Abstract
IoT devices are projected to scale up to hundreds of billions by 2030 due to its applications in agriculture, healthcare, environment, manufacturing, energy transition, and other industries. However, it raises many cybersecurity concerns as well. Typically, the firmware of IoT devices can include security vulnerabilities and software bugs. Once those devices are deployed, adversaries can exploit vulnerable code residing inside such devices for malicious intentions like DoS attacks. For example, memory corruption and long-run operations as vulnerable code can be exploited for DoS in a wireless sensor network. Attackers try to crash a running program through memory corruption in order to interrupt node availability and eventually pose DoS to a network. We define this attack vector as firmware-driven DoS attacks.
In this paper, we demonstrate how firmware-based DoS exploits can be carried out in a wireless sensor network through simulating attack scenarios. In addition, we propose a defensive mechanism at network level that monitors the CPU load of nodes to switch its state. The results show that the proposed mechanism can preserve network lifespan and network availability in some scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/iot-security
https://www.venafi.com/blog/top-10-vulnerabilities-make-iot-devices-insecure
Contiki OS: http://www.contiki-os.org/
FreeRTOS: https://www.freertos.org/
LiteOS: https://gitee.com/LiteOS/LiteOS
RIOT-OS: https://github.com/RIOT-OS/RIOT
Mohanty, A., Obaidat, I., Yilmaz, F., Sridhar, M.: Control-hijacking vulnerabilities in IoT firmware: A brief survey. In: Proceedings of the 1st International Workshop on Security and Privacy for the Internet-of-Things (IoTSec) (2018)
Meneghello, F., Calore, M., Zucchetto, D., Polese, M., Zanella, A.: IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices. IEEE Internet Things J. 6(5), 8182–8201 (2019)
Raymond, D.R., Midkiff, S.F.: Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Comput. 7(1), 74–81 (2008)
Lakshmi, H.N., Anand, S., Sinha, S.: Flooding attack in wireless sensor network-analysis and prevention. Int. J. Eng. Adv. Technol. 8(5), 1792–1796 (2019)
Sasikala, E., Rengarajan, N.: An intelligent technique to detect jamming attack in wireless sensor networks (WSNs). Int. J. Fuzzy Syst. 17(1), 76–83 (2015)
Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A survey on sensor-based threats to internet-of-things (iot) devices and applications. arXiv preprint arXiv:1802.02041 (2018)
Sikder, A.K., Aksu, H., Uluagac, A.S.: 6thsense: a context-aware sensor-based attack detector for smart devices. In: 26th USENIX Security Symposium Security, vol. 17, pp. 397–414 (2017)
Giannetsos, T., Dimitriou, T.: Spy-sense: spyware tool for executing stealthy exploits against sensor networks. In: Proceedings of the 2nd ACM workshop on Hot topics on Wireless Network Security and Privacy, pp. 7–12 (2013)
Son, Y., et al.: Rocking drones with intentional sound noise on gyroscopic sensors. In: 24th USENIX Security Symposium Security, pp. 881–896 (2015)
Mems accelerometer hardware design flaws (update a). https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-073-01A. Accessed 30 May 2017
Coppolino, L., D'Alessandro, V., D'Antonio, S., Levy, L., Romano, L.: My smart home is under attack. In: IEEE 18th International Conference on Computational Science and Engineering, pp. 145–151 (2015)
Shen, J., Chang, S., Shen, J., Liu, Q., Sun, X.: A lightweight multi-layer authentication protocol for wireless body area networks. Fut. Gener. Comput. Syst. 78, 956–963 (2018)
Li, C.T., Wu, T.Y., Chen, C.L., Lee, C.C., Chen, C.M.: An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system. Sensors 17(7), 1482 (2017)
Salehi, M., Degani, L., Roveri, M., Hughes, D., Crispo, B.: Discovery and identification of memory corruption vulnerabilities on bare-metal embedded devices. IEEE Trans. Depend. Secure Comput. 20(2), 1124–1138 (2023)
Wang, D., Li, W., Wang, P.: Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans. Ind. Inf. 14(9), 4081–4092 (2018)
Sun, P., Garcia, L., Salles-Loustau, G., Zonouz, S.: Hybrid firmware analysis for known mobile and iot security vulnerabilities. In: 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 373–384 (2020)
Yao, Y., Zhou, W., Jia, Y., Zhu, L., Liu, P., Zhang, Y.: Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution. In: European Symposium on Research in Computer Security, pp. 638–657 (2019)
English, K.V., Obaidat, I., Sridhar, M.: Exploiting memory corruption vulnerabilities in connman for IoT devices. In: 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 247–255 (2019)
Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
Al-Boghdady, A., Wassif, K., El-Ramly, M.: The presence, trends, and causes of security vulnerabilities in operating systems of IoT’s low-end devices. Sensors 21(7), 2329 (2021)
Lethaby, N.: A more secure and reliable OTA update architecture for IoT devices. In: Texas Instruments (2018)
He, X., Alqahtani, S., Gamble, R., Papa, M.: Securing over-the-air IoT firmware updates using blockchain. In: Proceedings of the International Conference on Omni-Layer Intelligent Systems, pp. 164–171, (2019)
Ge, M., Fu, X., Syed, N., Baig, Z., Teo, G., Robles-Kelly, A.: Deep learning-based intrusion detection for IoT networks. In: IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 256–25609 (2019)
Lau, T. P.: A class of software-layer DoS attacks in node.js web apps. In: Proceedings of 6th International Conference on Cryptography, Security and Privacy (CSP), pp. 108–113 (2022)
Zhou, W., et al.: Reviewing IoT security via logic bugs in IoT platforms and systems. IEEE Internet Things J. 8(14), 11621–11639 (2021)
Pal, S., Dorri, A., Jurdak, R.: Blockchain for IoT access control: recent trends and future research directions. J. Network Comput. Appl. 103371 (2022)
Li, F., Han, Y., Jin, C.: Practical access control for sensor networks in the context of the Internet of Things. Comput. Commun. 89, 154–164 (2016)
Mittal, M., Kumar, K., Behal, S.: Deep learning approaches for detecting DDoS attacks: a systematic review. Soft Comput. 27(18), 13039–13075 (2023)
https://www.cvedetails.com/product/38087/Contiki-os-Contiki.html?vendor_id=16528
https://www.cvedetails.com/product/51624/Amazon-Freertos.html?vendor_id=12126
El Bouazzati, M., Tessier, R., Tanguy, P., Gogniat, G.: A lightweight intrusion detection system against IoT memory corruption attacks. In: 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS), pp. 118–123 (2023)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lau, P.T., Katzenbeisser, S. (2024). Firmware-Based DoS Attacks in Wireless Sensor Network. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-54129-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54128-5
Online ISBN: 978-3-031-54129-2
eBook Packages: Computer ScienceComputer Science (R0)