            TY  - JOUR
T1  - Security Assessment of Modern Data Aggregation Platforms in the Internet of Things
AU  - Sándor, Hunor
AU  - Genge, Béla
AU  - Gál, Zoltán
PY  - 2015
DA  - September
JF  - International Journal of Information Security Science
JO  - IJISS
PB  - Şeref SAĞIROĞLU
WT  - DergiPark
SN  - 2147-0030
SP  - 92
EP  - 103
VL  - 4
IS  - 3
LA  - en
AB  - With the popularity of the Internet of Things on the rise, sensor networks have become essential parts of traditional Information and Communication Technology (ICT) infrastructures in a wide variety of applications. However, their increasing complexity, inter-connectivity, and pervasive implementation, exposes these infrastructures to a large variety of security threats. As a result, practical security analysis needs to be performed to evidentiate the possible vulnerable points in IoT infrastructures.In this work we consider a typical architecture of a data aggregation platform with publish-subscribe support composed of interconnected sensor and ICT infrastructures. We present a comprehensive threat analysis by considering the availability, integrity, and confidentiality security objectives. We describe the experimental results of a case study performed on a real, laboratory-scale implementation of an IoT-based application. Finally, we demonstrate that modern IoT-based software are susceptible to cyber attacks that use traditional attack vectors and recently reported vulnerabilities, e.g., Heartbleed and Shellshock.
KW  - —Sensor Data Aggregation
KW  - Heterogeneous Infrastructures
KW  - Threat Analysis
KW  - Attack Tree
CR  - K. Ahmed and M. Gregory, “Integrating wireless sensor net- works with cloud computing,” in Mobile Ad-hoc and Sensor Networks (MSN), 2011 Seventh International Conference on. IEEE, 2011, pp. 364–366.
CR  - C. Alcaraz and J. Lopez, “A security analysis for wireless sensor mesh networks in highly critical systems,” Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 40, no. 4, pp. 419–428, 2010.
CR  - T. Bakıcı, E. Almirall, and J. Wareham, “A smart city initiative: the case of barcelona,” Journal of the Knowledge Economy, vol. 4, no. 2, pp. 135–148, 2013.
CR  - N. Bressan, L. Bazzaco, N. Bui, P. Casari, L. Vangelista, and M. Zorzi, “The deployment of a smart monitoring system using wireless sensor and actuator networks,” in Smart Grid Com- munications (SmartGridComm), 2010 First IEEE International Conference on.
CR  - Z. Durumeric, J. Kasten, D. Adrian, J. A. Halderman, M. Bailey, F. Li, N. Weaver, J. Amann, J. Beekman, M. Payer et al., “The matter of heartbleed,” in Proceedings of the 2014 Conference on Internet Measurement Conference.
CR  - A. C. Geary, “Analysis of a man-in-the-middle attack on the diffie-hellman key exchange protocol,” DTIC Document, Tech. Rep., 2009.
CR  - B. Genge, P. Haller, A. Gligor, and A. Beres, “An approach for cyber security experimentation supporting sensei/iot for smart grid,” in 2nd International Symposium on Digital Forensics and Security, 2014.
CR  - B. Genge, A. Beres, and P. Haller, “A survey on cloud-based software platforms to implement secure smart grids,” in Power Engineering Conference (UPEC), 2014 49th International Uni- versities.
CR  - M. M. Hassan, B. Song, and E.-N. Huh, “A framework of sensor-cloud integration opportunities and challenges,” in Pro- ceedings of the 3rd international conference on Ubiquitous information management and communication. pp. 618–626. ACM, 2009,
CR  - S. Hernan, S. Lambert, T. Ostwald, and A. Shostack, “Threat modeling-uncover security design flaws using the stride ap- proach,” MSDN Magazine-Louisville, pp. 68–75, 2006.
CR  - J. M. Hern´andez-Mu˜noz, J. B. Vercher, L. Mu˜noz, J. A. Galache, M. Presser, L. A. H. G´omez, and J. Pettersson, Smart cities at the forefront of the future internet.
CR  - B. M¨oller, T. Duong, and K. Kotowicz, “This poodle bites: Exploiting the ssl 3.0 fallback,” 2014.
CR  - S. Ozdemir and Y. Xiao, “Secure data aggregation in wireless sensor networks: A comprehensive overview,” Computer Net- works, vol. 53, no. 12, pp. 2022–2037, 2009.
CR  - S. Roy, M. Conti, S. Setia, and S. Jajodia, “Secure data aggre- gation in wireless sensor networks: Filtering out the attacker’s impact,” Information Forensics and Security, IEEE Transactions on, vol. 9, no. 4, pp. 681–694, 2014.
CR  - Y. Sang, H. Shen, Y. Inoguchi, Y. Tan, and N. Xiong, “Secure data aggregation in wireless sensor networks: A survey,” in Parallel and Distributed Computing, Applications and Tech- nologies, 2006. PDCAT’06. Seventh International Conference on.
CR  - B. Schneier, “Attack trees,” Dr. Dobbs journal, vol. 24, no. 12, pp. 21–29, 1999.
CR  - F. Touati, R. Tabish, and A. Ben Mnaouer, “Towards u-health: an indoor 6lowpan based platform for real-time healthcare monitoring,” in Wireless and Mobile Networking Conference (WMNC), 2013 6th Joint IFIP. [18] D. A. Wheeler, “Shellshock,” http://www.dwheeler.com/essays/shellshock.html, [Online; accessed 22-February-2015]. 2014,
CR  - M. Yoon, M. Jang, H.-I. Kim, and J.-W. Chang, “A signature- based data security technique for energy-efficient data aggre- gation in wireless sensor networks,” International Journal of Distributed Sensor Networks, vol. 2014, 2014.
CR  - Q. Zhu, R. Wang, Q. Chen, Y. Liu, and W. Qin, “Iot gateway: Bridgingwireless sensor networks into internet of things,” in Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on.
UR  - https://dergipark.org.tr/en/pub/ijiss/article/167845
L1  - https://dergipark.org.tr/en/download/article-file/147949
ER  -