SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things
| Autor: | Golam Kayas, S. M. Riazul Islam, Jamie Payton, Mahmud Hossain |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
Service (systems architecture)
Computer Networks and Communications Computer science business.industry Access method ComputerApplications_COMPUTERSINOTHERSYSTEMS Computer security model Computer Science Applications Protocol stack Hardware and Architecture Signal Processing Universal Plug and Play Overhead (computing) business Protocol (object-oriented programming) Information Systems Buffer overflow Computer network |
| Zdroj: | IEEE Internet of Things Journal. 8:11561-11580 |
| ISSN: | 2372-2541 |
| Popis: | The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Internet-of-Things (IoT) deployments. However, the protocol’s service access mechanism does not consider security from the first principles and is therefore vulnerable to various attacks. In this article, we present an in-depth analysis of the service advertisement, discovery, and access methods of the UPnP protocol stack and identify security issues in an IoT network. Our analysis shows that adversaries can perform resource exhaustion, buffer overflow, reflection, and amplification attacks by exploiting the vulnerabilities of the UPnP protocol. To address these issues, we propose a capability-based security model for UPnP to ensure secure discovery, advertisement, and access of the UPnP services that considers the resource limitations of IoT devices. Our analysis shows the effectiveness of the proposed model against potential attacks, and our experimental evaluation highlights the feasibility of implementing our Secure UPnP (SUPnP) protocol in a network of IoT devices, incurring minimal network and performance overhead. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|