Analysis, Implications, and Challenges of an Evolving Consumer IoT Security Landscape

Bellman, Christopher; Oorschot, Paul C. van

doi:10.1109/pst47121.2019.8949058

Cited by 8 publications

(14 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…itaThreats to SHDs need not always arise from the internet; As proved by Chan et al [35] a threat actor who has access to the internal network can misuse a vulnerability for larger attacks. As pointed out by Loi et al [16], lack of vigour in fixing vulnerabilities in devices, lack of awareness among consumers about potential risks, and lack of network isolation or separate security solutions in home networks are seen as incentives by threat actors. With access to LAN, malicious actors may not only fingerprint every device using tools but also launch passive or active attacks.…”

Section: Background Informationmentioning

confidence: 99%

“…Numerous security solutions that have evolved have focussed only on traditional computing. SHDs are the least secure of internet hosts [15] and both their widespread growth and heterogeneity have opened new and significant attack surfaces [16], [17]. Hence, the security of IoT devices is more critical than that of traditional computing devices [2], [18].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Assessing and Mitigating Network Vulnerabilities in Philips Hue and Nest Protect Smart Home Devices

Sredhar,

Khan,

Gilal

et al. 2024

IJACSA

View full text Add to dashboard Cite

The Internet of Things (IoT) has gained momentum across various sectors, particularly in the consumer market with the adoption of smart devices. IoT extends internet connectivity to physical devices, enabling control via smartphones, environmental sensing, and updates. However, smart home devices are susceptible to cyberattacks due to vulnerabilities, lack of monitoring, and built-in security. They can also participate in botnets, leading to large-scale attacks. Vulnerabilities in these devices may exist at the sensing, network, or application layers, impacting data confidentiality, integrity, and service availability. This research aims to identify networklayer vulnerabilities affecting the 'Availability' of Philips Hue and Nest Protect. By establishing a test environment, the baseline behavior of these devices is examined, followed by scans for open ports and services to detect network-based threats. Volumetric flood attacks are then conducted to assess susceptibility, and findings are shared to define the devices' default security posture. The research also addresses security issues related to home routers and aims to reduce the attack surface of smart home devices through isolation and network-level protection. This involves deploying a Firewall to isolate smart devices from non-IoT devices and prevent intrusions.

show abstract

Section: Background Informationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Assessing and Mitigating Network Vulnerabilities in Philips Hue and Nest Protect Smart Home Devices

Sredhar,

Khan,

Gilal

et al. 2024

IJACSA

View full text Add to dashboard Cite

show abstract

“…Table 1 highlights a summary of the attacks that occur in the IoT according to previous studies. Reference Attacks [12] Spoofing, Sleep deprivation, Replay, Session hijacking [13] Spyware, Trojans, Sinkhole, Spoofing, Jamming, Tag cloning, Physical tampering [14] DDoS, Botnets, Falsified sensor data, Attacks on cloud services, Physical tampering [15] DDoS, Man-in-the-Middle, Spoofing, Physical tampering, Data breach, Malware, Ransomware [16] DDoS, Man-in-the-Middle, Malware, Ransomware, Physical tampering, Data breach, Spoofing [17] Physical damage, Exhaustion attacks, Cryptanalysis, Side-channel information, Man-in-the-Middle, DoS/DDoS, Message forging [18] Physical, Malware, DoS, Man-in-the-Middle, Replication, Spoofing, Injection, Social engineering [19] DoS, Man-in-the-Middle, Malware, Physical, Password [20] DoS, Man-in-the-Middle, Physical, Malware, Botnet, Spoofing, Eavesdropping [21] DDoS, Ransomware, Industrial spying, Click fraud…”

Section: Introductionmentioning

confidence: 99%

Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection—Current Research Trends

Rafique,

Abdallah,

Musa

et al. 2024

Sensors

View full text Add to dashboard Cite

With its exponential growth, the Internet of Things (IoT) has produced unprecedented levels of connectivity and data. Anomaly detection is a security feature that identifies instances in which system behavior deviates from the expected norm, facilitating the prompt identification and resolution of anomalies. When AI and the IoT are combined, anomaly detection becomes more effective, enhancing the reliability, efficacy, and integrity of IoT systems. AI-based anomaly detection systems are capable of identifying a wide range of threats in IoT environments, including brute force, buffer overflow, injection, replay attacks, DDoS assault, SQL injection, and back-door exploits. Intelligent Intrusion Detection Systems (IDSs) are imperative in IoT devices, which help detect anomalies or intrusions in a network, as the IoT is increasingly employed in several industries but possesses a large attack surface which presents more entry points for attackers. This study reviews the literature on anomaly detection in IoT infrastructure using machine learning and deep learning. This paper discusses the challenges in detecting intrusions and anomalies in IoT systems, highlighting the increasing number of attacks. It reviews recent work on machine learning and deep-learning anomaly detection schemes for IoT networks, summarizing the available literature. From this survey, it is concluded that further development of current systems is needed by using varied datasets, real-time testing, and making the systems scalable.

show abstract

“…Chapter 2 content is available in the proceedings of a peer-reviewed conference [36]: Content from Chapter 5 has been submitted for journal publication [33]. Parts of research involved in Chapters 4 and 5 were done in collaboration with Dr. David Barrera, who contributed through discussion and as a test coder in methodology test trials, to the development of our coding tree methodology, and was one coder for the main tagging exercise of the 1013-item IoT security advice dataset (described in Chapters 4 and 5).…”

Section: List Of Publicationsmentioning

confidence: 99%

“…In support of Section 7.3's categorization of IoT device authentication approaches, in this section we briefly identify notable challenges in adapting each category's approaches for IoT based on the initial keying material used by each (Phase 1 from Table 7.2 on page 147). The characteristics of IoT that distinguish it from IoC [36] 4…”

Section: Challenges Adapting Ioc Authentication Approaches For Iotmentioning

confidence: 99%

On Security Best Practices, Systematic Analysis of Security Advice, and Internet of Things Devices

Bellman¹

View full text Add to dashboard Cite

While Internet of Things (IoT) security best practices have recently attracted considerable attention from industry and governments, academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We begin by investigating a surprising lack of consensus, and void in the literature, on what (generically) best practice means, and provide a technical examination of related terminology. We use iterative inducting coding to design an analysis methodology for categorizing security advice and measuring its actionability. We use this methodology to analyze three datasets: a set of 1013 IoT security best practices, recommendations, and guidelines, and two formally recommended IoT security advice documents. We find all three sets to be largely non-actionable. Through design and use of this methodology, we identify the characteristics of actionable security advice.We also analyze recent work on IoT device identification based on three identification objectives (distinguish device instances, distinguish device classes, and authenticate device identity), and the technical approaches by which they are reached: device fingerprinting, classification, and authentication. We differentiate the role of these objectives and approaches in IoT security, and develop a model relating them. viii ix Ashraf Matrawy (Carleton University), and Dr. Mohammad Zulkernine (Queen's University).Finally, a special thank-you goes to my family and friends for all the support over the past five years-your encouragement is deeply appreciated, and I could not have done this without your support.

show abstract

Analysis, Implications, and Challenges of an Evolving Consumer IoT Security Landscape

Cited by 8 publications

References 25 publications

Assessing and Mitigating Network Vulnerabilities in Philips Hue and Nest Protect Smart Home Devices

Assessing and Mitigating Network Vulnerabilities in Philips Hue and Nest Protect Smart Home Devices

Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection—Current Research Trends

On Security Best Practices, Systematic Analysis of Security Advice, and Internet of Things Devices

Contact Info

Product

Resources

About