Security modeling and analysis of cross-protocol IoT devices

Mengmeng Ge, Jin B. Hong, Hani Alzaid, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paperpeer-review

2 Citations (Scopus)

Abstract

In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

Original languageEnglish
Title of host publicationProceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages1043-1048
Number of pages6
ISBN (Electronic)9781509049059
DOIs
Publication statusPublished - 7 Sep 2017
Externally publishedYes
Event16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 - Sydney, Australia
Duration: 1 Aug 20174 Aug 2017

Conference

Conference16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Country/TerritoryAustralia
CitySydney
Period1/08/174/08/17

Fingerprint

Dive into the research topics of 'Security modeling and analysis of cross-protocol IoT devices'. Together they form a unique fingerprint.

Cite this