sesa 18: e1

Research Article

Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

Download8 downloads
  • @ARTICLE{10.4108/eai.13-7-2018.159803,
        author={Vinay  Sachidananda and Suhas  Bhairav and Yuval  Elovici},
        title={Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service},
        journal={EAI Endorsed Transactions on Security and Safety: Online First},
        volume={},
        number={},
        publisher={EAI},
        journal_a={SESA},
        year={2019},
        month={8},
        keywords={Security Analysis, Security and Privacy, Vulnerabilities, Denial of Service, Internet of Things},
        doi={10.4108/eai.13-7-2018.159803}
    }
    
  • Vinay Sachidananda
    Suhas Bhairav
    Yuval Elovici
    Year: 2019
    Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service
    SESA
    EAI
    DOI: 10.4108/eai.13-7-2018.159803
Vinay Sachidananda1,*, Suhas Bhairav1, Yuval Elovici1
  • 1: iTrust, Singapore University of Technology and Design, Singapore
*Contact email: sachidananda@sutd.edu.sg

Abstract

Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools.