iot d dos prevention and corporate responsibility
play

IoT (D)DoS prevention and corporate responsibility A model to - PowerPoint PPT Presentation

Jan 08, 2024 •38 likes •668 views

IoT (D)DoS prevention and corporate responsibility A model to prevent internet pollution and liability claims alike S. Scholtes June 7, 2019 Research Project 2 Master of System and Network Engineering Institute of Informatics University of

  1. IoT (D)DoS prevention and corporate responsibility A model to prevent internet pollution and liability claims alike S. Scholtes June 7, 2019 Research Project 2 Master of System and Network Engineering Institute of Informatics University of Amsterdam

  2. Outline • Motivation • Growth aspects • Legislative developments • Related work • Research question • Model • Conclusion • Discussion • Future work 1

  3. Introduction

  4. Motivation (D)DoS & IoT growth (D)DoS attacks: [5] [4] 1. 620Gbps attack - 20 September 2016 on KrebsOnSecurity.com. 2. 990Gbps attack - 22 September 2016 on hosting provider OVH. 3. 1.2Tbps attack - October 2016 on DNS provider Dyn. 4. 1.3Tbps attack - February 2018 on on Github. 5. 1.7Tbps (alleged) - February 2018, victim undisclosed. 2

  5. Motivation (D)DoS & IoT growth (D)DoS attacks: [5] [4] 1. 620Gbps attack - 20 September 2016 on KrebsOnSecurity.com. 2. 990Gbps attack - 22 September 2016 on hosting provider OVH. 3. 1.2Tbps attack - October 2016 on DNS provider Dyn. 4. 1.3Tbps attack - February 2018 on on Github. 5. 1.7Tbps (alleged) - February 2018, victim undisclosed. IoT growth: [8] 1. 2019 - 14.2 billion ”things” in use. 2. 2021 - 25 billion ”things” in use. 3. 76.05% growth in 2 years. 2

  6. Legislative (international) Viktor Vitowsky: [14] 1. Make IoT manufacturers liable based on section 5 from the Federal Trade Commission (FTC). 2. Businesses damaged by IoT launched DDoS attacks could bring civil claims. Senator Mark R. Warner asked the Federal Communications Commission (FCC): [15] 1. Internet Service Provider (ISP) policing. 2. Minimum technical security standards defined by the FCC. 3

  7. Legislative (national) House of representatives asked the Ministry of Justice and Security: [9] 1. Develop a quality mark or control stamp 2. internet service providers (ISP) and telecommunication companies have enough capabilities to detect insecure IoT devices. 4

  8. Research question How can organisations prevent contributing to Internet of Things denial of service attacks? 5

  9. Research question How can organisations prevent contributing to Internet of Things denial of service attacks? 1. Detection methods 5

  10. Research question How can organisations prevent contributing to Internet of Things denial of service attacks? 1. Detection methods 2. Prevention methods 5

  11. Research question How can organisations prevent contributing to Internet of Things denial of service attacks? 1. Detection methods 2. Prevention methods 3. Minimise contribution 5

  12. Related Work • Muhammad UmarFarooq et al. and Antoine Gallais et al. list different IoT security attacks [6] [7]. • Mukrimah Nawir et al. shows the taxonomy of attacks in IoT environments [12]. • Elike Hodo et al. uses an artificial neural network to detect threats in an IoT environment [10]. • Andria Procopiou et al. developed ”ForChaos” which detects denial of service attacks using forecasting and chaos theory [13]. • Daniel Jeswin Nallathambi et al. use honeypots to mitigate denial of service attacks in IoT environments [2] • A blockchain mitigation solution is presented by Minhaj Ahmad Khan et al. [11]. 6

  13. Model

  14. IoT architecture 7 Figure 1: IoT architecture (Adapted from: [3][6][1])

  15. IoT defensive layers Figure 2: IoT defensive layers 8

  16. Module overview Figure 3: Module overview 9

  17. (D)DoS Detection Module (DDM)

  18. (D)DoS Detection Module (DDM) logic Figure 4: Detection methods 10

  19. (D)DoS Detection Module (DDM) logic Figure 5: Anomaly logic 11

  20. (D)DoS Detection Module (DDM) logic Figure 6: Threshold detection 12

  21. (D)DoS Detection Module (DDM) logic Figure 7: Signature detection 13

  22. (D)DoS Detection Module (DDM) logic Figure 8: Statistic collector 14

  23. Control Module (CM)

  24. Control Module (CM) logic Figure 9: Statistic extractor 15

  25. Control Module (CM) logic Figure 10: Threat analyser 16

  26. Control Module (CM) logic Figure 11: Lower modules information pass-through 17

  27. Mitigation Decision Module (MDM)

  28. Mitigation Decision Module (MDM) logic Figure 12: Emergency ACL 18

  29. Mitigation Decision Module (MDM) logic Figure 13: IoT controller update push check 19

  30. Mitigation Decision Module (MDM) logic Figure 14: IoT controller update push check 20

  31. Mitigation Decision Module (MDM) logic Figure 15: Reporting implemented mitigation solutions 21

  32. Mitigation Decision Module (MDM) logic Figure 16: Reporting lower module information 22

  33. Update Module (UM)

  34. UM logic Figure 17: IoT controller firmware check 23

  35. Update Module (UM) logic Figure 18: IoT controller software check 24

  36. Update Module (UM) logic Figure 19: IoT controller configuration check 25

  37. Update Module (UM) logic Figure 20: IoT controller access control list check 26

  38. Report Module (RM)

  39. Report Module (RM) logic Figure 21: Statistic extractor 27

  40. Report Module (RM) logic Figure 22: Maintenance ID reporting and extracting 28

  41. Asset Management Module (AMM)

  42. Asset Management Module (AMM) logic Figure 23: Manufacturers and deployment 29

  43. Asset Management Module (AMM) logic Figure 24: Previously in maintenance check 30

  44. Asset Management Module (AMM) logic Figure 25: Same error check 31

  45. Asset Management Module (AMM) logic Figure 26: Error threshold check 32

  46. Asset Management Module (AMM) logic Figure 27: Error threshold check 33

  47. IoT architecture with added modules 34 Figure 28: Modules within the IoT architecture

  48. Conclusion, Discussion & Future Work

  49. Conclusion How can organisations prevent contributing to Internet of Things denial of service attacks? 35

  50. Discussion • Model applicability dependent on used IoT architecture. • Module to device translation. • High likely hood of availability (detection and mitigation). • Access control list side effects. • Layer 3 attributes. • External influences effecting the design. 36

  51. Future Work • Proof of concept (measure performance) 1. DDM detection methods 2. DDM traffic sampling rate 3. RM databases 4. CM threat logic • Applicable hardware setups • Include object defensive layer • Threat level matrix guidelines. 37

  52. References i Vipindev Adat and BB Gupta. “Security in Internet of Things: issues, challenges, taxonomy, and architecture”. In: Telecommunication Systems 67.3 (2018), pp. 423–441. M Anirudh, S Arul Thileeban, and Daniel Jeswin Nallathambi. “Use of honeypots for mitigating DoS attacks targeted on IoT networks”. In: 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP) . IEEE. 2017, pp. 1–4. Armir Bujari et al. “Standards, security and business models: key challenges for the IoT scenario”. In: Mobile Networks and Applications 23.1 (2018), pp. 147–154. 38

  53. References ii Cloudflare. Famous DDoS Attacks — The Largest DDoS Attacks Of All Time . 2018 (accessed May 12, 2019). url : https://www.cloudflare.com/learning/ddos/famous-ddos- attacks/ . enisa. Major DDoS Attacks Involving IoT Devices . 2016 (accessed May 11, 2019). url : https://www.enisa.europa.eu/publications/info- notes/major-ddos-attacks-involving-iot-devices . Mario Frustaci et al. “Evaluating critical security issues of the IoT world: Present and Future challenges”. In: IEEE Internet of Things Journal 5.4 (2018), pp. 2483–2495. Antoine Gallais et al. “Denial-of-Sleep Attacks against IoT Networks”. In: International Conference on Control, Decision and Information Technologies (CoDIT) . 2019. 39

  54. References iii Gartner. Gartner Identifies Top 10 Strategic IoT Technologies and Trends . 2018 (accessed May 13, 2019). url : hhttps://www.gartner.com/en/newsroom/press- releases/2018-11-07-gartner-identifies-top-10- strategic-iot-technologies-and-trends . Het bericht ’Agentschap Telecom slaat alarm over hackbare apparaten’ . url : https://www.tweedekamer.nl/kamerstukken/kamervragen/ detail?id=2018Z10731&did=2018D32722 . Elike Hodo et al. “Threat analysis of IoT networks using artificial neural network intrusion detection system”. In: 2016 International Symposium on Networks, Computers and Communications (ISNCC) . IEEE. 2016, pp. 1–6. 40

  55. References iv Minhaj Ahmad Khan and Khaled Salah. “IoT security: Review, blockchain solutions, and open challenges”. In: Future Generation Computer Systems 82 (2018), pp. 395–411. Mukrimah Nawir et al. “Internet of Things (IoT): Taxonomy of security attacks”. In: 2016 3rd International Conference on Electronic Design (ICED) . IEEE. 2016, pp. 321–326. Andria Procopiou, Nikos Komninos, and Christos Douligeris. “ForChaos: Real Time Application DDoS Detection Using Forecasting and Chaos Theory in Smart Home IoT Network”. In: Wireless Communications and Mobile Computing 2019 (2019). Vincent J. Vitkowsky. “The internet of things: A new era of cyber liability and insurance”. In: (2015). 41

  56. References v Mark R. Warner. Sen. Mark Warner Probes Friday;s Crippling Cyber Attack . 2016 (accessed May 14, 2019). url : https://www.warner.senate.gov/public/index.cfm/ pressreleases?ContentRecord_id=CD1BBB25-83E0-494D- B7E1-1C350A7CFCCA . 42

  57. Questions? 42

  58. Additional slides: DDM 43 Figure 29: DDM overview

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Corporate Social Responsibility (CSR) Index What is Corporate Social Responsibility?

Corporate Social Responsibility (CSR) Index What is Corporate Social Responsibility?

Corporate Social Responsibility (CSR) Index What is Corporate Social Responsibility? Levels of CSR Different areas involved Different labour issues Arguments For CSR Arguments Against CSR CSR in Europe CSR in Spain

288 views • 27 slides
Corporate Responsibility performance 2012 At Syngenta, Corporate Responsibility (CR) Contents

Corporate Responsibility performance 2012 At Syngenta, Corporate Responsibility (CR) Contents

CR performance Corporate Responsibility performance 2012 At Syngenta, Corporate Responsibility (CR) Contents is an integral part of everything we do. Syngenta is guided by the conviction that About our CR reporting 02 value creation depends

661 views • 36 slides
Report Summary 2017 Corporate Responsibility Report Summary August 1, 2018 About the CR Report

Report Summary 2017 Corporate Responsibility Report Summary August 1, 2018 About the CR Report

Kinross Gold 2017 Corporate Responsibility Report Summary 2017 Corporate Responsibility Report Summary August 1, 2018 About the CR Report Our 2017 Corporate Responsibility Report marks the 10 th anniversary of our formal CR reporting program

363 views • 32 slides
MASTERS IN CORPORATE SUSTAINABILITY AND RESPONSIBILITY 2 years full-time ~ An initiative by

MASTERS IN CORPORATE SUSTAINABILITY AND RESPONSIBILITY 2 years full-time ~ An initiative by

MASTERS IN CORPORATE SUSTAINABILITY AND RESPONSIBILITY 2 years full-time ~ An initiative by International Institute of Corporate Sustainability and Responsibility (IICSR) 1 CONTENT SR number T opic Slide number 1 Why Corporate

209 views • 10 slides
Corporate Social Responsibility The Concept of CSR in Indian Context Analysis of relevant

Corporate Social Responsibility The Concept of CSR in Indian Context Analysis of relevant

Corporate Social Responsibility The Concept of CSR in Indian Context Analysis of relevant provisions under Companies Act in respect of CSR CORPORATE SOCIAL RESPONSIBILITY THE NEW GAME CHANGER Introduction The essence of giving had

601 views • 34 slides
? TOWARDS A POSITIVE IMPACT: Corporate Social Responsibility (CSR) is a voluntary approach by

? TOWARDS A POSITIVE IMPACT: Corporate Social Responsibility (CSR) is a voluntary approach by

A catalyst for social innovation, IMS is the network that accompanies organisations in their IMS is the national representative for commitment to Corporate Social Responsibility CSR Europe in Luxembourg. by enhancing dialogue with their

235 views • 4 slides
OUTERSTUFF UCONN: Corporate Social Responsibility & Human Rights Summit Licensee

OUTERSTUFF UCONN: Corporate Social Responsibility & Human Rights Summit Licensee

OUTERSTUFF UCONN: Corporate Social Responsibility & Human Rights Summit Licensee Perspectives of University CSR/HR Panel November 22 nd , 2019 Nathan Fleisig Director of Corporate Social Responsibility nfleisig@outerstuff.com Licensors

496 views • 4 slides
Corporate Responsibility Report Corporate Responsibility Report 2009 of Finnair Group

Corporate Responsibility Report Corporate Responsibility Report 2009 of Finnair Group

Financial responsibility 1 Corporate Responsibility Report Corporate Responsibility Report 2009 of Finnair Group www.finnair.com/group 2 Corporate Responsibility Report 2009 of Finnair Group Corporate Responsibility 2009 3 04 Leader

774 views • 62 slides
September 6, 2012 ibm.com/responsibility Certain comments made in this presentation may be

September 6, 2012 ibm.com/responsibility Certain comments made in this presentation may be

IBM Corporate Citizenship & Corporate Affairs IBM 2012 Corporate Responsibility Financial Analysts Webcast September 6 , 2012 September 6, 2012 ibm.com/responsibility Certain comments made in this presentation may be characterized as

273 views • 13 slides
CORPORATE ENVIRONMENTAL RESPONSIBILITY AND FINANCIAL PERFORMANCE: AN EMPIRICAL EXAMINATION Simon

CORPORATE ENVIRONMENTAL RESPONSIBILITY AND FINANCIAL PERFORMANCE: AN EMPIRICAL EXAMINATION Simon

CORPORATE ENVIRONMENTAL RESPONSIBILITY AND FINANCIAL PERFORMANCE: AN EMPIRICAL EXAMINATION Simon Cadez, University of Ljubljana, Faculty of economics Introduction Corporate environmental responsiblity (CER) is a subtheme of Corporate social

267 views • 12 slides
1 Whats in a Name? Corporate Social Responsibility Sustainability Corporate Responsibility

1 Whats in a Name? Corporate Social Responsibility Sustainability Corporate Responsibility

Integrating Occupational Health and Safety In Your Organizations Sustainability Strategy Lisa Barnes, P.E., CIH, LEED AP Principal Sustainability Consultant Objectives 1. Understand the basic principles of sustainability and how Occupational

538 views • 16 slides
Leading corporations to improve our communities: The future of corporate responsibility Erin

Leading corporations to improve our communities: The future of corporate responsibility Erin

Leading corporations to improve our communities: The future of corporate responsibility Erin Mulligan Nelson, Dell Inc. Senior Vice President and Chief Marketing Officer The Global Summit of Women CSR aligns social progress with corporate

149 views • 10 slides
Corporate Social Responsibility, Social Impact Investing and Green Bonds December 2014 mofo.com

Corporate Social Responsibility, Social Impact Investing and Green Bonds December 2014 mofo.com

Corporate Social Responsibility, Social Impact Investing and Green Bonds December 2014 mofo.com Alternative Corporate Forms 2 Introduction How can business use Corporate Form to help achieve a positive social mission? 3 The U.S. Entity

1.1k views • 52 slides
Implementing Sustainability and Corporate Social Responsibility in Fruit and Vegetable Chains in

Implementing Sustainability and Corporate Social Responsibility in Fruit and Vegetable Chains in

Implementing Sustainability and Corporate Social Responsibility in Fruit and Vegetable Chains in Germany Dr. Johannes Simons - 1 - Dr. Johannes Simons Sustainability and Corporate Social Responsibility: An abstract concept Sustainable

467 views • 43 slides
Incident/Accident Prevention Program SOCIAL SUSTAINABILITY RESPONSIBILITY PROCESS & QUALITY

Incident/Accident Prevention Program SOCIAL SUSTAINABILITY RESPONSIBILITY PROCESS & QUALITY

Incident/Accident Prevention Program SOCIAL SUSTAINABILITY RESPONSIBILITY PROCESS & QUALITY TECHNOLOGY TRANSPARENCY & SYSTEMS INTEGRITY DIVERSITY INNOVATION Training Objectives: At the end of the session, team members should be

753 views • 23 slides
The Corporate Social Responsibility (CSR): What my institution can do? Experience from GrupaAng

The Corporate Social Responsibility (CSR): What my institution can do? Experience from GrupaAng

The Corporate Social Responsibility (CSR): What my institution can do? Experience from GrupaAng Microfinance Centre 25 October 2016 This webinar has received financial support from the European Union Programme for Employment and Social

362 views • 20 slides
A CRIMINOLOGICAL PERSPECTIVE ON THE ILLICIT USE OF THE INTERNET OF THINGS GEORGE W. BURRUSS

A CRIMINOLOGICAL PERSPECTIVE ON THE ILLICIT USE OF THE INTERNET OF THINGS GEORGE W. BURRUSS

A CRIMINOLOGICAL PERSPECTIVE ON THE ILLICIT USE OF THE INTERNET OF THINGS GEORGE W. BURRUSS DEPARTMENT OF CRIMINOLOGY Why would a criminologist be interested in IoT? IoT used as a vector for hacking, causing harm: Expose user data

870 views • 13 slides
HIDALGO COUNTY APPEAL PROCESS TIHCA 2017 L U L U A C E V E D O H U M A N S E R V I C E S C

HIDALGO COUNTY APPEAL PROCESS TIHCA 2017 L U L U A C E V E D O H U M A N S E R V I C E S C

HIDALGO COUNTY APPEAL PROCESS TIHCA 2017 L U L U A C E V E D O H U M A N S E R V I C E S C O O R D I N A T O R SEC. 61.024. COUNTY APPLICATION PROCEDURE. (i) The county shall provide a procedure for reviewing applications and for

219 views • 3 slides
Taking an Adverse Action Overview Triggering Events Required Disclosures

Taking an Adverse Action Overview Triggering Events Required Disclosures

Taking an Adverse Action Overview Triggering Events Required Disclosures Compliance Best Practices Benjamin A. Wills Kaufman & Canoles, P.C. March 5, 2019 Foundation Congresss determination to require

733 views • 39 slides
Doing Business with the Federal Government How to Request and Update your DUNS Number and

Doing Business with the Federal Government How to Request and Update your DUNS Number and

Doing Business with the Federal Government How to Request and Update your DUNS Number and Business Information Jeanine Maas D&B/GSA Program Manager Dun & Bradstreet April 2015 Dun & Bradstreets Dedicated Global Customer

590 views • 29 slides
Physician Certificate to Recommend Medical Marijuana and Petition for Added Qualifying Condition

Physician Certificate to Recommend Medical Marijuana and Petition for Added Qualifying Condition

Physician Certificate to Recommend Medical Marijuana and Petition for Added Qualifying Condition Draft Rules 1 Background Balances access for patients with qualifying medical conditions with patient safety Benchmarked with: Other

438 views • 25 slides
Insurers SUD Claims Handling Practices: Exam Findings March 2, 2017 Outline of Presentation

Insurers SUD Claims Handling Practices: Exam Findings March 2, 2017 Outline of Presentation

New Hampshire Insurance Department Insurers SUD Claims Handling Practices: Exam Findings March 2, 2017 Outline of Presentation Market Conduct Exam: Scope and Goals Key Findings: NH carriers 2015 practices Areas of

504 views • 36 slides
Managing Travel and Conference Expenses Daniel Acquilano- Associate Examiner Division of Local

Managing Travel and Conference Expenses Daniel Acquilano- Associate Examiner Division of Local

Managing Travel and Conference Expenses Daniel Acquilano- Associate Examiner Division of Local Government and School Accountability 1 1 What are they? Expenditures related to municipal travel/conferences/job related Association

547 views • 10 slides
Recyclable Products, Inc. (DRPI)s Industrial Waste Landfill Permit Modification Application

Recyclable Products, Inc. (DRPI)s Industrial Waste Landfill Permit Modification Application

Hearing for the Delaware Recyclable Products, Inc. (DRPI)s Industrial Waste Landfill Permit Modification Application Presented by Mike Melito DNREC Solid & Hazardous Waste Management Section May 29, 2019 Permit SW-15/02 Issued by

295 views • 11 slides

More recommend