This page includes a collection of papers we recommend reading for those interested in studying Internet of Things security and privacy.
1: ACES: Automatic Compartments for Embedded Systems, Usenix Security, 2018
2: C-FLAT: Control-Flow Attestation for Embedded Systems Software, CCS, 2016
3: SEDA: Scalable Embedded Device Attestation, CCS, 2015
4: Lock It and Still Lose It – On the (In)Security of Automotive Remote Keyless Entry Systems, Usenix Security, 2016
5: Hidden Voice Commands, Usenix Security, 2016
6: Fingerprinting Electronic Control Units for Vehicle Intrusion Detection, Usenix Security, 2016
7: Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos, Usenix Security, 2016
8: SmartAuth: User-Centered Authorization for the Internet of Things, Usenix Security, 2016
9: 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices, Usenix Security, 2017
10: AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings, Usenix Security, 2017
11: Rethinking Access Control and Authentication for the Home Internet of Things (IoT), Usenix Security, 2018
12: BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid, Usenix Security, 2018
13: Sensitive Information Tracking in Commodity IoT, Usenix Security, 2018
14: Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices, Usenix Security, 2018
15: Scalable Error Isolation for Distributed Systems, NSDI, 2015
16: FarmBeats: An IoT Platform for Data-Driven Agriculture, NSDI, 2017
17: Bringing IoT to Sorts Analytics, NSDI, 2017
18: Opaque: An Oblivious and Encrypted Distributed Analytics Platform, NSDI, 2017
19: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware, NDSS, 2016
20: discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code, NDSS, 2015
21: Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding, NDSS, 2015
22: Who’s in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems, NDSS, 2016
23: Leakage-Resilient Layout Randomization for Mobile Devices, NDSS, 2016
24: Decentralized Action Integrity for Trigger-Action IoT Platforms, NDSS, 2018
25: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, NDSS, 2018
26: Fear and Logging in the Internet of Things, NDSS, 2018
27: IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing, NDSS, 2018
28: Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations, CCS, 2015
29: From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App, CCS, 2015
30: When Good Becomes Evil: Keystroke Inference with Smartwatch, CCS, 2015
31: Security Analysis of Emerging Smart Home Applications, SP, 2016
32: Heimdall: A Privacy-Respecting Implicit Preference Collection Framework, MobiSys, 2017
33: FlowFence: Practical Data Protection for Emerging IoT Application Frameworks, Usenix Security, 2016
34: ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms, NDSS, 2017
35: IoT Goes Nuclear: Creating a ZigBee Chain Reaction, SP, 2017
36: Augur: Internet-Wide Detection of Connectivity Disruptions, SP, 2017
37: Situational Access Control in the Internet of Things, CCS, 2018
38: HoMonit: Monitoring Smart Home Apps from Encrypted Traffic, CCS, 2018
39: Pinto: Enabling Video Privacy for Commodity IoT Cameras, CCS, 2018
40: If This Then What? Controlling Flows in IoT Apps, CCS, 2018
41: SANA: Secure and Scalable Aggregate Network Attestation, CCS, 2016
42: Protecting Bare-metal Embedded Systems with Privilege Overlays, SP, 2017
43: Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing using Different Sensor Types, SP, 2018
44: Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components, CCS, 2014
45: Firmalice – Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware, NDSS, 2015
46: Inception: System-Wide Security Testing of Real-World Embedded Systems Software, Usenix Security, 2018
47: Prio: Private, Robust, and Scalable Computation of Aggregate Statistics, NSDI, 2017
48: Things, Trouble, Trust: On Building Trust in IoT Systems, DAC, 2016
49: Can IoT be Secured: Emerging Challenges in Connecting the Unconnected, DAC, 2016
50: MUTE: Bringing IoT to Noise Cancellation, Sigcomm, 2018
50: PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, NDSS, 2019
51: IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT, NDSS, 2019
52: Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai, NDSS, 2019
53: Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet, NDSS, 2019
54: Soteria: Automated IoT Safety and Security Analysis, ATC, 2018
