Active Profiling of Physical Devices at Internet Scale

Nowadays, more and more physical devices embed computing and networking capabilities and are visible on the Internet. These devices include webcams, net-printers, and industrial control equipments, etc. Collecting information about these devices is crucial to preserve cyber-security and facilitate security auditing for system administrators. In this paper, we propose a scalable framework for physical device profiling. It leverages banner grabbing to identify device types and running services, and uses clock skew to determine a device ID. Our framework scales well. We implement a prototype system and use it to profile Webcams and industrial control device. The results show that our system can effectively profile and identify Webcams in real time. We deploy it on the cloud server and use it to detect 4 billion IP addresses to profile 1.2 million Webcams and more than 60 thousand industrial control devices in 20 hours.

[1]  Russell J. Clark,et al.  Usage-based dhcp lease time optimization , 2007, IMC '07.

[2]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[3]  Qiang Li,et al.  Collaborative Recognition of Queuing Behavior on Mobile Phones , 2016, IEEE Transactions on Mobile Computing.

[4]  A Dainotti,et al.  Analysis of a “/0” Stealth Scan From a Botnet , 2012, IEEE/ACM Transactions on Networking.

[5]  Qiang Li,et al.  QueueSense: Collaborative recognition of queuing on mobile phones , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[6]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[7]  Vern Paxson,et al.  A brief history of scanning , 2007, IMC '07.

[8]  Nick Feamster,et al.  Geographic locality of IP prefixes , 2005, IMC '05.

[9]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[10]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[11]  Qiang Li,et al.  Context-Aware Handoff on Smartphones , 2013, 2013 IEEE 10th International Conference on Mobile Ad-Hoc and Sensor Systems.

[12]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[13]  Ofir Arkin,et al.  The Present and Future of Xprobe2 The Next Generation of Active Operating System Fingerprinting , 2003 .

[14]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[15]  Radford M. Neal Pattern Recognition and Machine Learning , 2007, Technometrics.

[16]  John S. Heidemann,et al.  Understanding block-level address usage in the visible internet , 2010, SIGCOMM '10.

[17]  Jing Zhang,et al.  Measuring IPv6 adoption , 2015, SIGCOMM 2015.

[18]  Dmitri Loguinov,et al.  Stochastic analysis of horizontal IP scanning , 2012, 2012 Proceedings IEEE INFOCOM.

[19]  Fang Yu,et al.  Populated IP addresses: classification and applications , 2012, CCS.

[20]  Dmitri Loguinov,et al.  Demystifying service discovery: implementing an internet-wide scanner , 2010, IMC '10.

[21]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[22]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[23]  Mourad Debbabi,et al.  Cyber Scanning: A Comprehensive Survey , 2014, IEEE Communications Surveys & Tutorials.

[24]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[25]  J. Alex Halderman,et al.  Zippier ZMap: Internet-Wide Scanning at 10 Gbps , 2014, WOOT.

[26]  Yinglian Xie,et al.  How dynamic are IP addresses , 2007, SIGCOMM 2007.

[27]  Martín Abadi,et al.  De-anonymizing the internet using unreliable IDs , 2009, SIGCOMM '09.

[28]  Yan Liu,et al.  Identification of visible industrial control devices at Internet scale , 2016, 2016 IEEE International Conference on Communications (ICC).

[29]  Ramesh Govindan,et al.  Census and survey of the visible internet , 2008, IMC '08.