Analysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination

dc.citation.epage37
dc.citation.spage27
dc.contributor.affiliationKharkiv National University of Radio-Electronics
dc.contributor.authorLiashenko, Oleksii
dc.contributor.authorKazmina, Darina
dc.contributor.authorRosinskiy, Dmytro
dc.contributor.authorDukh, Yana
dc.coverage.placenameЛьвів ; Харків
dc.coverage.placenameLviv ; Kharkiv
dc.coverage.temporal22-23 April 2021, Kharkiv
dc.date.accessioned2022-05-23T10:50:17Z
dc.date.available2022-05-23T10:50:17Z
dc.date.created2021-05-04
dc.date.issued2021-05-04
dc.description.abstractRelevance and the problem setting: at present, vulnerabilities in the firmware of IoT-devices pose a serious threat, as attackers, who at first have exploited the vulnerabilities, gain remote access to devices which allows them to form botnets that are then used to capture new devices or organize serious DDos attacks. Therefore, currently, there is an urgent need to increase the effectiveness of vulnerability detection methods in the firmware. The purpose of this work is to analyze and define the term “vulnerability”, to provide the classification of vulnerabilities of IoT-devices, the causes of vulnerabilities of IoT-devices, to analyze the stages of vulnerability detection, and to present the example of a search algorithm for vulnerable IoT-devices.
dc.format.extent27-37
dc.format.pages11
dc.identifier.citationAnalysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination / Oleksii Liashenko, Darina Kazmina, Dmytro Rosinskiy, Yana Dukh // Computational linguistics and intelligent systems, 22-23 April 2021, Kharkiv. — Lviv ; Kharkiv, 2021. — Vol Vol. II : Proceedings of the 5th International conference, COLINS 2021, Workshop, Kharkiv, Ukraine, April 22-23. — P. 27–37.
dc.identifier.citationenAnalysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination / Oleksii Liashenko, Darina Kazmina, Dmytro Rosinskiy, Yana Dukh // Computational linguistics and intelligent systems, 22-23 April 2021, Kharkiv. — Lviv ; Kharkiv, 2021. — Vol Vol. II : Proceedings of the 5th International conference, COLINS 2021, Workshop, Kharkiv, Ukraine, April 22-23. — P. 27–37.
dc.identifier.issn2523-4013
dc.identifier.urihttps://ena.lpnu.ua/handle/ntb/56818
dc.language.isoen
dc.relation.ispartofComputational linguistics and intelligent systems, 2021
dc.relation.references[1] S. Kolehmainen, Security of firmware update mechanisms within SOHO routers. University of Jyväskylä, Finland, 2019, pp. 3-97.
dc.relation.references[2] B. Jeannotte, A. Tekeoglu, Artorias: IoT Security Testing Framework, in: 2019 26th International Conference on Telecommunications (ICT), Hanoi, Vietnam, 2019, pp. 233-237. doi: 10.1109/ICT.2019.8798846.
dc.relation.references[3] Y. Ma, L. Han, H. Ying, S. Yang, W. Zhao and Z. Shi, SVM-based Instruction Set Identification for Grid Device Firmware, in: 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Chongqing, China, 2019, pp. 214-218. doi: 10.1109/ITAIC.2019.8785564.
dc.relation.references[4] S. Prashast, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer, FirmFuzz: Automated IoT Firmware Introspection and Analysis, in: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things (IoT S&P'19). 2019, ACM, New York, NY, USA, 15-21. doi: https://doi.org/10.1145/3338507.3358616.
dc.relation.references[5] A. Markov, A. Fadin, V. Shvets, V. Tsirlov, The experience of comparison of static security code analyzers, in: International Journal of Advanced Studies. 2015. V. 5. N 3. P. 55-63.
dc.relation.references[6] A.V. Barabanov, A.S. Markov, A.A. Fadin, V.L. Cirlov, Statistika vyyavleniya uyazvimostej programmnogo obespecheniya pri provedenii sertifikacionnyh ispytanij [Software vulnerability detection statistics for certification testing]. Voprosy kiberbezopasnosti. 2017. № 2 (20). P. 2-8. [in Russian].
dc.relation.references[7] Z. Zhang, M. C. Y. Cho, C. Wang, C. Hsu, C. Chen and S. Shieh, IoT Security: Ongoing Challenges and Research Opportunities, in: 2014 IEEE 7th International Conference on ServiceOriented Computing and Applications, Matsue, 2014, pp. 230-234. doi: 10.1109/SOCA.2014.58.
dc.relation.references[8] M. M. Hossain, M. Fotouhi and R. Hasan, Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things, in: 2015 IEEE World Congress on Services, New York, NY, 2015, pp. 21-28. doi: 10.1109/SERVICES.2015.12.
dc.relation.references[9] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou and A. Bouabdallah, A Systemic Approach for IoT Security, in: 2013 IEEE International Conference on Distributed Computing in Sensor Systems, Cambridge, MA, 2013, pp. 351-355. doi: 10.1109/DCOSS.2013.78.
dc.relation.references[10] N.D. Zhou, N. Vlajic, D. Zhou, IoT as a Land of Opportunity for DDoS Hackers, in: Computer, vol. 51, no. 7, pp. 26- 34, July 2018. doi: 10.1109/MC.2018.3011046.
dc.relation.referencesen[1] S. Kolehmainen, Security of firmware update mechanisms within SOHO routers. University of Jyväskylä, Finland, 2019, pp. 3-97.
dc.relation.referencesen[2] B. Jeannotte, A. Tekeoglu, Artorias: IoT Security Testing Framework, in: 2019 26th International Conference on Telecommunications (ICT), Hanoi, Vietnam, 2019, pp. 233-237. doi: 10.1109/ICT.2019.8798846.
dc.relation.referencesen[3] Y. Ma, L. Han, H. Ying, S. Yang, W. Zhao and Z. Shi, SVM-based Instruction Set Identification for Grid Device Firmware, in: 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Chongqing, China, 2019, pp. 214-218. doi: 10.1109/ITAIC.2019.8785564.
dc.relation.referencesen[4] S. Prashast, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer, FirmFuzz: Automated IoT Firmware Introspection and Analysis, in: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things (IoT S&P'19). 2019, ACM, New York, NY, USA, 15-21. doi: https://doi.org/10.1145/3338507.3358616.
dc.relation.referencesen[5] A. Markov, A. Fadin, V. Shvets, V. Tsirlov, The experience of comparison of static security code analyzers, in: International Journal of Advanced Studies. 2015. V. 5. N 3. P. 55-63.
dc.relation.referencesen[6] A.V. Barabanov, A.S. Markov, A.A. Fadin, V.L. Cirlov, Statistika vyyavleniya uyazvimostej programmnogo obespecheniya pri provedenii sertifikacionnyh ispytanij [Software vulnerability detection statistics for certification testing]. Voprosy kiberbezopasnosti. 2017. No 2 (20). P. 2-8. [in Russian].
dc.relation.referencesen[7] Z. Zhang, M. C. Y. Cho, C. Wang, C. Hsu, C. Chen and S. Shieh, IoT Security: Ongoing Challenges and Research Opportunities, in: 2014 IEEE 7th International Conference on ServiceOriented Computing and Applications, Matsue, 2014, pp. 230-234. doi: 10.1109/SOCA.2014.58.
dc.relation.referencesen[8] M. M. Hossain, M. Fotouhi and R. Hasan, Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things, in: 2015 IEEE World Congress on Services, New York, NY, 2015, pp. 21-28. doi: 10.1109/SERVICES.2015.12.
dc.relation.referencesen[9] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou and A. Bouabdallah, A Systemic Approach for IoT Security, in: 2013 IEEE International Conference on Distributed Computing in Sensor Systems, Cambridge, MA, 2013, pp. 351-355. doi: 10.1109/DCOSS.2013.78.
dc.relation.referencesen[10] N.D. Zhou, N. Vlajic, D. Zhou, IoT as a Land of Opportunity for DDoS Hackers, in: Computer, vol. 51, no. 7, pp. 26- 34, July 2018. doi: 10.1109/MC.2018.3011046.
dc.relation.urihttps://doi.org/10.1145/3338507.3358616
dc.rights.holdercopyrighted by its editors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
dc.rights.holder© 2021 Copyright for the individual papers by the papers’ authors. Copying permitted only for private and academic purposes. This volume is published and
dc.subjectIoT
dc.subjectvulnerability
dc.subjectIoT-device
dc.titleAnalysis of Vulnerabilities of IoT-Devices and Methods of Their Elimination
dc.typeArticle

Files

Original bundle

Now showing 1 - 2 of 2
Thumbnail Image
Name:
2021vVol_II___Proceedings_of_the_5th_International_conference_COLINS_2021_Workshop_Kharkiv_Ukraine_April_22-23_Liashenko_O-Analysis_of_Vulnerabilities_27-37.pdf
Size:
1.14 MB
Format:
Adobe Portable Document Format
Thumbnail Image
Name:
2021vVol_II___Proceedings_of_the_5th_International_conference_COLINS_2021_Workshop_Kharkiv_Ukraine_April_22-23_Liashenko_O-Analysis_of_Vulnerabilities_27-37__COVER.png
Size:
1.08 MB
Format:
Portable Network Graphics

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.79 KB
Format:
Plain Text
Description: