Consumer, Commercial, and Industrial IoT (In)Security: Attack Taxonomy and Case Studies

Xenofontos, Christos; Zografopoulos, Ioannis; Konstantinou, Charalambos; Jolfaei, Alireza; Khan, Muhammad Khurram; Choo, Kim‐Kwang Raymond

doi:10.1109/jiot.2021.3079916

Cited by 91 publications

(58 citation statements)

References 70 publications

(93 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also argue that the attackers can further attack a communication without redirecting the whole data packet; instead, the attackers can infect selected data packets for specific information. Finally, an attacker can flood the network with unnecessary data packets to collapse the bandwidth or resources of an attacked system, which will consequently impact the performance of the complete system [171].…”

Section: Discussion and Future Research Directionmentioning

confidence: 99%

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Pal

Jadidi

2021

Applied Sciences

View full text Add to dashboard Cite

Industrial Internet of Things (IIoT) can be seen as an extension of the Internet of Things (IoT) services and applications to industry with the inclusion of Industry 4.0 that provides automation, reliability, and control in production and manufacturing. IIoT has tremendous potential to accelerate industry automation in many areas, including transportation, manufacturing, automobile, marketing, to name a few places. When the benefits of IIoT are visible, the development of large-scale IIoT systems faces various security challenges resulting in many large-scale cyber-attacks, including fraudulent transactions or damage to critical infrastructure. Moreover, a large number of connected devices over the Internet and resource limitations of the devices (e.g., battery, memory, and processing capability) further pose challenges to the system. The IIoT inherits the insecurities of the traditional communication and networking technologies; however, the IIoT requires further effort to customize the available security solutions with more focus on critical industrial control systems. Several proposals discuss the issue of security, privacy, and trust in IIoT systems, but comprehensive literature considering the several aspects (e.g., users, devices, applications, cascading services, or the emergence of resources) of an IIoT system is missing in the present state of the art IIoT research. In other words, the need for considering a vision for securing an IIoT system with broader security analysis and its potential countermeasures is missing in recent times. To address this issue, in this paper, we provide a comparative analysis of the available security issues present in an IIoT system. We identify a list of security issues comprising logical, technological, and architectural points of view and consider the different IIoT security requirements. We also discuss the available IIoT architectures to examine these security concerns in a systematic way. We show how the functioning of different layers of an IIoT architecture is affected by various security issues and report a list of potential countermeasures against them. This study also presents a list of future research directions towards the development of a large-scale, secure, and trustworthy IIoT system. The study helps understand the various security issues by indicating various threats and attacks present in an IIoT system.

show abstract

Section: Discussion and Future Research Directionmentioning

confidence: 99%

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Pal

Jadidi

2021

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Specifically, we provide the details of attack exploitation of an HVAC system (load-side) which can lead to tampering of operation information and system configuration, leading even to denialof-service (DoS) conditions. A similar type of attack can also be performed on the distributed energy resources (DER) side, e.g., solar inverters, in which firmware backdoors could enable access to weakly encrypted user passwords, which could then be reversed allowing unauthorized access [23], [24].…”

Section: Load-altering Attack Scenario On Iotmentioning

confidence: 99%

Load-Altering Attacks Against Power Grids Under COVID-19 Low-Inertia Conditions

Lakshminarayana

Ospina

Konstantinou

2022

IEEE Open J. Power Energy

Self Cite

View full text Add to dashboard Cite

The COVID-19 pandemic has impacted our society by forcing shutdowns and shifting the way people interacted worldwide. In relation to the impacts on the electric grid, it created a significant decrease in energy demands across the globe. Recent studies have shown that the low demand conditions caused by COVID-19 lockdowns combined with large renewable generation have resulted in extremely low-inertia grid conditions. In this work, we examine how an attacker could exploit these scenarios to cause unsafe grid operating conditions by executing load-altering attacks (LAAs) targeted at compromising hundreds of thousands of IoT-connected high-wattage loads in low-inertia power systems. Our study focuses on analyzing the impact of the COVID-19 mitigation measures on U.S. regional transmission operators (RTOs), formulating a plausible and realistic leasteffort LAA targeted at transmission systems with low-inertia conditions, and evaluating the probability of these large-scale LAAs. Theoretical and simulation results are presented based on the WSCC 9-bus and IEEE 118-bus test systems. Results demonstrate how adversaries could provoke major frequency disturbances by targeting vulnerable load buses in low-inertia systems and offer insights into how the temporal fluctuations of renewable energy sources, considering generation scheduling, impact the grid's vulnerability to LAAs.

show abstract

“…The IoT is a network of connected devices including smart appliances (e.g., smart thermostats, air-conditioning, heat pumps, EVCS points, etc. ), enabling the exchange of information between devices and users leveraging wired and wireless connections [80]- [82]. These IoT-enabled devices are connected to the load-end of DERs and their operation is typically orchestrated remotely by their end users.…”

Section: B Der Device Levelmentioning

confidence: 99%

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

Zografopoulos¹,

Konstantinou²,

Hatziargyriou³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

The digitalization and decentralization of the electric power grid are key thrusts towards an economically and environmentally sustainable future. Towards this goal, distributed energy resources (DER), including rooftop solar panels, battery storage, electric vehicles, etc., are becoming ubiquitous in power systems, effectively replacing fossil-fuel based generation. Power utilities benefit from DERs as they minimize transmission costs, provide voltage support through ancillary services, and reduce operational risks via their autonomous operation. Similarly, DERs grant users and aggregators control over the power they produce and consume. Apart from their sustainability and operational objectives, the cybersecurity of DER-supported power systems is of cardinal importance. DERs are interconnected, interoperable, and support remotely controllable features, thus, their cybersecurity should be thoroughly considered. DER communication dependencies and the diversity of DER architectures (e.g., hardware/software components of embedded devices, inverters, controllable loads, etc.) widen the threat surface and aggravate the cybersecurity posture of power systems. In this work, we focus on security oversights that reside in the cyber and physical layers of DERs and can jeopardize grid operations. We analyze adversarial capabilities and objectives when manipulating DER assets, and then present how protocol and device -level vulnerabilities can materialize into cyberattacks impacting power system operations. Finally, we provide mitigation strategies to thwart adversaries and directions for future DER cybersecurity.

show abstract

Consumer, Commercial, and Industrial IoT (In)Security: Attack Taxonomy and Case Studies

Cited by 91 publications

References 70 publications

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Load-Altering Attacks Against Power Grids Under COVID-19 Low-Inertia Conditions

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

Contact Info

Product

Resources

About