Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Unveiling Behavioral Transparency of Protocols Communicated by IoT Networked Assets (Full Version) (2404.07408v1)

Published 11 Apr 2024 in cs.NI

Abstract: Behavioral transparency for Internet-of-Things (IoT) networked assets involves two distinct yet interconnected tasks: (a) characterizing device types by discerning the patterns exhibited in their network traffic, and (b) assessing vulnerabilities they introduce to the network. While identifying communication protocols, particularly at the application layer, plays a vital role in effective network management, current methods are, at best, ad-hoc. Accurate protocol identification and attribute extraction from packet payloads are crucial for distinguishing devices and discovering vulnerabilities. This paper makes three contributions: (1) We process a public dataset to construct specific packet traces pertinent to six standard protocols (TLS, HTTP, DNS, NTP, DHCP, and SSDP) of ten commercial IoT devices. We manually analyze TLS and HTTP flows, highlighting their characteristics, parameters, and adherence to best practices-we make our data publicly available; (2) We develop a common model to describe protocol signatures that help with the systematic analysis of protocols even when communicated through non-standard port numbers; and, (3) We evaluate the efficacy of our data models for the six protocols, which constitute approximately 97% of our dataset. Our data models, except for SSDP in 0.3% of Amazon Echo's flows, produce no false positives for protocol detection. We draw insights into how various IoT devices behave across those protocols by applying these models to our IoT traces.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. E. Lear, R. Droms, and D. Romascanu, “Manufacturer Usage Description Specification,” RFC 8520, Mar 2019.
  2. A. Hamza et al., “Combining Device Behavioral Models and Building Schema for Cyber-Security of Large-Scale IoT Infrastructure,” IEEE Internet of Things Journal, vol. 9, no. 23, pp. 24 174–24 185, 2022.
  3. NTIA, “The Minimum Elements For a Software Bill of Materials (SBOM),” Whitepaper, Jul 2021, https://bit.ly/3BhJaW4.
  4. T. Reddy et al., “MUD (D)TLS Profiles for IoT Devices,” Internet-Draft, Jan. 2024. [Online]. Available: https://bit.ly/3TmBw5V
  5. The Snort Team, “Snort,” 2024. [Online]. Available: https://www.snort.org/
  6. The Open Information Security Foundation, “Suricata,” 2022. [Online]. Available: https://suricata.io/
  7. The Zeek Leadership Team, “Zeek,” 2024. [Online]. Available: https://zeek.org/
  8. R. Sommer and V. Paxson, “Enhancing Byte-Level Network Intrusion Detection Signatures with Context,” in Proc. ACM CCS, 2003.
  9. S. Wannigama et al., “ProtoIoT,” https://github.com/savinduwannigama/ProtoIoT, 2024.
  10. A. Sivanathan et al., “Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics,” IEEE Transactions on Mobile Computing, vol. 18, no. 8, pp. 1745–1759, Aug 2018.
  11. E. Rescorla et al., “The Transport Layer Security (TLS) Protocol Version 1.2,” RFC 5246, Aug. 2008.
  12. Broadcom, “SSL Visibility 5.4,” 2023. [Online]. Available: https://bit.ly/44QSUmT
  13. K. Moriarty and S. Farrell, “Deprecating TLS 1.0 and TLS 1.1,” RFC 8996, Mar. 2021.
  14. H. C. Rudolph and N. Grundmann, “Directory of TLS Cipher Suites,” 2023. [Online]. Available: https://ciphersuite.info/page/faq/
  15. R. T. Fielding et al., “HTTP/1.1,” RFC 9112, Jun. 2022.
  16. ——, “Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing,” RFC 7230, Jun. 2014.
  17. J. Anand et al., “PARVP: Passively Assessing Risk of Vulnerable Passwords for HTTP Authentication in Networked Cameras,” in Proc. ACM Workshop on DAI-SNAC, Dec 2021.
  18. J. Reschke, “The ‘Basic’ HTTP Authentication Scheme,” RFC 7617, Sep. 2015.
  19. J. Franks et al., “HTTP Authentication: Basic and Digest Access Authentication,” RFC 2617, Jun. 1999.
  20. Oracle, “java.util.regex API.” [Online]. Available: https://bit.ly/3T44K8s
  21. , “Byteseek 2.0 JAVA API.” [Online]. Available: https://bit.ly/3Iu3Mx7
  22. H. Dreger et al., “Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection,” in Proc. USENIX Security, Jul 2006.
  23. J. Martin et al., “Network Time Protocol Version 4: Protocol and Algorithms Specification,” RFC 5905, Jun. 2010.
  24. D. Reilly et al., “Network Time Protocol Best Current Practices,” RFC 8633, Jul. 2019.
  25. R. Droms, “Dynamic Host Configuration Protocol,” RFC 2131, Mar. 1997.
  26. H. Sullivan et al., “Programmable Active Scans Controlled by Passive Traffic Inference for IoT Asset Characterization,” in Proc. IEEE/IFIP NOMS Workshop on Manage-IoT, Miami, FL, USA, May 2023.
  27. Open Connectivity Foundation, Inc., “UPnP Device Architecture 2.0,” April 17, 2020. [Online]. Available: https://bit.ly/3wEJQVS
  28. F. Loi et al., “Systematically Evaluating Security and Privacy for Consumer IoT Devices,” in Proc. ACM IoT S&P, Nov 2017.
  29. M. T. Paracha et al., “IoTLS: Understanding TLS Usage in Consumer IoT Devices,” in Proc. ACM IMC, Nov 2021.
  30. D. Kumar et al., “All Things Considered: An Analysis of IoT Devices on Home Networks,” in Proc. USENIX Security, USA, Aug 2019.
  31. A. Sivanathan et al., “Can We Classify an IoT Device using TCP Port Scan?” in Proc. IEEE ICIAfS, Colombo, Sri Lanka, Dec 2018.
  32. S. Marchal et al., “AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication,” IEEE JSAC, vol. 37, no. 6, pp. 1402–1412, Jun. 2019.
  33. A. Hamza et al., “Verifying and Monitoring IoTs Network Behavior Using MUD Profiles,” IEEE TDSC, vol. 19, no. 1, pp. 1–18, 2022.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now