Skip to main content
SpringerLink
Log in

Security and Attack Vector Analysis of IoT Devices

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10658))

Abstract

The goal of this paper is to research and review through experimental testing the security of home automation devices. The methodology includes analysis and review of these home automation devices through traffic capture, device scanning, and wireless analysis. The devices that will be tested are the Amazon Echo, Osram Smart Lights, and TPLink power switch. We present a classification model to analyze the relation between potential risk and realized risk through potential vulnerabilities in these varying home automation devices. Possible security flaws that might be found include default configurations, easy to crack passwords, unencrypted traffic, responses to forged traffic, and full control of the device without any authentication. We also perform a review of their privacy exposure and outline the security vectors used to attack IoT devices, as well as the most recent malwares in control of over a million IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gartner Says 8.4 Billion Connected. http://www.gartner.com/newsroom/id/3598917

  2. Romkey, J.: Toast of the IoT: the 1990 interop internet toaster. IEEE Consum. Electron. Mag. 6(1), 116–119 (2017)

    Article  Google Scholar 

  3. Liu, J., Xiao, Y., Chen, C.L.P.: Authentication and access control in the Internet of Things. In: IEEE 32nd International Conference on Distributed Computing Systems Workshops. June 2012

    Google Scholar 

  4. Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the IPbased Internet of Things (2017)

    Google Scholar 

  5. Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the Internet of Things. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (2012)

    Google Scholar 

  6. Mohd, B.J., Hayajneh, T., Vasilakos, A.V.: A survey on lightweight block ciphers for low-resource devices: comparative study and open issues. J. Netw. Comput. App. 58, 73–93 (2015)

    Article  Google Scholar 

  7. Lee, J.Y., Lin, W.C., Huang, Y.H.: A lightweight authentication protocol for Internet of Things. In: 2014 International Symposium on NextGeneration Electronics (ISNE) (2014)

    Google Scholar 

  8. Yao, X., Chen, Z., Tian, Y.: A lightweight attribute-based encryption scheme for the Internet of Things. Future Gener. Comput. Syst. 49, 104–112 (2015)

    Article  Google Scholar 

  9. Ukil, A., Bandyopadhyay, S., Pal, A.: IoTPrivacy: to be private or not to be private. In: 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (2014)

    Google Scholar 

  10. Britton, K.E., Britton-Colonnese, J.D.: Privacy and security issues surrounding the protection of data generated by continuous glucose monitors. J. Diabetes Sci. Technol. 11(2), 216–219 (2017)

    Article  Google Scholar 

  11. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: a novel honeypot for revealing current IoT threats. J. Inf. Process. 24(3), 522–533 (2016)

    Google Scholar 

  12. Min, B., Varadharajan, V.: Design and evaluation of feature distributed malware attacks against the Internet of Things (IoT). In: 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS) (2015)

    Google Scholar 

  13. Bhide, V.H., Wagh, S.: ilearning IoT: an intelligent self learning system for home automation using IoT. In: 2015 International Conference on Communications and Signal Processing (ICCSP) (2015)

    Google Scholar 

  14. Islam, S.H., Arijit, K., Biswas, G., Bhuiyan, M.Z.A., Vijayakumar, P., Karuppiah, M.: Provably secure identity-based signcryption scheme for crowdsourced industrial Internet of Things environments. IEEE IoT J. (2017)

    Google Scholar 

  15. Alali, M., Almogren, A., Bhuiyan, M.Z.A.: Improving risk assessment model of cyber security using fuzzy logic inference system. Comput. Secur. (2017)

    Google Scholar 

  16. Luo, E., Bhuiyan, M.Z.A., Wang, G., Rahman, M., Wu, J., Atiquzzaman, M.: PrivacyProtector: privacyprotected patient data collection in IoT-based healthcare systems. IEEE Commun. Mag. (COMMAG) (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, Fordham University, New York, NY, 10458, USA

    Marc Capellupo, Jimmy Liranzo, Md Zakirul Alam Bhuiyan & Thaier Hayajneh

  2. School of Computer Science and Educational Software, Guangzhou University, Guangzhou, 510006, China

    Guojun Wang

Authors
  1. Marc Capellupo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jimmy Liranzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Md Zakirul Alam Bhuiyan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thaier Hayajneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guojun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md Zakirul Alam Bhuiyan .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Capellupo, M., Liranzo, J., Bhuiyan, M.Z.A., Hayajneh, T., Wang, G. (2017). Security and Attack Vector Analysis of IoT Devices. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_54

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72395-2_54

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72394-5

  • Online ISBN: 978-3-319-72395-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation