,' ShmooCon 2016, USA, 2016.
8 Daniel Crowley, "Home Invasion V2.0 - Attacking Network-Controlled Hardware," BlackHat USA, USA, 2013.
9 Grant Hernandez, "Smart Nest Themostat A Smart Spy in Your Home," Black Hat USA, USA, 2014.
10 Mungmung, "Home Network Hacking," SECUINSIDE, Korea, 2015.
11 Thomas Reuter, "Security analysis of wireless communication standards for home automation," Technische Universitat Munchen, 2013.
12 Fuller, Jonathan D. and Benjamin W. Ramsey, "Rogue Z-Wave controllers: A persistent attack channel," Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, IEEE, 2015.
13 E. Fernandes, J. Jung, and A. Prakash, "Security Analysis of Emerging Smart Home Applications," in Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, pp.636-654, 2016.
14 OWASP, "OWASP Internet of Things(IoT) Project," [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project.
15 OWASP, "OWASP Internet of Things(IoT) Project_Firmware Analysis Project," [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Firmware_Analysis.
16 OWASP, "OWASP Internet of Things(IoT) Project_IoT Attack Surface Areas Project," [Internet], https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Attack_Surface_Areas.
17 Noel Poore, "Internet of Things Security Architecture [BOF3029]," ORACLE OPENWOLRD 2014, San Francisco, 2014.
18 Yuri Diogenes, "Internet of Things security architecture," 2016 [Internet], https://azure.microsoft.com/en-us/documentation/articles/iot-security-architecture/.
19 Shellphish, "Using static binary analysis to find vulnerabilities and backdoors in Firmware," BalckHat USA, USA, 2015.
20 Wen Xu, "Ah! Universal Android Rooting is Back!," BlackHat USA, USA, 2015.
21 Zachary Cutlip, "SQL Injection to MIPS overflows: Rooting SOHO Routers," BlackHat USA, USA, 2012.
22 SM Sajjad, "Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things(IoT)," CIACS, 2014.
23 Mike Ryan, "Bluethooth Smart: The Good, The Bad, The Ugly... and The fix," BlackHat USA, USA, 2013.
24 Fouladi, Behrang, and Sahand Ghanoun, "Security evaluation of the Z-Wave wireless protocol," Black hat USA 24 (2013).
25 John Mcnabb, "KillerBee: Practical ZigBee Exploitation Framework," Boston 2010, Boston, 2010.
26 Travis Goodspeed, "A 16 bit Rookit and Second Generation Zigbee Chips," BlackHat USA, USA, 2009.
27 LINDNER, "Router Exploitation," BlackHat USA, USA, 2009
28 John Heasman, "Hacking the Extensible Firmware Interface," BlackHat USA, USA, 2007.
29 Barnaby Jack, "Exploiting Embedded Systems," BlackHat Amsterdam, Amsterdam, 2006.
30 Brendan O'Connor, "Vulnerabilities in Not-So Embedded Systems," BlackHat USA, USA, 2006.
31 The MITRE Corporation, "CAPEC CATEGORY: Software," [Internet], https://capec.mitre.org/data/definitions/513.html.
32 The MITRE Corporation, "CAPEC CATEGORY: Hardware," [Internet], https://capec.mitre.org/data/definitions/515.html.
33 OWASP, "OWASP Top Ten Cheat Sheet" [Internet], https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet.
34 SANS, "CWE/SANS TOP 25 Most Dangerous Software Errors," [Internet], https://www.sans.org/top25-software-errors/.
35 Breeuwsma, M. F. "Forensic imaging of embedded systems using JTAG (boundary-scan)," digital investigation 3.1 (2006): 32-42.
36 Common Vulnerabilities and Exposures, "CVE-2015-4080," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4080.
37 Common Vulnerabilities and Exposures, "CVE-2014-8730," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730.