IoT network traffic analysis: Opportunities and challenges for forensic investigators?

Details

Ressource 1Request a copy Under indefinite embargo.
UNIL restricted access
State: Public
Version: Final published version
License: CC BY-NC-ND 4.0
Serval ID
serval:BIB_18E3F35D9A78
Type
Article: article from journal or magazin.
Collection
Publications
Title
IoT network traffic analysis: Opportunities and challenges for forensic investigators?
Journal
Forensic Science International: Digital Investigation
Author(s)
Wu Tina, Breitinger Frank, Niemann Stephen
ISSN
2666-2817
Publication state
Published
Issued date
23/11/2021
Peer-reviewed
Oui
Volume
38
Pages
301123
Language
english
Abstract
As IoT devices become more incorporated into our daily lives, their always on approach makes them an ideal source of evidence. While these devices should use encryption to protect sensitive information, in reality this is not always the case e.g. some expose sensitive data like credentials in cleartext. In this paper, we have conducted an extensive analysis on the communications channels of 32 IoT consumer devices. Our experiments consisted of four main parts; first we carried out a port scan to determine if any ports can be exploited and thus gain remote access. Second, we looked at whether any of the devices used encryption and if not what type of content was exposed. Third, we used the network traffic ‘metadata’ to identify the destination the data terminated. Finally, we examined the communication between the mobile app and the cloud to see if it can be easily exploited using a proxy server. Our findings show that the majority of devices have remote access unavailable. We found the Shannon entropy test a useful pre-test in identifying unencrypted content. Although many devices encrypted their data, we found several in particular smart cameras would send data in cleartext when they detected motion or during updates. We found the majority of data transverses to the US and stored on Amazon servers with most devices contacting multiple destination. Lastly, we discovered many of the IoT device’s mobile apps can be easily exploited using a HTTP Proxy.
Keywords
Internet of Thing, IoT devices, Network forensics, Traffic analysis, IoT investigation, Network traffic
Create date
14/12/2021 11:05
Last modification date
14/01/2024 14:44
Usage data