Research Article
BibTex RIS Cite

Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü

Year 2019, Volume: 12 Issue: 2, 1 - 12, 17.12.2019

Mevlüt Serkan Tok Ali Aydın Selçuk

Abstract

İnternete bağlı nesneler ulaşım, sağlık, enerji gibi sektörler ile akıllı
bina vb. uygulamalarda yoğun olarak kullanılmaktadır. Bu nesneler otomasyon ve
maliyet avantajlarının yanı sıra yenilikçi iş modelleri ve kullanıcı
deneyimleri sunmaktadır. Kullanıcıların internete bağlı nesnelerin konfigürasyonlarında
basit parolalar seçmesi veya bu cihazlarla birlikte gelen varsayılan parolaları
değiştirmemeleri ciddi güvenlik açıkları yaratmaktadır. Son yıllarda Mirai vb.
zararlı yazılımlar bu açıklıkları sömürerek çevrim içi nesneleri ele geçirmekte
ve dağıtık servis dışı bırakma saldırılarında saldırı unsuru olarak kullanarak hizmet
kesintilerine, maddi kayıplara ve itibar zedelenmesine neden olmaktadır. Bu
çalışmada kullanıcıların nesnelerin internetine yönelik güvenlik ve risk
algılarının, parola kullanımı ve güvenliğine dair tercihlerinin tespit edilerek
insan faktörünün nesnelerin interneti cihazlarının güvenliğindeki öneminin
ortaya konulması amaçlanmıştır. Katılımcılardan anket yöntemi ile veri toplanarak
elde edilen bulgular tartışılmış, Türkiye pazarında nesnelerin interneti cihazlarının
tekil olmayan varsayılan parolalar ile kullanıcılara arzını engelleyecek tedbirler
önerilmiştir.

