Non-Intrusive Historical Assessment of Internet-Facing Services in the Internet of Things

Open access

Abstract

The expansion of Internet has led to a variety of directly accessible devices and services. Nowadays, companies tend to increase the number of Internetfacing services in order to ensure higher visibility, and accessibility towards end-users. Nonetheless, this profound expansion towards an “Internet of Things” brings new opportunities to malicious actors. As a result, novel cyber-physical attacks bring new challenges to systems administrators in order to accommodate traditional user requests with security prerequisites. Therefore, in this paper we propose a novel approach for historical Internet connectivity assessment of services. The technique uses the output of the popular Shodan search engine to infer the lifetime of different Internet-facing services. Experimental results conducted on IP address blocks attributed to six different institutions distributed across four sectors (university, telecommunications, banking, and power) show different possible service lifetime patterns.

[1] Cisco, The Internet of Things, http://share.cisco.com/internet-of-things.html, accessed January 2015.

[2] Genge, B., and Siaterlis, C., “Analysis of the Effects of Distributed Denial-of-Service Attacks on MPLS Networks”, International Journal of Critical Infrastructure Protection, Elsevier, vol. 6, no. 2, pp. 87-95, 2013.

[3] Hagerott, M., “Stuxnet and the vital role of critical infrastructure operators and engineers”, International Journal of Critical Infrastructure Protection, vol. 7, no. 4, pp. 244 - 246, 2014.

[4] Symantec, “Dragonfly: Cyberespionage attacks against energy suppliers”, Symantec Security Response, 2014.

[5] Shodan - The Computer Search Engine, http://www.shodanhq.com, accessed January 2015.

[6] Bodenheim, R., Butts, J., Dunlap, S., and Mullins, B., “Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices”, International Journal of Critical Infrastructure Protection, vol. 7, no. 2, pp. 114-123, 2014.

[7] Goldman, D., “Shodan: The scariest search engine on the Internet”, CNN Money, April 8, 2013, http://money.cnn.com/2013/04/08/technology/security/shodan/, accessed January 2014.

[8] Nmap, http://nmap.org/, accessed January 2015.

[9] Durumeric, Z., Wustrow, E., and Halderman, J., “ZMap: Fast Internet-wide scanning and its security applications”, in Proceedings of USENIX Security, pp. 605-620, 2013.

[10] Auffret, P., “SinFP, unification of active and passive operating system fingerprinting”, Journal in Computer Virology, vol. 6, no. 3, pp. 197-205, 2010.

[11] Manes, G.W., Schulte, D., Guenther, S., and Shenoi, S., “NetGlean: A Methodology for Distributed Network Security Scanning”, Journal of Network and Systems Management, vol. 13, no. 3, pp. 329-344, 2005.

[12] Matterly, J., “Shodan REST API Documentation”, https://developer.shodan.io/api, accessed January 2015.

MACRo 2015

Proceedings of the 5th International Conference on Recent Achievements in Mechatronics, Automation, Computer Sciences and Robotics

Journal Information

Metrics

All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 83 83 7
PDF Downloads 27 27 5