Skip to main content
SpringerLink
Log in

Firmware-Based DoS Attacks in Wireless Sensor Network

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

  • 142 Accesses

Abstract

IoT devices are projected to scale up to hundreds of billions by 2030 due to its applications in agriculture, healthcare, environment, manufacturing, energy transition, and other industries. However, it raises many cybersecurity concerns as well. Typically, the firmware of IoT devices can include security vulnerabilities and software bugs. Once those devices are deployed, adversaries can exploit vulnerable code residing inside such devices for malicious intentions like DoS attacks. For example, memory corruption and long-run operations as vulnerable code can be exploited for DoS in a wireless sensor network. Attackers try to crash a running program through memory corruption in order to interrupt node availability and eventually pose DoS to a network. We define this attack vector as firmware-driven DoS attacks.

In this paper, we demonstrate how firmware-based DoS exploits can be carried out in a wireless sensor network through simulating attack scenarios. In addition, we propose a defensive mechanism at network level that monitors the CPU load of nodes to switch its state. The results show that the proposed mechanism can preserve network lifespan and network availability in some scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/iot-security

  2. https://www.venafi.com/blog/top-10-vulnerabilities-make-iot-devices-insecure

  3. https://www.zdnet.com/article/these-new-vulnerabilities-millions-of-iot-devives-at-risk-so-patch-now/

  4. Contiki OS: http://www.contiki-os.org/

  5. FreeRTOS: https://www.freertos.org/

  6. LiteOS: https://gitee.com/LiteOS/LiteOS

  7. RIOT-OS: https://github.com/RIOT-OS/RIOT

  8. Mohanty, A., Obaidat, I., Yilmaz, F., Sridhar, M.: Control-hijacking vulnerabilities in IoT firmware: A brief survey. In: Proceedings of the 1st International Workshop on Security and Privacy for the Internet-of-Things (IoTSec) (2018)

    Google Scholar 

  9. Meneghello, F., Calore, M., Zucchetto, D., Polese, M., Zanella, A.: IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices. IEEE Internet Things J. 6(5), 8182–8201 (2019)

    Google Scholar 

  10. Raymond, D.R., Midkiff, S.F.: Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Comput. 7(1), 74–81 (2008)

    Article  Google Scholar 

  11. Lakshmi, H.N., Anand, S., Sinha, S.: Flooding attack in wireless sensor network-analysis and prevention. Int. J. Eng. Adv. Technol. 8(5), 1792–1796 (2019)

    Google Scholar 

  12. Sasikala, E., Rengarajan, N.: An intelligent technique to detect jamming attack in wireless sensor networks (WSNs). Int. J. Fuzzy Syst. 17(1), 76–83 (2015)

    Article  Google Scholar 

  13. Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A survey on sensor-based threats to internet-of-things (iot) devices and applications. arXiv preprint arXiv:1802.02041 (2018)

  14. Sikder, A.K., Aksu, H., Uluagac, A.S.: 6thsense: a context-aware sensor-based attack detector for smart devices. In: 26th USENIX Security Symposium Security, vol. 17, pp. 397–414 (2017)

    Google Scholar 

  15. Giannetsos, T., Dimitriou, T.: Spy-sense: spyware tool for executing stealthy exploits against sensor networks. In: Proceedings of the 2nd ACM workshop on Hot topics on Wireless Network Security and Privacy, pp. 7–12 (2013)

    Google Scholar 

  16. Son, Y., et al.: Rocking drones with intentional sound noise on gyroscopic sensors. In: 24th USENIX Security Symposium Security, pp. 881–896 (2015)

    Google Scholar 

  17. Mems accelerometer hardware design flaws (update a). https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-073-01A. Accessed 30 May 2017

  18. Coppolino, L., D'Alessandro, V., D'Antonio, S., Levy, L., Romano, L.: My smart home is under attack. In: IEEE 18th International Conference on Computational Science and Engineering, pp. 145–151 (2015)

    Google Scholar 

  19. Shen, J., Chang, S., Shen, J., Liu, Q., Sun, X.: A lightweight multi-layer authentication protocol for wireless body area networks. Fut. Gener. Comput. Syst. 78, 956–963 (2018)

    Article  Google Scholar 

  20. Li, C.T., Wu, T.Y., Chen, C.L., Lee, C.C., Chen, C.M.: An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system. Sensors 17(7), 1482 (2017)

    Article  Google Scholar 

  21. Salehi, M., Degani, L., Roveri, M., Hughes, D., Crispo, B.: Discovery and identification of memory corruption vulnerabilities on bare-metal embedded devices. IEEE Trans. Depend. Secure Comput. 20(2), 1124–1138 (2023)

    Article  Google Scholar 

  22. Wang, D., Li, W., Wang, P.: Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans. Ind. Inf. 14(9), 4081–4092 (2018)

    Article  Google Scholar 

  23. Sun, P., Garcia, L., Salles-Loustau, G., Zonouz, S.: Hybrid firmware analysis for known mobile and iot security vulnerabilities. In: 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 373–384 (2020)

    Google Scholar 

  24. Yao, Y., Zhou, W., Jia, Y., Zhu, L., Liu, P., Zhang, Y.: Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution. In: European Symposium on Research in Computer Security, pp. 638–657 (2019)

    Google Scholar 

  25. English, K.V., Obaidat, I., Sridhar, M.: Exploiting memory corruption vulnerabilities in connman for IoT devices. In: 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 247–255 (2019)

    Google Scholar 

  26. Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)

    Google Scholar 

  27. Al-Boghdady, A., Wassif, K., El-Ramly, M.: The presence, trends, and causes of security vulnerabilities in operating systems of IoT’s low-end devices. Sensors 21(7), 2329 (2021)

    Article  Google Scholar 

  28. Lethaby, N.: A more secure and reliable OTA update architecture for IoT devices. In: Texas Instruments (2018)

    Google Scholar 

  29. He, X., Alqahtani, S., Gamble, R., Papa, M.: Securing over-the-air IoT firmware updates using blockchain. In: Proceedings of the International Conference on Omni-Layer Intelligent Systems, pp. 164–171, (2019)

    Google Scholar 

  30. Ge, M., Fu, X., Syed, N., Baig, Z., Teo, G., Robles-Kelly, A.: Deep learning-based intrusion detection for IoT networks. In: IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 256–25609 (2019)

    Google Scholar 

  31. Lau, T. P.: A class of software-layer DoS attacks in node.js web apps. In: Proceedings of 6th International Conference on Cryptography, Security and Privacy (CSP), pp. 108–113 (2022)

    Google Scholar 

  32. Zhou, W., et al.: Reviewing IoT security via logic bugs in IoT platforms and systems. IEEE Internet Things J. 8(14), 11621–11639 (2021)

    Article  Google Scholar 

  33. https://www.espressif.com/en/products/devkits/esp32-devkitc

  34. Pal, S., Dorri, A., Jurdak, R.: Blockchain for IoT access control: recent trends and future research directions. J. Network Comput. Appl. 103371 (2022)

    Google Scholar 

  35. Li, F., Han, Y., Jin, C.: Practical access control for sensor networks in the context of the Internet of Things. Comput. Commun. 89, 154–164 (2016)

    Article  Google Scholar 

  36. Mittal, M., Kumar, K., Behal, S.: Deep learning approaches for detecting DDoS attacks: a systematic review. Soft Comput. 27(18), 13039–13075 (2023)

    Article  Google Scholar 

  37. https://www.cvedetails.com/vendor/20377/Riot-os.html

  38. https://www.cvedetails.com/product/38087/Contiki-os-Contiki.html?vendor_id=16528

  39. https://www.cvedetails.com/product/51624/Amazon-Freertos.html?vendor_id=12126

  40. El Bouazzati, M., Tessier, R., Tanguy, P., Gogniat, G.: A lightweight intrusion detection system against IoT memory corruption attacks. In: 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS), pp. 118–123 (2023)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Engineering, University of Information Technology, Ho Chi Minh, Vietnam

    Phi Tuong Lau

  2. Faculty of Computer Science and Mathematics, University of Passau, Ho Chi Minh, Germany

    Stefan Katzenbeisser

Authors
  1. Phi Tuong Lau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Katzenbeisser
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Phi Tuong Lau .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Appendix

Appendix

figure e

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lau, P.T., Katzenbeisser, S. (2024). Firmware-Based DoS Attacks in Wireless Sensor Network. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation