Abstract
Security configurations remain challenging for trained administrators. Nowadays, due to the advent of the Internet of Things (IoT), untrained users operate numerous and heterogeneous Internet-facing services in manifold use case-specific scenarios. In this work, we close the growing gap between the complexity of IoT security configuration and the expertise of the affected users. To this end, we propose ColPSA, a platform for collective and privacy-aware security advice that allows users to optimize their configuration by exchanging information about what security can be realized given their IoT deployment and scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon Web Services: AWS IoT Device Defender (2023). https://aws.amazon.com/iot-device-defender/. Accessed 09 Jan 2023
Avast: Avast Network Inspector (2022). https://support.avast.com/en-ww/article/use-network-inspector. Accessed 09 Jan 2023
Dahlmanns, M., et al.: Easing the conscience with OPC UA: an internet-wide study on insecure deployments. In: ACM IMC (2020)
Dahlmanns, M., et al.: Missed opportunities: measuring the untapped TLS support in the industrial internet of things. In: ACM ASIACCS (2022)
Dahlmanns, M., et al.: Secrets revealed in container images: an internet-wide study on occurrence and impact. In: ACM ASIACCS (2023)
Durumeric, Z., et al.: ZMap: fast internet-wide scanning and its security applications. In: USENIX SEC (2013)
Erba, A., et al.: Security analysis of vendor implementations of the OPC UA protocol for industrial control systems. In: ACM CPSIoTSec (2022)
Federal Office for Information Security: OPC UA Security Analysis (2017)
Federal Office for Information Security: Cryptographic Mechanisms: Recommendations and Key Lengths Part 4 - Use of Secure Shell (SSH). BSI TR-02102-4 (2021)
Federal Office for Information Security: Cryptographic Mechanisms: Recommendations and Key Lengths: Use of Transport Layer Security (TLS). BSI TR-02102-2 (2021)
Heer, T., et al.: Security challenges in the IP-based internet of things. Wirel. Pers. Commun. 61(3), 527–542 (2011)
Hills, R.: arp-scan(1) - Linux man page (2016)
Huang, D.Y., et al.: IoT inspector: crowdsourcing labeled network traffic from smart home devices at scale. ACM IMWUT 4(2), 1–21 (2020)
Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018)
Krombholz, K., et al.: "I Have No Idea What i’m Doing": on the usability of deploying HTTPS. In: USENIX SEC. SEC’17, USA (2017)
Lantz, B., et al.: A network in a laptop: rapid prototyping for software-defined networks. In: ACM Hotnets. Hotnets-IX, New York (2010)
Madakam, S., et al.: Internet of things (IoT): a literature review. J. Comput. Commun. 3(5), 164–173 (2015)
Maggi, F., et al.: The Fragility of Industrial IoT’s Data Backbone: Security and Privacy Issues in MQTT and CoAP Protocols. Tech. rep., Trend Micro Inc. (2018)
Meidan, Y., et al.: ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In: ACM SAC. SAC ’17, New York (2017)
OPC Foundation: OPC Unified Architecture – Part 2: Security Model. OPC 10000–2: OPC Unified Architecture (2018)
Papadogiannakis, A., et al.: Improving the performance of passive network monitoring applications with memory locality enhancements. Comput. Commun. 35(1), 129–140 (2012)
Pohlmann, U., Sikora, A.: Practical security recommendations for building OPC UA applications. Ind. Ethernet Book 106 (2018)
Qualys: SSL Server Test (2023). https://www.ssllabs.com/ssltest/. Accessed 09 Jan 2023
Rahalkar, S.: OpenVAS. Apress, Berkeley, CA (2019)
Rescorla, E., Dierks, T.: The transport layer security (TLS) protocol version 1.2. RFC 5246 (2008)
Roesch, M.: Snort: lightweight intrusion detection for networks. In: USENIX LISA (1999)
Serror, M., et al.: Challenges and opportunities in securing the industrial internet of things. IEEE Trans. Ind. Informat. 17(5), 2985–2996 (2021)
Sha, K., et al.: On security challenges and open issues in internet of things. Future Gener. Comput. Syst. 83, 326–337 (2018)
Sheffer, Y., et al.: Recommendations for secure use of transport layer security (TLS) and datagram transport layer security (DTLS). IETF RFC 7525 (2015)
Srinivasa, S., et al.: Open for hire: attack trends and misconfiguration pitfalls of IoT devices. In: ACM IMC (2021)
Testa, J.: ssh-audit (2023). https://github.com/jtesta/ssh-audit. Accessed 09 Jan 2023
Wetter, D.: testssl.sh (2022). https://testssl.sh/. Accessed 09 Jan 2023
Acknowledgements
Funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) — Research Project VeN2uS — 03EI6053K.Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy — EXC-2023 Internet of Production — 390621612.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dahlmanns, M., Matzutt, R., Dax, C., Wehrle, K. (2024). Collectively Enhancing IoT Security: A Privacy-Aware Crowd-Sourcing Approach. In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14552. Springer, Cham. https://doi.org/10.1007/978-3-031-57540-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-57540-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57539-6
Online ISBN: 978-3-031-57540-2