Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases

Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.

Download Full-text

Bringing Security to The Smallest Embedded Systems

10.34048/2017.1.f5 ◽

2017 ◽

Author(s):

JOSEPH YIU

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Low Cost ◽

Security Requirements ◽

The Internet ◽

Security Measures ◽

Significant Challenge ◽

Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

Download Full-text

Next Generation of SDN in Cloud-Fog for 5G and Beyond-Enabled Applications: Opportunities and Challenges

Network ◽

10.3390/network1010004 ◽

2021 ◽

Vol 1 (1) ◽

pp. 28-49

Author(s):

Ehsan Ahvar ◽

Shohreh Ahvar ◽

Syed Mohsan Raza ◽

Jose Manuel Sanchez Vilchez ◽

Gyu Myoung Lee

Keyword(s):

Internet Of Things ◽

Data Sharing ◽

Mobile Networks ◽

The Other ◽

The Internet ◽

Hybrid Cloud ◽

Next Generation ◽

Delay Constraints ◽

Mission Critical ◽

Iot Devices

In recent years, the number of objects connected to the internet have significantly increased. Increasing the number of connected devices to the internet is transforming today’s Internet of Things (IoT) into massive IoT of the future. It is predicted that, in a few years, a high communication and computation capacity will be required to meet the demands of massive IoT devices and applications requiring data sharing and processing. 5G and beyond mobile networks are expected to fulfill a part of these requirements by providing a data rate of up to terabits per second. It will be a key enabler to support massive IoT and emerging mission critical applications with strict delay constraints. On the other hand, the next generation of software-defined networking (SDN) with emerging cloudrelated technologies (e.g., fog and edge computing) can play an important role in supporting and implementing the above-mentioned applications. This paper sets out the potential opportunities and important challenges that must be addressed in considering options for using SDN in hybrid cloud-fog systems to support 5G and beyond-enabled applications.

Download Full-text

Semantic Interoperability on the Internet of Things

International Journal of Distributed Systems and Technologies ◽

10.4018/jdst.2013070104 ◽

2013 ◽

Vol 4 (3) ◽

pp. 47-69 ◽

Cited By ~ 21

Author(s):

Konstantinos Kotis ◽

Artem Katasonov

Keyword(s):

Internet Of Things ◽

Semantic Interoperability ◽

The Internet ◽

Use Case ◽

Proof Of Concept ◽

Case Scenario ◽

Key Technology ◽

Smart Gateway ◽

The Internet Of Things

Internet of Things should be able to integrate an extremely large amount of distributed and heterogeneous entities. To tackle heterogeneity, these entities will need to be consistently and formally represented and managed (registered, aligned, composed and queried) trough suitable abstraction technologies. Two distinct types of these entities are a) sensing/actuating devices that observe some features of interest or act on some other entities (call it ‘smart entities’), and b) applications that utilize the data sensed from or sent to the smart entities (call it ‘control entities’). The aim of this paper is to present the Semantic Smart Gateway Framework for supporting semantic interoperability between these types of heterogeneous IoT entities. More specifically, the paper describes an ontology as the key technology for the abstraction and semantic registration of these entities, towards supporting their automated deployment. The paper also described the alignment of IoT entities and of their exchanged messages. More important, the paper presents a use case scenario and a proof-of-concept implementation.

Download Full-text

Detection of the Hardcoded Login Information from Socket and String Compare Symbols

Annals of Emerging Technologies in Computing ◽

10.33166/aetic.2021.01.003 ◽

2021 ◽

Vol 5 (1) ◽

pp. 28-39

Author(s):

Minami Yoda ◽

Shuji Sakuraba ◽

Yuichi Sei ◽

Yasuyuki Tahara ◽

Akihiko Ohsuga

Keyword(s):

Internet Of Things ◽

Static Analysis ◽

Real World ◽

Symbolic Execution ◽

The Internet ◽

User Input ◽

Network Function ◽

Private Data ◽

String Search ◽

Iot Devices

Internet of Things (IoT) for smart homes enhances convenience; however, it also introduces the risk of the leakage of private data. TOP10 IoT of OWASP 2018 shows that the first vulnerability is ”Weak, easy to predict, or embedded passwords.” This problem poses a risk because a user can not fix, change, or detect a password if it is embedded in firmware because only the developer of the firmware can control an update. In this study, we propose a lightweight method to detect the hardcoded username and password in IoT devices using a static analysis called Socket Search and String Search to protect from first vulnerability from 2018 OWASP TOP 10 for the IoT device. The hardcoded login information can be obtained by comparing the user input with strcmp or strncmp. Previous studies analyzed the symbols of strcmp or strncmp to detect the hardcoded login information. However, those studies required a lot of time because of the usage of complicated algorithms such as symbolic execution. To develop a lightweight algorithm, we focus on a network function, such as the socket symbol in firmware, because the IoT device is compromised when it is invaded by someone via the Internet. We propose two methods to detect the hardcoded login information: string search and socket search. In string search, the algorithm finds a function that uses the strcmp or strncmp symbol. In socket search, the algorithm finds a function that is referenced by the socket symbol. In this experiment, we measured the ability of our proposed method by searching six firmware in the real world that has a backdoor. We ran three methods: string search, socket search, and whole search to compare the two methods. As a result, all methods found login information from five of six firmware and one unexpected password. Our method reduces the analysis time. The whole search generally takes 38 mins to complete, but our methods finish the search in 4-6 min.

Download Full-text

A survey on approaches to the protection of personal data gathered by IoT devices

10.7287/peerj.preprints.26473 ◽

2018 ◽

Author(s):

Henry Tranter

Keyword(s):

Internet Of Things ◽

Personal Data ◽

The Internet ◽

Ideal Solution ◽

Security Systems ◽

Personal Lives ◽

Is Security ◽

The World ◽

Iot Devices ◽

The Internet Of Things

Security is always at the forefront of developing technologies. One can seldom go a week without hearing of a new data breach or hacking attempt from various groups around the world, often taking advantage of a simple flaw in a system’s architecture. The Internet of Things (IoT) is one of these developing technologies which may be at risk of such attacks. IoT devices are becoming more and more prevalent in everyday life. From keeping track of an individual’s health, to suggesting meals from items available in an individual’s fridge, these technologies are taking a much larger role in the personal lives of their users. With this in mind, how is security being considered in the development of these technologies? Are these devices that monitor individual’s personal lives just additional vectors for potential data theft? Throughout this survey, various approaches to the development of security systems concerning IoT devices in the home will be discussed, compared, and contrasted in the hope of providing an ideal solution to the problems this technology may produce.

Download Full-text

It’s only the beginning: Metadata Retention laws and the Internet of Things

Australian Journal of Telecommunications and the Digital Economy ◽

10.18080/jtde.v3n3.21 ◽

2015 ◽

Vol 3 (3) ◽

pp. 47-57

Author(s):

Clinton Fernandes ◽

Vijay Sivaraman

Keyword(s):

Internet Of Things ◽

The Internet ◽

Apparent Discrepancy ◽

Data Retention ◽

User Control ◽

The Law ◽

Iot Devices ◽

The Internet Of Things ◽

The Way

This article examines the implications of selected aspects of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, which was passed by the Australian Parliament in March 2015. It shows how the new law has strengthened protections for privacy. However, focusing on the investigatory implications, it shows how the law provides a tactical advantage to investigators who pursue whistleblowers and investigative journalists. The article exposes an apparent discrepancy in the way ‘journalist’ is defined across different pieces of legislation. It argues that although legislators’ interest has been overwhelmingly focused on communications data, the explosion of data generated by the so-called Internet-of-Things (IoT) is as important or more. It shows how the sensors in selected IoT devices lead to a loss of user control and will enable non-stop, involuntary and ubiquitous monitoring of individuals. It suggests that the law will need to be amended further once legislators and investigators’ knowledge of the potential of IoT increases.

