A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things

A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things

Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing...

Full description

Bibliographic Details
Main Authors: João José Costa Gondim, Robson de Oliveira Albuquerque, Anderson Clayton Alves Nascimento, Luis Javier García Villalba, Tai-Hoon Kim
Format: Article
Language:English
Published: MDPI AG 2016-11-01
Series:Sensors
Subjects:
Amplified Reflection
Distributed Denial of Service
Pentest
Risk Management
Vulnerability Assessment
Online Access:http://www.mdpi.com/1424-8220/16/11/1855
id doaj-10512ec2f5bb4cd78a9c4d6283aecae0
record_format Article
spelling doaj-10512ec2f5bb4cd78a9c4d6283aecae02020-11-25T01:40:05ZengMDPI AGSensors1424-82202016-11-011611185510.3390/s16111855s16111855A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of ThingsJoão José Costa Gondim0Robson de Oliveira Albuquerque1Anderson Clayton Alves Nascimento2Luis Javier García Villalba3Tai-Hoon Kim4Electrical Engineering Department, University of Brasília, Campus Universitário Darci Ribeiro, 70919-970 Brasília DF, BrazilElectrical Engineering Department, University of Brasília, Campus Universitário Darci Ribeiro, 70919-970 Brasília DF, BrazilElectrical Engineering Department, University of Brasília, Campus Universitário Darci Ribeiro, 70919-970 Brasília DF, BrazilGroup of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, Madrid 28040, SpainDepartment of Convergence Security, Sungshin Women’s University, 249-1 Dongseon-Dong 3-ga, Seoul 136-742, KoreaConcerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing functionality rather than security features. Incidents involving attacks have been reported, but without clear characterization and evaluation of threats and impacts. The main purpose of this work is to methodically assess the possible impacts of a specific class–amplified reflection distributed denial of service attacks (AR-DDoS)–against IoT. The novel approach used to empirically examine the threat represented by running the attack over a controlled environment, with IoT devices, considered the perspective of an attacker. The methodology used in tests includes that perspective, and actively prospects vulnerabilities in computer systems. This methodology defines standardized procedures for tool-independent vulnerability assessment based on strategy, and the decision flows during execution of penetration tests (pentests). After validation in different scenarios, the methodology was applied in amplified reflection distributed denial of service (AR-DDoS) attack threat assessment. Results show that, according to attack intensity, AR-DDoS saturates reflector infrastructure. Therefore, concerns about AR-DDoS are founded, but expected impact on abused IoT infrastructure and devices will be possibly as hard as on final victims.http://www.mdpi.com/1424-8220/16/11/1855Amplified ReflectionDistributed Denial of ServicePentestRisk ManagementVulnerability Assessment
collection DOAJ
language English
format Article
sources DOAJ
author João José Costa Gondim
Robson de Oliveira Albuquerque
Anderson Clayton Alves Nascimento
Luis Javier García Villalba
Tai-Hoon Kim
spellingShingle João José Costa Gondim
Robson de Oliveira Albuquerque
Anderson Clayton Alves Nascimento
Luis Javier García Villalba
Tai-Hoon Kim
A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
Sensors
Amplified Reflection
Distributed Denial of Service
Pentest
Risk Management
Vulnerability Assessment
author_facet João José Costa Gondim
Robson de Oliveira Albuquerque
Anderson Clayton Alves Nascimento
Luis Javier García Villalba
Tai-Hoon Kim
author_sort João José Costa Gondim
title A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_short A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_full A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_fullStr A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_full_unstemmed A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things
title_sort methodological approach for assessing amplified reflection distributed denial of service on the internet of things
publisher MDPI AG
series Sensors
issn 1424-8220
publishDate 2016-11-01
description Concerns about security on Internet of Things (IoT) cover data privacy and integrity, access control, and availability. IoT abuse in distributed denial of service attacks is a major issue, as typical IoT devices’ limited computing, communications, and power resources are prioritized in implementing functionality rather than security features. Incidents involving attacks have been reported, but without clear characterization and evaluation of threats and impacts. The main purpose of this work is to methodically assess the possible impacts of a specific class–amplified reflection distributed denial of service attacks (AR-DDoS)–against IoT. The novel approach used to empirically examine the threat represented by running the attack over a controlled environment, with IoT devices, considered the perspective of an attacker. The methodology used in tests includes that perspective, and actively prospects vulnerabilities in computer systems. This methodology defines standardized procedures for tool-independent vulnerability assessment based on strategy, and the decision flows during execution of penetration tests (pentests). After validation in different scenarios, the methodology was applied in amplified reflection distributed denial of service (AR-DDoS) attack threat assessment. Results show that, according to attack intensity, AR-DDoS saturates reflector infrastructure. Therefore, concerns about AR-DDoS are founded, but expected impact on abused IoT infrastructure and devices will be possibly as hard as on final victims.
topic Amplified Reflection
Distributed Denial of Service
Pentest
Risk Management
Vulnerability Assessment
url http://www.mdpi.com/1424-8220/16/11/1855
work_keys_str_mv AT joaojosecostagondim amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT robsondeoliveiraalbuquerque amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT andersonclaytonalvesnascimento amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT luisjaviergarciavillalba amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT taihoonkim amethodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT joaojosecostagondim methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT robsondeoliveiraalbuquerque methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT andersonclaytonalvesnascimento methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT luisjaviergarciavillalba methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
AT taihoonkim methodologicalapproachforassessingamplifiedreflectiondistributeddenialofserviceontheinternetofthings
_version_ 1725047248734126080

Similar Items