Security modeling and analysis of cross-protocol IoT devices

Mengmeng Ge, Jin B. Hong, Hani Alzaid, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

1 Citation (Scopus)

Abstract

In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

Original languageEnglish
Title of host publicationProceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages1043-1048
Number of pages6
ISBN (Electronic)9781509049059
DOIs
Publication statusPublished - 7 Sep 2017
Externally publishedYes
Event16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 - Sydney, Australia
Duration: 1 Aug 20174 Aug 2017

Conference

Conference16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
CountryAustralia
CitySydney
Period1/08/174/08/17

Fingerprint

Network protocols
Wi-Fi
Zigbee
Internet of things
Modeling
Communication

Cite this

Ge, M., Hong, J. B., Alzaid, H., & Kim, D. S. (2017). Security modeling and analysis of cross-protocol IoT devices. In Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 (pp. 1043-1048). [8029553] USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350
Ge, Mengmeng ; Hong, Jin B. ; Alzaid, Hani ; Kim, Dong Seong. / Security modeling and analysis of cross-protocol IoT devices. Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. pp. 1043-1048
@inproceedings{8124c86972174b9089d540687d5c3acb,
title = "Security modeling and analysis of cross-protocol IoT devices",
abstract = "In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.",
keywords = "Attack graphs, Cross-protocol devices, Graphical security modeling, Internet of Things, Security analysis",
author = "Mengmeng Ge and Hong, {Jin B.} and Hani Alzaid and Kim, {Dong Seong}",
year = "2017",
month = "9",
day = "7",
doi = "10.1109/Trustcom/BigDataSE/ICESS.2017.350",
language = "English",
pages = "1043--1048",
booktitle = "Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States",

}

Ge, M, Hong, JB, Alzaid, H & Kim, DS 2017, Security modeling and analysis of cross-protocol IoT devices. in Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017., 8029553, IEEE, Institute of Electrical and Electronics Engineers, USA, pp. 1043-1048, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, Sydney, Australia, 1/08/17. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350

Security modeling and analysis of cross-protocol IoT devices. / Ge, Mengmeng; Hong, Jin B.; Alzaid, Hani; Kim, Dong Seong.

Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 1043-1048 8029553.

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Security modeling and analysis of cross-protocol IoT devices

AU - Ge, Mengmeng

AU - Hong, Jin B.

AU - Alzaid, Hani

AU - Kim, Dong Seong

PY - 2017/9/7

Y1 - 2017/9/7

N2 - In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

AB - In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

KW - Attack graphs

KW - Cross-protocol devices

KW - Graphical security modeling

KW - Internet of Things

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=85032337513&partnerID=8YFLogxK

U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.350

DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.350

M3 - Conference paper

SP - 1043

EP - 1048

BT - Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - USA

ER -

Ge M, Hong JB, Alzaid H, Kim DS. Security modeling and analysis of cross-protocol IoT devices. In Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017. USA: IEEE, Institute of Electrical and Electronics Engineers. 2017. p. 1043-1048. 8029553 https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.350