Sensing, communication and security planes: A new challenge for a smart city system design

The proliferation of embedded systems, wireless technologies, and Internet protocols have enabled the Internet of Things (IoT) to bridge the gap between the virtual and physical world through enabling the monitoring and actuation of the physical world controlled by data processing systems. Wireless technologies, despite their offered convenience, flexibility, low cost, and mobility pose unique challenges such as fading, interference, energy, and security, which must be carefully addressed when using resource-constrained IoT devices. To this end, the efforts of the research community have led to the standardization of several wireless technologies for various types of application domains depending on factors such as reliability, latency, scalability, and energy efficiency. In this paper, we first overview these standard wireless technologies, and we specifically study the MAC and physical layer technologies proposed to address the requirements and challenges of wireless communications. Furthermore, we explain the use of these standards in various application domains, such as smart homes, smart healthcare, industrial automation, and smart cities, and discuss their suitability in satisfying the requirements of these applications. In addition to proposing guidelines to weigh the pros and cons of each standard for an application at hand, we also examine what new strategies can be exploited to overcome existing challenges and support emerging IoT applications.

https://hal.archives-ouvertes.fr/hal-02161803/document

Low-Power Wireless for the Internet of Things: Standards and Applications

The Internet of things (IoT) is rapidly growing, and many security issues relate to its wireless technology. These security issues are challenging because IoT protocols are heterogeneous, suit different needs, and are used in different application domains. From this assessment, we identify the need to provide a homogeneous formalism applying to every IoT protocols. In this survey, we describe a generic approach with twofold challenges. The first challenge we tackle is the identification of common principles to define a generic approach to compare IoT protocol stack. We base the comparison on five different criteria: the range, the openness of the protocol, the interoperability, the topology and the security practices of these IoT protocols. The second challenge we consider is to find a generic way to describe fundamental IoT attacks regardless of the protocol used. This approach exposes similar attacks amongst different IoT protocols and is divided into three parts: attacks focusing on packets (passive and active cryptographic attacks), attacks focusing on the protocol (MITM, Flooding, Sybil, Spoofing, Wormhole attacks) and attacks focusing on the whole system (Sinkhole, Selective forwarding attacks). It also highlights which mechanisms are different between two protocols to make both of them vulnerable to an attack. Finally, we draw some lessons and perspectives from this transversal study.

/pdf/a-survey-of-iot-protocols-and-their-security-issues-through-1l8klsjwgt.pdf

A survey of IoT protocols and their security issues through the lens of a generic IoT stack

https://scholar.afit.edu/cgi/viewcontent.cgi?article=1213&context=facpub

The Z-Wave routing protocol and its security implications

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.

https://www.mdpi.com/1424-8220/20/10/2932/pdf

SlowITe, a Novel Denial of Service Attack Affecting MQTT.

The popularity of Wireless Sensor Networks (WSN) is increasing in critical infrastructure, smart metering, and home automation. Of the numerous protocols available, Z-Wave has significant potential for growth in WSNs. As a proprietary protocol, there are few research publications concerning Z-Wave, and thus little is known about the security implications of its use. Z-Wave networks use a gateway controller to manage and control all devices. Vulnerabilities have been discovered in Z-Wave gateways, all of which rely on the gateway to be consistently connected to the Internet. The work herein introduces a new vulnerability that allows the injection of a rogue controller into the network. Once injected, the rogue controller maintains a stealthy, persistent communication channel with all inadequately defended devices. The severity of this type of attack warrants mitigation steps, presented herein.

Rogue Z-Wave controllers: A persistent attack channel

Misuse-based detection of Z-Wave network attacks

ITU-T G.9959 wireless connectivity is increasingly incorporated in the critical infrastructure. However, evaluating the robustness and security of commercially-available products based on this standard is challenging due to the closed-source nature of the transceiver and application designs. Given that ITU-T G.9959 transceivers are being used in smart grids, building security systems and safety sensors, the development of reliable, open-source tools would enhance the ability to monitor and secure ITU-T G.9959 networks. This chapter discusses the ITU-T G.9959 wireless standard and research on ITU-T G.9959 network security. An open-source, software-defined radio implementation of an ITU-T G.9959 protocol sniffer is used to explore several passive reconnaissance techniques and deduce the properties of active network devices. The experimental results show that some properties are observable regardless of whether or not encryption is used. In particular, the acknowledgment response times vary due to differences in vendor firmware implementations.

https://hal.inria.fr/hal-01431003/document

Evaluating ITU-T G.9959 Based Wireless Systems Used in Critical Infrastructure Assets

Wireless physical layer manipulation is a recently discovered technique for selective packet obfuscation. This process exploits the unique and proprietary nature of transceiver designs rather than manufacturing imperfections. To date, preamble manipulation has only successfully been demonstrated on low data rate transceivers operating in the 2.4 GHz band. This Letter investigates the effectiveness of preamble manipulation on common 5 GHz IEEE 802.11a and IEEE 802.11ac wireless transceivers for the first time. Herein it is demonstrated that the preamble short training sequence length can be manipulated to discern among the six transceiver designs under test with greater than 99% accuracy using fewer than 20 packets.

/pdf/efficacy-of-physical-layer-preamble-manipulation-for-ieee-4bja5n07pe.pdf

Efficacy of physical layer preamble manipulation for IEEE 802.11a/ac

Web applications provide a wide array of utilities that are abused by malware as a replacement for traditional attacker-controlled servers. Thwarting these Web App-Engaged (WAE) malware requires rapid collaboration between incident responders and web app providers. Unfortunately, our research found that delays in this collaboration allow WAE malware to thrive. We developed Marsea, an automated malware analysis pipeline that studies WAE malware and enables rapid remediation. Given 10K malware samples, Marsea revealed 893 WAE malware in 97 families abusing 29 web apps. Our research uncovered a 226% increase in the number of WAE malware since 2020 and that malware authors are beginning to reduce their reliance on attacker-controlled servers. In fact, we found a 13.7% decrease in WAE malware relying on attacker-controlled servers. To date, we have used Marsea to collaborate with the web app providers to take down 50% of the malicious web app content.

Jonathan D. Fuller

Papers

Rogue Z-Wave controllers: A persistent attack channel

Misuse-based detection of Z-Wave network attacks

Evaluating ITU-T G.9959 Based Wireless Systems Used in Critical Infrastructure Assets

Efficacy of physical layer preamble manipulation for IEEE 802.11a/ac

Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware