Security modeling and analysis of cross-protocol IoT devices

Mengmeng Ge; Jin B. Hong; Hani Alzaid; Dong Seong Kim

doi:10.1109/Trustcom/BigDataSE/ICESS.2017.350

Security modeling and analysis of cross-protocol IoT devices

Mengmeng Ge, Jin B. Hong, Hani Alzaid, Dong Seong Kim

Research output: Chapter in Book/Conference paper › Conference paper › peer-review

2 Citations (Scopus)

Abstract

In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

Original language	English
Title of host publication	Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Place of Publication	USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	1043-1048
Number of pages	6
ISBN (Electronic)	9781509049059
DOIs	https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350
Publication status	Published - 7 Sep 2017
Externally published	Yes
Event	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 - Sydney, Australia Duration: 1 Aug 2017 → 4 Aug 2017

Conference

Conference	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Country/Territory	Australia
City	Sydney
Period	1/08/17 → 4/08/17

Access to Document

10.1109/Trustcom/BigDataSE/ICESS.2017.350

Cite this

Ge, M., Hong, J. B., Alzaid, H., & Kim, D. S. (2017). Security modeling and analysis of cross-protocol IoT devices. In Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 (pp. 1043-1048). [8029553] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350

Ge, Mengmeng ; Hong, Jin B. ; Alzaid, Hani et al. / Security modeling and analysis of cross-protocol IoT devices. Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. pp. 1043-1048

@inproceedings{8124c86972174b9089d540687d5c3acb,

title = "Security modeling and analysis of cross-protocol IoT devices",

abstract = "In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.",

keywords = "Attack graphs, Cross-protocol devices, Graphical security modeling, Internet of Things, Security analysis",

author = "Mengmeng Ge and Hong, {Jin B.} and Hani Alzaid and Kim, {Dong Seong}",

year = "2017",

month = sep,

day = "7",

doi = "10.1109/Trustcom/BigDataSE/ICESS.2017.350",

language = "English",

pages = "1043--1048",

booktitle = "Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States",

note = "16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 ; Conference date: 01-08-2017 Through 04-08-2017",

}

Ge, M, Hong, JB, Alzaid, H & Kim, DS 2017, Security modeling and analysis of cross-protocol IoT devices. in Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017., 8029553, IEEE, Institute of Electrical and Electronics Engineers, USA, pp. 1043-1048, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, Sydney, Australia, 1/08/17. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350

Security modeling and analysis of cross-protocol IoT devices. / Ge, Mengmeng; Hong, Jin B.; Alzaid, Hani et al.

Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 1043-1048 8029553.

Research output: Chapter in Book/Conference paper › Conference paper › peer-review

TY - GEN

T1 - Security modeling and analysis of cross-protocol IoT devices

AU - Ge, Mengmeng

AU - Hong, Jin B.

AU - Alzaid, Hani

AU - Kim, Dong Seong

PY - 2017/9/7

Y1 - 2017/9/7

N2 - In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

AB - In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

KW - Attack graphs

KW - Cross-protocol devices

KW - Graphical security modeling

KW - Internet of Things

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=85032337513&partnerID=8YFLogxK

U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.350

DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.350

M3 - Conference paper

AN - SCOPUS:85032337513

SP - 1043

EP - 1048

BT - Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - USA

T2 - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017

Y2 - 1 August 2017 through 4 August 2017

ER -

Ge M, Hong JB, Alzaid H, Kim DS. Security modeling and analysis of cross-protocol IoT devices. In Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA: IEEE, Institute of Electrical and Electronics Engineers. 2017. p. 1043-1048. 8029553 https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350

Security modeling and analysis of cross-protocol IoT devices

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this