IoTAegis:保护物联网的可扩展框架

2018 27th International Conference on Computer Communication and Networks (ICCCN) Pub Date : 2018-07-01 DOI:10.1109/ICCCN.2018.8487335

Zhiyuan Zheng, Allen T. Webb, A. Reddy, R. Bettati

{"title":"IoTAegis:保护物联网的可扩展框架","authors":"Zhiyuan Zheng, Allen T. Webb, A. Reddy, R. Bettati","doi":"10.1109/ICCCN.2018.8487335","DOIUrl":null,"url":null,"abstract":"The infamous Mirai attack which hijacked nearly half a million Internet connected devices demonstrated the widespread security vulnerabilities of the Internet-of-Things (IoT). This study employs a set of active and passive observation methods to discover the security vulnerabilities of IoT devices within a university campus. We show that (a) the number of non-compute devices dominates the number of compute devices with open ports in a campus network; (b) 58.9% or more devices do not keep up-to-date firmware and 51.3% or more do not have a user defined password; and (c) the number of devices together with the diversity of device ages and vendors make the protection of IoT devices a difficult problem. We further develop IoTAegis framework which offers device-level protection to automatically manage device configurations and security updates. Our solution is shown to be effective, scalable, lightweight, and deployable in different forms and network types.","PeriodicalId":399145,"journal":{"name":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"IoTAegis: A Scalable Framework to Secure the Internet of Things\",\"authors\":\"Zhiyuan Zheng, Allen T. Webb, A. Reddy, R. Bettati\",\"doi\":\"10.1109/ICCCN.2018.8487335\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The infamous Mirai attack which hijacked nearly half a million Internet connected devices demonstrated the widespread security vulnerabilities of the Internet-of-Things (IoT). This study employs a set of active and passive observation methods to discover the security vulnerabilities of IoT devices within a university campus. We show that (a) the number of non-compute devices dominates the number of compute devices with open ports in a campus network; (b) 58.9% or more devices do not keep up-to-date firmware and 51.3% or more do not have a user defined password; and (c) the number of devices together with the diversity of device ages and vendors make the protection of IoT devices a difficult problem. We further develop IoTAegis framework which offers device-level protection to automatically manage device configurations and security updates. Our solution is shown to be effective, scalable, lightweight, and deployable in different forms and network types.\",\"PeriodicalId\":399145,\"journal\":{\"name\":\"2018 27th International Conference on Computer Communication and Networks (ICCCN)\",\"volume\":\"81 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 27th International Conference on Computer Communication and Networks (ICCCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2018.8487335\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2018.8487335","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

臭名昭著的Mirai攻击劫持了近50万台互联网连接设备，这表明物联网(IoT)存在广泛的安全漏洞。本研究采用了一套主动和被动的观察方法，发现了大学校园内物联网设备的安全漏洞。我们表明:(a)校园网中非计算设备的数量主导了开放端口的计算设备的数量;(b) 58.9%或以上的设备没有保持最新固件，51.3%或以上的设备没有用户自定义密码;(c)设备的数量以及设备年龄和供应商的多样性使物联网设备的保护成为一个难题。我们进一步开发IoTAegis框架，该框架提供设备级保护，以自动管理设备配置和安全更新。我们的解决方案被证明是有效的、可伸缩的、轻量级的，并且可以在不同的形式和网络类型中部署。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IoTAegis: A Scalable Framework to Secure the Internet of Things

The infamous Mirai attack which hijacked nearly half a million Internet connected devices demonstrated the widespread security vulnerabilities of the Internet-of-Things (IoT). This study employs a set of active and passive observation methods to discover the security vulnerabilities of IoT devices within a university campus. We show that (a) the number of non-compute devices dominates the number of compute devices with open ports in a campus network; (b) 58.9% or more devices do not keep up-to-date firmware and 51.3% or more do not have a user defined password; and (c) the number of devices together with the diversity of device ages and vendors make the protection of IoT devices a difficult problem. We further develop IoTAegis framework which offers device-level protection to automatically manage device configurations and security updates. Our solution is shown to be effective, scalable, lightweight, and deployable in different forms and network types.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 27th International Conference on Computer Communication and Networks (ICCCN)

自引率

0.00%

发文量