Download Full-text

Design a blockchain-based middleware layer in the Internet of Things Architecture

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.4.1.334 ◽

2020 ◽

Vol 4 (1) ◽

Author(s):

Tanweer Alam

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Smart Devices ◽

The Internet ◽

Novel Approach ◽

Generation Computing ◽

Critical Issues ◽

Iot Devices ◽

The Internet Of Things

In next-generation computing, the role of cloud, internet and smart devices will be capacious. Nowadays we all are familiar with the word smart. This word is used a number of times in our daily life. The Internet of Things (IoT) will produce remarkable different kinds of information from different resources. It can store big data in the cloud. The fog computing acts as an interface between cloud and IoT. The extension of fog in this framework works on physical things under IoT. The IoT devices are called fog nodes, they can have accessed anywhere within the range of the network. The blockchain is a novel approach to record the transactions in a sequence securely. Developing a new blockchains based middleware framework in the architecture of the Internet of Things is one of the critical issues of wireless networking where resolving such an issue would result in constant growth in the use and popularity of IoT. The proposed research creates a framework for providing the middleware framework in the internet of smart devices network for the internet of things using blockchains technology. Our main contribution links a new study that integrates blockchains to the Internet of things and provides communication security to the internet of smart devices.

Download Full-text

A survey on approaches to the protection of personal data gathered by IoT devices

10.7287/peerj.preprints.26473v2 ◽

2018 ◽

Author(s):

Henry Tranter

Keyword(s):

Internet Of Things ◽

Personal Data ◽

The Internet ◽

Ideal Solution ◽

Security Systems ◽

Personal Lives ◽

Is Security ◽

The World ◽

Iot Devices ◽

The Internet Of Things

Download Full-text

Healthcare-Internet of Things and Its Components

Advances in Medical Technologies and Clinical Practice - Optimizing Health Monitoring Systems With Wireless Technology ◽

10.4018/978-1-5225-6067-8.ch018 ◽

2021 ◽

pp. 258-277

Author(s):

Aman Tyagi

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Communication Technologies ◽

The Internet ◽

Healthcare Resources ◽

Iot Security ◽

Global Epidemic ◽

Security Issues ◽

Analyse Data ◽

Iot Devices

Elderly population in the Asian countries is increasing at a very fast rate. Lack of healthcare resources and infrastructure in many countries makes the task of provding proper healthcare difficult. Internet of things (IoT) in healthcare can address the problem effectively. Patient care is possible at home using IoT devices. IoT devices are used to collect different types of data. Various algorithms may be used to analyse data. IoT devices are connected to the internet and all the data of the patients with various health reports are available online and hence security issues arise. IoT sensors, IoT communication technologies, IoT gadgets, components of IoT, IoT layers, cloud and fog computing, benefits of IoT, IoT-based algorithms, IoT security issues, and IoT challenges are discussed in the chapter. Nowadays global epidemic COVID19 has demolished the economy and health services of all the countries worldwide. Usefulness of IoT in COVID19-related issues is explained here.

Download Full-text

Encryption Principles and Techniques for the Internet of Things

Cryptographic Security Solutions for the Internet of Things - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5742-5.ch002 ◽

2019 ◽

pp. 42-66

Author(s):

Kundankumar Rameshwar Saraf ◽

Malathi P. Jesudason

Keyword(s):

Internet Of Things ◽

Embedded System ◽

Security Analysis ◽

Block Size ◽

The Internet ◽

Lightweight Cryptography ◽

Execution Speed ◽

Security Algorithm ◽

Iot Devices ◽

The Internet Of Things

This chapter explores the encryption techniques used for the internet of things (IoT). The security algorithm used for IoT should follow many constraints of an embedded system. Hence, lightweight cryptography is an optimum security solution for IoT devices. This chapter mainly describes the need for security in IoT, the concept of lightweight cryptography, and various cryptographic algorithms along with their shortcomings given IoT. This chapter also describes the principle of operation of all the above algorithms along with their security analysis. Moreover, based on the algorithm size (i.e., the required number of gate equivalent, block size, key size, throughput, and execution speed of the algorithm), the chapter reports the comparative analysis of their performance. The chapter discusses the merits and demerits of these algorithms along with their use in the IoT system.

Download Full-text