research-article

Sounding the Bell for Improving Internet (of Things) Security

Authors:

Theophilus Benson,

Balakrishnan ChandrasekaranAuthors Info & Claims

IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

Pages 77 - 82

https://doi.org/10.1145/3139937.3139946

Published: 03 November 2017 Publication History

Abstract

The fragility of the Internet of Things (iot) ecosystem poses serious threats to Internet security, and the proliferation of iot devices only exacerbates this situation by providing vulnerable end-points to be exploited and used as attack sources. While industry and academia are working hard on designing innovative solutions to detect, mitigate and thwart massive botnet-based ddos attacks, the space of solutions appears disjoint and fragmented. The lack of cooperation between the iot device manufacturers, network operators, content providers, end users, and other players precipitates in point solutions which offer at best a veneer of security. In this paper we alert the community to the security challenges posed by the fragile iot ecosystem, discuss the space of solutions, and present the need for a distributed, concerted effort, e.g., among end users, ISPs, and CDNs, to improve Internet security. We do not claim to solve the problem, but offer design guidelines and discuss the key implementation challenges to inform the debates on iot security.

References

[1]

Akamai Technologies. 2014. Prolexic Routed: DDoS defense for protecting data center infrastructures against large, complex attacks. "https://goo.gl/eAdko6". (October 2014).

[2]

Akamai Technologies. 2016. State of the Internet Security Spotlight, Q4 2016: Internet of Things and the Rise of 300 Gbps DDoS Attacks. "https://goo.gl/1uHJuY". (2016).

[3]

Akamai Technologies. 2017. State of the Internet / Security, Q1 2017 Report. "https://goo.gl/KJ4oNX". (May 2017).

[4]

Tristan Allard, Davide Frey, George Giakkoupis, and Julien Lepiller. 2016. Lightweight Privacy-Preserving Averaging for the Internet of Things Proceedings of the 3rd Workshop on Middleware for Context-Aware Applications in the IoT (M4IoT 2016). ACM, New York, NY, USA, 19--22.

[5]

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17).

Digital Library

[6]

Chris Baker. 2016. Recent IoT-based Attacks: What Is the Impact On Managed DNS Operators "https://goo.gl/kCU7ZL". (October 2016).

[7]

Mario Ballano Barcena and Candid Wueest. 2015. Insecurity in the Internet of Things. Technical Report. Symantec.

[8]

E. Bertino and N. Islam. 2017. Botnets and Internet of Things Security. Computer, Vol. 50, 2 (Feb 2017), 76--79.

Digital Library

[9]

H. Birkholz, N. Cam-Winget, and C. Bormann. 2016. IoT Software Updates need Security Automation. Internet of Things Software Update Workshop (IoTSU) (May 2016).

[10]

Matthew Broersma. 2016. EU Pushes IoT Security Regulations. "https://goo.gl/CiTA9P". (October 2016).

[11]

Ruichuan Chen, Alexey Reznichenko, Paul Francis, and Johanes Gehrke. 2012. Towards Statistical Queries over Distributed Private User Data Presented as part of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12). USENIX, San Jose, CA, 169--182.

[12]

Alex Chiu. 2016. The Internet of Things Is Not Always So Comforting. "https://goo.gl/WxELos". (February 2016).

[13]

Catalin Cimpanu. 2017. 15% of All IoT Device Owners Don't Change Default Passwords. "https://goo.gl/H2RLHa". (June 2017).

[14]

Ang Cui and Salvatore J. Stolfo 2010. A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-area Scan. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10). ACM, New York, NY, USA, 97--106.

Digital Library

[15]

Nigel Davies, Nina Taft, Mahadev Satyanarayanan, Sarah Clinch, and Brandon Amos. 2016. Privacy Mediators: Helping IoT Cross the Chasm. Hot Topics in Mobile Computing (Hot Mobile).

Digital Library

[16]

Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer Security and the Modern Home. Commun. ACM, Vol. 56, 1 (Jan. 2013), 94--103.

Digital Library

[17]

Dave Evans. 2011. The Internet of Things: How the Next Evolution of the Internet Is Changing Everything. Technical Report. CISCO.

[18]

Dennis Fisher. 2016. Bugs in Chinese IoT Components Aid Mirai Botnet Spread. "https://goo.gl/iGcwdt". (October 2016).

[19]

Gartner Inc. 2017. Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016. "https://goo.gl/JVRWXV". (February 2017).

