Physical Interaction Discovery And Risk Analysis Between Cross-platform IoT Applications

In recent years,the Internet of Things(IoT)has been developed rapidly,and it has been widely deployed in intelligent manufacturing,smart home,and smart medical service etc,which has brought great convenience to users' lives.However,it also intro-duces many unique security risks in IoT environment,which pose a serious threat to the security and safety of users' home.Therefore,we need to conduct in-depth research on the security of IoT.This dissertation finds that the physical interactions between appli-cations in the IoT environment will bring security hazards to users' home.Moreover,a large number of applications of the third-party rule platform have further exacerbated the formation of the physical interactions between applications.This dissertation proposes a method to extract the physical interactions between the cross-platform IoT applications,which can be applied to static analysis of different platform applications,and can extract the physical interactions of different applications due to the shared physical environment.We also propose methods to evaluate the risk of the discovered physical interactions,and give the security warnning to the IoT suppliers and developers.The specific work is as follows:(1)We propose a new IoT application and rule analysis algorithm to support anal-ysis and extraction of physical interactions between applications.The main research is to convert the rules described by natural language into standard analyzable code,and propose an algorithm to extract physical interaction between cross-platform IoT appli-cations and rules.(2)For the extracted physical interaction dependencies,two risk evaluation meth-ods based on machine learning algorithms are designed,and the effectiveness of the algorithms are proved by carried experiments.For the dependency chain with higher risk,we design two methods to mitigate the problems:one is to enhance the triggering conditions of actions by code instrumentation,the other is to detect whether the installed applications and the to-be-installed applications(rules)can form physical interactions during application installation,so as to prompt the user whether to install the application or rule.(3)We collect all 244 rules used to control SmartThings devices in IFTTT platform and 187 official SmartApps from Samsung website.Using the method designed in this dissertation,177 physical interactions formed by 120 SmartApps that can be success-fully analyzed are extracted.After 98 IFTTT rules that can be successfully analyzed are added,the quantity of physical interactions formed is 231.It can be seen that the third-party rule platform really intensifies the formation of physical interactions.Com-pared with the channel assignment method,the accuracy of the method based on action tagging can reach 85.6%which is higher than that of the channel assignment method.The accuracy of the method based on application scoring is 70.1%which is lower than that of the channel assignment method,but the method based on application scoring can support the risk value calculation of the interactions formed by more than two physical channels.