Handling a trillion (unfixable) flaws on a billion devices

Yu, Tianlong; Sekar, Vyas; Seshan, Srinivasan; Agarwal, Yuvraj; Xu, Chenren

doi:10.1145/2834050.2834095

Cited by 234 publications

(47 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Traditional security solutions such as firewalls, IDSs, anti-viruses, and software patches are not suitable for IoT devices. The three major reasons for this are [45]: (1) Types of policies: a single app may use several IoT devices, communicating explicitly (e.g., via Wi-Fi or Bluetooth) or implicitly (e.g., an IoT light bulb can be triggered by an IoT light sensor). The outcome is a complex and dynamic network which can be hard to secure using a single security policy (e.g., with firewalls).…”

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

“…Moreover, the competitive IoT device market compels vendors to try and get their products out as fast as they can, prioritizing functionality and the user experience, and ignoring the security aspect. In general, most products hardly deal with security and privacy risks, making them the weakest link in terms of security and the target of attackers interested in breaking into networks and harming systems or leaking information [45]. Thus, despite the fact that security was recognized as a central issue of the IoT market as early as 2011 by Bandyopadhyay et al [5], it still continues to remain a challenge today.…”

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

See 1 more Smart Citation

Deployment optimization of IoT devices through attack graph analysis

Agmon

Shabtai

Puzis

2019

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

The Internet of things (IoT) has become an integral part of our life at both work and home. However, these IoT devices are prone to vulnerability exploits due to their low cost, low resources, the diversity of vendors, and proprietary firmware. Moreover, short range communication protocols (e.g., Bluetooth or ZigBee) open additional opportunities for the lateral movement of an attacker within an organization. Thus, the type and location of IoT devices may significantly change the level of network security of the organizational network. In this paper, we quantify the level of network security based on an augmented attack graph analysis that accounts for the physical location of IoT devices and their communication capabilities. We use the depth-first branch and bound (DFBnB) heuristic search algorithm to solve two optimization problems: Full Deployment with Minimal Risk (FDMR) and Maximal Utility without Risk Deterioration (MURD). An admissible heuristic is proposed to accelerate the search. The proposed method is evaluated using a real network with simulated deployment of IoT devices. The results demonstrate (1) the contribution of the augmented attack graphs to quantifying the impact of IoT devices deployed within the organization on security, and (2) the effectiveness of the optimized IoT deployment. CCS CONCEPTS• Security and privacy → Distributed systems security; Mobile and wireless security.

show abstract

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

Deployment optimization of IoT devices through attack graph analysis

Agmon

Shabtai

Puzis

2019

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

show abstract

“…According to many researchers [45,47] an important aspect in IoT security is device security. Yu et al [45] present multiple known vulnerable devices, with issues such as hardcoded administrative usernames and passwords and open DNS resolvers, which could be used to mount Distribute Denial of Service (DDoS) attacks. Airehrour et al [2] write about a case in 2012, where live footage from TRENDNET IP cameras was available to web users without requiring a password.…”

Section: Vulnerable Devicesmentioning

confidence: 99%

Security In The Internet Of Things - A Systematic Mapping Study

Porras¹,

Pänkäläinen²,

Knutas³

et al. 2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

The Internet of Things (IoT) concept is emerging and evolving rapidly. Various technical solutions for multiple purposes have been proposed for its implementation. The rapid evolution and utilization of IoT technologies has raised security concerns and created a feeling of uncertainty among IoT adopters. The purpose of this paper is to examine the current research trends related to security concerns of the IoT concept and provide a detailed understanding of the topic. We thus applied systematic mapping study as the methodological approach. Based on the chosen search strategy, 38 articles (of close to 3500 articles in the field) were selected for a closer examination. Out of these articles, the concerns, solutions and research gaps for the security in the IoT concept were extracted. The mapping study identifies nine main concerns and 11 solutions. However, the findings also reveal challenges, such as secure privacy management and cloud integration that still require efficient solutions.

show abstract

“…In this case, we need to revisit our notion of a software update of the host (the device), and include notions of network-based patches [21]. Although software updates for security are a wellunderstood concept, designing update systems for the IoT poses new challenges because of the unique properties of the physical processes that are under the control of software.…”

Section: Although Ifc Is Not a New Concept As Evidenced By The Multimentioning

confidence: 99%

Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?

Fernandes

Rahmati

Eykholt

et al. 2017

IEEE Secur. Privacy

View full text Add to dashboard Cite

Abstract-The Internet of Things (IoT) is a new computing paradigm that spans wearable devices, homes, hospitals, cities, transportation, and critical infrastructure. Building security into this new computing paradigm is a major technical challenge today. However, what are the security problems in IoT that we can solve using existing security principles? And, what are the new problems and challenges in this space that require new security mechanisms? This article summarizes the intellectual similarities and differences between classic information technology security research and IoT security research.

show abstract

Handling a trillion (unfixable) flaws on a billion devices

Cited by 234 publications

References 9 publications

Deployment optimization of IoT devices through attack graph analysis

Deployment optimization of IoT devices through attack graph analysis

Security In The Internet Of Things - A Systematic Mapping Study

Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?

Contact Info

Product

Resources

About