Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks

The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue

Obfuscated Android Application Development

International audienceObfuscation techniques help developers to hide their code when distributing an Android application. The used techniques are linked to the features provided by the programming language but also with the way the application is executed. Using obfuscation is now a common practice and specialized companies sell tools or services for automatizing the manipulation of the source code. In this paper, we present how to develop obfuscated applications and how obfuscation technique usage is evolving in the wild. First, using advanced obfuscation techniques requires some advanced knowledge about the development of Android applications. We describe how to build such applications for helping researchers to generate samples of obfuscated applications for their own research. Second, the use of obfuscation techniques is evolving for both regular applications or malicious ones. We aim at measuring the development of these usages by studying application and malware samples and the artifacts that indicate the use of obfuscation techniques

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction

Authorisation inconsistency in IoT third‐party integration

Abstract Today's IoT platforms provide rich functionalities by integrating with popular third‐party services. Due to the complexity, it is critical to understand whether the IoT platforms have properly managed the authorisation in the cross‐cloud IoT environments. In this study, the authors report the first systematic study on authorisation management of IoT third‐party integration by: (1) presenting two attacks that leak control permissions of the IoT device in the integration of third‐party services; (2) conducting a measurement study over 19 real‐world IoT platforms and three major third‐party services. Results show that eight of the platforms are vulnerable to the threat. To educate IoT developers, the authors provide in‐depth discussion about existing design principles and propose secure design principles for IoT cross‐cloud control frameworks

Preparation and performance analysis of plasma electrolytic oxidation film on brass surface

In order to improve the corrosion resistance of brass, plasma electrolytic oxidation was performed on its surface, and the influence of Na2SiO3 electrolyte concentration on the performance of the oxide film was analyzed. The electrolyte with Na2SiO3·9H2O was prepared and NaOH as the main components, the forward voltage of 520 V, forward current of 1.4 A, pulse frequency of 2000 Hz, positive and negative duty ratio of 20% were set, and plasma electrolytic oxidation was performed on the brass specimen for 80 min. The influence of Na2SiO3 concentration on the microscopic morphology of the oxide film, thickness, roughness, chemical composition, bonding force and corrosion resistance was studied by field emission scanning electron microscope (SEM), surface roughness measuring instrument, eddy current thickness gauge, energy spectrometer (EDS), X-ray diffractometer (XRD), cross-cut adhesion tester, electrochemical workstation (potential polarization curve). The results show that the chemical composition of the film surface is composed of Cu, Zn, O, Si and other elements, and exists in the form of metal oxide and amorphous silicon dioxide. As the concentration of Na2SiO3 increases, the number of micropores on the surface of the film gradually increases, the size and distribution of the pores are becoming more and more uniform, the thickness of the film first increases and then decreases, and the surface roughness value first decreases and then increases. However, the excessive Na2SiO3 concentration increases the plasma electrolytic oxidation reaction and the surface melts, the quality of the film does not rise but falls. Plasma electrolytic oxidation can effectively improve the surface properties of brass. When the Na2SiO3 concentration is 8 g/L, the oxide film has the best corrosion resistance, and its self-corrosion current density is reduced by 2 orders of magnitude compared with the matrix

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction