NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ

Murat Osman Kandır; Esra Yolaçan; Şahin Işık

doi:10.17482/uumfd.1068960

Research Article

NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ

Year 2022, Volume: 27 Issue: 2, 803 - 816, 31.08.2022

Murat Osman Kandır Esra Yolaçan Şahin Işık

https://doi.org/10.17482/uumfd.1068960

Abstract

Evrensel Tak ve Çalıştır (Universal Plug and Play, UPnP) ve IoT iletişim protokolleri sayesinde cihazların birbirleriyle ve ağ ile bağlantıları çok daha kolay ve hızlı yapılabildiğinden ev ağındaki bağlantı sayısı da artmıştır. Akıllı televizyonlar ve temizlik robotları gibi akıllı cihazlar, yaşam konforumuzu artırmakta ve ev ağı üzerinden tüm dünyaya bağlantı sağlar hale gelmiştir. Bu nedenle, ev ağının internete bağlı olduğu gerçeği ağdaki akıllı cihazların güvenlik durumlarının sorgulanması ihtiyacını ortaya çıkarmıştır. Bu çalışmada, ev ağı içerisindeki popüler cihazların güvenlik seviyelerinin analiz edilmesi sağlanmıştır. Ev Ağı içerisinde UPnP zafiyetine sahip cihazların varlığını tespit etmek için Python yazılım dili kullanılarak uygulama geliştirilmiştir. Geliştirilen uygulama kullanılarak ev ağı içerisindeki 15 adet cihazdan 3 adet cihazın UPnP açıklığına sahip olduğu görülmüştür. Bir senaryo içerisinde UpNP açıklığı kullanılarak saldırı uygulaması gerçekleştirilmiştir. Bu çalışma ile evdeki ağ ve iletişim yöntemleri güvenliğinin yanında her bir IoT cihazın güvenliğinin sağlanmasının gerekliliği ayrıntılı olarak sunulmuştur.

Keywords

Evrensel Tak ve Çalıştır, UPnP, IoT, Güvenlik Açığı Tarama, Ağ Güvenliği, Nesnelerin İnterneti

Supporting Institution

Eskişehir Osmangazi Üniversitesi

References

1. Amro, A., (2020) IoT Vulnerability Scanning: A State of the Art, European Symposium on Research in Computer Security 2020 International Workshops, Cyber-Physical Systems, Sociedad Espanola de Cirugia Plastica Reparadora y Estetica, and Attacks and Defenses for Internet-of-Things, Guildford, UK. doi: 10.1007/978-3-030-64330-0_6
2. Antrobus, R., Green, B., Freyy, S., ve Rashidz, A. (2019) The forgotten I in IIoT: A vulnerability scanner for industrial Internet of Things, Living in the Internet of Things (IoT 2019). doi: 10.1049/cp.2019.0126
3. Deepak K.R. Singh, (2020) Cyber Security and Internet of Things, International Journal of Computer Techniques, Volume 7 Issue 6
4. Huang, Y., Zhu, F., Liu, L., Meng, W., Hu, S., Ye, R. ve Lu, T. (2021) WNV-Detector: automated and scalable detection of wireless network vulnerabilities EURASIP Journal on Wireless Communications and Networking. doi: 10.1186/s13638-021-01978-4
5. Intal Tayag, M., Napalit, F. ve Napalit, A. (2020) IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compromising Personal Data Privacy, International Journal of Computer Science & Information Technology (IJCSIT) Vol 12, No 5. doi: 10.5121/ijcsit.2020.12503
6. Kayas, G., Hossain, M., Payton, J. ve Riazul Islam, S. M. (2020) An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). doi: 10.1109/IEMCON51383.2020.9284885
7. Malhotra, P., Singh, Y., Anand, P., Kumar Bangotra, D., Kumar Singh, P. ve Hong, W., (2021) Internet of Things: Evolution, Concerns and Security Challenges, Sensors. doi: 10.3390/s21051809
8. McDaid, A., Furey, E. ve Curran, K. (2021) Wireless Interference Analysis for Home IoT Security Vulnerability Detection, International Journal of Wireless Networks and Broadband Technologies. doi: 10.4018/IJWNBT.2021070104
9. Mehic, M., Selimovic, N. ve Komosny, D. (2019) About the Connectivity of Xiaomi Internet-of-Things Smart Home Devices Conference: 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT). doi: 10.1109/ICAT47117.2019.8939043
10. Meidan, Y., Sachidananda, V., Peng, H., Sagron, R., Elovici, Y. ve Shabtai, A. (2020) A novel approach for detecting vulnerable IoT devices connected behind a home NAT Computers & Security Volume 97. doi: 10.1016/j.cose.2020.101968
11. Olsson, T. ve Larsson Forsberg, A. (2019) IoT Offensive Security Penetration Testing Hacking a Smart Robot Vacuum Cleaner, Computer Science
12. Patel, B. ve Shah, P. (2020) Simulation, modelling and packet sniffing facilities for IoT: A systematic analysis, International Journal of Electrical and Computer Engineering (IJECE) Vol. 10, No. 3
13. Raghuvanshi, A., Dr. Kumar Singh, U., Bulla, C., Dr. Saxena, M., ve Abadar, K. (2020) An Investigation on Detection of Vulnerabilities in Internet of Things, European Journal of Molecular & Clinical Medicine Volume 07, Issue 10
14. Shreenidhi H.S., Prabakar, S. ve P Ashish Kumar, (2021) Intrution detection system Using IoT device for safety and security, 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Amity University Dubai, UAE. doi: 10.1109/ICCIKE51210.2021.9410730
15. Upadhyay, S., Kumar, S. ve Dutta, S. (2019) Vulnerability scanning in IOT Devices, Conference: ICICD 2018 At: University of Petroleum and Energy Studies
16. Williams, R., McMahon, E., Samtani, S., Patton, M. ve Chen, H. (2017) Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). doi: 10.1109/ISI.2017.8004904
17. Yadav, G., Paul, K., Allakany, A. ve Okamura, K. (2020) IoT-PEN: An E2E Penetration Testing Framework for IoT, Journal of Information Processing Vol.28 633–642. doi: 10.2197/ipsjjip.28.633

Security of the Internet of Things: Home Network Security Review and Evaluation

Year 2022, Volume: 27 Issue: 2, 803 - 816, 31.08.2022

Murat Osman Kandır Esra Yolaçan Şahin Işık

https://doi.org/10.17482/uumfd.1068960

Abstract

As a result of Universal Plug-and-Play (UPnP) and Internet of Things (IoT) communication protocols, the number of connections in home networks has expanded, as devices can be connected to each other and to the network more easily and quickly. Over the home network, smart devices such as smart televisions and cleaning robots boost our living comfort and connect us to the entire globe. The fact that the home network is connected to the Internet has therefore revealed the necessity to question the security status of networked smart devices. This study provides an analysis of the security levels of popular home network devices. Using the Python programming language, a program has been developed to detect the presence of UPnP-vulnerable devices on a home network. Using the built application, it was discovered that three out of fifteen network devices support UPnP. In a scenario, an attack was built via the UpNP vulnerability. In this study, the necessity of guaranteeing the security of each IoT device, as well as the security of the home's network and communication techniques, is discussed in depth.

Keywords

Universal Plug And Play, UPnP, IoT, Vulnerability Scan, Network Security, Internet of Things

References

1. Amro, A., (2020) IoT Vulnerability Scanning: A State of the Art, European Symposium on Research in Computer Security 2020 International Workshops, Cyber-Physical Systems, Sociedad Espanola de Cirugia Plastica Reparadora y Estetica, and Attacks and Defenses for Internet-of-Things, Guildford, UK. doi: 10.1007/978-3-030-64330-0_6
2. Antrobus, R., Green, B., Freyy, S., ve Rashidz, A. (2019) The forgotten I in IIoT: A vulnerability scanner for industrial Internet of Things, Living in the Internet of Things (IoT 2019). doi: 10.1049/cp.2019.0126
3. Deepak K.R. Singh, (2020) Cyber Security and Internet of Things, International Journal of Computer Techniques, Volume 7 Issue 6
4. Huang, Y., Zhu, F., Liu, L., Meng, W., Hu, S., Ye, R. ve Lu, T. (2021) WNV-Detector: automated and scalable detection of wireless network vulnerabilities EURASIP Journal on Wireless Communications and Networking. doi: 10.1186/s13638-021-01978-4
5. Intal Tayag, M., Napalit, F. ve Napalit, A. (2020) IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compromising Personal Data Privacy, International Journal of Computer Science & Information Technology (IJCSIT) Vol 12, No 5. doi: 10.5121/ijcsit.2020.12503
6. Kayas, G., Hossain, M., Payton, J. ve Riazul Islam, S. M. (2020) An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). doi: 10.1109/IEMCON51383.2020.9284885
7. Malhotra, P., Singh, Y., Anand, P., Kumar Bangotra, D., Kumar Singh, P. ve Hong, W., (2021) Internet of Things: Evolution, Concerns and Security Challenges, Sensors. doi: 10.3390/s21051809
8. McDaid, A., Furey, E. ve Curran, K. (2021) Wireless Interference Analysis for Home IoT Security Vulnerability Detection, International Journal of Wireless Networks and Broadband Technologies. doi: 10.4018/IJWNBT.2021070104
9. Mehic, M., Selimovic, N. ve Komosny, D. (2019) About the Connectivity of Xiaomi Internet-of-Things Smart Home Devices Conference: 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT). doi: 10.1109/ICAT47117.2019.8939043
10. Meidan, Y., Sachidananda, V., Peng, H., Sagron, R., Elovici, Y. ve Shabtai, A. (2020) A novel approach for detecting vulnerable IoT devices connected behind a home NAT Computers & Security Volume 97. doi: 10.1016/j.cose.2020.101968
11. Olsson, T. ve Larsson Forsberg, A. (2019) IoT Offensive Security Penetration Testing Hacking a Smart Robot Vacuum Cleaner, Computer Science
12. Patel, B. ve Shah, P. (2020) Simulation, modelling and packet sniffing facilities for IoT: A systematic analysis, International Journal of Electrical and Computer Engineering (IJECE) Vol. 10, No. 3
13. Raghuvanshi, A., Dr. Kumar Singh, U., Bulla, C., Dr. Saxena, M., ve Abadar, K. (2020) An Investigation on Detection of Vulnerabilities in Internet of Things, European Journal of Molecular & Clinical Medicine Volume 07, Issue 10
14. Shreenidhi H.S., Prabakar, S. ve P Ashish Kumar, (2021) Intrution detection system Using IoT device for safety and security, 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Amity University Dubai, UAE. doi: 10.1109/ICCIKE51210.2021.9410730
15. Upadhyay, S., Kumar, S. ve Dutta, S. (2019) Vulnerability scanning in IOT Devices, Conference: ICICD 2018 At: University of Petroleum and Energy Studies
16. Williams, R., McMahon, E., Samtani, S., Patton, M. ve Chen, H. (2017) Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). doi: 10.1109/ISI.2017.8004904
17. Yadav, G., Paul, K., Allakany, A. ve Okamura, K. (2020) IoT-PEN: An E2E Penetration Testing Framework for IoT, Journal of Information Processing Vol.28 633–642. doi: 10.2197/ipsjjip.28.633

