scholarly journals A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case

2021 ◽  
Author(s):  
Syed Ghazanfar Abbas ◽  
Shahzaib Zahid ◽  
Faisal Hussain ◽  
Ghalib A. Shah ◽  
Muhammad Husnain
Keyword(s):  
Smart Home ◽  
Design Activity ◽  
Use Case ◽  
Development Level ◽  
Development And Utilization ◽  
Threat Modelling ◽  
Iot Devices ◽  
Modelling Methods ◽  
Security Of Iot ◽  
Modelling Approach

Abstract Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.

scholarly journals Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4816
Author(s):  
Syed Ghazanfar Abbas ◽  
Ivan Vaccari ◽  
Faisal Hussain ◽  
Shahzaib Zahid ◽  
Ubaid Ullah Fayyaz ◽  
...  
Keyword(s):  
Cyber Security ◽  
Gain Control ◽  
Use Cases ◽  
Sensitive Information ◽  
Phishing Attacks ◽  
Internet Users ◽  
Threat Modelling ◽  
Iot Devices ◽  
Smart Cars ◽  
Modelling Approach

Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures.

scholarly journals IoT-Flock: An Open-source Framework for IoT Traffic Generation

2020 ◽  
Author(s):  
Syed Ghazanfar ◽  
Faisal Hussain ◽  
Atiq Ur Rehman ◽  
Ubaid U. Fayyaz ◽  
Farrukh Shahzad ◽  
...  
Keyword(s):  
Open Source ◽  
Real Time ◽  
Network Traffic ◽  
Smart Home ◽  
Use Case ◽  
The Real ◽  
Traffic Generator ◽  
Open Source Framework ◽  
Traffic Generation ◽  
Iot Devices

Abstract Network traffic generation is one of the primary techniques that is used to design and analyze the performance of network security systems. However, due to the diversity of IoT networks in terms of devices, applications and protocols, the traditional network traffic generator tools are unable to generate the IoT specific protocols traffic. Hence, the traditional traffic generator tools cannot be used for designing and testing the performance of IoT-specific security solutions. In order to design an IoT-based traffic generation framework, two main challenges include IoT device modelling and generating the IoT normal and attack traffic simultaneously. Therefore, in this work, we propose an open-source framework for IoT traffic generation which supports the two widely used IoT application layer protocols, i.e., MQTT and CoAP. The proposed framework allows a user to create an IoT use case, add customized IoT devices into it and generate normal and malicious IoT traffic over a real-time network. Furthermore, we set up a real-time IoT smart home use case to manifest the applicability of the proposed framework for developing the security solutions for IoT smart home by emulating the real world IoT devices. The experimental results demonstrate that the proposed framework can be effectively used to develop better security solutions for IoT networks without physically deploying the real-time use case.

scholarly journals IoT Traffic: Modeling and Measurement Experiments

IoT ◽  
2021 ◽  
Vol 2 (1) ◽  
pp. 140-162
Author(s):  
Hung Nguyen-An ◽  
Thomas Silverston ◽  
Taku Yamazaki ◽  
Takumi Miyoshi
Keyword(s):  
Smart Home ◽  
Large Scale ◽  
Traffic Modeling ◽  
The Novel ◽  
Network Behavior ◽  
Performance Accuracy ◽  
Traffic Generator ◽  
Multiple Devices ◽  
Iot Devices ◽  
The Internet Of Things

We now use the Internet of things (IoT) in our everyday lives. The novel IoT devices collect cyber–physical data and provide information on the environment. Hence, IoT traffic will count for a major part of Internet traffic; however, its impact on the network is still widely unknown. IoT devices are prone to cyberattacks because of constrained resources or misconfigurations. It is essential to characterize IoT traffic and identify each device to monitor the IoT network and discriminate among legitimate and anomalous IoT traffic. In this study, we deployed a smart-home testbed comprising several IoT devices to study IoT traffic. We performed extensive measurement experiments using a novel IoT traffic generator tool called IoTTGen. This tool can generate traffic from multiple devices, emulating large-scale scenarios with different devices under different network conditions. We analyzed the IoT traffic properties by computing the entropy value of traffic parameters and visually observing the traffic on behavior shape graphs. We propose a new method for identifying traffic entropy-based devices, computing the entropy values of traffic features. The method relies on machine learning to classify the traffic. The proposed method succeeded in identifying devices with a performance accuracy up to 94% and is robust with unpredictable network behavior with traffic anomalies spreading in the network.

scholarly journals A Secure and Scalable Smart Home Gateway to Bridge Technology Fragmentation

Sensors ◽  
2021 ◽  
Vol 21 (11) ◽  
pp. 3587
Author(s):  
Ezequiel Simeoni ◽  
Eugenio Gaeta ◽  
Rebeca I. García-Betances ◽  
Dave Raggett ◽  
Alejandro M. Medrano-Gil ◽  
...  
Keyword(s):  
Smart Home ◽  
Home Automation ◽  
Dynamic Configuration ◽  
Home Gateway ◽  
Security Authentication ◽  
Living Lab ◽  
Automation Systems ◽  
Authentication And Authorization ◽  
Iot Devices ◽  
Bridge Technology

Internet of Things (IoT) technologies are already playing an important role in our daily activities as we use them and rely on them to increase our abilities, connectivity, productivity and quality of life. However, there are still obstacles to achieving a unique interface able to transfer full control to users given the diversity of protocols, properties and specifications in the varied IoT ecosystem. Particularly for the case of home automation systems, there is a high degree of fragmentation that limits interoperability, increasing the complexity and costs of developments and holding back their real potential of positively impacting users. In this article, we propose implementing W3C’s Web of Things Standard supported by home automation ontologies, such as SAREF and UniversAAL, to deploy the Living Lab Gateway that allows users to consume all IoT devices from a smart home, including those physically wired and using KNX® technology. This work, developed under the framework of the EC funded Plan4Act project, includes relevant features such as security, authentication and authorization provision, dynamic configuration and injection of devices, and devices abstraction and mapping into ontologies. Its deployment is explained in two scenarios to show the achieved technology’s degree of integration, the code simplicity for developers and the system’s scalability: one consisted of external hardware interfacing with the smart home, and the other of the injection of a new sensing device. A test was executed providing metrics that indicate that the Living Lab Gateway is competitive in terms of response performance.

HomeTec Software for Security Aspects of Smart Home Devices Based on IoT

2021 ◽  
pp. 5-16
Author(s):  
Parth Rustagi ◽  
◽  
◽  
◽  
◽  
...  
Keyword(s):  
Smart Home ◽  
Denial Of Service ◽  
Security Protocols ◽  
The Internet ◽  
Security Threats ◽  
Deep Dive ◽  
Cost Cutting ◽  
Full Control ◽  
Iot Devices ◽  
Service Data

As useful as it gets to connect devices to the internet to make life easier and more comfortable, it also opens the gates to various cyber threats. The connection of Smart Home devices to the internet makes them vulnerable to malicious hackers that infiltrate the system. Hackers can penetrate these systems and have full control over devices. This can lead to denial of service, data leakage, invasion of privacy, etc. Thus security is a major aspect of Smart home devices. However, many companies manufacturing these Smart Home devices have little to no security protocols in their devices. In the process of making the IoT devices cheaper, various cost-cutting is done on the security protocols in IoT devices. In some way, many manufactures of the devices don’t even consider this as a factor to build upon. This leaves the devices vulnerable to attacks. Various authorities have worked upon to standardize the security aspects for the IoT and listed out guidelines for manufactures to follow, but many fail to abide by them. This paper introduces and talks about the various threats, various Security threats to Smart Home devices. It takes a deep dive into the solutions for the discussed threats. It also discusses their prevention. Lastly, it discusses various preventive measures and good practices to be incorporated to protect devices from any future attacks.

Centralized, Distributed, and Everything in between

2022 ◽  
Vol 54 (7) ◽  
pp. 1-34
Author(s):  
Sophie Dramé-Maigné ◽  
Maryline Laurent ◽  
Laurent Castillo ◽  
Hervé Ganem
Keyword(s):  
Access Control ◽  
Future Research ◽  
The Internet ◽  
Research Directions ◽  
Security Issues ◽  
Security Properties ◽  
Future Research Directions ◽  
Iot Devices ◽  
The Internet Of Things ◽  
Security Of Iot

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Sign in / Sign up

Export Citation Format

Share Document