This page includes a collection of papers we recommend reading for those interested in studying Internet of Things security and privacy. If you have any suggestions, please send a pull request.
Z. Berkay Celik and Xiaolei Wang.
First Depth Study on IoT Security (focusing on SmartThings, and motivating the following IoT research)
- 2016, IEEE S&P, Security Analysis of Emerging Smart Home Applications
- 2016, USENIX Security, FlowFence: Practical Data Protection for Emerging IoT Application Frameworks
- 2018, USENIX Security, Sensitive Information Tracking in Commodity IoT
- 2017, NDSS, ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms
- 2017, USENIX Security, SmartAuth: User-Centered Authorization for the Internet of Things
- 2017, Access Control Models, FACT: Functionality-centric Access Control System for IoT Programming Frameworks
- 2018, USENIX Security, Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
- 2018, IEEE SecDev, Tyche: Risk-Based Permissions for Smart Home Platforms
- 2019, NDSS, IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT(will be available soon)
- 2018, USENIX ATC, Soteria: Automated IoT Safety and Security Analysis
- 2018, CoNEXT, IoTSAN: Fortifying the Safety of IoT Systems
- 2018, CCS, On the Safety of IoT Device Physical Interaction Control
- 2018, NDSS, Fear and Logging in the Internet of Things
- 2018, IEEE S&P, Understanding Linux Malware *
- 2018, arXiv, Peek-a-Boo: I see your smart home activities even encrypted
- 2018, arXiv, Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers
- 2018, arXiv, A Developer-Friendly Library for Smart Home IoT Privacy Preserving Traffic Obfuscation
- 2017, arXiv, Spying on the Smart Home Privacy Attacks and Defenses on Encrypted IoT Traffic
- 2017, arXiv, Detecting Spies in IoT Systems using Cyber-Physical Correlation
- 2018, arXiv, Understanding and Mitigating the Security Risks of Voice-Controlled Third-Party Skills on Amazon Alexa and Google Home
- 2018, arXiv, Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
- 2018, arXiv, CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition
- 2018, arXiv, Nonsense Attacks on Google Assistant
- 2016, CHI, Trigger-Action Programming in the Wild: An Analysis of 200,000 IFTTT Recipes
- 2017, WWW, Some Recipes Can Do More Than Spoil Your Appetite Analyzing the Security and Privacy Risks of IFTTT Recipes
- 2017, arXiv, IFTTT vs. Zapier A Comparative Study of Trigger-Action Programming Frameworks
- 2017, IMC, An Empirical Characterization of IFTTT Ecosystem, Usage, and Performance
- 2018, NDSS, Decentralized Action Integrity for Trigger-Action IoT Platforms
- 2019, arXiv, Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
- 2019, IEEE S&P, SoK: Security Evaluation of Home-Based IoT Deployments
- 2018, arXiv, IoT Security: An End-to-End View and Case Study
- 2017, arXiv, A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security
- 2017, arXiv, Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be
- 2017, IEEE S&P Magazine, Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges
- 2018, BlackHat, IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
- 2018, arXiv, A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications