1 of 36

Internet of Things

Lecture 7 - Security Attacks in IoT

2 of 36

Attacks against IoT

  • Attacks against IoT critical apps
  • Remote location, unsupervised
    • Modify & destroy nodes
  • Resource constrained
    • Easily compromised
  • Connected to the Internet
  • Security solutions
    • No CPU intensive solutions
    • Lightweight solutions

2

Image source: https://www.einfochips.com/blog/botnet-attacks-how-iot-devices-become-part-victim-of-such-attacks/

Lecture 7 - Security Attacks in IoT

3 of 36

IoT Botnet – DDoS attack

3

Lecture 7 - Security Attacks in IoT

Image source: https://www.imperva.com/blog/how-to-identify-a-mirai-style-ddos-attack/

4 of 36

Attacks classification

4

Source: Sengupta et al. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT.

5 of 36

Physical Attacks

  • Attacker is in the proximity of the devices

  • Tampering
    • Physical modification
    • Device, communication channel

  • Malicious Code Injection
    • Inject malicious code
    • Modify node behavior
    • Launch other attacks

5

Lecture 7 - Security Attacks in IoT

6 of 36

Physical Attacks

  • RF Interference/Jamming
    • Generate noise on the wireless channel
    • Prevent the device from communicating
    • DoS

  • Fake Node Injection
    • Insert a malicious node
    • Capture traffic
    • Launch other attacks

6

Lecture 7 - Security Attacks in IoT

7 of 36

Physical Attacks

  • Sleep Denial Attack
    • Duty cycling
    • Prevent nodes from sleeping
    • Deplete battery
    • DoS

  • Permanent Denial of Service (PDoS)
    • Phlashing
    • Destroy/disable device
    • Firmare, BIOS corruption

7

Lecture 7 - Security Attacks in IoT

8 of 36

Physical Attacks

  • Side Channel Attack
    • Use external information to learn about the implementation
    • Attack the physical effects of an implementation
    • Passive:
      • Power analysis attack
        • analyse how energy is consumed
        • information about cryptographic operations, keys
      • Electromagnetic analysis attack
        • analyse electromagnetic energy

8

Lecture 7 - Security Attacks in IoT

9 of 36

Physical Attacks

  • Side Channel Attack
    • Active:
      • Electromagnetic fault injection
        • apply electromagnetic impulse on memory cells
        • modify the content of memory cells
      • Temperature variation
        • extreme temperatures
        • modify memory

9

Lecture 7 - Security Attacks in IoT

10 of 36

Countermeasures

against Physical

Attacks

10

Source: Sengupta et al. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT.

11 of 36

Network Attacks

  • Disrupt network functionality
  • Affect network protocols
  • Steal private data

  • Traffic Analysis Attack
    • intercept packets
    • steal private information

11

Lecture 7 - Security Attacks in IoT

12 of 36

Network Attacks

  • RFID Spoofing
    • spoof RFID packets
    • steal RFID tag information
    • use original tag to send fake data

  • RFID Unauthorized Access
    • read/modify/delete data
    • lack of authentication

12

13 of 36

Network Attacks

  • Routing Information Attacks
    • falsify/modify routing information
    • routing loops
    • fake routing messages
    • compromise routing protocol

  • Selective Forwarding
    • compromised node that acts as a router
    • route only some packets, drop packets, modify packets
    • data that reaches the destination is incomplete
    • compromises communication

13

Lecture 7 - Security Attacks in IoT

14 of 36

Network Attacks

  • Sinkhole Attack
    • propagate fake routing info
    • pose itself as gateway/sink
    • all traffic go through that node

  • Wormhole Attack
    • low latency link for tunneling packets
    • to a distant part of the network
    • compromise routing protocol

14

Lecture 7 - Security Attacks in IoT

15 of 36

Network Attacks

  • Sybil Attack
    • asume multiple identities and locations
    • compromise network, routing protocol
    • unfair resource allocation

  • Man in the Middle (MitM) Attack
    • intercept and modify traffic between 2 entities
    • extract private information
    • modify packets

15

Lecture 7 - Security Attacks in IoT

16 of 36

Network Attacks

  • Replay Attack
    • retransmit some intercepted packets
    • overload network, DoS

  • Denial of Service (DoS) Attack
    • disrupt normal functionality
    • target network, devices, application

  • Distributed Denial of Service (DDoS) Attack
    • carried by multiple malicious nodes
    • target server, other device, the whole network

16

Lecture 7 - Security Attacks in IoT

17 of 36

Countermeasures against Network Attacks

17

Source: Sengupta et al. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT.

Lecture 7 - Security Attacks in IoT

18 of 36

Countermeasures against Network Attacks

18

Source: Sengupta et al. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT.

19 of 36

Software Attacks

  • Exploit software vulnerabilities

  • Malicious applications
    • viruses
    • worms
    • trojans
    • spyware
    • adware
    • backdoors
    • rootkits

19

Lecture 7 - Security Attacks in IoT

20 of 36

Software Attacks

  • Actions
    • Steal sensitive information
    • Modify and destroy data
    • Disable devices
    • Affect system functionality
    • Infect Cloud apps

  • Hardware trojans
    • Changes in integrated circuits
    • Altered behavior

20

Lecture 7 - Security Attacks in IoT

21 of 36

Countermeasures against Software Attacks

21

Source: Sengupta et al. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT.

Lecture 7 - Security Attacks in IoT

22 of 36

Data Attacks

  • Data collected by IoT nodes and stored in Cloud
  • Protecting user data has high priority

  • Data Inconsistency
    • Attack on data integrity
    • Data in tranzit or stored data

22

Lecture 7 - Security Attacks in IoT

23 of 36

Data Attacks

  • Unauthorized Access
    • Only authorized users should have access to data
    • Data access & ownership without authorization

  • Data Breach/Memory Leak
    • Disclosure of sensitive, confidential data

23

Lecture 7 - Security Attacks in IoT

24 of 36

Countermeasures against Data Attacks

24

Source: Sengupta et al. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT.

Lecture 7 - Security Attacks in IoT

25 of 36

Real-life Attacks

  • Edimax IP Cameras (Ling et al., 2017)
    • device scanning, brute force, device spoofing
    • take control over cameras
    • device spoofing to obtain passwords
    • device scanning to identify online cameras

  • Smart Home/Smart Metering Systems (Wurm et al., 2016)
    • brute force attacks to obtain passwords
    • meters used to launch ransomware attacks

25

Lecture 7 - Security Attacks in IoT

26 of 36

Real-life Attacks

  • Virtual Private Assistants - VPA (Zhang et al., 2018)
    • Amazon Echo and Google Home
    • third-parties may publish new skills (function)
    • attackers publish malicious skills
    • voice squatting
      • skills pronounced similar, but different meanings
      • => hijack vocal commands
    • voice masquerading
      • impersonate a legitimate user
      • steal user data
      • listen to user conversations

26

Lecture 7 - Security Attacks in IoT

27 of 36

Real-life Attacks

  • Attack on DNS Service provider called Dyn (more info)
    • DDoS - Mirai IoT Botnet
    • affected services of Twitter, Etsy, Github, Soundcloud, Spotify, Shopify, and Intercom
    • disrupted access to PayPal, BBC, Wall Street Journal, CNN, HBO Now, New York Times, etc.

  • Mirai IoT Botnet (more info)
    • Mirai malware
    • infected devices searched for other vulnerable devices
    • used default passwords and infected other devices
    • shut down huge portions of the Internet
    • recommendations: change default passwords, security updates

27

Lecture 7 - Security Attacks in IoT

28 of 36

Real-life Attacks

  • Jeep Hack (more info)
    • take total control of a Jeep SUV using the vehicle’s CAN bus
    • exploiting a firmware update vulnerability
    • control the vehicle remotely
    • speed up, slow down, veer off the road

28

Lecture 7 - Security Attacks in IoT

29 of 36

Tampering Attack Case Study

  • Itron Centron CL200 smart meter
  • Analyzed EEPROM & extracted Device ID
  • Malicious meter
    • impersonates legitimate meter - uses the same ID
    • sends fake data
    • stealing from the utility company

29

Source: T. Alladi, V. Chamola, B. Sikdar and K. -K. R. Choo, "Consumer IoT: Security Vulnerability Case Studies and Solutions," in IEEE Consumer Electronics Magazine, vol. 9, no. 2, pp. 17-25, 2020.

30 of 36

Tampering Attack Case Study

  • Problem: EEPROM is vulnerable to illegitimate reading and writing
  • Solution: PUFs to secure EEPROM data
    • Physically Unclonable Functions
    • digital fingerprint
    • allow only authenticated devices to modify data
    • challenge-response scheme
      • unique response for each challenge
      • based on the physical micro-structure of the device
    • unique identification

30

Lecture 7 - Security Attacks in IoT

31 of 36

Eavesdropping Attack Case Study

  • Fitbit Aria Smart Scale
  • Sends data through a wireless AP to the Fitbit server
  • MitM attack using Kali Linux
    • DHCP server (dnsmasq tool) - assign IP address to device
    • VM & iptables - forward IP packets through wlan0
    • hostapd as virtual wireless AP - register device to it
    • acts as wireless AP and receives all packets from device
    • Wireshark on wlan0 to intercept packets
    • extract private data

31

Lecture 7 - Security Attacks in IoT

Source: T. Alladi, V. Chamola, B. Sikdar and K. -K. R. Choo, "Consumer IoT: Security Vulnerability Case Studies and Solutions," in IEEE Consumer Electronics Magazine, vol. 9, no. 2, pp. 17-25, 2020.

32 of 36

Eavesdropping Attack Case Study

  • No encrypted communication channel with the server
  • Attacker may steal the user’s private data
    • Solution: encrypt traffic end-to-end
  • Standard encryption methods may not be fit for resource-constrained devices
    • Solution: lightweight & robust encryption

32

Lecture 7 - Security Attacks in IoT

33 of 36

Malicious Node Insertion Case Study

  • Edimax IP camera system
    • System components:
      • IP camera
      • controller (mobile app)
      • registration and command relay servers
    • Camera must register to a registration server

  • Infected IoT device in that network - bot (Mirai malware)

  • Bot sends TCP SYN message to random IPs from that network
    • Receives SYN-ACK => online IP camera

33

Lecture 7 - Security Attacks in IoT

34 of 36

Malicious Node Insertion Case Study

  • Bot registers to the server using the camera’s MAC address
    • Bot impersonates IP camera

  • Bot sends TCP requests to command relay server
    • Server responds with authentication information

  • Bot extracts password and has access to the camera

34

Lecture 7 - Security Attacks in IoT

35 of 36

Malicious Node Insertion Case Study

  • Download a malware on the camera

  • Propagate the malware in the network
    • Network of bots = Botnet

  • 65000 IoT devices infected by Mirai in 20 hours

  • Solution:
    • better identity management
    • symmetric encryption (secret key)

35

Lecture 7 - Security Attacks in IoT

36 of 36

Bibliography

  • Sengupta, Jayasree, Sushmita Ruj, and Sipra Das Bit. "A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT." Journal of Network and Computer Applications 149 (2020): 102481. (link)
  • T. Alladi, V. Chamola, B. Sikdar and K. -K. R. Choo, "Consumer IoT: Security Vulnerability Case Studies and Solutions," in IEEE Consumer Electronics Magazine, vol. 9, no. 2, pp. 17-25, 2020. (pdf)

36

Lecture 7 - Security Attacks in IoT