PIT: A probe into internet of things by comprehensive security analysis

Vinay Sachidananda, Suhas Bhairav, Nirnay Ghosh, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

One of the major issues which are hindering widespread and seamless adoption of Internet of Thing (IoT) is security. The IoT devices are vulnerable and susceptible to attacks which became evident from a series of recent large-scale distributed denial-of-service (DDoS) attacks, leading to substantial business and financial losses. Furthermore, in order to find vulnerabilities in IoT, there is a lack of comprehensive security analysis framework. In this paper, we present a modular, adaptable and tunable framework, called PIT, to probe IoT systems at different layers of design and implementation. PIT consists of several security analysis engines, viz., penetration testing, fuzzing, static analysis, and dynamic analysis and an exploitation engine to discover multiple IoT vulnerabilities, respectively. We also develop a novel grey-box fuzzer, called Applica, as a part of the fuzzing engine to overcome the limitations of the present day fuzzers. The proposed framework has been evaluated on a real-world IoT testbed comprising of the state-of-the-art devices. We discovered several network and system-level vulnerabilities such as Buffer Overflow, Denial-of-Service, SQL Injection, etc., and successfully exploited them to demonstrate the presence of security loopholes in the IoT devices.

Original languageAmerican English
Title of host publicationProceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019
Pages522-529
Number of pages8
ISBN (Electronic)9781728127767
DOIs
StatePublished - 1 Aug 2019
Externally publishedYes
Event18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019 - Rotorua, New Zealand
Duration: 5 Aug 20198 Aug 2019

Publication series

NameProceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019

Conference

Conference18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019
Country/TerritoryNew Zealand
CityRotorua
Period5/08/198/08/19

Keywords

  • Framework
  • Fuzzing
  • Internet of Things
  • Security Analysis
  • Security and Privacy
  • Vulnerability

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Software
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'PIT: A probe into internet of things by comprehensive security analysis'. Together they form a unique fingerprint.

Cite this