scholarly journals SlowITe, a Novel Denial of Service Attack Affecting MQTT

Sensors ◽  
2020 ◽  
Vol 20 (10) ◽  
pp. 2932
Author(s):  
Ivan Vaccari ◽  
Maurizio Aiello ◽  
Enrico Cambiaso
Keyword(s):  
Internet Of Things ◽  
Denial Of Service ◽  
The Internet ◽  
Message Queue ◽  
Plain Text ◽  
Denial Of Service Attack ◽  
Service Attack ◽  
Iot Devices ◽  
The Internet Of Things ◽  
Low Rate

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.

scholarly journals SlowTT: A Slow Denial of Service against IoT Networks

Information ◽  
2020 ◽  
Vol 11 (9) ◽  
pp. 452
Author(s):  
Ivan Vaccari ◽  
Maurizio Aiello ◽  
Enrico Cambiaso
Keyword(s):  
Internet Of Things ◽  
Denial Of Service ◽  
Computational Power ◽  
Message Queue ◽  
Denial Of Service Attack ◽  
Research Activities ◽  
Cyber Threat ◽  
Service Attack ◽  
Long Time ◽  
Low Rate

The security of Internet of Things environments is a critical and trending topic, due to the nature of the networks and the sensitivity of the exchanged information. In this paper, we investigate the security of the Message Queue Telemetry Transport (MQTT) protocol, widely adopted in IoT infrastructures. We exploit two specific weaknesses of MQTT, identified during our research activities, allowing the client to configure the KeepAlive parameter and MQTT packets to execute an innovative cyber threat against the MQTT broker. In order to validate the exploitation of such vulnerabilities, we propose SlowTT, a novel “Slow” denial of service attack aimed at targeting MQTT through low-rate techniques, characterized by minimum attack bandwidth and computational power requirements. We validate SlowTT against real MQTT services, by considering both plaintext and encrypted communications and by comparing the effects of the attack when targeting different application daemons and protocol versions. Results show that SlowTT is extremely successful, and it can exploit the identified vulnerability to execute a denial of service against the IoT network by keeping the connection alive for a long time.

scholarly journals Mathematical model on distributed denial of service attack through Internet of things in a network

2019 ◽  
Vol 8 (1) ◽  
pp. 486-495 ◽  
Author(s):  
Bimal Kumar Mishra ◽  
Ajit Kumar Keshri ◽  
Dheeresh Kumar Mallick ◽  
Binay Kumar Mishra
Keyword(s):  
Mathematical Model ◽  
Internet Of Things ◽  
Equilibrium Points ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Denial Of Service Attack ◽  
Different Types ◽  
Service Attack ◽  
Iot Devices

Abstract Internet of Things (IoT) opens up the possibility of agglomerations of different types of devices, Internet and human elements to provide extreme interconnectivity among them towards achieving a completely connected world of things. The mainstream adaptation of IoT technology and its widespread use has also opened up a whole new platform for cyber perpetrators mostly used for distributed denial of service (DDoS) attacks. In this paper, under the influence of internal and external nodes, a two - fold epidemic model is developed where attack on IoT devices is first achieved and then IoT based distributed attack of malicious objects on targeted resources in a network has been established. This model is mainly based on Mirai botnet made of IoT devices which came into the limelight with three major DDoS attacks in 2016. The model is analyzed at equilibrium points to find the conditions for their local and global stability. Impact of external nodes on the over-all model is critically analyzed. Numerical simulations are performed to validate the vitality of the model developed.

Critical Issues in the Invasion of the Internet of Things (IoT)

2019 ◽  
pp. 174-196 ◽  
Author(s):  
Shravani Devarakonda ◽  
Malka N. Halgamuge ◽  
Azeem Mohammad
Keyword(s):  
Internet Of Things ◽  
Denial Of Service ◽  
Security And Privacy ◽  
The Internet ◽  
Man In The Middle ◽  
Critical Issues ◽  
Service Attack ◽  
Active Attacks ◽  
Privacy Issues ◽  
The Internet Of Things

In this chapter, the authors collected data from issues related to threats in the applications of IoT-based technologies that describe the security and privacy issues from 30 peer reviewed publications from 2014 to 2017. Further, they analyzed each threat type and its percentages in each application of the internet of things. The results indicated that the applications of smart transportation (20%) face the highest amount of security and privacy issues followed by smart home (19%) and smart cities (18%) compared to the rest of the applications. Further, they determined that the biggest threats were denial of service attack (9%) followed by eavesdropping (5%), man in the middle (4%), and replay (4%). Denial of service attacks and man in the middle attack are active attacks that can severely damage human life whereas eavesdropping is a passive attack that steals information. This study has found that privacy issues have the biggest impacts on people. Therefore, researchers need to find possible solutions to these threats to improve the quality of IoT applications.

