TY - JOUR
T1 - Security provision for protecting intelligent sensors and zero touch devices by using blockchain method for the smart cities
AU - Un Nisa, Khaleeq
AU - Alhudhaif, Adi
AU - Qureshi, Kashif Naseer
AU - Hadi, Hassan Jalil
AU - Jeon, Gwanggil
N1 - Publisher Copyright:
© 2022 Elsevier B.V.
PY - 2022/4
Y1 - 2022/4
N2 - Internet of Things (IoT) networks has gained popularity due to their amazing and cost-effective services and one of the main areas in smart cities. The stability of these networks is based on stable and secure data transmission without any vulnerabilities present used devices. Distributed Denial of Services (DDoS) attacks have brought critical interruptions in IoT services and significantly damage the network. In DDoS attacks, attackers utilize botnets, with the capability of frequently exploiting the millions of IoT devices around the globe. After the source code of Mirai malware is loaded on GitHub, the threats are significantly increased. Manufacturer Usage Description (MUD) is an embedded software standard for IoT device makers to advertise device specifications, including the intended communication patterns when it connects to the network. Even though the MUD mechanism is promising exertion, still there is a need for evaluating its viability, recognize its limits, and upgrade its architecture to reduce shortcomings in its architecture as well as to increase its effectiveness. This standard neither identifies the vulnerability path before the creation of the MUD profile. Thus, it is possible to exploit an IoT device even after the MUD profile is issued to the device by manipulating the vulnerabilities in the device. By keeping in mind this situation, this paper discusses the limitations of MUD in detail and proposed a framework to identify the patch and default vulnerabilities by using blockchain method before the generation/creation of MUD profiles. The proposed framework can also mitigate open ports, DDoS attacks, and Brute force attacks. The experiment results show the identification, elimination, and sharing of vulnerability report with vendors and significantly minimized the risk of IoT device exploitation.
AB - Internet of Things (IoT) networks has gained popularity due to their amazing and cost-effective services and one of the main areas in smart cities. The stability of these networks is based on stable and secure data transmission without any vulnerabilities present used devices. Distributed Denial of Services (DDoS) attacks have brought critical interruptions in IoT services and significantly damage the network. In DDoS attacks, attackers utilize botnets, with the capability of frequently exploiting the millions of IoT devices around the globe. After the source code of Mirai malware is loaded on GitHub, the threats are significantly increased. Manufacturer Usage Description (MUD) is an embedded software standard for IoT device makers to advertise device specifications, including the intended communication patterns when it connects to the network. Even though the MUD mechanism is promising exertion, still there is a need for evaluating its viability, recognize its limits, and upgrade its architecture to reduce shortcomings in its architecture as well as to increase its effectiveness. This standard neither identifies the vulnerability path before the creation of the MUD profile. Thus, it is possible to exploit an IoT device even after the MUD profile is issued to the device by manipulating the vulnerabilities in the device. By keeping in mind this situation, this paper discusses the limitations of MUD in detail and proposed a framework to identify the patch and default vulnerabilities by using blockchain method before the generation/creation of MUD profiles. The proposed framework can also mitigate open ports, DDoS attacks, and Brute force attacks. The experiment results show the identification, elimination, and sharing of vulnerability report with vendors and significantly minimized the risk of IoT device exploitation.
KW - Authentication
KW - Botnet
KW - Brute force
KW - Corda virtual machine
KW - Ddos
KW - Manufacturer usage description
KW - Mirai
KW - Owasp
KW - Port scanning
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85126515069&partnerID=8YFLogxK
U2 - 10.1016/j.micpro.2022.104503
DO - 10.1016/j.micpro.2022.104503
M3 - Article
AN - SCOPUS:85126515069
SN - 0141-9331
VL - 90
JO - Microprocessors and Microsystems
JF - Microprocessors and Microsystems
M1 - 104503
ER -