Suhas Bhairav scite author profile

The Internet of Things (IoT) is a global ecosystem of information and communication technologies aimed at connecting any type of object (thing), at any time and in any place, to each other and to the Internet. One of the major problems associated with the IoT is maintaining security; the heterogeneous nature of such deployments poses a challenge to many aspects of security, including security testing and analysis. In addition, there is no existing mechanism that performs security testing for IoT devices in different contexts. In this paper, we propose an innovative security testbed framework targeted at IoT devices. The security testbed supports both standard and context-based security testing, with a set of security tests conducted under the different environmental conditions in which IoT devices operate. The requirements and architectural design of the proposed testbed are discussed, and the testbed operation is demonstrated in several testing scenarios. CCS Concepts• Security and privacy➝Systems Security➝Vulnerability management • Computing methodologies➝Machine learning.

show abstract

Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

Sachidananda¹,

Bhairav²,

Elovici³

2019

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools.IoT environment, analyzes, monitors and mutates the packets that will be accepted by the IoT device. OWL produces legitimate and illegitimate packets to perform the DoS. Not to forget, OWL also includes techniques in performing classical resource exhaustion for DoS. However, OWL stands out in performing DoS attacks through a few mutated packets by exploiting various DoS vulnerabilities of IoT devices. We have compared and evaluated OWL with two of the state-of-the-art DoS tools, LOIC (Low Orbit Ion Cannon) [12] and hping3 [13], where LOIC and hping3 can perform DoS only on IP based IoT devices and only through resource exhaustion. Next, we introduce a DoS and DDoS defense framework for IoT. The framework is capable of analyzing the network traffic to determine if there is a DoS or a DDoS attack on a specific IoT device. Suppose there is an attack, the defense framework takes appropriate steps to mitigate the attack by changing the IP address of the IoT device and providing alerts for Bluetooth and Zigbee devices. On the other hand, if an IoT device within the network is launching a DoS attack on other devices, the defense framework will automatically disconnect the network connection of the attacking IoT device.Second, we have introduced IoT Resilience (R IoT ) metric to evaluate the resilience of an IoT device against DoS, DDoS and PDoS. IoT Resilience will be calculated based on the services running on an

show abstract

Let the Cat Out of the Bag

Sachidananda

Siboni

Shabtai

et al. 2017

View full text Add to dashboard Cite

PIT: A Probe Into Internet of Things by Comprehensive Security Analysis

Sachidananda

Bhairav

Ghosh

et al. 2019

View full text Add to dashboard Cite

Over

Sachidananda¹,

Bhairav

Elovici

2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Suhas Bhairav

Security Testbed for Internet-of-Things Devices

Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

Let the Cat Out of the Bag

PIT: A Probe Into Internet of Things by Comprehensive Security Analysis

Over

Contact Info

Product

Resources

About