Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols
- URL: http://arxiv.org/abs/2405.09662v2
- Date: Tue, 01 Oct 2024 15:52:15 GMT
- Title: Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols
- Authors: Carlotta Tagliaro, Martina Komsic, Andrea Continella, Kevin Borgolte, Martina Lindorfer,
- Abstract summary: We focus on the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem.
We gather a dataset of over 337,000 provider data to investigate three major security threats: information, weak authentication, and denial of service.
We find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of backends use insecure transport protocols.
- Score: 4.843690497661255
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Internet-of-Things (IoT) devices, ranging from smart home assistants to health devices, are pervasive: Forecasts estimate their number to reach 29 billion by 2030. Understanding the security of their machine-to-machine communication is crucial. Prior work focused on identifying devices' vulnerabilities or proposed protocol-specific solutions. Instead, we investigate the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem. We focus on three real-world protocols for our large-scale analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends, augment it with geographical and provider data, and perform non-invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial of service. Our results provide quantitative evidence of a problematic immaturity in the IoT ecosystem. Among other issues, we find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of MQTT- and XMPP-speaking backends use insecure transport protocols (only 0.16% adopt TLS, of which 70.93% adopt a vulnerable version).
Related papers
- Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway [45.70482328441101]
This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic by analyzing network behavior at the edge.
We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic.
This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.
arXiv Detail & Related papers (2025-04-22T09:40:05Z) - A Review on the Security Vulnerabilities of the IoMT against Malware Attacks and DDoS [0.0]
The Internet of Medical Things (IoMT) has transformed the healthcare industry by connecting medical devices in monitoring treatment outcomes of patients.
This literature review examines the vulnerabilities of IoMT devices, focusing on critical threats and exploring mitigation strategies.
arXiv Detail & Related papers (2025-01-13T21:29:06Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - SISSA: Real-time Monitoring of Hardware Functional Safety and
Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security.
Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication.
Extensive experimental results show the effectiveness and efficiency of SISSA.
arXiv Detail & Related papers (2024-02-21T03:31:40Z) - Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices [1.5612101323427952]
ENISA and NIST security guidelines emphasize the importance of enabling default local communication for safety and reliability.
We propose a tool, named REPLIOT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices.
We find that 75% of the remaining devices are vulnerable to replay attacks with REPLIOT having a detection accuracy of 0.98-1.
arXiv Detail & Related papers (2024-01-22T18:24:41Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Zero Trust Real-Time Lightweight Access Control Protocol for Mobile Cloud-Based IoT Sensors [0.0]
Zero Trust Architecture enhances IoT security by challenging conventional trust models.
This paper presents a new zero-trust real-time lightweight access control protocol for Cloud-centric dynamic IoT sensor networks.
arXiv Detail & Related papers (2023-09-04T00:11:45Z) - Design and implementation of intelligent packet filtering in IoT
microcontroller-based devices [1.4500636542366327]
Internet of Things (IoT) devices are increasingly pervasive and essential components in enabling new applications and services.
Ensuring robust cybersecurity measures is essential to protect IoT devices from malicious attacks.
We introduce T800, a low-resource packet filter that utilizes machine learning (ML) algorithms to classify packets in IoT devices.
arXiv Detail & Related papers (2023-05-30T17:03:36Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - Blockchain-based Smart-IoT Trust Zone Measurement Architecture [1.5749416770494706]
Internet of Things (IoT) has gained a tremendous attention and become a central aspect of our environment.
In this paper, we propose a behavior monitor in IoT- setup which can provide trust-confidence to outside networks.
In addition, we also incorporate Trusted Execution Technology (Intel SGX) in order to provide a secure execution environment for applications and data on blockchain.
arXiv Detail & Related papers (2020-01-08T03:41:27Z) - Anomalous Communications Detection in IoT Networks Using Sparse
Autoencoders [0.0]
We present a method to detect anomalous network communications in IoT networks using a set of sparse autoencoders.
The proposed approach allows us to differentiate malicious communications from legitimate ones.
Depending on the value of N, the developed model achieves attack detection rates ranging from 86.9% to 91.2%, and false positive rates ranging from 0.1% to 0.5%.
arXiv Detail & Related papers (2019-12-26T10:47:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.