55: On the Safety of IoT Device Physical Interaction Control, CCS, 2018
56: FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware, ASPLOS, 2018
57: Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks, CCS, 2018
58: Understanding Linux Malware, SP, 2018
59: Detecting and Identifying Faulty IoT Devices in Smart Home with Context Extraction, DSN, 2018
60: Smart Locks: Lessons for Securing Commodity Internet of Things Devices, CCS, 2016
61: FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware, ASPLOS, 2018
62: Razzer: Finding Kernel Race Bugs through Fuzzing, SP, 2019
63: Fuzzing File Systems via Two-Dimensional Input Space Exploration, SP, 2019
64: Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems, SP, 2019
65: HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows, SP, 2019
66: Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization, SP, 2019
67: SoK: Security Evaluation of Home-Based IoT Deployments, SP, 2019
68: SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, SP, 2019
69: Tap 'n Ghost: A Compilation of Novel Attack Techniques against Smartphone Touchscreens Towards Automated Safety Vetting of PLC Code in Real-World Plants, SP, 2019
70: IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT, NDSS, 2019
71: Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet, NDSS, 2019
72: Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai, NDSS, 2019
73: Digital Healthcare-Associated Infection Analysis of a Major Multi-Campus Hospital System, NDSS, 2019
.........................................................
1: Systematically Evaluating Security and Privacy for Consumer IoT Devices
2: Plaintext Data Transmission in Consumer IoT Medical Devices
3: Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home devices
4: Security & Privacy of Smart Toys
5: How to Practice Safe IoT: Sexual Intimacy in the Age of Smart Devices
6: Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family
7: A Secure Event Logging System for Smart Home
8: Toward Usable Network Traffic Policies for IoT Devices in Consumer Networks
9: Enabling Multi-user Controls in Smart Home Devices
1: SOFIE Secure Open Federation for Internet Everywhere
2: CIoTA: Collaborative IoT Anomaly Detection via Blockchain
3: Standardizing IoT Network Security Policy Enforcement
4: Unifying Lightweight Blockchain Client Implementations
5: Avoiding Gaps in Authorization Solutions for the Internet of Things
6: Reliable Collective Cosigning to Scale Blockchain with Strong Consistency
7: Exploring Security Economics in IoT Standardization Efforts
8: User-Centered Attestation for Layered and Decentralized Systems
9: Distributed Security Risks and Opportunities in the W3C Web of Things
10: A Lightweight Authentication and Key Exchange Protocol for IoT
11: Practical Runtime Attestation for Tiny IoT Devices
12: SPOC: Secure Payments for Outsourced Computations
1: Combining MUD Policies with SDN for IoT Intrusion Detection
2: Clear as MUD: Generating, Validating and Applying IoT Behaviorial Profiles
3: Towards a Resilient Smart Home (DNP)
4: Traversing the Quagmire that is Privacy in Your Smart-Home
5: Web-based Attacks to Discover and Control Local IoT Devices
6: IP-Based IoT Device Detection
7: A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation
8: Towards Secure, Distributed Trust Management on a Global Scale
1: Hardware-Based Trusted Computing Architectures for Isolation and Attestation, TOC, 2018
........................................................
1: A survey of intrusion detection in Internet of Things
2: IoT Middleware: A Survey on Issues and Enabling Technologies
3: Data Collection and Wireless Communication in Internet of Things (IoT) Using Economic Analysis and Pricing Models: A Survey
4: A survey on emerging SDN and NFV security mechanisms for IoT systems
5: A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security
6: A review of Internet of Things for smart home: Challenges and solutions
7: Internet of Things: A survey on the security of IoT frameworks
8: SoK: Security Evaluation of Home-Based IoT Deployments, SP, 2019
9: Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges, SP Magazine, 2019
10: Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities, arXiv
11: IoT Security: An End-to-End View and Case Study, arXiv
12: A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications, arXiv
........................................................