research-article

Security analysis on consumer and industrial IoT devices

Authors:

Ahmad-Reza Sadeghi,

Yier JinAuthors Info & Claims

2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC)

Pages 519 - 524

https://doi.org/10.1109/ASPDAC.2016.7428064

Published: 01 January 2016 Publication History

Abstract

The fast development of Internet of Things (IoT) and cyber-physical systems (CPS) has triggered a large demand of smart devices which are loaded with sensors collecting information from their surroundings, processing it and relaying it to remote locations for further analysis. The wide deployment of IoT devices and the pressure of time to market of device development have raised security and privacy concerns. In order to help better understand the security vulnerabilities of existing IoT devices and promote the development of low-cost IoT security methods, in this paper, we use both commercial and industrial IoT devices as examples from which the security of hardware, software, and networks are analyzed and backdoors are identified. A detailed security analysis procedure will be elaborated on a home automation system and a smart meter proving that security vulnerabilities are a common problem for most devices. Security solutions and mitigation methods will also be discussed to help IoT manufacturers secure their products.

References

[1]

D. Evans, “The internet of things – how the next evolution of the internet is chaging everything,” White Paper. Cisco Internet Business Solutions Group (IBSG), 2011.

[2]

P. Middleton, P. Kjeldsen, and J. Tully, “Forecast: The internet of things, worldwide, 2013,” Gartner, 2013.

[3]

D. Welch and S. Lathrop, “Wireless security threat taxonomy,” in Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society, 2003, pp. 76–83.

[4]

R. Roman, P. Najera, and J. Lopez, “Securing the internet of things,” Computer, vol. 44, no. 9, pp. 51–58, 2011.

Digital Library

[5]

R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013.

Digital Library

[6]

A. Williams, “How the internet of things helps us understand radiation levels,” 2011, [Online]. http://readwrite.com/2011/04/01/ow-the-internet-of-things-help.

[7]

D. Viehland and F. Zhao, “The future of personal area networks in a ubiquitous computing world,” International Journal of Advanced Pervasive and Ubiquitous Computing (IJAPUC), vol. 2, no. 2, pp. 30–44, 2010.

Digital Library

[8]

H. Schaffers, N. Komninos, M. Pallot, B. Trousse, M. Nilsson, and A. Oliveira, “Smart cities and the future internet: Towards cooperation frameworks for open innovation,” in The Future Internet, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2011, vol. 6656, pp. 431–446.

[9]

P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad, “Identify authentication and capability based access control (IACAC) for the internet of things,” Journal of Cyber Security and Mobility, vol. 1, pp. 309–348, 2013.

[10]

Y. Challal, “Internet of things security: towards a cognitive and systemic approach,” Ph.D. dissertation, 2012.

[11]

A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, and A. Bouabdallah, “A systemic approach for IoT security,” in 2013 IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS), 2013, pp. 351–355.

[12]

A. Riahi, E. Natalizio, Y. Challal, N. Mitton, and A. Iera, “A systemic and cognitive approach for IoT security,” in 2014 International Conference on Computing, Networking and Communications (ICNC), 2014, pp. 183–188.

[13]

O. Arias, J. Wurm, K. Hoang, and Y. Jin, “Privacy and security in internet of things and wearable devices,” IEEE Transactions on Multi-Scale Computing Systems, (to appear).

[14]

G. Hernandez, O. Arias, D. Buentello, and Y. Jin, “Smart Nest Thermostat: A smart spy in your home,” in Black Hat USA, 2014.

[15]

D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. Maisel, “Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses,” in IEEE Symposium on Security and Privacy (SP), 2008, pp. 129–142.

Cited By

Shang WWang BZhu PDing LWang S(2024)A Span-based Multivariate Information-aware Embedding Network for joint relational triplet extraction of threat intelligenceKnowledge-Based Systems10.1016/j.knosys.2024.111829295:COnline publication date: 18-Jul-2024
https://dl.acm.org/doi/10.1016/j.knosys.2024.111829
Castelo Gómez JRuiz-Villafranca S(2024)Integrating the edge computing paradigm into the development of IoT forensic methodologiesInternational Journal of Information Security10.1007/s10207-023-00776-x23:2(1093-1116)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00776-x
Kebande VAwad A(2023)Industrial Internet of Things Ecosystems Security and Digital Forensics: Achievements, Open Challenges, and Future DirectionsACM Computing Surveys10.1145/363503056:5(1-37)Online publication date: 9-Dec-2023
https://dl.acm.org/doi/10.1145/3635030
Show More Cited By

Index Terms

Security analysis on consumer and industrial IoT devices
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Security in hardware
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

An Experimental Analysis of Security Vulnerabilities in Industrial IoT Devices
Special Section on Emotions in Conflictual Social Interactions and Regular Papers

The revolutionary development of the Internet of Things has triggered a huge demand for Internet of Things devices. They are extensively applied to various fields of social activities, and concerning manufacturing, they are a key enabling concept for ...
IoT Security: Practical guide book
What Makes IoT Secure? A Maturity Analysis of Industrial Product Manufacturers’ Approaches to IoT Security
HCI for Cybersecurity, Privacy and Trust
Abstract
The Internet of Things (IoT) carries enormous potential but also exposes products to new security threats. Even though recent years have seen several costly breaches and security experts advocate for a more proactive approach, security is often ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC)

780 pages

Copyright © 2016.

Publisher

IEEE Press

Publication History

Published: 01 January 2016

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shang WWang BZhu PDing LWang S(2024)A Span-based Multivariate Information-aware Embedding Network for joint relational triplet extraction of threat intelligenceKnowledge-Based Systems10.1016/j.knosys.2024.111829295:COnline publication date: 18-Jul-2024
https://dl.acm.org/doi/10.1016/j.knosys.2024.111829
Castelo Gómez JRuiz-Villafranca S(2024)Integrating the edge computing paradigm into the development of IoT forensic methodologiesInternational Journal of Information Security10.1007/s10207-023-00776-x23:2(1093-1116)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00776-x
Kebande VAwad A(2023)Industrial Internet of Things Ecosystems Security and Digital Forensics: Achievements, Open Challenges, and Future DirectionsACM Computing Surveys10.1145/363503056:5(1-37)Online publication date: 9-Dec-2023
https://dl.acm.org/doi/10.1145/3635030
Yang SDong CXiao YCheng YShi ZLi ZSun L(2023)Asteria-Pro: Enhancing Deep Learning-based Binary Code Similarity Detection by Incorporating Domain KnowledgeACM Transactions on Software Engineering and Methodology10.1145/360461133:1(1-40)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604611
Adil MAli JJadoon MAlotaibi SKumar NFarouk ASong H(2023)COVID-19: Secure Healthcare Internet of Things Networks, Current Trends and Challenges with Future Research DirectionsACM Transactions on Sensor Networks10.1145/355851919:3(1-25)Online publication date: 16-May-2023
https://dl.acm.org/doi/10.1145/3558519
Ayers HDutta PLevis PLevy APannuto PVan Why JWatson JLindorfer MPolakis J(2022)Tiered trust for useful embedded systems securityProceedings of the 15th European Workshop on Systems Security10.1145/3517208.3523752(15-21)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1145/3517208.3523752
Liu JZhao HLiu CJia Q(2021)Privacy Data Security Policy of Medical Cloud Platform Based on Lightweight Algorithm ModelScientific Programming10.1155/2021/55437142021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/5543714
Cosson ASikder ABabun LCelik ZMcDaniel PUluagac A(2021)SentinelProceedings of the International Conference on Internet-of-Things Design and Implementation10.1145/3450268.3453533(53-66)Online publication date: 18-May-2021
https://dl.acm.org/doi/10.1145/3450268.3453533
Chen FLuo DXiang TChen PFan JTruong H(2021)IoT Cloud Security ReviewACM Computing Surveys10.1145/344762554:4(1-36)Online publication date: 3-May-2021
https://dl.acm.org/doi/10.1145/3447625
Albahri AAlwan JTaha ZIsmail SHamid RZaidan AAlbahri OZaidan BAlamoodi AAlsalem M(2021)IoT-based telemedicine for disease prevention and health promotionJournal of Network and Computer Applications10.1016/j.jnca.2020.102873173:COnline publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1016/j.jnca.2020.102873
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents