ﻻ يوجد ملخص باللغة العربية
The rise of IoT devices has led to the proliferation of smart buildings, offices, and homes worldwide. Although commodity IoT devices are employed by ordinary end-users, complex environments such as smart buildings, smart offices, conference rooms, or hospitality require customized and highly reliable solutions. Those systems called Enterprise Internet of Things (EIoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors. As EIoT systems require specialized training, software, and equipment to deploy, this has led to very little research investigating the security of EIoT systems and their components. In effect, EIoT systems in smart settings such as smart buildings present an unprecedented and unexplored threat vector for an attacker. In this work, we explore EIoT system vulnerabilities and insecure development practices. Specifically, focus on the usage of drivers as an attack mechanism, and introduce PoisonIvy, a number of novel attacks that demonstrate an attacker can easily compromise EIoT system controllers using malicious drivers. Specifically, we show how drivers used to integrate third-party devices to EIoT systems can be misused in a systematic fashion. To demonstrate the capabilities of attackers, we implement and evaluate PoisonIvy using a testbed of real EIoT devices. We show that an attacker can perform DoS attacks, gain remote control, and maliciously abuse system resources of EIoT systems. To the best of our knowledge, this is the first work to analyze the (in)securities of EIoT deployment practices and demonstrate the associated vulnerabilities in this ecosystem. With this work, we raise awareness on the (in)secure development practices used for EIoT systems, the consequences of which can largely impact the security, privacy, reliability, and performance of millions of EIoT systems worldwide.
Blockchains and smart contracts are an emerging, promising technology, that has received considerable attention. We use the blockchain technology, and in particular Ethereum, to implement a large-scale event-based Internet of Things (IoT) control sys
As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that
Large commercial buildings are complex cyber-physical systems containing expensive and critical equipment that ensure the safety and comfort of their numerous occupants. Yet occupant and visitor access to spaces and equipment within these buildings a
The growing adoption of IoT devices in our daily life is engendering a data deluge, mostly private information that needs careful maintenance and secure storage system to ensure data integrity and protection. Also, the prodigious IoT ecosystem has pr
The proliferation of IoT devices in smart homes, hospitals, and enterprise networks is widespread and continuing to increase in a superlinear manner. With this unprecedented growth, how can one assess the security of an IoT network holistically? In t