Fauthesis Sample File

Total Page:16

File Type:pdf, Size:1020Kb

Fauthesis Sample File A NETWORK TELESCOPE APPROACH FOR INFERRING AND CHARACTERIZING IOT EXPLOITATIONS by Nataliia Neshenko AThesisSubmittedtotheFacultyof The College of Engenireeng & Computer Science In Partial Fulfillment of the Requirements for the Degree of Master of Science Florida Atlantic University Boca Raton, FL August 2018 Copyright 2018 by Nataliia Neshenko ii ACKNOWLEDGEMENTS Iwouldliketoexpressmysinceregratitudetoeverypersonwhowasapartof my academic journey for all the support they have given me during this time. It has been honor and pleasure to work with my thesis advisor and mentor Dr. Bou-Harb, who certainly made a profound impact on my future career. His guidance had helped me navigate through the endless ocean of information and form solid knowledge in this field. His critical feedback had sharpened my ability to challenge every part of my work to produce an outcome that I can be proud of. By being an outstanding mentor, he had inspired me to soar above a level that seems to be impossible and had taught me how to encourage people to discover their potential and shape themselves. I would like to express my deep gratitude in advance to the committee members for their constructive feedback and valuable comments. This journey would not be possible without people who had shared with me the treasure of their knowledge. Dr. Mihaela Cardei, Dr. Eduardo Fernandez, Dr. Shihong Huang, Dr. Taghi Khoshgoftaar, Dr. Mehrdad Nojoumian, Dr. Dingding Wang, and Dr. KwangSoo Yang had been fantastic teachers who had given me a lot of things to think about besides homework, who had taught me to ask questions that unlock my passion for learning and exploring. I would like to thank my Lab mates Mario Galluscio, Yongliang Huang, Eric Oster, Morteza Safaei Pour, Martin Husak, Kurt Friday, and Dominic Cassisa for their endless support and infectious enthusiasm. I wish them to be in love with everything they are doing and to achieve the results that are worthy of recognition. My academic life would not be so delightful without a cheerful character of Dr. iv Borko Furht, Jean Mangiaracina, and Dr. Mirjana Pavlovic, whose infinite kindness and care had touched every corner of my heart and had taught me how to be a warmhearted person. My exceptional gratitude goes to my family, who had created the memorable moments for me so that I could sense the world outside of academia. I am grateful that they had seen the world with my eyes and support me in my endeavors. v ABSTRACT Author: Nataliia Neshenko Title: A Network Telescope Approach for Inferring and Characterizing IoT Exploitations Institution: Florida Atlantic University Thesis Advisor: Dr. Elias Bou-Harb Degree: Master of Science Year: 2018 While the seamless interconnection of IoT devices with the physical realm is envisioned to bring a plethora of critical improvements on many aspects and in diverse domains, it will undoubtedly pave the way for attackers that will target and exploit such devices, threatening the integrity of their data and the reliability of critical infrastructure. The aim of this thesis is to generate cyber threat intelligence related to Internet-scale inference and evaluation of malicious activities generated by compromised IoT devices to facilitate prompt detection, mitigation and prevention of IoT exploitation. In this context, we initially provide a unique taxonomy, which sheds the light on IoT vulnerabilities from five di↵erent perspectives. Subsequently, we address the task of inference and characterization of IoT maliciousness by leveraging active and passive measurements. To support large-scale empirical data analytics in the context of IoT, we made available corresponding raw data through an authenticated platform. vi I dedicate this thesis to my loving family that is my endless source of inspiration. A NETWORK TELESCOPE APPROACH FOR INFERRING AND CHARACTERIZING IOT EXPLOITATIONS List of Tables .............................. x List of Figures ............................. xi 1 Introduction .............................. 1 1.1 Context and Motivation ......................... 2 1.2 Objectives and Contributions ...................... 4 1.3 Thesis Outcomes ............................. 6 1.4 Organization ............................... 7 2 Demystifying IoT Security: An Exhaustive Survey on IoT Vulner- abilities ................................. 8 2.1 Related Surveys .............................. 9 2.2 Methodology ............................... 15 2.3 IoT Vulnerabilities ............................ 17 2.4 Taxonomy of IoT Vulnerabilities: Layers, Impacts, Attacks, Remedia- tion and Situational Awareness Capabilities .............. 20 2.4.1 Taxonomy Overview ....................... 20 2.4.2 Layers ............................... 23 2.4.3 Security Impact .......................... 30 2.4.4 Attacks .............................. 36 2.4.5 Remediation ............................ 47 2.4.6 Situational Awareness Capabilities ............... 58 viii 3 Inferring IoT Maliciousness ...................... 72 3.1 Proposed Approach ............................ 72 3.1.1 Exploiting Darknet Data ..................... 73 3.1.2 Probing Inference ......................... 75 3.1.3 Correlation with Active Measurements ............. 76 3.1.4 Generating IoT-Specific Malicious Signatures .......... 78 3.2 Empirical Evaluation ........................... 79 3.2.1 First Emeprical Look on Internet-scale Exploitation of IoT Devices .............................. 80 3.2.2 Characterization and Signature Generation ........... 83 3.2.3 A Closer Look into Hosting Environment ............ 87 4 Generating and Sharing IoT-centric Cyber Threat Intelligence .93 4.1 Server Core Function ........................... 94 4.1.1 Data Aggregation Module .................... 94 4.1.2 Data Processing Module ..................... 96 4.1.3 Auxiliary Functions ........................ 96 4.2 Client-side Core Components ...................... 97 4.3 Performance Evaluation ......................... 100 4.3.1 Working Environment ...................... 100 4.3.2 Processing Time Evaluation ................... 101 4.3.3 Optimization ........................... 102 5 Concluding Remarks and Future Perspectives ........... 103 5.1 Challenges and Future Perspective ................... 104 Bibliography .............................. 109 ix LIST OF TABLES 2.1 A classification of reviewed surveys on IoT ............... 14 2.2 Summary of KMS implementation barriers ............... 25 2.3 E↵ect of various security mechanisms on energy consumption ..... 26 2.4 IoT vulnerabilities at di↵erent architectural layers ........... 29 2.5 Security impact of IoT vulnerabilities .................. 35 2.6 Attacks targeting IoT paradigm ..................... 46 2.7 Summary of remediation strategies ................... 57 2.8 IoT security situational awareness capabilities ............. 69 2.9 Intrusion detection techniques deployed in IoT environments ..... 70 3.1 IoT devices related to various CPS deployments ............ 80 3.2 Signatures for fingerprinting unsolicited IoT devices .......... 87 3.3 Number of infected IoT devices and scanning activities by country .. 90 3.4 Top ISPs hosting the most IoT exploitations .............. 91 3.5 Number of IoT DDoS victims and attacks by country ......... 91 3.6 Top 4 ISPs hosting IoT DDoS victims in China ............ 92 3.7 ISPs hosting IoT DDoS victims in countries with the highest number of IoT exploitations ............................ 92 x LIST OF FIGURES 1.1 IoT’s penetration into contemporary life ................ 2 2.1 Distribution of analyzed IoT research works by year .......... 16 2.2 A categorization of IoT vulnerabilities ................. 22 2.3 Malware which exploit (IoT) default user credentials ......... 27 2.4 Mirai attack process ........................... 37 2.5 Stages of firmware modification attack ................. 40 2.6 Node capturing attack phases ...................... 43 3.1 Inferring and mitigating Internet-scale unsolicited IoT devices: a net- work telescope approach ......................... 73 3.2 Network telescopes capturing Internet-scale IoT unsolicited traffic .. 74 3.3 Distribution of IoT devices deployed in consumer and CPS realms .. 81 3.4 Distribution of exploited IoT devices deployed in consumer and CPS realms ................................... 81 3.5 Internet-scale distribution of exploited IoT devices deployed in CPS realms ................................... 82 3.6 Top 6 ISPs hosting compromised IoT devices in CPS realms .... 83 3.7 Distribution of investigated IoT devices by type ............ 84 3.8 Distribution of exploited IoT devices .................. 85 3.9 Global distribution of exploited IoT devices .............. 86 3.10 IoT devices: global exploitations and DoS victims ........... 88 3.11 Exploitations/victims by business sectors ................ 89 4.1 Framework of the Siot platform for inferring and characterizing Internet- scale exploitations ............................. 93 xi 4.2 Components of the Siot platform for inferring and characterizing Internet-scale exploitations ........................ 95 4.3 A screenshot of the central dashboard .................. 98 4.4 A screnshot of country exploitation index dashboard ......... 99 4.5 A detailing dashboard perspective on the country exploitation index . 99 4.6 A screenshot of business sectors exploitation index dashboard .... 100 4.7 Elapsed time related to the inferrence and characterization of unsolicited IoT devices ................................ 101 xii CHAPTER 1 INTRODUCTION The conception of the prominent
Recommended publications
  • Turning Internet of Things(Iot) Into Internet of Vulnerabilities (Iov) : Iot Botnets
    TURNING IOT INTO IOV : IOT BOTNETS 1 Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets Kishore Angrishi Abstract—Internet of Things (IoT) is the next big evolutionary step in the world of internet. The main intention behind the IoT is to enable safer living and risk mitigation on different levels of life. Home Automation / With the advent of IoT botnets, the view towards IoT devices Smart Home has changed from enabler of enhanced living into Internet of vulnerabilities for cyber criminals. IoT botnets has exposed two Industrial Control Systems different glaring issues, 1) A large number of IoT devices are Smart City accessible over public Internet. 2) Security (if considered at all) is often an afterthought in the architecture of many wide spread Internet of Things (IoT) IoT devices. In this article, we briefly outline the anatomy of Autonomous the IoT botnets and their basic mode of operations. Some of the Vehicles Medical and healthcare major DDoS incidents using IoT botnets in recent times along Smart traffic & parking with the corresponding exploited vulnerabilities will be discussed. control We also provide remedies and recommendations to mitigate IoT Smart Metering & related cyber risks and briefly illustrate the importance of cyber Smart Grids insurance in the modern connected world. Index Terms—DDoS, IoT, IoT Botnets, Mirai Botnet, Cyber Insurance, Security I. INTRODUCTION Fig. 1. Internet of Things (IoT) The Internet of Things (IoT) is key in the digital world of connected living. The futuristic appeal to make life bit more enjoyable in a hectic day-to-day routine is enticing to many.
    [Show full text]
  • On the State of Internet of Things Security: Vulnerabilities, Attacks, and Recent Countermeasures
    On the State of Internet of Things Security: Vulnerabilities, Attacks, and Recent Countermeasures DEVKISHEN SISODIA, University of Oregon In this paper, we review the state of Internet of Things (IoT) security research, with a focus on recent countermeasures that attempt to address vulnerabilities and attacks in IoT networks. Due to the fact that IoT encompasses a large range of significantly distinct environments, each of which merits their own survey, our survey focuses mainly on the smart home environment. Based on the papers surveyed, we pinpoint several challenges and open issues that have yet to be adequately addressed in the realm of IoT security research. Lastly, in order to address these open issues, we provide a list of future research directions on which we believe researchers should focus. CCS Concepts: • Security and privacy → Mobile and wireless security. Additional Key Words and Phrases: Internet of Things (IoT); security; vulnerabilities; attacks; countermeasures 1 INTRODUCTION The Internet of Things (IoT) is a computer networking paradigm that refers to scenarios where network connectivity and computing capability extends to embedded sensors and everyday devices, allowing them to generate, exchange, consume, and act upon data with minimal to no human intervention. This paradigm is possible due to recent advancements in the miniaturization of electronics, networking capabilities, and computing power. Even in its relative infancy, IoT is already impacting our everyday lives in profound ways, from healthcare to home automation. In 2018, 7 billion devices were connected to the Internet [1] and this number is expected to increase to 19.8 billion by 2023 [2]. While IoT devices and traditional machines suffer from the same types of attacks, IoT devices tend to be harder to secure due to some unique properties.
    [Show full text]
  • Measurement and Analysis of Hajime, a Peer-To-Peer Iot Botnet
    Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet Stephen Herwig1 Katura Harvey1;2 George Hughey1 Richard Roberts1;2 Dave Levin1 1University of Maryland 2Max Planck Institute for Software Systems (MPI-SWS) {smherwig, katura}@cs.umd.edu, [email protected], {ricro, dml}@cs.umd.edu Abstract—The Internet of Things (IoT) introduces an unprece- While there have been in-depth studies into the kinds of dented diversity and ubiquity to networked computing. It also attacks that IoT botnets have launched [8], as well as the introduces new attack surfaces that are a boon to attackers. vulnerabilities that make IoT botnets able to flourish [6], The recent Mirai botnet showed the potential and power of a [37], there remains much to understand about the underlying collection of compromised IoT devices. A new botnet, known as makeup of the vulnerable IoT devices themselves. For exam- Hajime, targets many of the same devices as Mirai, but differs ple: In what countries do more vulnerable devices reside? IoT considerably in its design and operation. Hajime uses a public peer-to-peer system as its command and control infrastructure, devices are often embedded devices; what architectures are and regularly introduces new exploits, thereby increasing its more vulnerable, and where are various architectures more resilience. popular? How large can a global IoT botnet grow today? Can an IoT botnet propagate software updates rapidly and We show that Hajime’s distributed design makes it a valu- thoroughly? able tool for better understanding IoT botnets. For instance, Hajime cleanly separates its bots into different peer groups To answer these questions and more, we present in this depending on their underlying hardware architecture.
    [Show full text]
  • Your Smart Devices Put You at Risk
    Your smart devices are a security risk Table of contents Background | Method 2 Problems in the IoT 3 Timeline of problems in the IoT 4 Taxonomy of IoT vulnerabilities in context 8 User behaviors, attitudes, and vulnerabilities 11 How to protect our IoT devices 13 Conclusion 19 Background Method The Internet of Things (IoT) is everywhere. But, To gain a better understanding of the user aspect with the number of privacy and security issues of IoT, we conducted a survey via CINT. A total of they can expose us to, is it really that “smart” to 7,000 people were surveyed, with 1,000 people bring these devices into our homes? Do you from each of the following countries: Australia, always do everything you can to protect your IoT Canada, France, Germany, the Netherlands, the devices? Blame is often put on users, but they UK, and US. Participants formed representative are only the final point of a long line of problems. samples across gender, age, family situation, and income levels. The questions revolved around There is a strong community of cybersecurity which IoT devices people had in their homes, researchers — both in academia and the industry, what measures they took to secure them, and often working with government agencies — who whose responsibility they thought it was to ensure are committed to finding vulnerabilities, making the security of IoT devices. The results were the risks known, and helping to fix them. cross-referenced with a new user-focused taxonomy of the main vulnerabilities IoT devices But what if you can’t find who to go to when you are exposed to.
    [Show full text]
  • WHY ROUTERS ARE the NEW BULLSEYE in CYBER ATTACKS Anurag Shandilya K7 Computing, India
    WWW.VIRUSBULLETIN.COM/CONFERENCE 2019 LONDON 2 – 4 October 2019 ABSOLUTELY ROUTED!! WHY ROUTERS ARE THE NEW BULLSEYE IN CYBER ATTACKS Anurag Shandilya K7 Computing, India [email protected] ABSTRACT Routers are ubiquitous and highly vulnerable to attack. Despite being the central nervous system of any network, routers are disregarded when it comes to security, as can be proven by the fact that, although vulnerabilities in routers are identifi ed and reported, most devices remain unpatched, making easy targets for cybercriminals. In recent years we have seen threat actors shift their focus from complex operating system- and network-based attacks to comparatively simple router-based ones. Other than merely brute-forcing credentials, cyber gangs have been exploiting known and zero-day router vulnerabilities to host malicious code. CVE-2018-14847 is a vulnerability affecting MikroTik RouterOS from v6.29 to v6.42, which allowed arbitrary fi le read and write over WinBox port 8291, reported in April 2018. Although a patch was available almost immediately, Coinhive, a cryptominer, exploited this vulnerability from July 2018 onwards to inject Monero mining code into the error page served up by the device when a user accessed any HTTP page. CVE-2018-10561 was reported in DZS’ GPON routers, which was then exploited by multiple pieces of router malware including Satori and Hajime to carry out their botnet operations. The Satori malware family exploited this vulnerability to download and execute shell script on the device from the /tmp directory. More recently, CVE-2019-1652 has been reported, affecting Cisco routers and allowing command injection in the router’s certifi cate generation module.
    [Show full text]
  • Demystifying Iot Security: an Exhaustive Survey on Iot Vulnerabilities and a First Empirical Look on Internet-Scale Iot Exploitations
    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/332277406 Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-scale IoT Exploitations Article in IEEE Communications Surveys & Tutorials · April 2019 CITATIONS READS 48 2,649 5 authors, including: Nataliia Neshenko Elias Bou-Harb Florida Atlantic University University of Texas at San Antonio 12 PUBLICATIONS 84 CITATIONS 85 PUBLICATIONS 785 CITATIONS SEE PROFILE SEE PROFILE Jorge Crichigno Georges Kaddoum University of South Carolina École de Technologie Supérieure 80 PUBLICATIONS 484 CITATIONS 249 PUBLICATIONS 3,798 CITATIONS SEE PROFILE SEE PROFILE Some of the authors of this publication are also working on these related projects: Explicit feedback for congestion control inScience DMZ cyberinfrastructures based onprogramable data-plane switches View project Deep Learning View project All content following this page was uploaded by Elias Bou-Harb on 08 April 2019. The user has requested enhancement of the downloaded file. 1 Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-scale IoT Exploitations Nataliia Neshenko, Elias Bou-Harb, Jorge Crichigno, Georges Kaddoum and Nasir Ghani Abstract—The security issue impacting the Internet-of-Things physical therapy [4], while the Autism Glass [5] aims at aiding (IoT) paradigm has recently attracted significant attention from autistic children to recognize emotions of other people in real- the research community. To this end, several surveys were put time [6]. forward addressing various IoT-centric topics including intrusion detection systems, threat modeling and emerging technologies. Safety-centric IoT solutions endeavor to minimize haz- In contrast, in this work, we exclusively focus on the ever- ardous scenarios and situations.
    [Show full text]