[20]

Imperva. 2017. Attackers Use DDoS Pulses to Pin Down Multiple Targets, Send Shock Waves Through Hybrids. Technical Report. Imperva Incapsula.

[21]

Brian Krebs. 2016. IoT Reality: Smart Devices, Dumb Defaults. "https://goo.gl/PE3iif". (February 2016).

[22]

D. Le Quoc, M. Beck, P. Bhatotia, R. Chen, C. Fetzer, and T. Strufe. 2017. Privacy Preserving Stream Analytics: The Marriage of Randomized Response and Approximate Computing. ArXiv e-prints (Jan. 2017).

[23]

Tom Leighton. 2009. Improving Performance on the Internet. Commun. ACM, Vol. 52, 2 (Feb. 2009), 44--51.

Digital Library

[24]

Robert McMillan and Drew FitzGerald. 2016. Hackers Release Botnet Code, Raising Specter of More Attacks. "https://goo.gl/RjsMdd". (October 2016).

[25]

Chris Olston, Jing Jiang, and Jennifer Widom. 2003. Adaptive Filters for Continuous Queries over Distributed Data Streams Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data (SIGMOD '03). ACM, New York, NY, USA, 563--574.

[26]

Martin Orehek and Alf Zugenmaier. 2016. Updates in IoT are more than just one iota. Internet of Things Software Update Workshop (IoTSU) (2016).

[27]

Pierluigi Paganini. 2016. OVH hosting hit by 1Tbps DDoS attack, the largest one ever seen. "https://goo.gl/2raB5o". (September 2016).

[28]

Andrea Peterson. 2016. Can anyone keep us safe from a weaponized 'Internet of Things?'. "https://goo.gl/yzbzrx". (October 2016).

[29]

David Plonka and Elisa Boschi. 2016. The Internet of Things Old and Unmanaged. Internet of Things Software Update Workshop (IoTSU) (2016).

[30]

Matthew Prince. 2016. How Cloudflare's Architecture Allows Us to Scale to Stop the Largest Attacks. "https://goo.gl/xh4J8j". (October 2016).

[31]

Steve Ragan. 2016. Some thoughts on the Krebs situation: Akamai made a painful business call. "https://goo.gl/PVdz3F". (September 2016).

[32]

David E. Sanger and Nicole Perlroth. 2016. A New Era of Internet Attacks Powered by Everyday Devices. "https://goo.gl/djNdTC". (October 2016).

[33]

Bruce Schneier. 2014. The Internet of Things is Wildly Insecure - and often Unpatchable. "https://goo.gl/CG87c9". (January 2014).

[34]

Bruce Schneier. 2017. Ransomware and the Internet of Things. "https://goo.gl/ZC2vMF". (May 2017).

[35]

Chad Seaman. 2016. Akamai Threat Advisory: Mirai Botnet. Technical Report. Akamai Technologies.

[36]

A. K. Simpson, F. Roesner, and T. Kohno. 2017. Securing vulnerable home IoT devices with an in-hub security manager. In 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). 551--556.

[37]

Rayman Preet Singh, Benjamin Cassell, S. Keshav, and Tim Brecht. 2016. TussleOS: Managing privacy versus functionality trade-offs on IoT devices. In Computer Communication Review (CCR), Vol. Vol. 46. ACM SIGCOMM, 1--8.

[38]

Vibhaalakshmi Sivaraman, Srinivas Narayana, Ori Rottenstreich, S. Muthukrishnan, and Jennifer Rexford. 2017. Heavy-Hitter Detection Entirely in the Data Plane. In Proceedings of the Symposium on SDN Research (SOSR '17). ACM, New York, NY, USA, 164--176.

Digital Library

[39]

Robin Sommer and Vern Paxson. 2010. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP '10). IEEE Computer Society, Washington, DC, USA, 305--316.

Digital Library

[40]

Robert Sparks and Ben Campbell. 2016. Avoiding the Obsolete-Thing Event Horizon. Internet of Things Software Update Workshop (IoTSU) (2016).

[41]

Nik Sultana, Markulf Kohlweiss, and Andrew W. Moore. 2016. Light at the Middle of the Tunnel: Middleboxes for Selective Disclosure of Network Monitoring to Distrusted Parties. In Proceedings of the 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization (HotMIddlebox '16). ACM, New York, NY, USA, 1--6.

[42]

US-CERT. 2016. Alert (TA16-288A): Heightened DDoS Threat Posed by Mirai and Other Botnets. "https://goo.gl/SYA8JW". (November 2016).

[43]

Jai Vijayan. 2017. 'Pulse Wave' DDoS Attacks Emerge As New Threat. "https://goo.gl/aw8g78". (August 2017).

[44]

Mark R. Warner, Cory Gardner, Ron Wyden, and Steve Daines. 2017. Internet of Things Cybersecurity Improvement Act of 2017. "https://goo.gl/DZESrV". (2017).

[45]

Nick Woolf. 2016. TheGuardian: DDoS attack that disrupted internet was largest of its kind in history, experts say. "https://goo.gl/HWsNyx". (October 2016).

Cited By

Gelgi MGuan YArunachala SSamba Siva Rao MDragoni N(2024)Systematic Literature Review of IoT Botnet DDOS Attacks and Evaluation of Detection TechniquesSensors10.3390/s2411357124:11(3571)Online publication date: 1-Jun-2024
https://doi.org/10.3390/s24113571
Garg NShahid IAvllazagaj EHill JHan JRoy N(2023)ThermWareProceedings of the 24th International Workshop on Mobile Computing Systems and Applications10.1145/3572864.3580339(81-88)Online publication date: 22-Feb-2023
https://dl.acm.org/doi/10.1145/3572864.3580339
Arzani BCiraci SSaroiu SWolman AStokes JOuthred GDiwu LBhagwan RPorter G(2020)PrivateEyeProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388300(797-816)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388300
Show More Cited By

Index Terms

Sounding the Bell for Improving Internet (of Things) Security
1. Networks
  1. Network properties
    1. Network privacy and anonymity
    2. Network security
      1. Denial-of-service attacks
2. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Internet of things security: challenges and perspectives
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

No one can deny that the Internet of Things (IOT) will revolutionize our daily thanks to its many benefits in order to improve and simplify people's lives. Us any new technology the internet of things has a number of problems that prevents it to reach ...
Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework
ICC '16: Proceedings of the International Conference on Internet of things and Cloud Computing

The Internet of things (IoT) refers to every object, which is connected over a network with the ability to transfer data. Users perceive this interaction and connection as useful in their daily life. However any improperly designed and configured ...
Convergence of Blockchain Enabled Internet of Things (IoT) Framework: A Survey
Ubiquitous Networking
Abstract
Recent research and experiments in the field of Internet of Things (IoT) security have found that these devices are vulnerable to various attacks, ranging from cyber-attacks to physical attacks on devices. Internet of Things (IoTs) have certain ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

November 2017

90 pages

ISBN:9781450353960

DOI:10.1145/3139937

General Chairs:
Peng Liu
Penn State University, USA
,
Yuqing Zhang
University of Chinese Academy of Sciences, China
,
Program Chairs:
Theophilus Benson
Brown University, USA
,
Srikanth Sundaresan
Princeton University, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

November 3, 2017

Texas, Dallas, USA

Acceptance Rates

IoTS&P '17 Paper Acceptance Rate 12 of 30 submissions, 40%;

Overall Acceptance Rate 12 of 30 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
633
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gelgi MGuan YArunachala SSamba Siva Rao MDragoni N(2024)Systematic Literature Review of IoT Botnet DDOS Attacks and Evaluation of Detection TechniquesSensors10.3390/s2411357124:11(3571)Online publication date: 1-Jun-2024
https://doi.org/10.3390/s24113571
Garg NShahid IAvllazagaj EHill JHan JRoy N(2023)ThermWareProceedings of the 24th International Workshop on Mobile Computing Systems and Applications10.1145/3572864.3580339(81-88)Online publication date: 22-Feb-2023
https://dl.acm.org/doi/10.1145/3572864.3580339
Arzani BCiraci SSaroiu SWolman AStokes JOuthred GDiwu LBhagwan RPorter G(2020)PrivateEyeProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388300(797-816)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388300
Deng FSong YHu AFan MJiang Y(2019)Abnormal traffic detection of IoT terminals based on Bloom filterProceedings of the ACM Turing Celebration Conference - China10.1145/3321408.3326654(1-7)Online publication date: 17-May-2019
https://dl.acm.org/doi/10.1145/3321408.3326654
Rahbari HLiu JPark J(2018)SecureMatch: Scalable Authentication and Key Relegation for IoT Using Physical-Layer Techniques2018 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS.2018.8433177(1-9)Online publication date: May-2018
https://doi.org/10.1109/CNS.2018.8433177

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents