Skip to main content
SpringerLink
Log in

An Experimental Framework for Investigating Security and Privacy of IoT Devices

  • Conference paper
  • First Online:
Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments (ISDDC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10618))

Abstract

With the rapid growth of Internet-of-Things (IoT) devices, security and privacy issues emerged as a potential roadblock for widespread adoption. Preliminary research indicates that many types of IoT devices have serious vulnerabilities. It is not easy to investigate security and privacy issues since each type of device is different and manual experiments need to be conducted on the device. In this paper, we propose a framework for investigation of security and privacy issues of IoT devices. The framework consists of four components, a testbed, set of topics to be investigated, a set of experiments for each topic investigated and a final report. Fundamental approach used in the framework is to capture layer 2 and layer 3 packets and to analyze the packets for various features. Proposed framework is low cost and is based on off-the-shelf hardware and open source software. Using the framework, we can investigate security and privacy issues of many IoT devices including HDMI sticks, IP cameras, activity trackers, smartwatches and drones. A large set of topics can be investigated on IoT devices using the framework including vulnerability issues, protocol security, firmware updates, authentication issues and privacy violations. Sample experimental results show the promise of the proposed framework. We believe this framework will serve as the foundation for a general automated framework to investigate security and privacy issues of most IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Netgear Inc.: NeoMediacast HDMI Dongle (2016). http://www.netgear.com/images/pdf/NETGEAR-NTV300D-D-12202013-3.pdf

  2. The Wall Street Journal: Amazon to Ship Video Streaming Device in April (2016). http://online.wsj.com/news/article_email/SB10001424052702303287804579445721946202990

  3. LG Electronics: LG Smart-TV with Google-TV (2016). http://www.lg.com/us/lggoogletv/index.jsp

  4. Marvell Inc.: Armada 1500-Mini (2016). http://www.marvell.com/digital-entertainment/armada-1500-mini/

  5. Tekeoglu, A., Tosun, A.Ş.: Blackbox security evaluation of chromecast network communications. In: 2014 IEEE International Performance Computing and Communications Conference (IPCCC), pp. 1–2, December 2014

    Google Scholar 

  6. Tekeoglu, A., Tosun, A.Ş.: A closer look into privacy and security of chromecast multimedia cloud communications. In: International Workshop on Multimedia Cloud Communications, 2015 IEEE INFOCOM, pp. 121–126, April 2015

    Google Scholar 

  7. Zhou, Y., Jiang, X.: Dissecting Android Malware: characterization and evolution. In: IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  8. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010. USENIX Association, Berkeley (2010)

    Google Scholar 

  9. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245 (2009)

    Google Scholar 

  10. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011. USENIX Association, Berkeley (2011)

    Google Scholar 

  11. Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. 7(1), 50–57 (2009). doi:10.1109/MSP.2009.26

    Article  Google Scholar 

  12. Shekyan, S., Harutyunyan, A.: To Watch or Be Watched: Turning Your Surveillance Camera Against You (2016). http://conference.hitb.org/hitbsecconf2013ams/shekyan-harutyunyan/

  13. Trendnet Cameras - I always feel like somebody’s watching me (2016). http://console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html

  14. Wardle, P., Moore, C.: Optical Surgery: Implanting a Dropcam. Synack Labs, Defcon 22 Hacking Conference, August 2014. https://www.synack.com/labs/projects/implanting-a-dropcam

  15. Tekeoglu, A., Tosun, A.Ş.: Investigating security and privacy of a cloud-based wireless IP camera: NetCam. In: 5th International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems (MobiPST), 2015 IEEE ICCCN, pp. 1–6, August 2015

    Google Scholar 

  16. West, J., Kohno, T., Lindsay, D., Sechman, J.: WearFit: security design analysis of a wearable fitness tacker. Technical report, IEEE Center for Secure Design (2016)

    Google Scholar 

  17. Hilts, A., Parsons, C., Knockel, J.: Every step you fake. Technical report, Open Effect Report (2016)

    Google Scholar 

  18. Barcena, M., Wueest, C., Lau, H.: How safe is your quantified self. Technical report, Symantec Security Response (2014)

    Google Scholar 

  19. Internet of things security study: Smartwatches. Technical report, Hewlett-Packard (2015)

    Google Scholar 

  20. Ubertooth, P.: Ubertooth. https://github.com/greatscottgadgets/ubertooth. Accessed Sept 2014

  21. Tekeoglu, A., Tosun, A.Ş.: A testbed for privacy and security of IoT devices. In: IEEE International Workshop on Data Science for Internet of Things, MASS 2016, pp. 1–6, October 2016

    Google Scholar 

  22. Open Vulnerability Assessment System (2016). http://www.openvas.org

  23. Belshe, M., Peon, R., Thomson, M.: Hypertext Transfer Protocol version 2, TLS 1.2 Cipher Suite Black List, 19 February 2015. https://http2.github.io/http2-spec/#BadCipherSuites

  24. Mills, D.L.: A brief history of NTP time: memoirs of an internet timekeeper. SIGCOMM Comput. Commun. Rev. 33, 9–21 (2003)

    Article  Google Scholar 

  25. ntp.org: Network Time Protocol (2016). http://support.ntp.org

  26. Biondi, P.: Scapy (2016). http://www.secdev.org/projects/scapy/

  27. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Internet Engineering Task Force, August 2008. Updated by RFCs 5746, 5878, 6176

    Google Scholar 

  28. Costa, G., Franceschi, A.D.: Xplico: Open Source Network Forensic Analysis Tool (NFAT) (2016). http://www.xplico.org/

  29. IANA: Service Name and Transport Protocol Port Number Registry, for TCP Port 4103 (2016). http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=78

  30. Port 4103 Details (2016). http://www.speedguide.net/port.php?port=4103

  31. JPEG (2016). http://en.wikipedia.org/wiki/JPEG

  32. Python Packet Creation Library (2016). https://code.google.com/p/dpkt/

Download references

Author information

Authors and Affiliations

  1. Network Computer Security Department, SUNY Polytechnic Institute, 100 Seymour Ave., Utica, NY, 13502, USA

    Ali Tekeoglu

  2. Computer Science Department, The University of Texas at San Antonio, One UTSA Circle, San Antonio, TX, 78249, USA

    Ali Şaman Tosun

Authors
  1. Ali Tekeoglu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Şaman Tosun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Tekeoglu .

Editor information

Editors and Affiliations

  1. University of Victoria, Victoria, British Columbia, Canada

    Issa Traore

  2. Ryerson University, Toronto, Ontario, Canada

    Isaac Woungang

  3. New York Institute of Technology, Vancouver, British Columbia, Canada

    Ahmed Awad

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Tekeoglu, A., Tosun, A.Ş. (2017). An Experimental Framework for Investigating Security and Privacy of IoT Devices. In: Traore, I., Woungang, I., Awad, A. (eds) Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. ISDDC 2017. Lecture Notes in Computer Science(), vol 10618. Springer, Cham. https://doi.org/10.1007/978-3-319-69155-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69155-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69154-1

  • Online ISBN: 978-3-319-69155-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation