Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations

The security issue impacting the Internet-of-Things (IoT) paradigm has recently attracted significant attention from the research community. To this end, several surveys were put forward addressing various IoT-centric topics, including intrusion detection systems, threat modeling, and emerging technologies. In contrast, in this paper, we exclusively focus on the ever-evolving IoT vulnerabilities. In this context, we initially provide a comprehensive classification of state-of-the-art surveys, which address various dimensions of the IoT paradigm. This aims at facilitating IoT research endeavors by amalgamating, comparing, and contrasting dispersed research contributions. Subsequently, we provide a unique taxonomy, which sheds the light on IoT vulnerabilities, their attack vectors, impacts on numerous security objectives, attacks which exploit such vulnerabilities, corresponding remediation methodologies and currently offered operational cyber security capabilities to infer and monitor such weaknesses. This aims at providing the reader with a multidimensional research perspective related to IoT vulnerabilities, including their technical details and consequences, which is postulated to be leveraged for remediation objectives. Additionally, motivated by the lack of empirical (and malicious) data related to the IoT paradigm, this paper also presents a first look on Internet-scale IoT exploitations by drawing upon more than 1.2 GB of macroscopic, passive measurements’ data. This aims at practically highlighting the severity of the IoT problem, while providing operational situational awareness capabilities, which undoubtedly would aid in the mitigation task, at large. Insightful findings, inferences and outcomes in addition to open challenges and research problems are also disclosed in this paper, which we hope would pave the way for future research endeavors addressing theoretical and empirical aspects related to the imperative topic of IoT security.

[1]  Marcos A. Simplício,et al.  Lightweight and escrow-less authenticated key agreement for the internet of things , 2017, Comput. Commun..

[2]  Guangxia Xu,et al.  SDN-Based Data Transfer Security for Internet of Things , 2018, IEEE Internet of Things Journal.

[3]  Alex Biryukov,et al.  Side-Channel Attacks Meet Secure Network Protocols , 2017, ACNS.

[4]  M.Kanchana,et al.  VAMPIRE ATTACKS: DRAINING LIFE FROM WIRELESS AD HOC SENSOR NETWORKS , 2014 .

[5]  Bradley Reaves,et al.  An open virtual testbed for industrial control system security research , 2012, International Journal of Information Security.

[6]  Thomas R. Henderson,et al.  Host Identity Protocol Version 2 (HIPv2) , 2015, RFC.

[7]  Carsten Bormann,et al.  6LoWPAN: The Wireless Embedded Internet , 2009 .

[8]  Igor Bisio,et al.  Enabling IoT for In-Home Rehabilitation: Accelerometer Signals Classification Methods for Activity and Movement Recognition , 2017, IEEE Internet of Things Journal.

[9]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[10]  Thiemo Voigt,et al.  Intrusion Detection in the RPL-connected 6LoWPAN Networks , 2017, IoTPTS@AsiaCCS.

[11]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[12]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[13]  Kotaro Kataoka,et al.  Trust list: Internet-wide and distributed IoT traffic management using blockchain and SDN , 2018, 2018 IEEE 4th World Forum on Internet of Things (WF-IoT).

[14]  Joan Arnedo-Moreno,et al.  ZigBee/ZigBee PRO Security Assessment Based on Compromised Cryptographic Keys , 2010, 2010 International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[15]  Xiangjian He,et al.  A Robust Authentication Scheme for Observing Resources in the Internet of Things Environment , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[16]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[17]  Shahin Farahani,et al.  ZigBee Wireless Networks and Transceivers , 2008 .

[18]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[19]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[20]  Mourad Debbabi,et al.  A Statistical Approach for Fingerprinting Probing Activities , 2013, 2013 International Conference on Availability, Reliability and Security.

[21]  Martin Reisslein,et al.  Ultra-Low Latency (ULL) Networks: The IEEE TSN and IETF DetNet Standards and Related 5G ULL Research , 2018, IEEE Communications Surveys & Tutorials.

[22]  Karl N. Levitt,et al.  Is Anybody Home? Inferring Activity From Smart Home Network Traffic , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[23]  M. Shamim Hossain,et al.  Toward end-to-end biomet rics-based security for IoT infrastructure , 2016, IEEE Wireless Communications.

[24]  Mourad Debbabi,et al.  Fingerprinting Internet DNS Amplification DDoS Activities , 2014, 2014 6th International Conference on New Technologies, Mobility and Security (NTMS).

[25]  Angelo Furfaro,et al.  Using virtual environments for the assessment of cybersecurity issues in IoT scenarios , 2017, Simul. Model. Pract. Theory.

[26]  Baojiang Cui,et al.  A Novel Fuzzing Method for Zigbee Based on Finite State Machine , 2014, Int. J. Distributed Sens. Networks.

[27]  Mourad Debbabi,et al.  Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization , 2016, IEEE Communications Surveys & Tutorials.

[28]  Jie Wu,et al.  Defending Resource Depletion Attacks on Implantable Medical Devices , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[29]  Salvatore J. Stolfo,et al.  A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan , 2010, ACSAC '10.

[30]  Chadi Assi,et al.  Inferring, Characterizing, and Investigating Internet-Scale Malicious IoT Device Activities: A Network Telescope Perspective , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[31]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[32]  Haytham Elmiligi,et al.  Multi-dimensional analysis of embedded systems security , 2016, Microprocess. Microsystems.

[33]  He Wang,et al.  MoLe: Motion Leaks through Smartwatch Sensors , 2015, MobiCom.

[34]  Sergio Branco,et al.  A smart wearable system for sudden infant death syndrome monitoring , 2016, 2016 IEEE International Conference on Industrial Technology (ICIT).

[35]  Heng Yin,et al.  Scalable Graph-based Bug Search for Firmware Images , 2016, CCS.

[36]  Mourad Debbabi,et al.  A novel cyber security capability: Inferring Internet-scale infections by correlating malware and probing activities , 2016, Comput. Networks.

[37]  Shahriar Mirabbasi,et al.  Wireless Energy Harvesting for Internet of Things , 2014 .

[38]  Yuval Elovici,et al.  SIPHON: Towards Scalable High-Interaction Physical Honeypots , 2017, CPSS@AsiaCCS.

[39]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[40]  Rajkumar Buyya,et al.  Aneka Cloud Application Platform and Its Integration with Windows Azure , 2011, ArXiv.

[41]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[42]  Alexandros G. Fragkiadakis,et al.  A lightweight framework for secure life-logging in smart environments , 2013, Inf. Secur. Tech. Rep..

[43]  Assia Tria,et al.  Modeling a node capture attack in a secure wireless sensor networks , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[44]  Juan Lopez,et al.  Firmware modification attacks on programmable logic controllers , 2013, Int. J. Crit. Infrastructure Prot..

[45]  Simon Duquennoy,et al.  Secure Sharing of Partially Homomorphic Encrypted IoT Data , 2017, SenSys.

[46]  Olivier Festor,et al.  A Testing Framework for Discovering Vulnerabilities in 6LoWPAN Networks , 2012, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems.

[47]  Chang-Seop Park,et al.  A Secure and Efficient ECQV Implicit Certificate Issuance Protocol for the Internet of Things Applications , 2017, IEEE Sensors Journal.

[48]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[49]  Zhao Yang Dong,et al.  A Review of False Data Injection Attacks Against Modern Power Systems , 2017, IEEE Transactions on Smart Grid.

[50]  Mark Mohammad Tehranipoor,et al.  Protecting endpoint devices in IoT supply chain , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[51]  Taghi M. Khoshgoftaar,et al.  A survey on heterogeneous transfer learning , 2017, Journal of Big Data.

[52]  Raheem A. Beyah,et al.  Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems , 2016, NDSS.

[53]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[54]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[55]  Mourad Debbabi,et al.  Cyber Scanning: A Comprehensive Survey , 2014, IEEE Communications Surveys & Tutorials.

[56]  Mourad Debbabi,et al.  Inferring internet-scale infections by correlating malware and probing activities , 2014, 2014 IEEE International Conference on Communications (ICC).

[57]  Mark Mohammad Tehranipoor,et al.  Hardware security meets biometrics for the age of IoT , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[58]  Salvatore J. Stolfo,et al.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation , 2013, NDSS.

[59]  Ata Elahi,et al.  ZigBee Wireless Sensor and Control Network , 2009 .

[60]  Elias Bou-Harb,et al.  Survey of Attack Projection, Prediction, and Forecasting in Cyber Security , 2019, IEEE Communications Surveys & Tutorials.

[61]  Yan Wang,et al.  Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN , 2016, AsiaCCS.

[62]  Hsinchun Chen,et al.  Uninvited Connections: A Study of Vulnerable Devices on the Internet of Things (IoT) , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[63]  Georgios Kambourakis,et al.  Swarm intelligence in intrusion detection: A survey , 2011, Comput. Secur..

[64]  Yuguang Fang,et al.  Defending Against Physical Destruction Attacks on Wireless Sensor Networks , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[65]  Niraj K. Jha,et al.  Improving the Trustworthiness of Medical Device Software with Formal Verification Methods , 2013, IEEE Embedded Systems Letters.

[66]  Aref Meddeb,et al.  6LoWPAN multi-layered security protocol based on IEEE 802.15.4 security features , 2017, 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC).

[67]  Radha Poovendran,et al.  Node capture attacks in wireless sensor networks: A system theoretic approach , 2010, 49th IEEE Conference on Decision and Control (CDC).

[68]  Mansour Sheikhan,et al.  Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach , 2017, Comput. Commun..

[69]  Jeffrey D. Tew,et al.  The applicability of blockchain in the Internet of Things , 2018, 2018 10th International Conference on Communication Systems & Networks (COMSNETS).

[70]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[71]  George Markowsky,et al.  Scanning for vulnerable devices in the Internet of Things , 2015, 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS).

[72]  Zinaida Benenson,et al.  All Your Bulbs Are Belong to Us: Investigating the Current State of Security in Connected Lighting Systems , 2016, ArXiv.

[73]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..

[74]  Mourad Debbabi,et al.  A systematic approach for detecting and clustering distributed cyber scanning , 2013, Comput. Networks.

[75]  Ali Saman Tosun,et al.  Investigating Security and Privacy of a Cloud-Based Wireless IP Camera: NetCam , 2015, 2015 24th International Conference on Computer Communication and Networks (ICCCN).

[76]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[77]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.

[78]  Yaoxue Zhang,et al.  Block-Stream as a Service: A More Secure, Nimble, and Dynamically Balanced Cloud Service Model for Ambient Computing , 2018, IEEE Network.

[79]  Tsutomu Matsumoto,et al.  IoTPOT: A Novel Honeypot for Revealing Current IoT Threats , 2016, J. Inf. Process..

[80]  Mourad Debbabi,et al.  On fingerprinting probing activities , 2014, Comput. Secur..

[81]  Rolf H. Weber,et al.  Cybersecurity in the Internet of Things: Legal aspects , 2016, Comput. Law Secur. Rev..

[82]  Peiyuan Zong,et al.  Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be , 2017, ArXiv.

[83]  Stefan Savage,et al.  You've Got Vulnerability: Exploring Effective Vulnerability Notifications , 2016, USENIX Security Symposium.

[84]  Oscar Novo,et al.  Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT , 2018, IEEE Internet of Things Journal.

[85]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[86]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[87]  Giuseppe Piro,et al.  Key Management Protocol with Implicit Certificates for IoT systems , 2015, IoT-Sys@MobiSys.

[88]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[89]  Vern Paxson,et al.  Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension , 2016, WWW.

[90]  Jean-Claude Bajard,et al.  A New Security Model for Authenticated Key Agreement , 2010, SCN.

[91]  Georg Carle,et al.  DTLS based security and two-way authentication for the Internet of Things , 2013, Ad Hoc Networks.

[92]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[93]  Meng Wu,et al.  Robust detection of false data injection attacks for data aggregation in an Internet of Things-based environmental surveillance , 2017, Comput. Networks.

[94]  Jean-Yves Fourniols,et al.  Smart wearable systems: Current status and future challenges , 2012, Artif. Intell. Medicine.

[95]  Jun Zhao,et al.  On Resilience and Connectivity of Secure Wireless Sensor Networks Under Node Capture Attacks , 2017, IEEE Transactions on Information Forensics and Security.

[96]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[97]  Byung-Seo Kim,et al.  IoT Elements, Layered Architectures and Security Issues: A Comprehensive Survey , 2018, Sensors.

[98]  Michael Schukat,et al.  A ZigBee honeypot to assess IoT cyberattack behaviour , 2017, 2017 28th Irish Signals and Systems Conference (ISSC).

[99]  Ali Saman Tosun,et al.  A Testbed for Security and Privacy Analysis of IoT Devices , 2016, 2016 IEEE 13th International Conference on Mobile Ad Hoc and Sensor Systems (MASS).

[100]  Yasir Arfat Malkani,et al.  A framework for securing mobile wireless sensor networks against physical attacks , 2016, 2016 International Conference on Emerging Technologies (ICET).

[101]  Mark Allman,et al.  Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy , 2016, NDSS.

[102]  Rajeev Kumar Kanth,et al.  Distributed internal anomaly detection system for Internet-of-Things , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[103]  Wade Trappe,et al.  Low-Energy Security: Limits and Opportunities in the Internet of Things , 2015, IEEE Security & Privacy.

