Security of the Internet of Things: Home Network Security Review and Evaluation

Abstract

As a result of Universal Plug-and-Play (UPnP) and Internet of Things (IoT) communication protocols, the number of connections in home networks has expanded, as devices can be connected to each other and to the network more easily and quickly. Over the home network, smart devices such as smart televisions and cleaning robots boost our living comfort and connect us to the entire globe. The fact that the home network is connected to the Internet has therefore revealed the necessity to question the security status of networked smart devices. This study provides an analysis of the security levels of popular home network devices. Using the Python programming language, a program has been developed to detect the presence of UPnP-vulnerable devices on a home network. Using the built application, it was discovered that three out of fifteen network devices support UPnP. In a scenario, an attack was built via the UpNP vulnerability. In this study, the necessity of guaranteeing the security of each IoT device, as well as the security of the home's network and communication techniques, is discussed in depth.

Keywords

• Universal Plug And Play
• UPnP
• IoT
• Vulnerability Scan
• Network Security
• Internet of Things

NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ

Abstract

Evrensel Tak ve Çalıştır (Universal Plug and Play, UPnP) ve IoT iletişim protokolleri sayesinde cihazların birbirleriyle ve ağ ile bağlantıları çok daha kolay ve hızlı yapılabildiğinden ev ağındaki bağlantı sayısı da artmıştır. Akıllı televizyonlar ve temizlik robotları gibi akıllı cihazlar, yaşam konforumuzu artırmakta ve ev ağı üzerinden tüm dünyaya bağlantı sağlar hale gelmiştir. Bu nedenle, ev ağının internete bağlı olduğu gerçeği ağdaki akıllı cihazların güvenlik durumlarının sorgulanması ihtiyacını ortaya çıkarmıştır. Bu çalışmada, ev ağı içerisindeki popüler cihazların güvenlik seviyelerinin analiz edilmesi sağlanmıştır. Ev Ağı içerisinde UPnP zafiyetine sahip cihazların varlığını tespit etmek için Python yazılım dili kullanılarak uygulama geliştirilmiştir. Geliştirilen uygulama kullanılarak ev ağı içerisindeki 15 adet cihazdan 3 adet cihazın UPnP açıklığına sahip olduğu görülmüştür. Bir senaryo içerisinde UpNP açıklığı kullanılarak saldırı uygulaması gerçekleştirilmiştir. Bu çalışma ile evdeki ağ ve iletişim yöntemleri güvenliğinin yanında her bir IoT cihazın güvenliğinin sağlanmasının gerekliliği ayrıntılı olarak sunulmuştur.

Keywords

• Evrensel Tak ve Çalıştır
• UPnP
• IoT
• Güvenlik Açığı Tarama
• Ağ Güvenliği
• Nesnelerin İnterneti

References

1. 1. Amro, A., (2020) IoT Vulnerability Scanning: A State of the Art, European Symposium on Research in Computer Security 2020 International Workshops, Cyber-Physical Systems, Sociedad Espanola de Cirugia Plastica Reparadora y Estetica, and Attacks and Defenses for Internet-of-Things, Guildford, UK. doi: 10.1007/978-3-030-64330-0_6
2. 2. Antrobus, R., Green, B., Freyy, S., ve Rashidz, A. (2019) The forgotten I in IIoT: A vulnerability scanner for industrial Internet of Things, Living in the Internet of Things (IoT 2019). doi: 10.1049/cp.2019.0126
3. 3. Deepak K.R. Singh, (2020) Cyber Security and Internet of Things, International Journal of Computer Techniques, Volume 7 Issue 6
4. 4. Huang, Y., Zhu, F., Liu, L., Meng, W., Hu, S., Ye, R. ve Lu, T. (2021) WNV-Detector: automated and scalable detection of wireless network vulnerabilities EURASIP Journal on Wireless Communications and Networking. doi: 10.1186/s13638-021-01978-4
5. 5. Intal Tayag, M., Napalit, F. ve Napalit, A. (2020) IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compromising Personal Data Privacy, International Journal of Computer Science & Information Technology (IJCSIT) Vol 12, No 5. doi: 10.5121/ijcsit.2020.12503
6. 6. Kayas, G., Hossain, M., Payton, J. ve Riazul Islam, S. M. (2020) An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). doi: 10.1109/IEMCON51383.2020.9284885
7. 7. Malhotra, P., Singh, Y., Anand, P., Kumar Bangotra, D., Kumar Singh, P. ve Hong, W., (2021) Internet of Things: Evolution, Concerns and Security Challenges, Sensors. doi: 10.3390/s21051809
8. 8. McDaid, A., Furey, E. ve Curran, K. (2021) Wireless Interference Analysis for Home IoT Security Vulnerability Detection, International Journal of Wireless Networks and Broadband Technologies. doi: 10.4018/IJWNBT.2021070104

9. 9. Mehic, M., Selimovic, N. ve Komosny, D. (2019) About the Connectivity of Xiaomi Internet-of-Things Smart Home Devices Conference: 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT). doi: 10.1109/ICAT47117.2019.8939043
10. 10. Meidan, Y., Sachidananda, V., Peng, H., Sagron, R., Elovici, Y. ve Shabtai, A. (2020) A novel approach for detecting vulnerable IoT devices connected behind a home NAT Computers & Security Volume 97. doi: 10.1016/j.cose.2020.101968
11. 11. Olsson, T. ve Larsson Forsberg, A. (2019) IoT Offensive Security Penetration Testing Hacking a Smart Robot Vacuum Cleaner, Computer Science
12. 12. Patel, B. ve Shah, P. (2020) Simulation, modelling and packet sniffing facilities for IoT: A systematic analysis, International Journal of Electrical and Computer Engineering (IJECE) Vol. 10, No. 3
13. 13. Raghuvanshi, A., Dr. Kumar Singh, U., Bulla, C., Dr. Saxena, M., ve Abadar, K. (2020) An Investigation on Detection of Vulnerabilities in Internet of Things, European Journal of Molecular & Clinical Medicine Volume 07, Issue 10
14. 14. Shreenidhi H.S., Prabakar, S. ve P Ashish Kumar, (2021) Intrution detection system Using IoT device for safety and security, 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Amity University Dubai, UAE. doi: 10.1109/ICCIKE51210.2021.9410730
15. 15. Upadhyay, S., Kumar, S. ve Dutta, S. (2019) Vulnerability scanning in IOT Devices, Conference: ICICD 2018 At: University of Petroleum and Energy Studies
16. 16. Williams, R., McMahon, E., Samtani, S., Patton, M. ve Chen, H. (2017) Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). doi: 10.1109/ISI.2017.8004904
17. 17. Yadav, G., Paul, K., Allakany, A. ve Okamura, K. (2020) IoT-PEN: An E2E Penetration Testing Framework for IoT, Journal of Information Processing Vol.28 633–642. doi: 10.2197/ipsjjip.28.633