Skip to main content
SpringerLink
Log in

DNS Rebinding Detection for Local Internet of Things Devices

  • Conference paper
  • First Online:
Frontiers in Cyber Security (FCS 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1286))

Included in the following conference series:

Abstract

Smart home technology makes the living environment comfortable and safe. However, threats in the smart home environment bring more new challenges. As a typical attack method, DNS rebinding seriously threatens the data privacy and the security of smart home devices. Aiming at detecting this attack and minimizing its effect as much as possible, we use simulation experiments to model the DNS rebinding attack scenarios. Based on the analysis of the key factors of the experiments, a DNS rebinding attack detection model is proposed. When devices in a smart home environment meet the detection model, they may be vulnerable to DNS rebinding attacks. Our simulation experimental results show that the smart home devices in the detection model are vulnerable to DNS rebinding attacks. Finally, we put forward some defensive measures.

This work was supported in part by the Natural Science Foundation of China under Grants 61672092, in part by the Fundamental Research Funds for the Central Universities of China under Grants 2018JBZ103, the Fundamental Research Funds for the Central Universities 2019YJS033, Major Scientific and Technological Innovation Projects of Shandong Province, China (No. 2019JZZY020128).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Panwar, N., Sharma, S., Mehrotra, S., Krzywiecki, L., Venkatasubramanian, N.: Smart home survey on security and privacy. CoRR, abs/1904.05476 (2019)

    Google Scholar 

  2. Tong, X., Fang, B., He, Y., Zhang, Y.: Analysis on the development of internet of things smart home. Mobile Commun

    Google Scholar 

  3. Chirila, S., Lemnaru, C., Dînsoreanu, M.: Semantic-based IoT device discovery and recommendation mechanism. In: IEEE 12th International Conference on Intelligent Computer Communication and Processing, ICCP 2016, Cluj-Napoca, Romania, 8–10 September 2016, pp. 111–116. IEEE (2016)

    Google Scholar 

  4. Castro, R.R., López, J., Gritzalis, S.: Evolution and trends in IoT security. IEEE Comput. 51(7), 16–25 (2018)

    Article  Google Scholar 

  5. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Foren. Secur. 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  6. Xu, T., Wendt, J.B., Potkonjak, M.: Security of IoT systems: design challenges and opportunities. In: Chang, Y.-W. (ed.) The IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2014, San Jose, CA, USA, 3–6 November 2014, pp. 417–423. IEEE (2014)

    Google Scholar 

  7. McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., Roesner, F.: Toys that listen: a study of parents, children, and internet-connected toys. In: Mark, G., et al. (eds.) Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, Denver, CO, USA, 06–11 May 2017, pp. 5197–5207. ACM (2017)

    Google Scholar 

  8. Wikipedia. 2016 dyn cyberattack (2016). https://en.wikipedia.org/wiki/2016_Dyn_cyberattack

  9. Armis. DNS rebinding exposes half a billion IoT devices (2018). https://armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/

  10. Johns, M., Lekies, S., Stock, B.: Eradicating DNS rebinding with the extended same-origin policy. In: King, S.T. (ed.) Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, 14–16 August 2013, pp. 621–636. USENIX Association (2013)

    Google Scholar 

  11. Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.A.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, 28–31 October 2007, pp. 58–71. ACM (2007)

    Google Scholar 

  12. NPM. Whonow dns server. https://www.npmjs.com/package/whonow

  13. Yi, W., Janne, T., Mikael, L.: An analytical model for DNS performance with TTL value 0 in mobile internet. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) TENCON 2006 IEEE Region 10 Conference, pp. 1–4. IEEE (2006)

    Google Scholar 

  14. Cohen, E., Kaplan, H.: Proactive caching of DNS records: addressing a performance bottleneck. Comput. Netw. 41(6), 707–726 (2003)

    Article  Google Scholar 

  15. Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. ACM Trans. Web 3(1), 2:1–2:26 (2009)

    Article  Google Scholar 

  16. Princeton University. DNS attack scenario. http://sip.cs.princeton.edu/

  17. Dean, D., Felten, E.W., Wallach, D.S.: Java security: from hotjava to netscape and beyond. In: 1996 IEEE Symposium on Security and Privacy, 6–8 May 1996, Oakland, CA, USA, pp. 190–200. IEEE Computer Society (1996)

    Google Scholar 

  18. Xin, H., Wang, Y., Zhao, R.: Research on the influence of DNS rebinding on router and its protection strategy. Chengdu Inst. Inf. Eng. 29(6) (2014)