[104]  Dinil Mon Divakaran,et al.  DEFT: A Distributed IoT Fingerprinting Technique , 2019, IEEE Internet of Things Journal.

[105]  Cristina Alcaraz,et al.  Key management systems for sensor networks in the context of the Internet of Things , 2011, Comput. Electr. Eng..

[106]  Zheng Gong,et al.  A Practical One-Time File Encryption Protocol for IoT Devices , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[107]  Samuel Marchal,et al.  DÏoT: A Federated Self-learning Anomaly Detection System for IoT , 2018, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[108]  Pekka Toivanen,et al.  Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned , 2013, 2013 46th Hawaii International Conference on System Sciences.

[109]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[110]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[111]  Zhizhang Chen,et al.  Power Analysis Attacks Against IEEE 802.15.4 Nodes , 2016, COSADE.

[112]  Barton P. Miller,et al.  An empirical study of the robustness of Windows NT applications using random testing , 2000 .

[113]  A. Molisch,et al.  IEEE 802.15.4a channel model-final report , 2004 .

[114]  Raheem A. Beyah,et al.  Rethinking the Honeypot for Cyber-Physical Systems , 2016, IEEE Internet Computing.

[115]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[116]  Mourad Debbabi,et al.  Behavioral analytics for inferring large-scale orchestrated probing events , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[117]  Michael Backes,et al.  Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification , 2016, USENIX Security Symposium.

[118]  Mourad Debbabi,et al.  Big Data Behavioral Analytics Meet Graph Theory: On Effective Botnet Takedowns , 2017, IEEE Network.

[119]  Ahmad-Reza Sadeghi,et al.  DÏoT: A Crowdsourced Self-learning Approach for Detecting Compromised IoT Devices , 2018, ArXiv.

[120]  Elisa Bertino,et al.  Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[121]  Mari Carmen Domingo,et al.  An overview of the Internet of Things for people with disabilities , 2012, J. Netw. Comput. Appl..

[122]  Naveen K. Chilamkurti,et al.  Deep Learning: The Frontier for Distributed Attack Detection in Fog-to-Things Computing , 2018, IEEE Communications Magazine.

[123]  Mustafizur R. Shahid,et al.  IoT Devices Recognition Through Network Traffic Analysis , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[124]  Antonio Iera,et al.  From "smart objects" to "social objects": The next evolutionary step of the internet of things , 2014, IEEE Communications Magazine.

[125]  Mourad Debbabi,et al.  On the inference and prediction of DDoS campaigns , 2015, Wirel. Commun. Mob. Comput..

[126]  Lionel Metongnon,et al.  Beyond Telnet: Prevalence of IoT Protocols in Telescope and Honeypot Measurements , 2018, WTMC@SIGCOMM.

[127]  Yuval Elovici,et al.  Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things , 2017, IoTPTS@AsiaCCS.

[128]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[129]  Luca Bruno,et al.  AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares , 2014, NDSS.

[130]  Weizhi Meng,et al.  Intrusion Detection in the Era of IoT: Building Trust via Traffic Filtering and Sampling , 2018, Computer.

[131]  Nasir Ghani,et al.  Internet of Malicious Things: Correlating Active and Passive Measurements for Inferring and Characterizing Internet-Scale Unsolicited IoT Devices , 2018, IEEE Communications Magazine.

[132]  Dengguo Feng,et al.  Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing , 2005, IACR Cryptol. ePrint Arch..

[133]  Apostolis Zarras,et al.  Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces , 2015, AsiaCCS.

[134]  Bruno Sinopoli,et al.  Cyber Meets Control: A Novel Federated Approach for Resilient CPS Leveraging Real Cyber Threat Intelligence , 2017, IEEE Communications Magazine.

[135]  Georgios Kambourakis,et al.  Optimal Countermeasures Selection Against Cyber Attacks: A Comprehensive Survey on Reaction Frameworks , 2018, IEEE Communications Surveys & Tutorials.

[136]  Maurizio Morisio,et al.  Connected Car , 2016, ACM Comput. Surv..

[137]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[138]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[139]  Varshanth R. Rao,et al.  Predictive node expiration based energy-aware source routing (PNEB ESR) protocol for wireless sensor networks , 2014, COMPUTE '14.

[140]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[141]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[142]  Amee A. Patel,et al.  A Novel Proposal for Defending against Vampire Attack in WSN , 2015, 2015 Fifth International Conference on Communication Systems and Network Technologies.

[143]  Stephen Dunlap,et al.  An evaluation of modification attacks on programmable logic controllers , 2014, Int. J. Crit. Infrastructure Prot..

[144]  Madhusudan Singh,et al.  Blockchain: A game changer for securing IoT data , 2018, 2018 IEEE 4th World Forum on Internet of Things (WF-IoT).

[145]  Georgios Kambourakis,et al.  New facets of mobile botnet: architecture and evaluation , 2015, International Journal of Information Security.

[146]  Ahmad-Reza Sadeghi,et al.  Security analysis on consumer and industrial IoT devices , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[147]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.

[148]  Zuyi Li,et al.  Modeling of Local False Data Injection Attacks With Reduced Network Information , 2015, IEEE Transactions on Smart Grid.

[149]  BertinoElisa,et al.  Botnets and Internet of Things Security , 2017 .

[150]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[151]  Mourad Debbabi,et al.  Inferring distributed reflection denial of service attacks from darknet , 2015, Comput. Commun..

[152]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[153]  Levente Buttyán,et al.  XCS based hidden firmware modification on embedded devices , 2011, SoftCOM 2011, 19th International Conference on Software, Telecommunications and Computer Networks.

[154]  Chris Reed,et al.  Accountability in the IoT: Systems, Law, and Ways Forward , 2018, Computer.

[155]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[156]  Kerstin Eder,et al.  The IoT Energy Challenge: A Software Perspective , 2018, IEEE Embedded Systems Letters.

[157]  J. Jithish,et al.  Sybil attack in IOT: Modelling and defenses , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[158]  Max Mühlhäuser,et al.  Multi-stage attack detection and signature generation with ICS honeypots , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[159]  Laurence T. Yang,et al.  Secure Data Collection, Storage and Access in Cloud-Assisted IoT , 2018, IEEE Cloud Computing.

[160]  Márk Félegyházi,et al.  CryPLH: Protecting Smart Energy Systems from Targeted Attacks with a PLC Honeypot , 2014, SmartGridSec.

[161]  Nasir D. Memon,et al.  Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis , 2017, NDSS.

[162]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[163]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[164]  Sheetal Kalra,et al.  A lightweight biometrics based remote user authentication scheme for IoT services , 2017, J. Inf. Secur. Appl..

[165]  Gunasekaran Manogaran,et al.  HIoTPOT: Surveillance on IoT Devices against Recent Threats , 2018, Wirel. Pers. Commun..

[166]  Federico Chiariotti,et al.  A game-theoretic analysis of energy-depleting jamming attacks , 2019, 2017 International Conference on Computing, Networking and Communications (ICNC).

[167]  Mourad Debbabi,et al.  Investigating the dark cyberspace: Profiling, threat-based analysis and correlation , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[168]  Sasu Tarkoma,et al.  Securebox: Toward Safer and Smarter IoT Networks , 2016, CAN@CoNEXT.

[169]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[170]  Michail Maniatakos,et al.  Impact of firmware modification attacks on power systems field devices , 2015, 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[171]  Mourad Debbabi,et al.  Communication security for smart grid distribution networks , 2013, IEEE Communications Magazine.

[172]  Wen Hu,et al.  Talos: Encrypted Query Processing for the Internet of Things , 2015, SenSys.

[173]  Fredrik Österlind,et al.  A Sensor Network Simulator for the Contiki OS , 2006 .

[174]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[175]  Antonio Iera,et al.  Understanding the Internet of Things: definition, potentials, and societal role of a fast evolving paradigm , 2017, Ad Hoc Networks.

[176]  Robert H. Deng,et al.  Lightweight Break-Glass Access Control System for Healthcare Internet-of-Things , 2018, IEEE Transactions on Industrial Informatics.

[177]  Nasir Ghani,et al.  A first empirical look on internet-scale exploitations of IoT devices , 2017, 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[178]  Luiz Affonso Guedes,et al.  Availability Issues in Wireless Visual Sensor Networks , 2014, Sensors.

[179]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[180]  Audrey A. Gendreau,et al.  Survey of Intrusion Detection Systems towards an End to End Secure Internet of Things , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[181]  W. Liu,et al.  A unified architecture for integrating energy harvesting IoT devices with the Mobile Edge Cloud , 2018, 2018 IEEE 4th World Forum on Internet of Things (WF-IoT).

[182]  Asaf Shabtai,et al.  Advanced Security Testbed Framework for Wearable IoT Devices , 2016, ACM Trans. Internet Techn..

[183]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.