IoT-Sphere: A Framework To Secure IoT Devices From Becoming Attack Target And Attack Source

In this research we propose a framework that will strengthen the IoT devices security from dual perspectives; avoid devices to become attack target as well as a source of an attack. Unlike traditional devices, IoT devices are equipped with insufficient host-based defense system and a continuous internet connection. All time internet enabled devices with insufficient security allures the attackers to use such devices and carry out their attacks on rest of internet. When plethora of vulnerable devices become source of an attack, intensity of such attacks increases exponentially. Mirai was one of the first well-known attack that exploited large number of vulnerable IoT devices, that bring down a large part of Internet. To strengthen the IoT devices from dual security perspective, we propose a two step framework. Firstly, confine the communication boundary of IoT devices; IoT-Sphere. A sphere of IPs that are allowed to communicate with a device. Any communication that violates the sphere will be blocked at the gateway level. Secondly, only allowed communication will be evaluated for potential attacks and anomalies using advance detection engines. To show the effectiveness of our proposed framework, we perform couple of attacks on IoT devices; camera and google home and show the feasibility of IoT-Sphere.

[1]  Jinho Choi,et al.  IoT Connectivity Technologies and Applications: A Survey , 2020, IEEE Access.

[2]  Zaffar Haider Janjua,et al.  Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices , 2020, IEEE Internet of Things Journal.

[3]  Pengfei Liu,et al.  Hidden Electricity Theft by Exploiting Multiple-Pricing Scheme in Smart Grids , 2020, IEEE Transactions on Information Forensics and Security.

[4]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[5]  2018 16th Annual Conference on Privacy, Security and Trust (PST) , 2018 .

[6]  Muhammed Ali Aydin,et al.  Security Problems and Attacks on Smart Cars , 2018, Lecture Notes in Electrical Engineering.

[7]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[8]  Elisa Bertino,et al.  Heimdall: Mitigating the Internet of Insecure Things , 2017, IEEE Internet of Things Journal.

[9]  Tadayoshi Kohno,et al.  Securing vulnerable home IoT devices with an in-hub security manager , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[10]  Bang Nguyen,et al.  The Internet of Things (IoT) and marketing: the state of play, future trends and the implications for marketing , 2017 .

[11]  Yann-Hang Lee,et al.  A Smart Gateway Framework for IOT Services , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[12]  Anthony Skjellum,et al.  Using machine learning to secure IoT systems , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[13]  Rachelle Bosua,et al.  The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective , 2016, Comput. Law Secur. Rev..

[14]  Freddy K. Santoso,et al.  Securing IoT for smart home system , 2015, 2015 International Symposium on Consumer Electronics (ISCE).

[15]  John C. Shovic,et al.  Introduction to IoT , 2021, Raspberry Pi IoT Projects.

[16]  Akhtar Hussain Jalbani,et al.  IoT Security , 2020, Industrial Internet of Things and Cyber-Physical Systems.

[17]  Sina Pournouri,et al.  Recent Cyber Attacks and Vulnerabilities in Medical Devices and Healthcare Institutions , 2019, Blockchain and Clinical Trial.

[18]  Smita Dange,et al.  IoT Botnet: The Largest Threat to the IoT Network , 2019, Advances in Intelligent Systems and Computing.

[19]  Tsutomu Matsumoto,et al.  IoTProtect: Highly Deployable Whitelist-based Protection for Low-cost Internet-of-Things Devices , 2018, J. Inf. Process..

[20]  Henning Schulzrinne,et al.  Real Time Streaming Protocol , 1998 .