IoT network traffic analysis: Opportunities and challenges for forensic investigators?

Détails

Ressource 1Demande d'une copie Sous embargo indéterminé.
Accès restreint UNIL
Etat: Public
Version: Final published version
Licence: CC BY-NC-ND 4.0
ID Serval
serval:BIB_18E3F35D9A78
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Titre
IoT network traffic analysis: Opportunities and challenges for forensic investigators?
Périodique
Forensic Science International: Digital Investigation
Auteur⸱e⸱s
Wu Tina, Breitinger Frank, Niemann Stephen
ISSN
2666-2817
Statut éditorial
Publié
Date de publication
23/11/2021
Peer-reviewed
Oui
Volume
38
Pages
301123
Langue
anglais
Résumé
As IoT devices become more incorporated into our daily lives, their always on approach makes them an ideal source of evidence. While these devices should use encryption to protect sensitive information, in reality this is not always the case e.g. some expose sensitive data like credentials in cleartext. In this paper, we have conducted an extensive analysis on the communications channels of 32 IoT consumer devices. Our experiments consisted of four main parts; first we carried out a port scan to determine if any ports can be exploited and thus gain remote access. Second, we looked at whether any of the devices used encryption and if not what type of content was exposed. Third, we used the network traffic ‘metadata’ to identify the destination the data terminated. Finally, we examined the communication between the mobile app and the cloud to see if it can be easily exploited using a proxy server. Our findings show that the majority of devices have remote access unavailable. We found the Shannon entropy test a useful pre-test in identifying unencrypted content. Although many devices encrypted their data, we found several in particular smart cameras would send data in cleartext when they detected motion or during updates. We found the majority of data transverses to the US and stored on Amazon servers with most devices contacting multiple destination. Lastly, we discovered many of the IoT device’s mobile apps can be easily exploited using a HTTP Proxy.
Mots-clé
Internet of Thing, IoT devices, Network forensics, Traffic analysis, IoT investigation, Network traffic
Création de la notice
14/12/2021 11:05
Dernière modification de la notice
14/01/2024 14:44
Données d'usage