Document Type
Dissertation
Degree
Doctor of Philosophy (PhD)
Major/Program
Electrical and Computer Engineering
First Advisor's Name
Dr. Selcuk Uluagac
First Advisor's Committee Title
Committee Chair
Second Advisor's Name
Dr. Kemal Akkaya
Second Advisor's Committee Title
Co-committee Chair
Third Advisor's Name
Dr. Alexander Perez-Pons
Third Advisor's Committee Title
Committee Member
Fourth Advisor's Name
Dr. Bogdan Carbunar
Fourth Advisor's Committee Title
Committee Member
Keywords
electrical and computer engineering
Date of Defense
11-8-2021
Abstract
This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI's Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research.
Identifier
FIDC010451
Previously Published In
L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, and A. S. Uluagac. "LightningStrike: (In)secure practices of E-IoT systems in the wild.", ACM WiSec, 2021.
L. Puche Rondon, L. Babun, K. Akkaya, and A. S. Uluagac. “PATENT: A Method for Detecting Unexpected HDMI Consumer Electronics Control Protocol Activities using Machine Learning and Packet Attribute Analysis”, FIU, 2020.
L. Puche Rondon, L. Babun, A. Aris, K. Akkaya, and A. S. Uluagac. "PoisonIvy: (In)secure Practices of Enterprise IoT Systems in Smart Buildings.", ACM BuildSys, 2020.
L. Puche Rondon, L. Babun, K. Akkaya, and A. S. Uluagac. "HDMI-Watch: Smart Intrusion Detection System Against HDMI Attacks," in IEEE TNSE, 2020.
L. Puche Rondon, L. Babun, K. Akkaya, and A. S. Uluagac. "HDMI-Walk: attacking HDMI distribution networks via consumer electronics control protocol."} ACM ACSAC, 2019.
L. Puche Rondon, L. Babun, K. Akkaya, and A. S. Uluagac. "Attacking HDMI distribution networks: poster.", ACM WiSec, 2019.
Recommended Citation
Puche Rondon, Luis C., "Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems" (2021). FIU Electronic Theses and Dissertations. 4844.
https://digitalcommons.fiu.edu/etd/4844
Rights Statement
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).