Research On Security Evaluation Technics For The Smart Home System Of Internet Of Things

With the frequent development of the smart home system of Internet of Things(IoT)and security incidents,and intensified the two sides of the game,many smart home products have been attacked and controlled,the user's personal security and property security,and privacy security were threatened,in order to accurately reflect the status of the smart home system,protect user's the rights and interests,assist the manufacturers to improve their products safety,security evaluation technology for smart home system has received extensive attention.However,most of the studies are launched by the manufacturers themselves,and the research achievements are limited to their own products or equipment system,the assessment schemes are not compatible with the others,the defense strategies can not be shared.Therefore,the security evaluation technology for the smart home system this paper studied has great theoretical and practical significance.First of all,we select a series of the smart home products,including smart TVs,routers,air conditioners,refrigerators and so on.Combined with the Web penetration testing technique and the mobile Internet security technology,we do some the vulnerability mining and security analysis work on these devices and find the potential safety hazard.Then use these typical attack cases to lay a good foundation for the security evaluation and defence work of the smart home system of Internet of Things.Secondly,based on the typical attack cases,we analyze the layers,surfaces and points of attack from the angle of the terminal,the network,the APP and the Cloud,and form the vulnerability of classification.According to the national standard "GBT 30279-2013,Information Security Technology,Security Vulnerability Classification Guide",an improvement of the common vulnerability scoring system(CVSS)is proposed,this makes CVSS more suitable for the smart home system.And it can obtain vulnerabilities scores,accurately reflecting the security status of the system and providing strong support for system security defense and reinforcement.Finally,the theory of network attack killing chain,dynamically-enabled defense technology and its application in the smart home system are researched.In the premise of dynamically-enabled defense,the state of the system is constantly changing,the attacker can not grasp all the information of the target system within a limited period of time,but if the system's changing frequency is too high,it will take too many resources,if the frequency is too low,the attacker will have enough time to analyze the system.In this paper,combined with the improved vulnerability scoring system,a dynamic defense strategy based on Markov chain and stochastic Petri net is proposed,this strategy calculates the attack detection probability and the vulnerability value of the system,and then obtain the best dynamic switching cycle interval to keep the system stay security.