https://oldena.lpnu.ua/handle/ntb/56818| Title: | Analysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination |
| Authors: | Liashenko, Oleksii Kazmina, Darina Rosinskiy, Dmytro Dukh, Yana |
| Affiliation: | Kharkiv National University of Radio-Electronics |
| Bibliographic description (Ukraine): | Analysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination / Oleksii Liashenko, Darina Kazmina, Dmytro Rosinskiy, Yana Dukh // Computational linguistics and intelligent systems, 22-23 April 2021, Kharkiv. — Lviv ; Kharkiv, 2021. — Vol Vol. II : Proceedings of the 5th International conference, COLINS 2021, Workshop, Kharkiv, Ukraine, April 22-23. — P. 27–37. |
| Bibliographic description (International): | Analysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination / Oleksii Liashenko, Darina Kazmina, Dmytro Rosinskiy, Yana Dukh // Computational linguistics and intelligent systems, 22-23 April 2021, Kharkiv. — Lviv ; Kharkiv, 2021. — Vol Vol. II : Proceedings of the 5th International conference, COLINS 2021, Workshop, Kharkiv, Ukraine, April 22-23. — P. 27–37. |
| Is part of: | Computational linguistics and intelligent systems, 2021 |
| Issue Date: | 4-May-2021 |
| Place of the edition/event: | Львів ; Харків Lviv ; Kharkiv |
| Temporal Coverage: | 22-23 April 2021, Kharkiv |
| Keywords: | IoT vulnerability IoT-device |
| Number of pages: | 11 |
| Page range: | 27-37 |
| Start page: | 27 |
| End page: | 37 |
| Abstract: | Relevance and the problem setting: at present, vulnerabilities in the firmware of IoT-devices pose a serious threat, as attackers, who at first have exploited the vulnerabilities, gain remote access to devices which allows them to form botnets that are then used to capture new devices or organize serious DDos attacks. Therefore, currently, there is an urgent need to increase the effectiveness of vulnerability detection methods in the firmware. The purpose of this work is to analyze and define the term “vulnerability”, to provide the classification of vulnerabilities of IoT-devices, the causes of vulnerabilities of IoT-devices, to analyze the stages of vulnerability detection, and to present the example of a search algorithm for vulnerable IoT-devices. |
| URI: | https://ena.lpnu.ua/handle/ntb/56818 |
| ISSN: | 2523-4013 |
| Copyright owner: | copyrighted by its editors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). © 2021 Copyright for the individual papers by the papers’ authors. Copying permitted only for private and academic purposes. This volume is published and |
| URL for reference material: | https://doi.org/10.1145/3338507.3358616 |
| References (Ukraine): | [1] S. Kolehmainen, Security of firmware update mechanisms within SOHO routers. University of Jyväskylä, Finland, 2019, pp. 3-97. [2] B. Jeannotte, A. Tekeoglu, Artorias: IoT Security Testing Framework, in: 2019 26th International Conference on Telecommunications (ICT), Hanoi, Vietnam, 2019, pp. 233-237. doi: 10.1109/ICT.2019.8798846. [3] Y. Ma, L. Han, H. Ying, S. Yang, W. Zhao and Z. Shi, SVM-based Instruction Set Identification for Grid Device Firmware, in: 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Chongqing, China, 2019, pp. 214-218. doi: 10.1109/ITAIC.2019.8785564. [4] S. Prashast, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer, FirmFuzz: Automated IoT Firmware Introspection and Analysis, in: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things (IoT S&P'19). 2019, ACM, New York, NY, USA, 15-21. doi: https://doi.org/10.1145/3338507.3358616. [5] A. Markov, A. Fadin, V. Shvets, V. Tsirlov, The experience of comparison of static security code analyzers, in: International Journal of Advanced Studies. 2015. V. 5. N 3. P. 55-63. [6] A.V. Barabanov, A.S. Markov, A.A. Fadin, V.L. Cirlov, Statistika vyyavleniya uyazvimostej programmnogo obespecheniya pri provedenii sertifikacionnyh ispytanij [Software vulnerability detection statistics for certification testing]. Voprosy kiberbezopasnosti. 2017. № 2 (20). P. 2-8. [in Russian]. [7] Z. Zhang, M. C. Y. Cho, C. Wang, C. Hsu, C. Chen and S. Shieh, IoT Security: Ongoing Challenges and Research Opportunities, in: 2014 IEEE 7th International Conference on ServiceOriented Computing and Applications, Matsue, 2014, pp. 230-234. doi: 10.1109/SOCA.2014.58. [8] M. M. Hossain, M. Fotouhi and R. Hasan, Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things, in: 2015 IEEE World Congress on Services, New York, NY, 2015, pp. 21-28. doi: 10.1109/SERVICES.2015.12. [9] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou and A. Bouabdallah, A Systemic Approach for IoT Security, in: 2013 IEEE International Conference on Distributed Computing in Sensor Systems, Cambridge, MA, 2013, pp. 351-355. doi: 10.1109/DCOSS.2013.78. [10] N.D. Zhou, N. Vlajic, D. Zhou, IoT as a Land of Opportunity for DDoS Hackers, in: Computer, vol. 51, no. 7, pp. 26- 34, July 2018. doi: 10.1109/MC.2018.3011046. |
| References (International): | [1] S. Kolehmainen, Security of firmware update mechanisms within SOHO routers. University of Jyväskylä, Finland, 2019, pp. 3-97. [2] B. Jeannotte, A. Tekeoglu, Artorias: IoT Security Testing Framework, in: 2019 26th International Conference on Telecommunications (ICT), Hanoi, Vietnam, 2019, pp. 233-237. doi: 10.1109/ICT.2019.8798846. [3] Y. Ma, L. Han, H. Ying, S. Yang, W. Zhao and Z. Shi, SVM-based Instruction Set Identification for Grid Device Firmware, in: 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Chongqing, China, 2019, pp. 214-218. doi: 10.1109/ITAIC.2019.8785564. [4] S. Prashast, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer, FirmFuzz: Automated IoT Firmware Introspection and Analysis, in: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things (IoT S&P'19). 2019, ACM, New York, NY, USA, 15-21. doi: https://doi.org/10.1145/3338507.3358616. [5] A. Markov, A. Fadin, V. Shvets, V. Tsirlov, The experience of comparison of static security code analyzers, in: International Journal of Advanced Studies. 2015. V. 5. N 3. P. 55-63. [6] A.V. Barabanov, A.S. Markov, A.A. Fadin, V.L. Cirlov, Statistika vyyavleniya uyazvimostej programmnogo obespecheniya pri provedenii sertifikacionnyh ispytanij [Software vulnerability detection statistics for certification testing]. Voprosy kiberbezopasnosti. 2017. No 2 (20). P. 2-8. [in Russian]. [7] Z. Zhang, M. C. Y. Cho, C. Wang, C. Hsu, C. Chen and S. Shieh, IoT Security: Ongoing Challenges and Research Opportunities, in: 2014 IEEE 7th International Conference on ServiceOriented Computing and Applications, Matsue, 2014, pp. 230-234. doi: 10.1109/SOCA.2014.58. [8] M. M. Hossain, M. Fotouhi and R. Hasan, Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things, in: 2015 IEEE World Congress on Services, New York, NY, 2015, pp. 21-28. doi: 10.1109/SERVICES.2015.12. [9] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou and A. Bouabdallah, A Systemic Approach for IoT Security, in: 2013 IEEE International Conference on Distributed Computing in Sensor Systems, Cambridge, MA, 2013, pp. 351-355. doi: 10.1109/DCOSS.2013.78. [10] N.D. Zhou, N. Vlajic, D. Zhou, IoT as a Land of Opportunity for DDoS Hackers, in: Computer, vol. 51, no. 7, pp. 26- 34, July 2018. doi: 10.1109/MC.2018.3011046. |
| Content type: | Article |
| Appears in Collections: | Computational linguistics and intelligent systems. – 2021 р. |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.