There are 17 citations in total.

Details

Primary Language	Turkish
Subjects	Computer Software
Journal Section	Research Articles
Authors	Murat Osman Kandır 0000-0001-6918-6622 Esra Yolaçan 0000-0002-0008-1037 Şahin Işık 0000-0003-1768-7104
Publication Date	August 31, 2022
Submission Date	February 6, 2022
Acceptance Date	August 10, 2022
Published in Issue	Year 2022 Volume: 27 Issue: 2

Cite

APA	Kandır, M. O., Yolaçan, E., & Işık, Ş. (2022). NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi, 27(2), 803-816. https://doi.org/10.17482/uumfd.1068960
AMA	Kandır MO, Yolaçan E, Işık Ş. NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ. UUJFE. August 2022;27(2):803-816. doi:10.17482/uumfd.1068960
Chicago	Kandır, Murat Osman, Esra Yolaçan, and Şahin Işık. “NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ”. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi 27, no. 2 (August 2022): 803-16. https://doi.org/10.17482/uumfd.1068960.
EndNote	Kandır MO, Yolaçan E, Işık Ş (August 1, 2022) NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi 27 2 803–816.
IEEE	M. O. Kandır, E. Yolaçan, and Ş. Işık, “NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ”, UUJFE, vol. 27, no. 2, pp. 803–816, 2022, doi: 10.17482/uumfd.1068960.
ISNAD	Kandır, Murat Osman et al. “NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ”. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi 27/2 (August 2022), 803-816. https://doi.org/10.17482/uumfd.1068960.
JAMA	Kandır MO, Yolaçan E, Işık Ş. NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ. UUJFE. 2022;27:803–816.
MLA	Kandır, Murat Osman et al. “NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ”. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi, vol. 27, no. 2, 2022, pp. 803-16, doi:10.17482/uumfd.1068960.
Vancouver	Kandır MO, Yolaçan E, Işık Ş. NESNELERİN İNTERNETİ GÜVENLİĞİ: EV AĞI GÜVENLİK İNCELEMESİ VE DEĞERLENDİRMESİ. UUJFE. 2022;27(2):803-16.

Article Files

Full Text

Announcements:

30.03.2021-Beginning with our April 2021 (26/1) issue, in accordance with the new criteria of TR-Dizin, the Declaration of Conflict of Interest and the Declaration of Author Contribution forms fulfilled and signed by all authors are required as well as the Copyright form during the initial submission of the manuscript. Furthermore two new sections, i.e. ‘Conflict of Interest’ and ‘Author Contribution’, should be added to the manuscript. Links of those forms that should be submitted with the initial manuscript can be found in our 'Author Guidelines' and 'Submission Procedure' pages. The manuscript template is also updated. For articles reviewed and accepted for publication in our 2021 and ongoing issues and for articles currently under review process, those forms should also be fulfilled, signed and uploaded to the system by authors.