Advertisement

Analysing the Resilience of the Internet of Things Against Physical and Proximity Attacks

  • He Xu
  • Daniele Sgandurra
  • Keith Mayes
  • Peng Li
  • Ruchuan Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10658)

Abstract

The Internet of Things (IoT) technology is being widely integrated in many areas like smart-homes, smart-cities, healthcare, and critical infrastructures. As shown by some recent incidents, like the Mirai and BrickerBot botnets, security is a key issue for current and future IoT systems. In this paper, we examine the security of different categories of IoT devices to understand their resilience under different security conditions for attackers. In particular, we analyse IoT robustness against attacks performed under two threat models, namely (i) physical access of the attacker, (ii) close proximity of the attacker (i.e., RFID and WiFi ranges). We discuss the results of the tests we performed on different categories of IoT devices, namely IP cameras, OFo bike locks, RFID-based smart-locks, and smart-home WiFi routers. The results show that most of IoT devices do not address basic vulnerabilities, which can be exploitable under different threat models.

Keywords

IoT Smart home IoT attacks Threat models 

Notes

Acknowledgments

This work is financially supported by Jiangsu Government Scholarship for Overseas Studies, the National Natural Science Foundation of P. R. China (Nos. 61373017, 61572260, 61572261, 61672296, 61602261), the Natural Science Foundation of Jiangsu Province (Nos. BK20140886, BK20140888), Scientific and Technological Support Project of Jiangsu Province (Nos. BE2015702, BE2016185, BE2016777), China Postdoctoral Science Foundation (Nos. 2014M551636, 2014M561696), Jiangsu Planned Projects for Postdoctoral Research Funds (Nos.1302090B, 1401005B), Postgraduate Research and Practice Innovation Program of Jiangsu Province (KYCX17_0798).

References

  1. 1.
  2. 2.
    There will be 24 billion IoT devices installed on earth by 2020, June 2016. http://uk.businessinsider.com/there-will-be-34-billion-iot-devices-installed-on-earth-by-2020-2016-5?r=US&IR=T
  3. 3.
    BrickerBot, the permanent denial-of-service Botnet, is back with a vengeance, April 2017. https://arstechnica.com/security/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/
  4. 4.
    Chinese bike-sharing start-up Ofo says it’s now worth more than $2 billion, April 2017. http://www.cnbc.com/2017/04/17/ofo-chinese-bike-sharing-start-up-says-its-now-worth-more-than-2-billion.html
  5. 5.
  6. 6.
    Look out Cambridge: here comes Ofo - China’s ‘Uber for bikes’, April 2017. http://www.wired.co.uk/article/chinese-bike-sharing-company-ofo-is-coming-to-cambridge-in-the-uk
  7. 7.
  8. 8.
    Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)CrossRefGoogle Scholar
  9. 9.
    Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wirel. Pers. Commun. 71(3), 2259–2294 (2013)CrossRefGoogle Scholar
  10. 10.
    Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654, May 2016Google Scholar
  11. 11.
    Garcia, F.D., de Koning Gans, G., Verdult, R.: Tutorial: Proxmark, the swiss army knife for RFID security research. Technical report, Radboud University Nijmegen (2012)Google Scholar
  12. 12.
    Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 461–472. ACM, New York, NY, USA, March 2016. http://doi.acm.org/10.1145/2897845.2897886
  13. 13.
    Huang, C.H., Chang, S.L.: Study on the feasibility of NFC P2P communication for nursing care daily work. J. Comput. 24(2), 33–45 (2013)Google Scholar
  14. 14.
    Imgraben, J., Engelbrecht, A., Choo, K.K.R.: Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behav. Inf. Technol. 33(12), 1347–1360 (2014)CrossRefGoogle Scholar
  15. 15.
    Jerkins, J.A.: Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–5. IEEE, January 2017Google Scholar
  16. 16.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)CrossRefGoogle Scholar
  17. 17.
    Min, B., Varadharajan, V.: Design and evaluation of feature distributed malware attacks against the internet of things (IoT). In: 20th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 80–89. IEEE, December 2015Google Scholar
  18. 18.
    Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: IEEE European Symposium on Security and Privacy, pp. 3–12. IEEE, March 2016Google Scholar
  19. 19.
    Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48(3), 46:1–46:38 (2016). http://doi.acm.org/10.1145/2856126 CrossRefGoogle Scholar
  20. 20.
    Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pp. 195–200. ACM, July 2016Google Scholar
  21. 21.
    Valavanis, K.P., Vachtsevanos, G.J. (eds.): Handbook of Unmanned Aerial Vehicles. Springer, Dordrecht (2015).  https://doi.org/10.1007/978-90-481-9707-1 Google Scholar
  22. 22.
    Verdult, R., de Koning Gans, G., Garcia, F.D.: A toolbox for RFID protocol analysis. In: Proceedings of the Fourth International EURASIP Workshop on RFID Technology (EURASIP RFID), pp. 27–34. IEEE, September 2012Google Scholar
  23. 23.
    BrickerBot: “The Doctor’s” PDoS Attack Has Killed Over 2 Million Insecure Devices, April 2017. https://fossbytes.com/brickerbot-malware-pdos-attack-iot-device/

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • He Xu
    • 1
    • 2
  • Daniele Sgandurra
    • 3
  • Keith Mayes
    • 3
  • Peng Li
    • 1
    • 2
  • Ruchuan Wang
    • 1
    • 2
  1. 1.School of Computer ScienceNanjing University of Posts and TelecommunicationsNanjingChina
  2. 2.Jiangsu High Technology Research Key Laboratory for Wireless Sensor NetworksNanjingChina
  3. 3.Information Security GroupRoyal Holloway, University of LondonSurreyUK

Personalised recommendations