A survey of IoT protocols and their security issues through the lens of a generic IoT stack

International audienceThe Internet of things (IoT) is rapidly growing, and many security issues relate to its wireless technology. These security issues are challenging because IoT protocols are heterogeneous, suit different needs, and are used in different application domains. From this assessment, we identify the need to provide a homogeneous formalism applying to every IoT protocols. In this survey, we describe a generic approach with twofold challenges. The first challenge we tackle is the identification of common principles to define a generic approach to compare IoT protocol stack. We base the comparison on five different criteria: the range, the openness of the protocol, the interoperability, the topology and the security practices of these IoT protocols. The second challenge we consider is to find a generic way to describe fundamental IoT attacks regardless of the protocol used. This approach exposes similar attacks amongst different IoT protocols and is divided into three parts: attacks focusing on packets (passive and active cryptographic attacks), attacks focusing on the protocol (MITM, Flooding, Sybil, Spoofing, Wormhole attacks) and attacks focusing on the whole system (Sinkhole, Selective forwarding attacks). It also highlights which mechanisms are different between two protocols to make both of them vulnerable to an attack. Finally, we draw some lessons and perspectives from this transversal study

Audit d'un système IoT par test d'intrusion

National audienceL'explosion du secteur de l'Internet des Objets, reposant majoritairement sur des technologies de communication sans fil, soulève de nombreuses problématiques de sécurité. Ceci est notamment dû à leur caractère hétérogène, à leurs réseaux peu cloisonnés et une mise sur le marché hâtive. Nous proposons dans le cadre de cette thèse une méthode permettant d'évaluer la sécurité d'un système d'objets connectés utilisant des modes de communication sans fil, ceci afin de renforcer la sécurité du système d'information dans son ensemble. Notre méthodologie se base sur une approche éprouvée dans l'IT classique : le test d'intrusion

IoTMap: A protocol-agnostic multi-layer system to detect application patterns in IoT networks

International audienceThe growth of the Internet of Things (IoT) results in a proliferation of different protocols (ZigBee, Bluetooth, 6LowPAN, Z-Wave, Wi-Fi, etc.). Organizations tend to quickly deploy several IoT applications over time and thus face heterogeneous IoT systems, combining different IoT protocols in different places of the overall system. This heterogeneity of protocols makes these networks hard to monitor or control, and some misconfigurations or unexpected device behaviours may even expose users to security issues. In this work, we propose the IoTMap system. IoTMap models interconnected and heterogeneous IoT networks, combining different protocols, by providing a generic stack and a unified packet format. IoTMap builds an iterative graph model where high-level semantics can progressively be deduced, ranging from packet transmission to application-type analysis. As such, IoTMap detects application behaviours amongst devices implementing different protocols, interconnected through a multi-protocol hub. In its current implementation (available at https://github.com/AlgoSecure/iotmap), IoTMap can inspect Zig- Bee, BLE and 6LowPAN networks

IoTMap, a modelling system for heterogeneous IoT networks

International audienceThe growth of the Internet of Things (IoT) results in a proliferation of different protocols (ZigBee, Bluetooth, 6LowPAN, Z-Wave, Wi-Fi, etc.). Organizations tend to quickly deploy several IoT applications over time and thus face heterogeneous IoT systems, combining different IoT protocols in different places of the overall system. This heterogeneity of protocols makes these networks hard to monitor or control, and some misconfigurations or unexpected device behaviours may even expose users to security issues. In this work, we propose IoTMap. IoTMap provides an iterative graph-based modelling of interconnected IoT with a multi-layers view ranging from point-to-point transmissions to application-type analysis. With this modelling, we aim to highlight the network state at a specific time. It can also be used as the intelligence gathering phase during a penetration testing to evaluate the global network security