Cyber-Physical System and Internet of Things Security

2021 ◽  
pp. 328-357
Author(s):  
Thomas Ulz ◽  
Sarah Haas ◽  
Christian Steger
Keyword(s):  
Internet Of Things ◽  
Public Awareness ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Industrial Iot ◽  
Confidential Data ◽  
Iot Devices ◽  
The Internet Of Things

An increase of distributed denial-of-service (DDoS) attacks launched by botnets such as Mirai has raised public awareness regarding potential security weaknesses in the Internet of Things (IoT). Devices are an attractive target for attackers because of their large number and due to most devices being online 24/7. In addition, many traditional security mechanisms are not applicable for resource constraint IoT devices. The importance of security for cyber-physical systems (CPS) is even higher, as most systems process confidential data or control a physical process that could be harmed by attackers. While industrial IoT is a hot topic in research, not much focus is put on ensuring information security. Therefore, this paper intends to give an overview of current research regarding the security of data in industrial CPS. In contrast to other surveys, this work will provide an overview of the big CPS security picture and not focus on special aspects.

Critical Issues in the Invasion of the Internet of Things (IoT)

2021 ◽  
pp. 1672-1694
Author(s):  
Shravani Devarakonda ◽  
Malka N. Halgamuge ◽  
Azeem Mohammad
Keyword(s):  
Internet Of Things ◽  
Denial Of Service ◽  
Security And Privacy ◽  
The Internet ◽  
Man In The Middle ◽  
Critical Issues ◽  
Service Attack ◽  
Active Attacks ◽  
Privacy Issues ◽  
The Internet Of Things

In this chapter, the authors collected data from issues related to threats in the applications of IoT-based technologies that describe the security and privacy issues from 30 peer reviewed publications from 2014 to 2017. Further, they analyzed each threat type and its percentages in each application of the internet of things. The results indicated that the applications of smart transportation (20%) face the highest amount of security and privacy issues followed by smart home (19%) and smart cities (18%) compared to the rest of the applications. Further, they determined that the biggest threats were denial of service attack (9%) followed by eavesdropping (5%), man in the middle (4%), and replay (4%). Denial of service attacks and man in the middle attack are active attacks that can severely damage human life whereas eavesdropping is a passive attack that steals information. This study has found that privacy issues have the biggest impacts on people. Therefore, researchers need to find possible solutions to these threats to improve the quality of IoT applications.

Malware Threat in Internet of Things and Its Mitigation Analysis

2021 ◽  
pp. 371-387
Author(s):  
Shingo Yamaguchi ◽  
Brij Gupta
Keyword(s):  
Internet Of Things ◽  
Large Volume ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
New Type ◽  
Iot Devices ◽  
Mitigation Methods ◽  
The Internet Of Things

This chapter introduces malware's threat in the internet of things (IoT) and then analyzes the mitigation methods against the threat. In September 2016, Brian Krebs' web site “Krebs on Security” came under a massive distributed denial of service (DDoS) attack. It reached twice the size of the largest attack in history. This attack was caused by a new type of malware called Mirai. Mirai primarily targets IoT devices such as security cameras and wireless routers. IoT devices have some properties which make them malware attack's targets such as large volume, pervasiveness, and high vulnerability. As a result, a DDoS attack launched by infected IoT devices tends to become massive and disruptive. Thus, the threat of Mirai is an extremely important issue. Mirai has been attracting a great deal of attention since its birth. This resulted in a lot of information related to IoT malware. Most of them came from not academia but industry represented by antivirus software makers. This chapter summarizes such information.

scholarly journals Threshold-Based Method for Detection of Distributed Denial of Service Attack in IoT

2019 ◽  
Vol 8 (4) ◽  
pp. 3002-3007
Keyword(s):  
Internet Of Things ◽  
Network Performance ◽  
Denial Of Service ◽  
Research Work ◽  
Distributed Denial Of Service ◽  
Malicious Nodes ◽  
Denial Of Service Attack ◽  
Service Attack ◽  
Malicious Node Detection ◽  
The Internet Of Things

The internet of things is the decentralized type of network in which sensor devices can join or leave the network when they want. Due to such nature of the network malicious nodes enter the network which affects network performance in terms of certain parameters. This research work is based on the detection and isolation of distributed denial of service attack in internet of things. The distributed denial of service attack is the denial of service type attack which affects network performance to large extent. In the existing techniques there are two main drawbacks. The first drawback is that the technique does not pin point malicious nodes from the network. The second drawback is that the malicious node detection time is very high. In this research, the new technique will be proposed for the isolation of malicious nodes from the network. In this technique, similarity of the traffic is analyzed using the cosine similarity. The sensor node which is generated dissimilar type of traffic is detected as malicious nodes. The proposed technique has been implemented in MATLAB and results have been analyzed in terms of certain parameters. It is expected that proposed technique detect malicious nodes in least amount of time.

scholarly journals CoLL-IoT: A Collaborative Intruder Detection System for Internet of Things Devices

Electronics ◽  
2021 ◽  
Vol 10 (7) ◽  
pp. 848
Author(s):  
Hani Mohammed Alshahrani
Keyword(s):  
Internet Of Things ◽  
Detection System ◽  
Fog Computing ◽  
Denial Of Service ◽  
Sybil Attack ◽  
Replay Attack ◽  
Denial Of Service Attack ◽  
Intruder Detection ◽  
Service Attack ◽  
Iot Devices

The Internet of Things (IoT) and its applications are becoming popular among many users nowadays, as it makes their life easier. Because of its popularity, attacks that target these devices have increased dramatically, which might cause the entire system to be unavailable. Some of these attacks are denial of service attack, sybil attack, man in the middle attack, and replay attack. Therefore, as the attacks have increased, the detection solutions to detect malware in the IoT have also increased. Most of the current solutions often have very serious limitations, and malware is becoming more apt in taking advantage of them. Therefore, it is important to develop a tool to overcome the existing limitations of current detection systems. This paper presents CoLL-IoT, a CoLLaborative intruder detection system that detects malicious activities in IoT devices. CoLL-IoT consists of the following four main layers: IoT layer, network layer, fog layer, and cloud layer. All of the layers work collaboratively by monitoring and analyzing all of the network traffic generated and received by IoT devices. CoLL-IoT brings the detection system close to the IoT devices by taking the advantage of edge computing and fog computing paradigms. The proposed system was evaluated on the UNSW-NB15 dataset that has more than 175,000 records and achieved an accuracy of up to 98% with low type II error rate of 0.01. The evaluation results showed that CoLL-IoT outperformed the other existing tools, such as Dendron, which was also evaluated on the UNSW-NB15 dataset.

Cyber-Physical System and Internet of Things Security

2018 ◽  
pp. 248-277
Author(s):  
Thomas Ulz ◽  
Sarah Haas ◽  
Christian Steger
Keyword(s):  
Internet Of Things ◽  
Public Awareness ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Industrial Iot ◽  
Confidential Data ◽  
Iot Devices ◽  
The Internet Of Things

An increase of distributed denial-of-service (DDoS) attacks launched by botnets such as Mirai has raised public awareness regarding potential security weaknesses in the Internet of Things (IoT). Devices are an attractive target for attackers because of their large number and due to most devices being online 24/7. In addition, many traditional security mechanisms are not applicable for resource constraint IoT devices. The importance of security for cyber-physical systems (CPS) is even higher, as most systems process confidential data or control a physical process that could be harmed by attackers. While industrial IoT is a hot topic in research, not much focus is put on ensuring information security. Therefore, this paper intends to give an overview of current research regarding the security of data in industrial CPS. In contrast to other surveys, this work will provide an overview of the big CPS security picture and not focus on special aspects.

Sign in / Sign up

Export Citation Format

Share Document