    Google Scholar 

  19. Pandiaraja, P., Parasuraman, S.: Applying secure authentication scheme to protect dns from rebinding attack using proxy. In: 2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015], pp. 1–6. IEEE (2015)

    Google Scholar 

  20. Gupta, S., Gupta, B.B.: JS-SAN: defense mechanism for html5-based web applications against javascript code injection vulnerabilities. Secur. Commun. Netw. 9(11), 1477–1495 (2016)

    Article  Google Scholar 

  21. Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., Freisleben, B.: Why eve and mallory love android: an analysis of android SSL (in)security. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) The ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, USA, 16–18 October 2012, pp. 50–61. ACM (2012)

    Google Scholar 

  22. Fahl, S., Harbach, M., Perl, H., Koetter, M., Smith, M.: Rethinking SSL development in an appified world. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 49–60. ACM (2013)

    Google Scholar 

  23. Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) The ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, USA, 16–18 October 2012, pp. 38–49. ACM (2012)

    Google Scholar 

  24. Wurster, G., van Oorschot, P.C.: The developer is the enemy. In: Bishop, M., Probst, C.W., Keromytis, A.D., Somayaji, A. (eds.) Proceedings of the 2008 Workshop on New Security Paradigms, Lake Tahoe, CA, USA, 22–25 September 2008, pp. 89–97. ACM (2008)

    Google Scholar 

  25. Wijayarathna, C., Arachchilage, N.A.G.: Why Johnny can’t develop a secure application? A usability analysis of java secure socket extension API. Comput. Secur. 80, 54–73 (2019)

    Article  Google Scholar 

  26. Mindermann, K., Wagner, S.: Usability and security effects of code examples on crypto apis. In: McLaughlin, K., et al. (eds.) 16th Annual Conference on Privacy, Security and Trust, PST 2018, Belfast, Northern Ireland, Uk, 28–30 August 2018, pp. 1–2. IEEE Computer Society (2018)

    Google Scholar 

  27. Brahmasani, S., Sivasankar, E.: Two level verification for detection of DNS rebinding attacks. Int. J. Syst. Assur. Eng. Manag. 4(2), 138–145 (2013)

    Article  Google Scholar 

  28. Acar, G., Huang, D.Y., Li, F., Narayanan, A., Feamster, N.: Web-based attacks to discover and control local iot devices. In: Proceedings of the 2018 Workshop on IoT Security and Privacy, IoT S&P@SIGCOMM 2018, Budapest, Hungary, 20 August 2018, pp. 29–35. ACM (2018)

    Google Scholar 

  29. MSRC: Prevent a worm by updating remote desktop services (cve-2019-0708). https://msrc-blog.microsoft.com/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

  30. Feng, X., Li, Q., Wang, H., Sun, L.: Acquisitional rule-based engine for discovering internet-of-thing devices. In: 27th USENIX Security Symposium USENIX Security 18), pp. 327–341 (2018)

    Google Scholar 

  31. Wang, W., Shang, Y., He, Y., Li, Y., Liu, J.: Botmark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf. Sci. 511, 284–296 (2020)

    Article  Google Scholar 

  32. Li, L., et al.: Creditcoin: a privacy-preserving blockchain-based incentive announcement network for communications of smart vehicles. IEEE Trans. Intell. Transp. Syst. 19(7), 2204–2220 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing, China

    Xudong He, Jian Wang, Jiqiang Liu, Zhen Han & Wei Wang

  2. State Grid Henan Electric Power Research Institute, Zhengzhou, China

    Zhuo Lv

  3. Division of Computer, Electrical and Mathematical Sciences and Engineering (CEMSE), King Abdullah University of Science and Technology (KAUST), Thuwal, 23955-6900, Saudi Arabia

    Wei Wang

Authors
  1. Xudong He
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiqiang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhuo Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian Wang .

Editor information

Editors and Affiliations

  1. Tianjin University, Tianjin, China

    Guangquan Xu

  2. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  3. University of Aizu, Aizuwakamatsu, Japan

    Chunhua Su

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

He, X., Wang, J., Liu, J., Han, Z., Lv, Z., Wang, W. (2020). DNS Rebinding Detection for Local Internet of Things Devices. In: Xu, G., Liang, K., Su, C. (eds) Frontiers in Cyber Security. FCS 2020. Communications in Computer and Information Science, vol 1286. Springer, Singapore. https://doi.org/10.1007/978-981-15-9739-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-9739-8_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-9738-1

  • Online ISBN: 978-981-15-9739-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation