Global ETD Search

21	Ethical Hacking of a Smart IoT Camera : A Penetration Test on D-Link DCS 8515-LH Smart Camera / Etisk hackning av en smart IoT-Kamera : Ett Penetrationstest på D-Link DCS 8515-LH Smart Kamera Zhuang, Chunyu January 2023 (has links) The trending usage of IoT devices raises serious security concerns. IoT devices have complete access to users’ network environments. In the eyes of hackers, the value of IoT devices is exceptionally high. From minor disturbances to major crimes, all could happen in no time with compromised IoT devices. As the IoT devices collects sensitive data, properly protect users’ privacy is also a crucial aspect for IoT devices. Thus, IoT devices need to be secure enough against modern cyber-attacks. In this work, a smart camera DCS-8515LH from D-Link is under penetration tests. Threat modeling is first performed as an analysis of the IoT system following by a dozen cyber attacks targeting this smart camera. The penetration tests provide valuable information that can reveal the smart camera’s vulnerability and weakness, such as security misconfiguration, vulnerability to DoS attacks. The smart camera is discovered to be vulnerable to DoS attacks and exploits on the zero-configuration protocol. Several weaknesses which violate the users’ privacy exist in the mobile application and Android storage system. This work evaluated all the vulnerabilities and weaknesses discovered from a security aspect. This report exposes attacks that are effective on the smart camera and also serves as a fundamental basis for future penetration tests on this smart camera. / I detta arbete är en smart kamera DCS-8515LH från D-Link under penetrationstester. Hotmodellering utförs först som en analys av IoT-systemet följt av ett dussin cyberattacker riktade mot denna smarta kamera. Penetrationstesterna ger värdefull information som kan avslöja den smarta kamerans sårbarhet och svaghet, såsom säkerhetsfelkonfiguration, sårbarhet för Dos-attacker. Den smarta kameran har upptäckts vara sårbar för DoS-attacker och utnyttjande av nollkonfigurationsprotokollet. Flera svagheter som kränker användarnas integritet finns i mobilapplikationen och Android-lagringssystemet. Detta arbete utvärderade alla sårbarheter och svagheter som upptäckts ur en säkerhetsaspekt. Den här rapporten avslöjar attacker som är effektiva på den smarta kameran och fungerar också som en grundläggande bas för framtida penetrationstester på denna smarta kamera. Cybersecurity IoT security IoT camera IoT devices Penetration testing Ethical hacking Threat modeling Cybersäkerhet IoT säkerhet IoT Kamera Penetrationstestning Etisk hacking Hotmodellering Computer and Information Sciences Data- och informationsvetenskap
22	Security and Privacy Concerns for IoTAdoption : A User Perspective Mazvimba, Dennis January 2022 (has links) The Internet of Things (IoT) is one of the most rapidly evolving technologies aroundthe globe that has changed the way people live due to the benefits that comes with itsadoption. However, they have been associated with privacy and security risks. Witha focus on technical mechanisms and a lack of attention to consumer concerns over along time, it is unsurprising that manufacturers lack an understanding of consumersecurity and privacy concerns. While there has been significant empirical researchwarranting consumer concerns, their perceptions remain afoot.The purpose of this study is to understand the consumer privacy and securityperceptions associated with adoption of IoT devices within a smart home. Without an understanding of the consumer perceptions on privacy and security issues, manu-facturers may not address these issues which may hinder the adoption of IoT. While a significant number of studies have shown the privacy and security issues surrounding IoT devices, they have only extended to technical issues, mostly from the manufac-turer’s perspective. Since security is a complex issue involving several stakeholders, these studies cannot be applied from a consumer perspective.In this study we adopt an interpretive philosophical orientation and a qualitativeapproach. In depth interviews are used to collect data from smart homeowners,investigating their perceptions of smart home privacy issues. We have identified threesignificant recurring themes that need to be addressed: ethical and regulatory issues,information control and ownership, and technology design issues. IoT security concerns IoT privacy concerns smart-home privacy Internet-of Things adoption Information Systems, Social aspects
23	Ethical Hacking of a Smart Plug Achkoudir, Rami, Alsaadi, Zainab January 2021 (has links) The number of Internet of Things (IoT) devices is growing rapidly which introduces plenty of new challenges concerning the security of these devices. This thesis aims to contribute to a more sustainable IoT environment by evaluating the security of a smart plug. The DREAD and STRIDE methods were used to assess the potential threats and the threats with the highest potential impact were penetration tested in order to test if there were any security preventions in place. The results from the penetration tests presented no major vulnerabilities which bring us to the conclusion that the Nedis Smart Plug has implemented enough security measures. / Antalet Internet of Things (IoT) -enheter växer snabbt vilket medför många nya utmaningar när det gäller säkerheten för dessa enheter. Denna avhandling syftar till att bidra till en mer hållbar IoT-miljö genom att utvärdera säkerheten för en smart plug. Metoderna DREAD och STRIDE användes för att bedöma de potentiella hoten och hoten med störst potentiell påverkan penetrerades för att testa om det fanns några säkerhetsförebyggande åtgärder. Resultaten från penetrationstesterna presenterade inga större sårbarheter som ledde oss till slutsatsen att Nedis Smart Plug har genomfört tillräckliga säkerhetsåtgärder. Internet of Things IoT penetration test ethical hacking IoT security threat model Internet of Things IoT penetrationstest etisk hacking IoT säkerhet hotbedömning Computer and Information Sciences Data- och informationsvetenskap
24	Exploring IoT Security Threats and Forensic Challenges: A LiteratureReview and Survey Study Al Allaf, Abdulrahman, Totonji, Waseem January 2023 (has links) Internet of Things (IoT) devices have increased rapidly in recent years, revolutionizing many industries, including healthcare, manufacturing, and transportation, and bringing benefits to both individuals and industries. However, this increase in IoT device usage has exposed IoT ecosystems to numerous security threats and digital forensic challenges. This thesis investigates the most common IoT security threats and attacks, students’ awareness of them and their mitigation strategies, and the key challenges associated with IoT forensic investigations. A mixed-method approach is adopted in this thesis combining a literature review and a survey study. The survey assesses students’ knowledge of IoT security threats, mitigation techniques, and perceptions of the most effective ways to enhance IoT security. The survey also emphasizes the importance of user training and awareness in mitigating IoT threats, highlighting the most effective strategies, such as stronger regulations and improved device security by manufacturers. The literature review provides a comprehensive overview of the most common IoT security threats and attacks, such as malware, malicious code injection, replay attacks, Man in the Middle (MITM), botnets, and Distributed Denial of Service Attacks (DDoS). The mitigation techniques to these threats are overviewed as well as real-world incidents and crimes, such as the Mirai botnet, St. Jude Medical implant cardiac devices hack, and the Verkada hack, are examined to understand the consequences of these attacks. Moreover, this work also highlights the definition and the process of digital and IoT forensics, the importance of IoT forensics, and different data sources in IoT ecosystems. The key challenges associated with IoT forensics and how they impact the effectiveness of digital investigations in the IoT ecosystem are examined in detail. Overall, the results of this work contribute to ongoing research to improve IoT device security, highlight the importance of increased awareness and user training, and address the challenges associated with IoT forensic investigations. Internet of Things IoT security IoT threats IoT attacks Digital forensics IoT forensic IoT forensic challenges Cloud forensics Network forensics Computer and Information Sciences Data- och informationsvetenskap
25	Building the Intelligent IoT-Edge: Balancing Security and Functionality using Deep Reinforcement Learning Anand A Mudgerikar (11791094) 19 December 2021 (has links) <div>The exponential growth of Internet of Things (IoT) and cyber-physical systems is resulting in complex environments comprising of various devices interacting with each other and with users. In addition, the rapid advances in Artificial Intelligence are making those devices able to autonomously modify their behaviors through the use of techniques such as reinforcement learning (RL). There is thus the need for an intelligent monitoring system on the network edge with a global view of the environment to autonomously predict optimal device actions. However, it is clear however that ensuring safety and security in such environments is critical. To this effect, we develop a constrained RL framework for IoT environments that determines optimal devices actions with respect to user-defined goals or required functionalities using deep Q learning. We use anomaly based intrusion detection on the network edge to dynamically generate security and safety policies to constrain the RL agent in the framework. We analyze the balance required between ‘safety/security’ and ‘functionality’ in IoT environments by manipulating the exploration of safe and unsafe benefit state spaces in the RL framework. We instantiate the framework for testing on application layer control in smart home environments, and network layer control including network functionalities like rate control and routing, for SDN based environments.</div> Theoretical Computer Science Applied Computer Science Internet of Things (IoT), Deep Reinforcement Learning (DRL) Network security IOT SECURITY Software Defined Networks