Keywords

nesnelerin interneti siber güvenlik parola güvenliği mirai insan faktörü

References

  • [1] A. Dulaunoy, G. Wagener, and S. Mokaddem, “An extended analysis of an IoT malware from a blackhole network,” in TNC17 Networking Conference, Linz, Austria, 2017, p. 42.
  • [2] “Internet of things at a glance,” Cisco, 2016. [Online]. Available: https://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/at-a-glance-c45-731471.pdf. [Accessed: 06-May-2019].
  • [3] “OWASP Internet of Things Project,” OWASP. [Online]. Available: https://www.owasp.org/index.php/OWASP_Internet _of_Things_Project #tab=IoT_Top_10. [Accessed: 03-May-2019].
  • [4] R. Hallman, J. Bryan, G. Palavicini, J. Divita, and J. Romero-Mariona, “IoDDoS - The Internet of distributed denial of sevice attacks - a case study of the Mirai malware and IoT-based botnets,” in Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, Porto, Portugal, 2017, pp. 47–58.
  • [5] J. Margolis, T. T. Oh, S. Jadhav, Y. H. Kim and J. N. Kim, "An In-Depth Analysis of the Mirai Botnet," 2017 International Conference on Software Security and Assurance (ICSSA), Altoona, PA, USA, 2017, pp. 6-12.
  • [6] S. Hilton, “Dyn analysis summary of friday October 21 attack,” Dyn Blog, 26-Oct-2016. [Online]. Available: https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/. [Accessed: 05-May-2019].
  • [7] ”jgamblin/Mirai-Source-Code,” GitHub, 25-Oct-2016. [Online]. Available:https://github.com/jgamblin/MiraiSourceCode/tree/master/mirai. [Accessed: 01-May-2019].
  • [8] I. Zeifman, B. Herzberg, D. Bekerman, “Breaking down mirai: an IoT DDoS botnet analysis,” Imperva, 26-Oct-2016. [Online]. Available: https://www.imperva.com/blog/malwareanalysis-mirai-ddos-botnet.html. [Accessed: 07-May-2019].
  • [9] Y. Xu, H. Koide, D. V. Vargas and K. Sakurai, "Tracing Mirai malware in networked system," in 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW), Takayama, Japan, 2018, pp. 534-538.
  • [10] H. Sinanović and S. Mrdovic, "Analysis of Mirai malicious software," in 2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, 2017, pp. 1-5.
  • [11] T. S. Gopal, M. Meerolla, G. Jyostna, P. Reddy Lakshmi Eswari and E. Magesh, "Mitigating Mirai malware spreading in IoT environment," in 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, Karnataka, India, 2018, pp. 2226-2230.
  • [12] L. Labrovic, “The new Okiru mirai botnet, spectre is slowing down ecommerce websites and more in this weeks news,” GlobalDots, 19-Jan-2018. [Online]. Available: https://www.globaldots .com/new-okiru-mirai-botnet-spectre-slowing-ecommerce-websites-weeks-news/. [Accessed: 08-May-2019].
  • [13] G. Kambourakis, C. Kolias and A. Stavrou, "The Mirai botnet and the IoT zombie armies," in MILCOM 2017 - 2017 IEEE Military Communications Conference, Baltimore, MD, USA, 2017, pp. 267-272.
  • [14] “Hacker creates seven new variants of the Mirai botnet,” AvastBlog, 25-Oct-2018. [Online]. Available: https://blog.avast.com/hacker-creates-seven-new-variants-of-the-mirai-botnet. [Accessed: 06-May-2019].
  • [15] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
  • [16] Y. Ji, L. Yao, S. Liu, H. Yao, Q. Ye and R. Wang, "The study on the botnet and its prevention policies in the internet of things," in 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design (CSCWD), Nanjing, 2018, pp. 837-842.
  • [17] M. Antonakakis et al. “Understanding the mirai botnet”, in Proceedings of the 26th USENIX Conference on Security Symposium, 2017, Vancouver, BC, Canada; pp. 1093-1110.
  • [18] “Nokia threat intelligence report – 2019,” [Online]. Available: https://onestore.nokia.com/asset/205835?did=d0000000016z&utm_campaign=threatintelligence18&utm_source=marketo&utm_medium=LandingPage&utm_content=report&utm_term=awareness. [Accessed: 02-May-2019].
  • [19] R. Nigam, “New Mirai variant targets enterprise wireless presentation & display systems,” Unit42, 01-Apr-2019. [Online]. Available: https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/. [Accessed: 06-May-2019].
  • [20] K. W. Chang, “Mirai is still alive and using multiple old exploits on home routers,” Ixia. 15-Apr-2019. [Online]. Available: https://www.ixiacom.com/company/blog/mirai-still-alive-and-using-multiple-old-exploits-home-routers. [Accessed: 03-May-2019].
  • [21] M.S.Tok, “Nesnelerin İnternetinde Botnetler”, Yüksek Lisans Tezi, TOBB Ekonomi ve Teknoloji Üniversitesi, Ağustos 2019.
  • [22] USCERT, “Heightened ddos threat posed by Mirai and other botnets”, Alert TA16-288A, 14-Oct-2016 (revised 30-Oct-2017). [Online]. Available: www.us-cert.gov/ncas/alerts/TA16-288A. [Accessed: 02-May-2019].
  • [23] “SB-327 Information privacy: connected devices”, Senate Bill No.327, 28-Sep-2018. [Online]. Available: https://leginfo. legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327. [Accessed: 05-May-2019].
  • [24] “Code of practice for consumer IOT security,” Secure by Design, 28-Feb-2019. [Online]. Available: https://www.gov.uk/government/ publications/secure-by-design/code-of-practice-for-consumer-iot-security. [Accessed: 06-May-2019].
  • [25] ETSI TS 103 645 (2019). CYBER; Cyber Security for Consumer Internet of Things, European Telecommunications Standards Institute, Sophia-Antipolis, France.
  • [26] “Our Increasingly Connected Lives: Survey conducted by ESET in collaboration with the National Cyber Security Alliance,” 24-Oct-2016. [Online]. Available: https://cdn3.esetstatic.com/eset/US/ resources/press/ESET_ConnectedLives-DataSummary.pdf. [Accessed: 01-May-2019].
  • [27] M. Ghiglieri, M. Volkamer, and K. Renaud, “Exploring consumers’ attitudes of smart tv related privacy risks,” in International Conference on Human Aspects of Information Security, Privacy and Trust Lecture Notes in Computer Science (HAS 2017), Vancouver, Canada, 2017, pp. 656–674.
  • [28] C. Mcdermott, J. Isaacs, and A. Petrovski, “Evaluating awareness and perception of botnet activity within consumer internet-of-things (IoT) networks,” Informatics, vol. 6, no. 1, p. 8, 2019.
  • [29] T. Talan, C. Aktürk, A. Korkmaz, S. Gülseçen, “Üniversite öğrencilerinin akıllı telefon kullanımında güvenlik farkındalığı,” Istanbul Journal of Open and Distance Education, vol. 1, no. 2, pp. 61-75, 2016.
  • [30] Ö.E. Akgün, M. Topal, “Eğitim fakültesi son sınıf öğrencilerinin bilişim güvenliği farkındalıkları: Sakarya Üniversitesi Eğitim Fakültesi örneği,” Sakarya Üniversitesi Eğitim Fakültesi Dergisi, vol. 5, no. 2, pp. 98-121, 2015.
  • [31] M. Tekerek, A Tekerek, “Öğrencilerin bilgi güvenliği farkındalığı üzerine bir araştırma”, Turkish Journal of Education, vol. 2, no. 3, pp. 61-70, 2013.
  • [32] “Digital in 2018 in Western Asia Part 1 - North-West”, 29-Jan-2018. [Online]. Available: https://www.slideshare.net/wearesocial/digital-in-2018-in-western-asia-part-1-northwest-86865983. [Accessed: 07-May-2019].
  • [33] A. Houston, The survey handbook, Washington, DC: Department of the Navy Total Quality Leadership Office, 1997. [Online]. Available: http://unpan1.un.org/intradoc/groups/public/documents /aspa/unpan002507.pdf [Accessed: 01-May-2019].
  • [34] G. Baldini, A. Skarmeta, E. Fourneret, R. Neisse, B. Legeard and F. Le Gall, "Security certification and labelling in internet of things," in 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, 2016, pp. 627-632.
  • [35] S. Kang and S. Kim, “How to obtain common criteria certification of smart TV for home IoT security and reliability,” Symmetry, vol. 9, no. 10, p. 233, 2017.
  • [36] “Temel seviye güvenlik belgelendirmesi”, TSE. [Online]. Available: https://www.tse.org.tr/IcerikDetay?ID=2061&ParentID=3312. [Accessed: 02-May-2019].

Year 2019, Volume: 12 Issue: 2, 1 - 12, 17.12.2019

Mevlüt Serkan Tok Ali Aydın Selçuk

Abstract

References

  • [1] A. Dulaunoy, G. Wagener, and S. Mokaddem, “An extended analysis of an IoT malware from a blackhole network,” in TNC17 Networking Conference, Linz, Austria, 2017, p. 42.
  • [2] “Internet of things at a glance,” Cisco, 2016. [Online]. Available: https://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/at-a-glance-c45-731471.pdf. [Accessed: 06-May-2019].
  • [3] “OWASP Internet of Things Project,” OWASP. [Online]. Available: https://www.owasp.org/index.php/OWASP_Internet _of_Things_Project #tab=IoT_Top_10. [Accessed: 03-May-2019].
  • [4] R. Hallman, J. Bryan, G. Palavicini, J. Divita, and J. Romero-Mariona, “IoDDoS - The Internet of distributed denial of sevice attacks - a case study of the Mirai malware and IoT-based botnets,” in Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, Porto, Portugal, 2017, pp. 47–58.
  • [5] J. Margolis, T. T. Oh, S. Jadhav, Y. H. Kim and J. N. Kim, "An In-Depth Analysis of the Mirai Botnet," 2017 International Conference on Software Security and Assurance (ICSSA), Altoona, PA, USA, 2017, pp. 6-12.
  • [6] S. Hilton, “Dyn analysis summary of friday October 21 attack,” Dyn Blog, 26-Oct-2016. [Online]. Available: https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/. [Accessed: 05-May-2019].
  • [7] ”jgamblin/Mirai-Source-Code,” GitHub, 25-Oct-2016. [Online]. Available:https://github.com/jgamblin/MiraiSourceCode/tree/master/mirai. [Accessed: 01-May-2019].
  • [8] I. Zeifman, B. Herzberg, D. Bekerman, “Breaking down mirai: an IoT DDoS botnet analysis,” Imperva, 26-Oct-2016. [Online]. Available: https://www.imperva.com/blog/malwareanalysis-mirai-ddos-botnet.html. [Accessed: 07-May-2019].
  • [9] Y. Xu, H. Koide, D. V. Vargas and K. Sakurai, "Tracing Mirai malware in networked system," in 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW), Takayama, Japan, 2018, pp. 534-538.
  • [10] H. Sinanović and S. Mrdovic, "Analysis of Mirai malicious software," in 2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, 2017, pp. 1-5.
  • [11] T. S. Gopal, M. Meerolla, G. Jyostna, P. Reddy Lakshmi Eswari and E. Magesh, "Mitigating Mirai malware spreading in IoT environment," in 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, Karnataka, India, 2018, pp. 2226-2230.
  • [12] L. Labrovic, “The new Okiru mirai botnet, spectre is slowing down ecommerce websites and more in this weeks news,” GlobalDots, 19-Jan-2018. [Online]. Available: https://www.globaldots .com/new-okiru-mirai-botnet-spectre-slowing-ecommerce-websites-weeks-news/. [Accessed: 08-May-2019].
  • [13] G. Kambourakis, C. Kolias and A. Stavrou, "The Mirai botnet and the IoT zombie armies," in MILCOM 2017 - 2017 IEEE Military Communications Conference, Baltimore, MD, USA, 2017, pp. 267-272.
  • [14] “Hacker creates seven new variants of the Mirai botnet,” AvastBlog, 25-Oct-2018. [Online]. Available: https://blog.avast.com/hacker-creates-seven-new-variants-of-the-mirai-botnet. [Accessed: 06-May-2019].
  • [15] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
  • [16] Y. Ji, L. Yao, S. Liu, H. Yao, Q. Ye and R. Wang, "The study on the botnet and its prevention policies in the internet of things," in 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design (CSCWD), Nanjing, 2018, pp. 837-842.
  • [17] M. Antonakakis et al. “Understanding the mirai botnet”, in Proceedings of the 26th USENIX Conference on Security Symposium, 2017, Vancouver, BC, Canada; pp. 1093-1110.
  • [18] “Nokia threat intelligence report – 2019,” [Online]. Available: https://onestore.nokia.com/asset/205835?did=d0000000016z&utm_campaign=threatintelligence18&utm_source=marketo&utm_medium=LandingPage&utm_content=report&utm_term=awareness. [Accessed: 02-May-2019].
