Cargando…
A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing...
Autores principales: | , , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2016
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5134514/ https://www.ncbi.nlm.nih.gov/pubmed/27827931 http://dx.doi.org/10.3390/s16111855 |
_version_ | 1782471469928808448 |
---|---|
author | Costa Gondim, João José de Oliveira Albuquerque, Robson Clayton Alves Nascimento, Anderson García Villalba, Luis Javier Kim, Tai-Hoon |
author_facet | Costa Gondim, João José de Oliveira Albuquerque, Robson Clayton Alves Nascimento, Anderson García Villalba, Luis Javier Kim, Tai-Hoon |
author_sort | Costa Gondim, João José |
collection | PubMed |
description | Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing functionality rather than security features. Incidents involving attacks have been reported, but without clear characterization and evaluation of threats and impacts. The main purpose of this work is to methodically assess the possible impacts of a specific class–amplified reflection distributed denial of service attacks (AR-DDoS)–against IoT. The novel approach used to empirically examine the threat represented by running the attack over a controlled environment, with IoT devices, considered the perspective of an attacker. The methodology used in tests includes that perspective, and actively prospects vulnerabilities in computer systems. This methodology defines standardized procedures for tool-independent vulnerability assessment based on strategy, and the decision flows during execution of penetration tests (pentests). After validation in different scenarios, the methodology was applied in amplified reflection distributed denial of service (AR-DDoS) attack threat assessment. Results show that, according to attack intensity, AR-DDoS saturates reflector infrastructure. Therefore, concerns about AR-DDoS are founded, but expected impact on abused IoT infrastructure and devices will be possibly as hard as on final victims. |
format | Online Article Text |
id | pubmed-5134514 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2016 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-51345142017-01-03 A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things Costa Gondim, João José de Oliveira Albuquerque, Robson Clayton Alves Nascimento, Anderson García Villalba, Luis Javier Kim, Tai-Hoon Sensors (Basel) Article Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing functionality rather than security features. Incidents involving attacks have been reported, but without clear characterization and evaluation of threats and impacts. The main purpose of this work is to methodically assess the possible impacts of a specific class–amplified reflection distributed denial of service attacks (AR-DDoS)–against IoT. The novel approach used to empirically examine the threat represented by running the attack over a controlled environment, with IoT devices, considered the perspective of an attacker. The methodology used in tests includes that perspective, and actively prospects vulnerabilities in computer systems. This methodology defines standardized procedures for tool-independent vulnerability assessment based on strategy, and the decision flows during execution of penetration tests (pentests). After validation in different scenarios, the methodology was applied in amplified reflection distributed denial of service (AR-DDoS) attack threat assessment. Results show that, according to attack intensity, AR-DDoS saturates reflector infrastructure. Therefore, concerns about AR-DDoS are founded, but expected impact on abused IoT infrastructure and devices will be possibly as hard as on final victims. MDPI 2016-11-04 /pmc/articles/PMC5134514/ /pubmed/27827931 http://dx.doi.org/10.3390/s16111855 Text en © 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Costa Gondim, João José de Oliveira Albuquerque, Robson Clayton Alves Nascimento, Anderson García Villalba, Luis Javier Kim, Tai-Hoon A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things |
title | A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things |
title_full | A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things |
title_fullStr | A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things |
title_full_unstemmed | A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things |
title_short | A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things |
title_sort | methodological approach for assessing amplified reflection distributed denial of service on the internet of things |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5134514/ https://www.ncbi.nlm.nih.gov/pubmed/27827931 http://dx.doi.org/10.3390/s16111855 |
work_keys_str_mv | AT costagondimjoaojose amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT deoliveiraalbuquerquerobson amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT claytonalvesnascimentoanderson amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT garciavillalbaluisjavier amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT kimtaihoon amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT costagondimjoaojose methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT deoliveiraalbuquerquerobson methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT claytonalvesnascimentoanderson methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT garciavillalbaluisjavier methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings AT kimtaihoon methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings |