计算机网络和信息集成教育部重点实验室（东南大学）
首页 实验室概况 研究队伍 人才培养 科学研究及主要成果 开放与交流 科研资源共享 运行管理
2018年学术报告 学术报告 开放课题设置 合作项目 举办学术会议 --- 2018年学术报告 --- <strong>How the Grinch Stole “Smart” Christmas!</strong> 时间：2018年6月28日 上午10:00 地点：九龙湖计算机楼313 报告简介：   In this talk, we show how Grinch, the bad guy, could ruin our Christmas in the era of IoT. Particularly, we target a known manufacturer, APPLights. Their products include C9 lights, icicle light-strings, spotlight projectors, candy cane pathway markers and Kaleidoscope spotlights. They can often be seen in a local Home Depot store in the US during the winter holiday season. APPLights’ Android or iOS app can be used to control these lights through Bluetooth Low Energy (BLE). The app protects its source code using encryption by Qihoo 360 jiagubao, Java Native Interface (JNI) techniques, code obfuscation and supports password based user authentication at the application layer. We systematically perform static analysis and dynamic analysis of the app, and conduct traffic analysis of the BLE traffic to understand the security measures of the lighting system. With our replay attack, brute force attack and spoofing attack, we can control any product that uses the APPLights app.Extensive real world experiments are performed to validate the feasibility of these attacks. We present threat mitigation strategies such as more sophisticated code obfuscation and strong BLE pairing methods, and propose a practical solution taking cost and usability into account to fight the discovered attacks. While we focus on APPLights in this paper, results and observations from this study can be extended to other similar BLE applications such as medical devices for which user authentication is needed. 报告人简介：    Dr. Xinwen Fu is an associate professor in the Department of Computer Science, University of Central Florida. He received B.S. (1995) and M.S. (1998) in Electrical Engineering from Xi'an Jiaotong University, China and University of Science and Technology of China respectively. He obtained Ph.D. (2005) in Computer Engineering from Texas A&M University. Dr. Fu's current research interests are in network security and privacy, network forensics, computer forensics, information assurance, system reliability and networking QoS. Dr. Fu has been publishing papers in conferences such as IEEE Symposium on Security and Privacy (S&P), ACM Conference on Computer and Communications Security (CCS), ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), ACM Sensys (ACM Conference on Embedded Networked Sensor Systems), IEEE International Conference on Computer Communications (INFOCOM) and IEEE International Conference on Distributed Computing Systems (ICDCS),journals such as ACM/IEEE Transactions on Networking (ToN), IEEE Transactions on Dependable and Secure Computing (TDSC), IEEE Transactions on Parallel and Distributed Systems (TPDS), IEEE Transactions on Computers (TC), IEEE Transaction on Mobile Computing (TMC) and IEEE Transactions on Vehicular Technology (TVT), book and book chapters. He spoke at various technical security conferences including Black Hat. His research is supported by NSF.     东南大学计算机网络和信息集成教育部重点实验室 版权所有