  • [19] R. Nigam, “New Mirai variant targets enterprise wireless presentation & display systems,” Unit42, 01-Apr-2019. [Online]. Available: https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/. [Accessed: 06-May-2019].
  • [20] K. W. Chang, “Mirai is still alive and using multiple old exploits on home routers,” Ixia. 15-Apr-2019. [Online]. Available: https://www.ixiacom.com/company/blog/mirai-still-alive-and-using-multiple-old-exploits-home-routers. [Accessed: 03-May-2019].
  • [21] M.S.Tok, “Nesnelerin İnternetinde Botnetler”, Yüksek Lisans Tezi, TOBB Ekonomi ve Teknoloji Üniversitesi, Ağustos 2019.
  • [22] USCERT, “Heightened ddos threat posed by Mirai and other botnets”, Alert TA16-288A, 14-Oct-2016 (revised 30-Oct-2017). [Online]. Available: www.us-cert.gov/ncas/alerts/TA16-288A. [Accessed: 02-May-2019].
  • [23] “SB-327 Information privacy: connected devices”, Senate Bill No.327, 28-Sep-2018. [Online]. Available: https://leginfo. legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327. [Accessed: 05-May-2019].
  • [24] “Code of practice for consumer IOT security,” Secure by Design, 28-Feb-2019. [Online]. Available: https://www.gov.uk/government/ publications/secure-by-design/code-of-practice-for-consumer-iot-security. [Accessed: 06-May-2019].
  • [25] ETSI TS 103 645 (2019). CYBER; Cyber Security for Consumer Internet of Things, European Telecommunications Standards Institute, Sophia-Antipolis, France.
  • [26] “Our Increasingly Connected Lives: Survey conducted by ESET in collaboration with the National Cyber Security Alliance,” 24-Oct-2016. [Online]. Available: https://cdn3.esetstatic.com/eset/US/ resources/press/ESET_ConnectedLives-DataSummary.pdf. [Accessed: 01-May-2019].
  • [27] M. Ghiglieri, M. Volkamer, and K. Renaud, “Exploring consumers’ attitudes of smart tv related privacy risks,” in International Conference on Human Aspects of Information Security, Privacy and Trust Lecture Notes in Computer Science (HAS 2017), Vancouver, Canada, 2017, pp. 656–674.
  • [28] C. Mcdermott, J. Isaacs, and A. Petrovski, “Evaluating awareness and perception of botnet activity within consumer internet-of-things (IoT) networks,” Informatics, vol. 6, no. 1, p. 8, 2019.
  • [29] T. Talan, C. Aktürk, A. Korkmaz, S. Gülseçen, “Üniversite öğrencilerinin akıllı telefon kullanımında güvenlik farkındalığı,” Istanbul Journal of Open and Distance Education, vol. 1, no. 2, pp. 61-75, 2016.
  • [30] Ö.E. Akgün, M. Topal, “Eğitim fakültesi son sınıf öğrencilerinin bilişim güvenliği farkındalıkları: Sakarya Üniversitesi Eğitim Fakültesi örneği,” Sakarya Üniversitesi Eğitim Fakültesi Dergisi, vol. 5, no. 2, pp. 98-121, 2015.
  • [31] M. Tekerek, A Tekerek, “Öğrencilerin bilgi güvenliği farkındalığı üzerine bir araştırma”, Turkish Journal of Education, vol. 2, no. 3, pp. 61-70, 2013.
  • [32] “Digital in 2018 in Western Asia Part 1 - North-West”, 29-Jan-2018. [Online]. Available: https://www.slideshare.net/wearesocial/digital-in-2018-in-western-asia-part-1-northwest-86865983. [Accessed: 07-May-2019].
  • [33] A. Houston, The survey handbook, Washington, DC: Department of the Navy Total Quality Leadership Office, 1997. [Online]. Available: http://unpan1.un.org/intradoc/groups/public/documents /aspa/unpan002507.pdf [Accessed: 01-May-2019].
  • [34] G. Baldini, A. Skarmeta, E. Fourneret, R. Neisse, B. Legeard and F. Le Gall, "Security certification and labelling in internet of things," in 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, 2016, pp. 627-632.
  • [35] S. Kang and S. Kim, “How to obtain common criteria certification of smart TV for home IoT security and reliability,” Symmetry, vol. 9, no. 10, p. 233, 2017.
  • [36] “Temel seviye güvenlik belgelendirmesi”, TSE. [Online]. Available: https://www.tse.org.tr/IcerikDetay?ID=2061&ParentID=3312. [Accessed: 02-May-2019].
There are 36 citations in total.

Details

Primary Language Turkish
Subjects Engineering
Journal Section Makaleler(Araştırma)
Authors

Mevlüt Serkan Tok 0000-0002-5048-8409

Ali Aydın Selçuk 0000-0002-8963-1647

Publication Date December 17, 2019
Published in Issue Year 2019 Volume: 12 Issue: 2

Cite

APA Tok, M. S., & Selçuk, A. A. (2019). Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü. Türkiye Bilişim Vakfı Bilgisayar Bilimleri Ve Mühendisliği Dergisi, 12(2), 1-12.
AMA Tok MS, Selçuk AA. Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü. TBV-BBMD. December 2019;12(2):1-12.
Chicago Tok, Mevlüt Serkan, and Ali Aydın Selçuk. “Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü”. Türkiye Bilişim Vakfı Bilgisayar Bilimleri Ve Mühendisliği Dergisi 12, no. 2 (December 2019): 1-12.
EndNote Tok MS, Selçuk AA (December 1, 2019) Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü. Türkiye Bilişim Vakfı Bilgisayar Bilimleri ve Mühendisliği Dergisi 12 2 1–12.
IEEE M. S. Tok and A. A. Selçuk, “Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü”, TBV-BBMD, vol. 12, no. 2, pp. 1–12, 2019.
ISNAD Tok, Mevlüt Serkan - Selçuk, Ali Aydın. “Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü”. Türkiye Bilişim Vakfı Bilgisayar Bilimleri ve Mühendisliği Dergisi 12/2 (December 2019), 1-12.
JAMA Tok MS, Selçuk AA. Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü. TBV-BBMD. 2019;12:1–12.
MLA Tok, Mevlüt Serkan and Ali Aydın Selçuk. “Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü”. Türkiye Bilişim Vakfı Bilgisayar Bilimleri Ve Mühendisliği Dergisi, vol. 12, no. 2, 2019, pp. 1-12.
Vancouver Tok MS, Selçuk AA. Nesnelerin İnternetinin Güvenliğinde İnsan Faktörü. TBV-BBMD. 2019;12(2):1-12.
 Download Cover Image

Article Acceptance

Use user registration/login to upload articles online.

The acceptance process of the articles sent to the journal consists of the following stages:

1. Each submitted article is sent to at least two referees at the first stage.

2. Referee appointments are made by the journal editors. There are approximately 200 referees in the referee pool of the journal and these referees are classified according to their areas of interest. Each referee is sent an article on the subject he is interested in. The selection of the arbitrator is done in a way that does not cause any conflict of interest.

3. In the articles sent to the referees, the names of the authors are closed.

4. Referees are explained how to evaluate an article and are asked to fill in the evaluation form shown below.

5. The articles in which two referees give positive opinion are subjected to similarity review by the editors. The similarity in the articles is expected to be less than 25%.

6. A paper that has passed all stages is reviewed by the editor in terms of language and presentation, and necessary corrections and improvements are made. If necessary, the authors are notified of the situation.

0

.   This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.