Analysing the Resilience of the Internet of Things Against Physical and Proximity Attacks

The Internet of Things (IoT) technology is being widely integrated in many areas like smart-homes, smart-cities, healthcare, and critical infrastructures. As shown by some recent incidents, like the Mirai and BrickerBot botnets, security is a key issue for current and future IoT systems. In this paper, we examine the security of different categories of IoT devices to understand their resilience under different security conditions for attackers. In particular, we analyse IoT robustness against attacks performed under two threat models, namely (i) physical access of the attacker, (ii) close proximity of the attacker (i.e., RFID and WiFi ranges). We discuss the results of the tests we performed on different categories of IoT devices, namely IP cameras, OFo bike locks, RFID-based smart-locks, and smart-home WiFi routers. The results show that most of IoT devices do not address basic vulnerabilities, which can be exploitable under different threat models.

[1]  Kim-Kwang Raymond Choo,et al.  Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users , 2014, Behav. Inf. Technol..

[2]  Daniele Sgandurra,et al.  Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems , 2016, ACM Comput. Surv..

[3]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[4]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[5]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[6]  Shao-Liang Chang,et al.  Study on the Feasibility of NFC P2P Communication for Nursing Care Daily Work , 2013 .

[7]  James A. Jerkins Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[8]  Vijay Varadharajan,et al.  Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT) , 2015, 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS).

[9]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[10]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[12]  Flavio D. Garcia,et al.  Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research , 2012 .

[13]  Flavio D. Garcia,et al.  A Toolbox for RFID Protocol Analysis , 2012 .

[14]  Busra Ozdenizci,et al.  A Survey on Near Field Communication (NFC) Technology , 2012, Wireless Personal Communications.

[15]  George J. Vachtsevanos,et al.  Handbook of Unmanned Aerial Vehicles , 2014 .