Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools. Received on 10 February 2019, accepted on 02 April 2019, published on 29 April 2019

[1]  Bharti Nagpal,et al.  DDoS tools: Classification, analysis and comparison , 2015, 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom).

[2]  Dr Pradip M. Jawandhiya A Survey of Mobile Ad Hoc Network Attacks , 2019 .

[3]  Sonia Fahmy,et al.  A user-centric metric for denial-of-service measurement , 2007 .

[4]  Nei Kato,et al.  A survey of routing attacks in mobile ad hoc networks , 2007, IEEE Wireless Communications.

[5]  Mark Claypool,et al.  The effect of latency on user performance in Warcraft III , 2003, NetGames '03.

[6]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[7]  Sonia Fahmy,et al.  Measuring denial Of service , 2006, QoP '06.

[8]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[10]  Songjie Wei,et al.  Benchmarks for DDOS Defense Evaluation , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[11]  Keith W. Ross,et al.  Exploiting P2P systems for DDoS attacks , 2006, InfoScale '06.

[12]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[13]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[14]  Allan Kuchinsky,et al.  Quality is in the eye of the beholder: meeting users' requirements for Internet quality of service , 2000, CHI.

[15]  Maurizio Aiello,et al.  Understanding DDoS Attacks from Mobile Devices , 2015, 2015 3rd International Conference on Future Internet of Things and Cloud.

[16]  Dragan Peraković,et al.  Analysis of the IoT impact on volume of DDoS attacks , 2015 .

[17]  Seong Gon Choi,et al.  A study on a QoS/QoE correlation model for QoE evaluation on IPTV service , 2010, 2010 The 12th International Conference on Advanced Communication Technology (ICACT).

[18]  Ki Joon Kim,et al.  Interacting Socially with the Internet of Things (IoT): Effects of Source Attribution and Specialization in Human-IoT Interaction , 2016, J. Comput. Mediat. Commun..

[19]  Yuval Elovici,et al.  Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things , 2017, IoTPTS@AsiaCCS.

[20]  Seth Earley Analytics, Machine Learning, and the Internet of Things , 2015, IT Professional.

[21]  L. R. Yamamoto,et al.  Impact of network performance parameters on the end-to-end perceived speech quality , 1997 .

[22]  Mark Claypool,et al.  The effects of loss and latency on user performance in unreal tournament 2003® , 2004, NetGames '04.

[23]  Man Qi P2P network-targeted DDoS attacks , 2009, 2009 Second International Conference on the Applications of Digital Information and Web Technologies.

[24]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[25]  Serbulent Tozlu,et al.  Wi-Fi enabled sensors for internet of things: A practical approach , 2012, IEEE Communications Magazine.

[26]  Rutvij H. Jhaveri,et al.  DoS Attacks in Mobile Ad Hoc Networks: A Survey , 2012, 2012 Second International Conference on Advanced Computing & Communication Technologies.

[27]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[28]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[29]  Harshil Shah,et al.  DDOS Protection by Dividing and Limiting , 2016 .

[30]  Evangelos P. Markatos,et al.  Misusing Unstructured P2P Systems to Perform DoS Attacks: The Network That Never Forgets , 2006, ACNS.