Abstract
In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 |
| Place of Publication | USA |
| Publisher | IEEE, Institute of Electrical and Electronics Engineers |
| Pages | 1043-1048 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781509049059 |
| DOIs | |
| Publication status | Published - 7 Sep 2017 |
| Externally published | Yes |
| Event | 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 - Sydney, Australia Duration: 1 Aug 2017 → 4 Aug 2017 |
Conference
| Conference | 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 |
|---|---|
| Country | Australia |
| City | Sydney |
| Period | 1/08/17 → 4/08/17 |
Fingerprint
Cite this
}
Security modeling and analysis of cross-protocol IoT devices. / Ge, Mengmeng; Hong, Jin B.; Alzaid, Hani; Kim, Dong Seong.
Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 1043-1048 8029553.Research output: Chapter in Book/Conference paper › Conference paper
TY - GEN
T1 - Security modeling and analysis of cross-protocol IoT devices
AU - Ge, Mengmeng
AU - Hong, Jin B.
AU - Alzaid, Hani
AU - Kim, Dong Seong
PY - 2017/9/7
Y1 - 2017/9/7
N2 - In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.
AB - In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.
KW - Attack graphs
KW - Cross-protocol devices
KW - Graphical security modeling
KW - Internet of Things
KW - Security analysis
UR - http://www.scopus.com/inward/record.url?scp=85032337513&partnerID=8YFLogxK
U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.350
DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.350
M3 - Conference paper
SP - 1043
EP - 1048
BT - Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
PB - IEEE, Institute of Electrical and Electronics Engineers
CY - USA
ER -