26	INTERNET OF THINGS SYSTEMS SECURITY: BENCHMARKING AND PROTECTION Naif S Almakhdhub (8810120) 07 May 2020 (has links) <div><p>Internet of Things (IoT) systems running on Microcontrollers (MCUS) have become a prominent target of remote attacks. Although deployed in security and safety critical domains, such systems lack basic mitigations against control-flow hijacking attacks. Attacks against IoT systems already enabled malicious takeover of smartphones, vehicles, unmanned aerial vehicles, and industrial control systems.</p></div><div><p> </p><div><p>The thesis introduces a systemic analysis of previous defense mitigations to secure IoT systems. Building off this systematization, we identify two main issues in IoT systems security. First, efforts to protect IoT systems are hindered by the lack of realistic benchmarks and evaluation frameworks. Second, existing solutions to protect from control-flow hijacking on the return edge are either impractical or have limited security guarantees. This thesis addresses these issues using two approaches. </p></div><div><p> </p></div><div><p>First, we present BenchIoT, a benchmark suite of five realistic IoT applications and an evaluation framework that enables automated and extensible evaluation of 14 metrics covering security, performance, memory usage, and energy. BenchIoT enables evaluating and comparing security mechanisms. Using BenchIoT, we show that even if two security mechanisms have similarly modest runtime overhead, one can have undesired consequences on security such as a large portion of privileged user execution.</p></div><div><p> </p></div><div><p>Second, we introduce Return Address Integrity (RAI), a novel security mechanism to prevent all control-flow hijacking attacks targeting return edges, without requiring special hardware. We design and implement μRAI to enforce the RAI property. Our results show μRAI has a low runtime overhead of 0.1% on average, and therefore is a</p></div><div><p>practical solution for IoT systems. </p></div><div><p> </p></div><div><p>This thesis enables measuring the security IoT systems through standardized benchmarks and metrics. Using static analysis and runtime monitors, it prevents control-flow hijacking attacks on return edges with low runtime overhead. Combined, this thesis advances the state-of-the-art of protecting IoT systems and benchmarking its security.</p></div></div> Computer Engineering Applied Computer Science Computer System Security Cyber security Computer Security System Security Software Security Embedded Systems Security IoT Security Internet of things(IoT) control-flow hijacking embedded systems Cybersecurity
27	PROGRAM ANOMALY DETECTION FOR INTERNET OF THINGS Akash Agarwal (13114362) 01 September 2022 (has links) <p>Program anomaly detection — modeling normal program executions to detect deviations at runtime as cues for possible exploits — has become a popular approach for software security. To leverage high performance modeling and complete tracing, existing techniques however focus on subsets of applications, e.g., on system calls or calls to predefined libraries. Due to limited scope, it is insufficient to detect subtle control-oriented and data-oriented attacks that introduces new illegal call relationships at the application level. Also such techniques are hard to apply on devices that lack a clear separation between OS and the application layer. This dissertation advances the design and implementation of program anomaly detection techniques by providing application context for library and system calls making it powerful for detecting advanced attacks targeted at manipulating intra- and inter-procedural control-flow and decision variables. </p> <p><br></p> <p>This dissertation has two main parts. The first part describes a statically initialized generic calling context program anomaly detection technique LANCET based on Hidden Markov Modeling to provide security against control-oriented attacks at program runtime. It also establishes an efficient execution tracing mechanism facilitated through source code instrumentation of applications. The second part describes a program anomaly detection framework EDISON to provide security against data-oriented attacks using graph representation learning and language models for intra and inter-procedural behavioral modeling respectively.</p> <p><br> This dissertation makes three high-level contributions. First, the concise descriptions demonstrates the design, implementation and extensive evaluation of an aggregation-based anomaly detection technique using fine-grained generic calling context-sensitive modeling that allows for scaling the detection over entire applications. Second, the precise descriptions show the design, implementation, and extensive evaluation of a detection technique that maps runtime traces to the program’s control-flow graph and leverages graphical feature representation to learn dynamic program behavior. Finally, this dissertation provides details and experience for designing program anomaly detection frameworks from high-level concepts, design, to low-level implementation techniques.</p> Software and application security System and network security Deep learning Neural networks Semi- and unsupervised learning Application Security Software security Anomaly detection (Computer security) Software instrumentation Cyber-physical systems (CPS) Deep Learning Applications IoT Security data-oriented attacks control-oriented attacks Memory Corruption Hidden Markov model, HMM

Page generated in 0.0706 seconds