Till Örebro universitet

oru.seÖrebro universitets publikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Analysis of DDoS-Capable IoT Malwares
DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
Örebro universitet, Institutionen för naturvetenskap och teknik. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark. (AASS)ORCID-id: 0000-0001-9575-2990
Örebro universitet, Institutionen för naturvetenskap och teknik. (AASS)ORCID-id: 0000-0001-9293-7711
DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
2017 (Engelska)Ingår i: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems / [ed] M. Ganzha, L. Maciaszek, M. Paprzycki, Institute of Electrical and Electronics Engineers (IEEE), 2017, s. 807-816Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The Internet of Things (IoT) revolution promises to make our lives easier by providing cheap and always connected smart embedded devices, which can interact on the Internet and create added values for human needs. But all that glitters is not gold. Indeed, the other side of the coin is that, from a security perspective, this IoT revolution represents a potential disaster. This plethora of IoT devices that flooded the market were very badly protected, thus an easy prey for several families of malwares that can enslave and incorporate them in very large botnets. This, eventually, brought back to the top Distributed Denial of Service (DDoS) attacks, making them more powerful and easier to achieve than ever. This paper aims at provide an up-to-date picture of DDoS attacks in the specific subject of the IoT, studying how these attacks work and considering the most common families in the IoT context, in terms of their nature and evolution through the years. It also explores the additional offensive capabilities that this arsenal of IoT malwares has available, to mine the security of Internet users and systems. We think that this up-to-date picture will be a valuable reference to the scientific community in order to take a first crucial step to tackle this urgent security issue.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2017. s. 807-816
Serie
Annals of computer science and information systems, E-ISSN 2300-5963 ; 11
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:oru:diva-62795DOI: 10.15439/2017F288ISI: 000417412800118Scopus ID: 2-s2.0-85039904613ISBN: 978-83-946253-7-5 (digital)OAI: oai:DiVA.org:oru-62795DiVA, id: diva2:1159632
Konferens
Federated Conference on Computer Science and Information Systems (FedCSIS 2017), Prague, Czech Republic, September 3-6, 2017
Tillgänglig från: 2017-11-23 Skapad: 2017-11-23 Senast uppdaterad: 2021-01-07Bibliografiskt granskad
Ingår i avhandling
1. Securing the Internet of Things with Security-by-Contract
Öppna denna publikation i ny flik eller fönster >>Securing the Internet of Things with Security-by-Contract
2021 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Smart homes, industry, healthcare, robotics; virtually every market has seen the uprising of Internet of Things (IoT) devices with different degrees and nuances. IoT devices embody different desirable characteristics, such as mobility, ubiquity, variety, and affordability. All combined, these features made so that IoT devices reached 35 billion units in the world. However, the sudden uprising of market demand put enormous pressure on manufacturers. The necessity of delivering to customers as many devices as possible, in the shortest time possible, leads manufacturers to overlook features that are not perceived critical by the users, such as resiliency to cyberattacks. This led to severe security issues. The prime example is Mirai, a malware that infected hundreds of thousands of IoT devices in 2016 and used them to strike lethal Distributed Denial of Service (DDoS) attacks.

In the first part of this thesis, we present the state of the art regarding IoT devices security resilience. In particular, we provide relevant examples of breaches, an analysis of the relationship between IoT and Cloud from a security point of view, and an example of an IoT device penetration test. Then, we focus on the usage of IoT devices in DDoS-enabled botnets and we provide an extensive study of DDoS-enabling malwares, discussing their evolution and their capabilities.

In the second part, we contextualise the gathered knowledge and we show that the highlighted problems stem from two main causes: insecure configurations and insufficient secure configurability.We also show that, to address these two issues, it is necessary to equip IoT devices with precise and formal descriptions of their behaviour. Therefore, we propose SC4IoT, a security framework for IoT devices that combines Security-by-Contract (SC) paradigm and Fog Computing paradigm. First, we provide a thorough breakdown of our proposal. We start from high-level lifecycles that describe how devices participate to SC4IoT. Then, we discuss the pillars that compose the framework (e.g., security contracts and security policies), together with their formal descriptions. Last, we provide precise algorithms for achieving security-policy matching capabilities, as well as routines for allowing the framework to deal with dynamic changes while maintaining consistency.

Ort, förlag, år, upplaga, sidor
Örebro: Örebro University, 2021. s. 55
Serie
Örebro Studies in Technology, ISSN 1650-8580 ; 90
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:oru:diva-88151 (URN)978-91-7529-364-6 (ISBN)
Disputation
2021-01-29, Örebro universitet, Långhuset, Hörsal L2 (and online (zoom)), Fakultetsgatan 1, Örebro, 13:00 (Engelska)
Opponent
Handledare
Tillgänglig från: 2020-12-18 Skapad: 2020-12-18 Senast uppdaterad: 2021-01-08Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Dragoni, NicolaGiaretta, Alberto

Sök vidare i DiVA

Av författaren/redaktören
Dragoni, NicolaGiaretta, Alberto
Av organisationen
Institutionen för naturvetenskap och teknik
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 837 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf