Skip to main content
SpringerLink
Log in

Analysing the Resilience of the Internet of Things Against Physical and Proximity Attacks

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10658))

Abstract

The Internet of Things (IoT) technology is being widely integrated in many areas like smart-homes, smart-cities, healthcare, and critical infrastructures. As shown by some recent incidents, like the Mirai and BrickerBot botnets, security is a key issue for current and future IoT systems. In this paper, we examine the security of different categories of IoT devices to understand their resilience under different security conditions for attackers. In particular, we analyse IoT robustness against attacks performed under two threat models, namely (i) physical access of the attacker, (ii) close proximity of the attacker (i.e., RFID and WiFi ranges). We discuss the results of the tests we performed on different categories of IoT devices, namely IP cameras, OFo bike locks, RFID-based smart-locks, and smart-home WiFi routers. The results show that most of IoT devices do not address basic vulnerabilities, which can be exploitable under different threat models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://jia.360.cn/.

  2. 2.

    We assume the SIM card is not locked, as over %60 people do not use the SIM lock functionality to restrict removing the SIM to another phone [14].

  3. 3.

    http://www.ofo.so/.

  4. 4.

    http://www.fastcom.com.cn/.

References

  1. The Internet of Things has started, April 2016. http://www.mycustomer.com/community/blogs/corelynx/the-internet-of-things-has-started-have-you-joined-the-iot-bandwagon

  2. There will be 24 billion IoT devices installed on earth by 2020, June 2016. http://uk.businessinsider.com/there-will-be-34-billion-iot-devices-installed-on-earth-by-2020-2016-5?r=US&IR=T

  3. BrickerBot, the permanent denial-of-service Botnet, is back with a vengeance, April 2017. https://arstechnica.com/security/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/

  4. Chinese bike-sharing start-up Ofo says it’s now worth more than $2 billion, April 2017. http://www.cnbc.com/2017/04/17/ofo-chinese-bike-sharing-start-up-says-its-now-worth-more-than-2-billion.html

  5. ESP8266_deauther, July 2017. https://github.com/spacehuhn/esp8266_deauther#supported-devices

  6. Look out Cambridge: here comes Ofo - China’s ‘Uber for bikes’, April 2017. http://www.wired.co.uk/article/chinese-bike-sharing-company-ofo-is-coming-to-cambridge-in-the-uk

  7. RFID Emulator, July 2017. http://www.instructables.com/id/RFID-Emulator-How-to-Clone-RFID-Card-Tag-/

  8. Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)

    Article  Google Scholar 

  9. Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wirel. Pers. Commun. 71(3), 2259–2294 (2013)

    Article  Google Scholar 

  10. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654, May 2016

    Google Scholar 

  11. Garcia, F.D., de Koning Gans, G., Verdult, R.: Tutorial: Proxmark, the swiss army knife for RFID security research. Technical report, Radboud University Nijmegen (2012)

    Google Scholar 

  12. Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 461–472. ACM, New York, NY, USA, March 2016. http://doi.acm.org/10.1145/2897845.2897886

  13. Huang, C.H., Chang, S.L.: Study on the feasibility of NFC P2P communication for nursing care daily work. J. Comput. 24(2), 33–45 (2013)

    Google Scholar 

  14. Imgraben, J., Engelbrecht, A., Choo, K.K.R.: Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behav. Inf. Technol. 33(12), 1347–1360 (2014)

    Article  Google Scholar 

  15. Jerkins, J.A.: Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–5. IEEE, January 2017

    Google Scholar 

  16. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  17. Min, B., Varadharajan, V.: Design and evaluation of feature distributed malware attacks against the internet of things (IoT). In: 20th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 80–89. IEEE, December 2015

    Google Scholar 

  18. Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: IEEE European Symposium on Security and Privacy, pp. 3–12. IEEE, March 2016

    Google Scholar 

  19. Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48(3), 46:1–46:38 (2016). http://doi.acm.org/10.1145/2856126

    Article  Google Scholar 

  20. Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pp. 195–200. ACM, July 2016

    Google Scholar 

  21. Valavanis, K.P., Vachtsevanos, G.J. (eds.): Handbook of Unmanned Aerial Vehicles. Springer, Dordrecht (2015). https://doi.org/10.1007/978-90-481-9707-1

    Google Scholar 

  22. Verdult, R., de Koning Gans, G., Garcia, F.D.: A toolbox for RFID protocol analysis. In: Proceedings of the Fourth International EURASIP Workshop on RFID Technology (EURASIP RFID), pp. 27–34. IEEE, September 2012

    Google Scholar 

  23. BrickerBot: “The Doctor’s” PDoS Attack Has Killed Over 2 Million Insecure Devices, April 2017. https://fossbytes.com/brickerbot-malware-pdos-attack-iot-device/

Download references

Acknowledgments

This work is financially supported by Jiangsu Government Scholarship for Overseas Studies, the National Natural Science Foundation of P. R. China (Nos. 61373017, 61572260, 61572261, 61672296, 61602261), the Natural Science Foundation of Jiangsu Province (Nos. BK20140886, BK20140888), Scientific and Technological Support Project of Jiangsu Province (Nos. BE2015702, BE2016185, BE2016777), China Postdoctoral Science Foundation (Nos. 2014M551636, 2014M561696), Jiangsu Planned Projects for Postdoctoral Research Funds (Nos.1302090B, 1401005B), Postgraduate Research and Practice Innovation Program of Jiangsu Province (KYCX17_0798).

Author information

Authors and Affiliations

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, 210023, China

    He Xu, Peng Li & Ruchuan Wang

  2. Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing, 210003, China

    He Xu, Peng Li & Ruchuan Wang

  3. Information Security Group, Royal Holloway, University of London, Surrey, TW20 0EX, UK

    Daniele Sgandurra & Keith Mayes

Authors
  1. He Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniele Sgandurra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ruchuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniele Sgandurra .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, H., Sgandurra, D., Mayes, K., Li, P., Wang, R. (2017). Analysing the Resilience of the Internet of Things Against Physical and Proximity Attacks. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72395-2_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72394-5

  • Online ISBN: 978-3-319-72395-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation