Month: June 2019

Common Attacks in the IoT

/ bugejajoseph / Leave a comment

In general, an IoT architecture is composed of three layers: physical layer, network layer, and services layer. The physical layer (also called perception layer) constitutes of hardware, namely, sensors, actuators, RFID, etc., that collect data from individuals and their environment. The network layer (also called transport layer) facilitates the interchange and processing of data between the physical and services layer.  Examples of technologies used here are: 4G/5G, Wi-Fi, Bluetooth, etc. The services layer (also called application layer) is responsible for processing the received information from the network layer and issuing instructions to be implemented by the equipment in the physical layer.  Hereunder, I identify some of the common attacks occurring at the different IoT architecture layers:

Attacks at the Physical Layer

  • Denial-of-service: Packets are sent along the routing path to the base station causing network disruption and battery exhaustion of the node.
  • False node: Addition of a node to the network which sends malicious data and thereby affecting the availability of a system.
  • Integrity: Injection of false sensor measurements and control inputs causing system disruption.
  • Node capture: Information leakage caused by taking control over a node that could contain sensitive data such as encryption keys.
  • Node outage: Node services are stopped making it rather difficult to extract information from them.

Attacks at the Network Layer

  • Jamming: The wireless channel between the sensor nodes and the remote base station becomes obstructed through a signal with the same frequency.
  • Selective Forwarding: A compromised node is introduced to drop and discard packets and forward selected packets.
  • Sinkhole: The attacking node offers the best routing path for the devices in the network; and hence resulting in congestion (amongst other issues) in the IoT environment.
  • Sybil: An attacker can manipulate false identities or misuse pseudo identities to compromise the efficiency of the IoT and even spread spam.
  • Wormhole: Creation of information holes in the network by the announcement of false paths through which all the packets are routed.

Attacks at the Services Layer

  • Buffer Overflow: The vulnerable features in the software lead to buffer overflow vulnerabilities (where a program while writing data to a buffer overwrites adjacent memory locations) and exploit it to launch attacks.
  • Malicious Code: Services are attacked by via malware, worms, virus, adware, and spyware. These can degrade performance or collapse client devices.
  • Phishing: This attack aims to capture an individual’s personal information where an attacker appears as legitimate user in the network and gains knowledge about the sensitive information regarding an individual.

In this article, I listed some of the more common security attacks affecting IoT-based systems. The reality, is that there can be more attacks (e.g., man-in-the-middle attacks), and the architecture can be further decomposed into additional layers (e.g., physical layer, data link layer, network layer, transport layer, and application layer).

Given that there is no dictionary, glossary, or list of some kind, that acts as a reference identifying the different IoT security and privacy attacks, from my side I will be working to put one myself. I believe that this will be somewhat useful for both researchers and industry, e.g., as a way to measure the strength of their product or as a tool to assess risks in an IoT-based system.

Stay tuned, as I will be soon having such a list available under the “Projects” section. In the meantime, as always if you want to learn more about IoT attacks, cybersecurity threats, risks, etc. get in touch; and I would be willing to help.

Smart home datasets and a realtime Internet-connected home

/ bugejajoseph / 1 Comment
When designing an algorithm or as a means  to justify an approach you have  pursued in your research you need at some point empirical data.  In the case of the IoT, more specifically when it comes to smart homes, there is a lack of open-source datasets available for public access and unfortunately some of them disappear (from the Internet) after being active for a couple of months. My preferred collection of smart home datasets are developed and curated by Washington State University. In particular, I am referring to the  Centre for Advanced Studies in Adaptive Systems (CASAS) smart home project.
 
CASAS  is a multi-disciplinary research project focused on creating an intelligent home environment by using IoT technologies such as sensors and actuators. This same team has developed in its recent research the “smart home in a box”, which is a lightweight smart home design that has been installed in 32 homes to capture the participants interactions.
 
The link to access CASAS datasets is: http://casas.wsu.edu/datasets/. Datasets included consist mainly of ADL activity data of single/two/multi-resident apartments. Some of the datasets are fully annotated with some of them going back to 2007 (and still running) and spanning different countries from Europe to Asia.
 
 Some other useful datasets; highly cited in scholarly publications; that are also featured on CASAS’ website are:
 
In case you are not satisfied with the datasets identified here you can also consider two generic sites, working similar to a search engine, but for datasets. I am referring specifically to: DataHub and Google datasets.
 

An Internet-connected home in the Netherlands.

Now, if you want to take a peek at a cool smart home setup in the Netherlands displaying its captured and processed data in realtime on the Internet take a look at https://www.bwired.nl/index.asp
 
If you need any information about smart homes or related just get in touch 🙂