Protecting RESTful IoT Devices from Battery Exhaustion DoS Attacks

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text

AntibIoTic: Protecting IoT Devices Against DDoS Attacks

10.31224/osf.io/vh8ka ◽

2017 ◽

Cited By ~ 3

Author(s):

Michele De Donno ◽

Nicola Dragoni ◽

Alberto Giaretta ◽

Manuel Mazzara

Keyword(s):

Denial Of Service ◽

Main Idea ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

The World ◽

Iot Devices

The 2016 is remembered as the year that showed to the world how dangerous distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DoS attacks perpetrated through IoT devices.

Download Full-text

Intrusion Detection in IoT Networks Using Deep Learning Algorithm

Information ◽

10.3390/info11050279 ◽

2020 ◽

Vol 11 (5) ◽

pp. 279 ◽

Cited By ~ 1

Author(s):

Bambang Susilo ◽

Riri Fitri Sari

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Learning Strategies ◽

Learning Algorithm ◽

Human Life ◽

Denial Of Service ◽

The Internet ◽

Dos Attacks ◽

Deep Learning Algorithm ◽

Iot Devices

The internet has become an inseparable part of human life, and the number of devices connected to the internet is increasing sharply. In particular, Internet of Things (IoT) devices have become a part of everyday human life. However, some challenges are increasing, and their solutions are not well defined. More and more challenges related to technology security concerning the IoT are arising. Many methods have been developed to secure IoT networks, but many more can still be developed. One proposed way to improve IoT security is to use machine learning. This research discusses several machine-learning and deep-learning strategies, as well as standard datasets for improving the security performance of the IoT. We developed an algorithm for detecting denial-of-service (DoS) attacks using a deep-learning algorithm. This research used the Python programming language with packages such as scikit-learn, Tensorflow, and Seaborn. We found that a deep-learning model could increase accuracy so that the mitigation of attacks that occur on an IoT network is as effective as possible.

Download Full-text

A Framework for Mitigating DDoS and DOS Attacks in IoT Environment Using Hybrid Approach

Electronics ◽

10.3390/electronics10111282 ◽

2021 ◽

Vol 10 (11) ◽

pp. 1282

Author(s):

Abdulrahman Aminu Ghali ◽

Rohiza Ahmad ◽

Hitham Alhussian

Keyword(s):

High Speed ◽

Oil And Gas ◽

Denial Of Service ◽

Hybrid Approach ◽

Social Engineering ◽

Specific Method ◽

Dos Attacks ◽

Man In The Middle ◽

Intelligent Devices ◽

Iot Devices

The Internet of Things (IoT) has gained remarkable acceptance from millions of individuals. This is evident in the extensive use of intelligent devices such as smartphones, smart television, speakers, air conditioning, lighting, and high-speed networks. The general application area of IoT includes industries, hospitals, schools, homes, sports, oil and gas, automobile, and entertainment, to mention a few. However, because of the unbounded connection of IoT devices and the lack of a specific method for overseeing communication, security concerns such as distributed denial of service (DDoS), denial of service (DoS), replay, botnet, social engineering, man-in-the-middle, and brute force attacks have posed enormous challenges in the IoT environment. Regarding these enormous challenges, this study focuses on DDoS and DoS attacks. These two attacks have the most severe consequences in the IoT environment. The solution proposed in this study can also help future researchers tackle the expansion of IoT security threats. Moreover, the study conducts rigorous experiments to assess the efficiency of the proposed approach. In summary, the experimental results show that the proposed hybrid approach mitigates data exfiltration caused by DDoS and DoS attacks by 95.4%, with average network lifetime, energy consumption, and throughput improvements of 15%, 25%, and 60%, respectively.

Download Full-text

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.142 ◽

2013 ◽

Author(s):

Parikshit N. Mahalle ◽

Bayu Anggorojati ◽

Neeli R. Prasad ◽

Ramjee Prasad

Keyword(s):

Internet Of Things ◽

Access Control ◽

Secure Communication ◽

Identity Authentication ◽

Security Protocol ◽

The Internet ◽

Dos Attacks ◽

Security Vulnerabilities ◽

Iot Devices ◽

The Internet Of Things

In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.

Download Full-text

DDoS prevention architecture using anomaly detection in fog-empowered networks

Journal of Ambient Intelligence and Smart Environments ◽

10.3233/ais-210600 ◽

2021 ◽

pp. 1-17

Author(s):

Deepak Kumar Sharma ◽

Manish Devgan ◽

Gaurav Malik ◽

Prashant Dutt ◽

Aarti Goel ◽

...

Keyword(s):

Denial Of Service ◽

Cloud Services ◽

Dos Attacks ◽

Ddos Attack ◽

Long Period ◽

The Past ◽

Cloud Server ◽

The World ◽

Data Points ◽

Iot Devices

The world of computation has shown wide variety of wonders in the past decade with Internet of Things (IoT) being one of the most promising technology. Emergence of IoT brings a lot of good to the technology pool with its capability to provide intelligent services to the users. With ease to use, IoT is backed by a strong Cloud based infrastructure which allows the sensory IoT devices to perform specific functions. Important features of cloud are its reliability and security where the latter must be dealt with proper care. Cloud centric systems are susceptible to Denial of Service (DoS) attacks wherein the cloud server is subjected to an overwhelming number of incoming requests by a malicious device. If the same attack is carried out by a network of devices such as IoT devices then it becomes a Distributed DoS (DDoS) attack. A DDoS attack may render the server useless for a long period of time causing the services to crash due to extensive load. This paper proposes a lightweight, efficient and robust method for DDoS attack by detecting the compromised node connected to the Fog node or edge devices before it reaches the cloud by taking advantage of the Fog layer and prevent it from harming any information recorded or from increasing the unnecessary traffic in a network. The chosen technology stack consists of languages and frameworks which allow proposed approach to works in real time complexity for faster execution and is flexible enough to work on low level systems such as the Fog nodes. The proposed approach uses mathematical models for forecasting data points and therefore does not rely on a computationally heavy approach such as neural networks for predicting the expected values. This approach can be easily modelled into the firmware of the system and can help make cloud services more reliable by cutting off rogue nodes that try to attack the cloud at any given point of time.

Download Full-text

ForChaos: Real Time Application DDoS Detection Using Forecasting and Chaos Theory in Smart Home IoT Network

Wireless Communications and Mobile Computing ◽

10.1155/2019/8469410 ◽

2019 ◽

Vol 2019 ◽

pp. 1-14 ◽

Cited By ~ 9

Author(s):

Andria Procopiou ◽

Nikos Komninos ◽

Christos Douligeris

Keyword(s):

Chaos Theory ◽

Smart Home ◽

Detection Algorithm ◽

Home Networks ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Systems ◽

Ddos Detection ◽

Series Of Experiments ◽

Iot Devices

Recently, D/DoS attacks have been launched by zombie IoT devices in smart home networks. They pose a great threat to network systems with Application Layer DDoS attacks being especially hard to detect due to their stealth and seemingly legitimacy. In this paper, we propose ForChaos, a lightweight detection algorithm for IoT devices, which is based on forecasting and chaos theory to identify flooding and DDoS attacks. For every time-series behaviour collected, a forecasting-technique prediction is generated, based on a number of features, and the error between the two values is calculated. In order to assess the error of the forecasting from the actual value, the Lyapunov exponent is used to detect potential malicious behaviour. In NS-3 we evaluate our detection algorithm through a series of experiments in flooding and slow-rate DDoS attacks. The results are presented and discussed in detail and compared with related studies, demonstrating its effectiveness and robustness.

Download Full-text

IoT Hacking Attacks and Countermeasure

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b1090.0982s1019 ◽

2019 ◽

Vol 8 (2S10) ◽

pp. 516-520

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Secure Communication ◽

Personal Information ◽

Information Leakage ◽

Sensor Nodes ◽

Wireless Sensor ◽

Dos Attacks ◽

Physical Constraints ◽

Iot Devices

IoT (Internet of Things) means the technology of connecting to the Internet by adding communication functions to all objects. IoT is physical constraints and limited resources which means are a vulnerability for hacking attacks. Therefore, IoT needs countermeasures of the hacking attack. These IoT devices are becoming a target of hacking. Hacking attacks on IoT devices are causing privacy and personal information leakage, and hacked devices are also used for DDoS(Distributed DoS) attacks. To overcome IoT physical constraints, various methods on each sensor in a wireless sensor networks are proposed. We analyzed various characteristics of sensor nodes and listed pros & cons. In addition, countermeasures on each IoT attacks were suggested. By analyzing such cases of hacking damage, I have identified the common weaknesses of IoT devices and looked for countermeasures. Therefore, it contributes to secure communication over a wireless sensor networks

Download Full-text

Battery Drain Denial-of-Service Attacks and Defenses in the Internet of Things

Journal of Telecommunications and Information Technology ◽

10.26636/jtit.2019.131919 ◽

2019 ◽

Vol 2 ◽

pp. 37-45 ◽

Cited By ~ 3

Author(s):

Philokypros P. Ioulianou ◽

Vassilios G. Vassilakis ◽

Michael D. Logothetis

Keyword(s):

Internet Of Things ◽

Routing Protocol ◽

Denial Of Service ◽

The Internet ◽

Dos Attacks ◽

Lossy Networks ◽

Distributed Intrusion Detection ◽

Iot Devices ◽

The Impact ◽

The Internet Of Things

IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is a popular routing protocol used in wireless sensor networks and in the Internet of Things (IoT). RPL was standardized by the IETF in 2012 and has been designed for devices with limited resources and capabilities. Open-source RPL implementations are supported by popular IoT operating systems (OS), such as ContikiOS and TinyOS. In this work, we investigate the possibility of battery drain Denial-of-Service (DoS) attacks in the RPL implementation of ContikiOS. In particular, we use the popular Cooja simulator and implement two types of DoS attacks, particularly version number modiﬁcation and “Hello” ﬂooding. We demonstrate the impact of these attacks on the power consumption of IoT devices. Finally, we discuss potential defenses relying on distributed intrusion detection modules.

Download Full-text

Two-Level-Composite-Hashing Facilitating Highly Efficient Anonymous IoT and D2D Authentication

Electronics ◽

10.3390/electronics10070789 ◽

2021 ◽

Vol 10 (7) ◽

pp. 789

Author(s):

Hung-Yu Chien

Keyword(s):

High Efficiency ◽

Denial Of Service ◽

Resource Limitation ◽

Sensitive Information ◽

Dos Attacks ◽

Anonymous Authentication ◽

Public Keys ◽

Identity Privacy ◽

Authentication Schemes ◽

Iot Devices

Resource limitation is quite popular in many Internet of Things (IoT) devices and eavesdropping on the identities of IoT devices could reveal the sensitive information; therefore, high efficiency (computation and communication) and anonymity protection are two desirable properties in IoT authentication and in device-to-device (D2D) authentication. Conventionally, dynamic pseudonyms are widely adopted to protect the device identity privacy in IoT authentication and in D2D communications; however, the conventional mechanisms of pseudonym-renewing and pseudonym-bound-public-keys updating could be very costly or be vulnerable to the desynchronization-based denial-of-service (DoS) attacks. In this paper, we propose a novel 2-level composite hashing (2LCH) mechanism to mitigate the problems, and propose the 2LCH-based anonymous IoT and D2D authentication schemes. The schemes simultaneously achieve high efficiency and strong anonymity for such environments; once two devices successfully complete one instance of the server-assist anonymous authentication, they can run several instances of the direct D2D anonymous authentication without the involvement of the server. The merits of the schemes include: (1) high efficiency in terms of computation and communication; (2) easy and efficient generation/synchronization of dynamic pseudonyms; (3) robustness to both desynchronization-based DoS attacks and the unreliable connections; (4) easy application to the existent IoT architectures and standards; and (5) formal security verification.

Download Full-text