La vitrine de diffusion des publications et contributions des chercheurs de l'ÉTS
RECHERCHER

A first empirical look on internet-scale exploitations of IoT devices

Galluscio, Mario et Neshenko, Nataliia et Bou-Hard, Elias et Huang, Yongliang et Ghani, Nasir et Crichigno, Jorge et Kaddoum, Georges. 2017. « A first empirical look on internet-scale exploitations of IoT devices ». In IEEE 28th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC) (Montreal, QC, Canada, Oct. 8-13, 2017)
(Sous presse)

[img]
Prévisualisation
PDF
Kaddoum G 2017 16003 A first empirical look on internet-scale.pdf - Version acceptée
Licence d'utilisation : Tous les droits réservés aux détenteurs du droit d'auteur.

Télécharger (1MB) | Prévisualisation

Résumé

Technological advances and innovative business models led to the modernization of the cyber-physical concept with the realization of the Internet of Things (IoT). While IoT envisions a plethora of high impact benefits in both, the consumer as well as the control automation markets, unfortunately, security concerns continue to be an afterthought. Several technical challenges impedes addressing such security requirements, including, lack of empirical data related to various IoT devices in addition to the shortage of actionable attack signatures. In this paper, we present what we believe is a first attempt ever to comprehend the severity of IoT maliciousness by empirically characterizing the magnitude of Internet-scale IoT exploitations. We draw upon unique and extensive darknet (passive) data and develop an algorithm to infer unsolicited IoT devices which have been compromised and are attempting to exploit other Internet hosts. We further perform correlations by leveraging active Internet-wide scanning to identify and report on such IoT devices and their hosting environments. The generated results indicate a staggering 11 thousand exploited IoT devices that are currently in the wild. Moreover, the outcome pinpoints that IoT devices embedded deep in operational Cyber-Physical Systems (CPS) such as manufacturing plants and power utilities are the most compromised. We concur that such results highlight the widespread insecurities of the IoT paradigm, while the actionable generated inferences are postulated to be leveraged for prompt mitigation as well as to facilitate IoT forensic investigations using real empirical data.

Type de document: Compte rendu de conférence
Professeur:
Professeur
Kaddoum, Georges
Affiliation: Génie électrique
Date de dépôt: 28 nov. 2017 16:37
Dernière modification: 30 nov. 2017 15:36
URI: http://espace2.etsmtl.ca/id/eprint/16003

Actions (Authentification requise)

Dernière vérification avant le dépôt Dernière vérification avant le dépôt

Statistiques de téléchargement

Plus de statistiques ...