7 research outputs found
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
Obfuscated Android Application Development
International audienceObfuscation techniques help developers to hide their code when distributing an Android application. The used techniques are linked to the features provided by the programming language but also with the way the application is executed. Using obfuscation is now a common practice and specialized companies sell tools or services for automatizing the manipulation of the source code. In this paper, we present how to develop obfuscated applications and how obfuscation technique usage is evolving in the wild. First, using advanced obfuscation techniques requires some advanced knowledge about the development of Android applications. We describe how to build such applications for helping researchers to generate samples of obfuscated applications for their own research. Second, the use of obfuscation techniques is evolving for both regular applications or malicious ones. We aim at measuring the development of these usages by studying application and malware samples and the artifacts that indicate the use of obfuscation techniques
Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild
In this paper, we seek to better understand Android obfuscation and depict a
holistic view of the usage of obfuscation through a large-scale investigation
in the wild. In particular, we focus on four popular obfuscation approaches:
identifier renaming, string encryption, Java reflection, and packing. To obtain
the meaningful statistical results, we designed efficient and lightweight
detection models for each obfuscation technique and applied them to our massive
APK datasets (collected from Google Play, multiple third-party markets, and
malware databases). We have learned several interesting facts from the result.
For example, malware authors use string encryption more frequently, and more
apps on third-party markets than Google Play are packed. We are also interested
in the explanation of each finding. Therefore we carry out in-depth code
analysis on some Android apps after sampling. We believe our study will help
developers select the most suitable obfuscation approach, and in the meantime
help researchers improve code analysis systems in the right direction
Authorisation inconsistency in IoT thirdâparty integration
Abstract Today's IoT platforms provide rich functionalities by integrating with popular thirdâparty services. Due to the complexity, it is critical to understand whether the IoT platforms have properly managed the authorisation in the crossâcloud IoT environments. In this study, the authors report the first systematic study on authorisation management of IoT thirdâparty integration by: (1) presenting two attacks that leak control permissions of the IoT device in the integration of thirdâparty services; (2) conducting a measurement study over 19 realâworld IoT platforms and three major thirdâparty services. Results show that eight of the platforms are vulnerable to the threat. To educate IoT developers, the authors provide inâdepth discussion about existing design principles and propose secure design principles for IoT crossâcloud control frameworks
Preparation and performance analysis of plasma electrolytic oxidation film on brass surface
In order to improve the corrosion resistance of brass, plasma electrolytic oxidation was performed on its surface, and the influence of Na2SiO3 electrolyte concentration on the performance of the oxide film was analyzed. The electrolyte with Na2SiO3·9H2O was prepared and NaOH as the main components, the forward voltage of 520 V, forward current of 1.4 A, pulse frequency of 2000 Hz, positive and negative duty ratio of 20% were set, and plasma electrolytic oxidation was performed on the brass specimen for 80 min. The influence of Na2SiO3 concentration on the microscopic morphology of the oxide film, thickness, roughness, chemical composition, bonding force and corrosion resistance was studied by field emission scanning electron microscope (SEM), surface roughness measuring instrument, eddy current thickness gauge, energy spectrometer (EDS), X-ray diffractometer (XRD), cross-cut adhesion tester, electrochemical workstation (potential polarization curve). The results show that the chemical composition of the film surface is composed of Cu, Zn, O, Si and other elements, and exists in the form of metal oxide and amorphous silicon dioxide. As the concentration of Na2SiO3 increases, the number of micropores on the surface of the film gradually increases, the size and distribution of the pores are becoming more and more uniform, the thickness of the film first increases and then decreases, and the surface roughness value first decreases and then increases. However, the excessive Na2SiO3 concentration increases the plasma electrolytic oxidation reaction and the surface melts, the quality of the film does not rise but falls. Plasma electrolytic oxidation can effectively improve the surface properties of brass. When the Na2SiO3 concentration is 8 g/L, the oxide film has the best corrosion resistance, and its self-corrosion current density is reduced by 2 orders of magnitude compared with the matrix
Recommended from our members
Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild
In this paper, we seek to better understand Android obfuscation and depict a
holistic view of the usage of obfuscation through a large-scale investigation
in the wild. In particular, we focus on four popular obfuscation approaches:
identifier renaming, string encryption, Java reflection, and packing. To obtain
the meaningful statistical results, we designed efficient and lightweight
detection models for each obfuscation technique and applied them to our massive
APK datasets (collected from Google Play, multiple third-party markets, and
malware databases). We have learned several interesting facts from the result.
For example, malware authors use string encryption more frequently, and more
apps on third-party markets than Google Play are packed. We are also interested
in the explanation of each finding. Therefore we carry out in-depth code
analysis on some Android apps after sampling. We believe our study will help
developers select the most suitable obfuscation approach, and in the meantime
help researchers improve code analysis systems in the right direction