Abstract
Internet of Things (IoT) expose various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this paper, we showcase our preliminary efforts towards study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose our initial attack and defense framework for IoT and that can perform various forms of DoS on IP and Bluetooth. We show the initial results of DoS vulnerabilities such as Resource Exhaustion and Bluetooth Low Energy (BLE) Packet Injection. In order to understand how resilient is IoT for DoS, we propose a new metric to measure the Resilience against DoS in IoT. We have conducted a real time experimentation with IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: Workshop on Home Usable Privacy and Security (HUPS), HUPS 2014, July 2013
Tozlu, S., Senel, M., Mao, W., Keshavarzian, A.: Wi-Fi enabled sensors for internet of things: a practical approach. IEEE Commun. Mag. 50(6) (2012)
Distributed Denial of Service using Mirai. https://www.bankinfosecurity.com
Mirai Malware for IoT. https://www.symantec.com
Bricker Bot. https://security.radware.com
Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 75–86. ACM, August 2003
Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on TCP. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 208–223. IEEE, May 1997
Sachidananda, V., Siboni, S., Shabtai, A., Toh, J., Bhairav, S., Elovici, Y.: Let the cat out of the bag: a holistic approach towards security analysis of the internet of things. In: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 3–10. ACM, April 2017
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Bhandari, A., Sangal, A.L., Kumar, K.: Performance metrics for defense framework against distributed denial of service attacks. Int. J. Netw. Secur. 5(2), 38 (2014)
Malware Must Die - Mirai Malware. http://blog.malwaremustdie.org
Dlink IP Camera. http://www.dlink.com.sg/
Phlashing-PDoS. http://hackersonlineclub.com
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
BrickerBot-Permanent Denial of Service. https://arstechnica.com
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proceedings of the 10th IEEE International Conference on Network Protocols, pp. 312–321. IEEE, November 2002
Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet denial of service: attack and defense mechanisms (Radia Perlman computer networking and security) ( 2004)
Mirkovic, J., Arikan, E., Wei, S., Thomas, R., Fahmy, S., Reiher, P.: Benchmarks for DDoS defense evaluation. In: Military Communications Conference, MILCOM 2006, pp. 1–10. IEEE, October 2006
Mirkovic, J., et al.: Measuring denial of service. In: Proceedings of the 2nd ACM workshop on Quality of protection, pp. 53–58. ACM, October 2006
Mirkovic, J., et al.: Towards user-centric metrics for denial-of-service measurement. In: Proceedings of the 2007 Workshop on Experimental Computer Science, p. 8. ACM, June 2007
Peraković, D., Periša, M., Cvitić, I.: Analysis of the IoT impact on volume of DDoS attacks. In: 33rd Symposium on New Technologies in Postal and Telecommunication Traffic (PosTel 2015), pp. 295–304, January 2015
Jhaveri, R.H., Patel, S.J., Jinwala, D.C.: DoS attacks in mobile ad hoc networks: a survey. In: 2012 Second International Conference on Advanced Computing and Communication Technologies (ACCT), pp. 535–541. IEEE, January 2012
Kannhavong, B., Nakayama, H., Nemoto, Y., Kato, N., Jamalipour, A.: A survey of routing attacks in mobile ad hoc networks. IEEE Wirel. Commun., 14(5) (2007)
Jawandhiya, P.M., Ghonge, M.M., Ali, M.S., Deshpande, J.S.: A survey of mobile ad hoc network attacks. Int. J. Eng. Sci. Technol. 2(9), 4063–4071 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Setikere, S., Sachidananda, V., Elovici, Y. (2018). Out of Kilter: Holistic Exploitation of Denial of Service in Internet of Things. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-01701-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-01701-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01700-2
Online ISBN: 978-3-030-01701-9
eBook Packages: Computer ScienceComputer Science (R0)