Cargando…

A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things

Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing...

Descripción completa

Detalles Bibliográficos
Autores principales: Costa Gondim, João José, de Oliveira Albuquerque, Robson, Clayton Alves Nascimento, Anderson, García Villalba, Luis Javier, Kim, Tai-Hoon
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2016
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5134514/
https://www.ncbi.nlm.nih.gov/pubmed/27827931
http://dx.doi.org/10.3390/s16111855
_version_ 1782471469928808448
author Costa Gondim, João José
de Oliveira Albuquerque, Robson
Clayton Alves Nascimento, Anderson
García Villalba, Luis Javier
Kim, Tai-Hoon
author_facet Costa Gondim, João José
de Oliveira Albuquerque, Robson
Clayton Alves Nascimento, Anderson
García Villalba, Luis Javier
Kim, Tai-Hoon
author_sort Costa Gondim, João José
collection PubMed
description Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing functionality rather than security features. Incidents involving attacks have been reported, but without clear characterization and evaluation of threats and impacts. The main purpose of this work is to methodically assess the possible impacts of a specific class–amplified reflection distributed denial of service attacks (AR-DDoS)–against IoT. The novel approach used to empirically examine the threat represented by running the attack over a controlled environment, with IoT devices, considered the perspective of an attacker. The methodology used in tests includes that perspective, and actively prospects vulnerabilities in computer systems. This methodology defines standardized procedures for tool-independent vulnerability assessment based on strategy, and the decision flows during execution of penetration tests (pentests). After validation in different scenarios, the methodology was applied in amplified reflection distributed denial of service (AR-DDoS) attack threat assessment. Results show that, according to attack intensity, AR-DDoS saturates reflector infrastructure. Therefore, concerns about AR-DDoS are founded, but expected impact on abused IoT infrastructure and devices will be possibly as hard as on final victims.
format Online
Article
Text
id pubmed-5134514
institution National Center for Biotechnology Information
language English
publishDate 2016
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-51345142017-01-03 A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things Costa Gondim, João José de Oliveira Albuquerque, Robson Clayton Alves Nascimento, Anderson García Villalba, Luis Javier Kim, Tai-Hoon Sensors (Basel) Article Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing functionality rather than security features. Incidents involving attacks have been reported, but without clear characterization and evaluation of threats and impacts. The main purpose of this work is to methodically assess the possible impacts of a specific class–amplified reflection distributed denial of service attacks (AR-DDoS)–against IoT. The novel approach used to empirically examine the threat represented by running the attack over a controlled environment, with IoT devices, considered the perspective of an attacker. The methodology used in tests includes that perspective, and actively prospects vulnerabilities in computer systems. This methodology defines standardized procedures for tool-independent vulnerability assessment based on strategy, and the decision flows during execution of penetration tests (pentests). After validation in different scenarios, the methodology was applied in amplified reflection distributed denial of service (AR-DDoS) attack threat assessment. Results show that, according to attack intensity, AR-DDoS saturates reflector infrastructure. Therefore, concerns about AR-DDoS are founded, but expected impact on abused IoT infrastructure and devices will be possibly as hard as on final victims. MDPI 2016-11-04 /pmc/articles/PMC5134514/ /pubmed/27827931 http://dx.doi.org/10.3390/s16111855 Text en © 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Costa Gondim, João José
de Oliveira Albuquerque, Robson
Clayton Alves Nascimento, Anderson
García Villalba, Luis Javier
Kim, Tai-Hoon
A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_full A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_fullStr A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_full_unstemmed A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_short A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_sort methodological approach for assessing amplified reflection distributed denial of service on the internet of things
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5134514/
https://www.ncbi.nlm.nih.gov/pubmed/27827931
http://dx.doi.org/10.3390/s16111855
work_keys_str_mv AT costagondimjoaojose amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT deoliveiraalbuquerquerobson amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT claytonalvesnascimentoanderson amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT garciavillalbaluisjavier amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT kimtaihoon amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT costagondimjoaojose methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT deoliveiraalbuquerquerobson methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT claytonalvesnascimentoanderson methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT garciavillalbaluisjavier methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT kimtaihoon methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings