Investigating Security Vulnerability Related to Exposure and TLS Ecosystem in IoT Devices

2023 IEEE 24th International Conference on Information Reuse and Integration for Data Science (IRI) Pub Date : 2023-08-01 DOI:10.1109/IRI58017.2023.00009

Y. Siwakoti, D. Rawat

{"title":"Investigating Security Vulnerability Related to Exposure and TLS Ecosystem in IoT Devices","authors":"Y. Siwakoti, D. Rawat","doi":"10.1109/IRI58017.2023.00009","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) is popular for its ability to perform various smart and dedicated tasks, but its popularity has also made it a prime target for cyberattacks. Unfortunately, IoT security has been given less priority compared to functionality and performance during the design and implementation stages. Two major reasons behind the weak security of IoT devices are their exposure to potential attacks and the low adoption of secure Secure Sockets Layer(SSL)/Transport Layer Security(TLS) protocols. To address these issues, this paper examines the exposure of different categories of IoT devices and services using tools like Shodan and criminal infrastructure analysis. It also investigates the state of SSL/TLS implementation in IoT infrastructure. The research provides a list of exposed services and ports that can be exploited by attackers, highlighting the significant risks. Additionally, the study reveals that the implementation of SSL/TLS in the IoT ecosystem is concerning, although there has been a slight improvement compared to the previous year.","PeriodicalId":290818,"journal":{"name":"2023 IEEE 24th International Conference on Information Reuse and Integration for Data Science (IRI)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 24th International Conference on Information Reuse and Integration for Data Science (IRI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRI58017.2023.00009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) is popular for its ability to perform various smart and dedicated tasks, but its popularity has also made it a prime target for cyberattacks. Unfortunately, IoT security has been given less priority compared to functionality and performance during the design and implementation stages. Two major reasons behind the weak security of IoT devices are their exposure to potential attacks and the low adoption of secure Secure Sockets Layer(SSL)/Transport Layer Security(TLS) protocols. To address these issues, this paper examines the exposure of different categories of IoT devices and services using tools like Shodan and criminal infrastructure analysis. It also investigates the state of SSL/TLS implementation in IoT infrastructure. The research provides a list of exposed services and ports that can be exploited by attackers, highlighting the significant risks. Additionally, the study reveals that the implementation of SSL/TLS in the IoT ecosystem is concerning, although there has been a slight improvement compared to the previous year.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

研究物联网设备中与暴露和TLS生态系统相关的安全漏洞

物联网(IoT)因其执行各种智能和专用任务的能力而广受欢迎，但它的普及也使其成为网络攻击的主要目标。不幸的是，在设计和实施阶段，与功能和性能相比，物联网安全性的优先级较低。物联网设备安全性弱背后的两个主要原因是它们暴露于潜在的攻击以及安全安全套接字层(SSL)/传输层安全(TLS)协议的采用率低。为了解决这些问题，本文使用Shodan和犯罪基础设施分析等工具检查了不同类别的物联网设备和服务的暴露情况。它还调查了物联网基础设施中SSL/TLS实现的状态。该研究提供了一个可以被攻击者利用的暴露服务和端口列表，突出了重大风险。此外，该研究显示，物联网生态系统中SSL/TLS的实施令人担忧，尽管与去年相比略有改善。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