Loading...

Summer Research Fellowship Programme of India's Science Academies

IISR: IDRBT IoT Secure Router

Aneesh Dua

Vellore Institute of Technology, Katpadi, Vellore, Tamil Nadu 632014

Dr. B. M. Mehtre

Research Guide, Center of Excellence in Cyber Security, Institute for Development and Research in Banking Technology, Castle Hills, Road No.1, Masab Tank, Hyderabad 500057

Abstract

The Internet of Things (IoT) has made the world more convenient, efficient, and comfortable. While the benefits of IoT devices are undeniable, the Internet of Things is vulnerable to security threats. In the recent past, many IoT devices have been hacked and were a part of the large scale cyber attacks. The lack of security mechanisms and vulnerable protocols make IoT devices easy targets for hackers, for example, the "Mirai Botnet Attack" in 2016. There is a very critical requirement for security of IoT systems. A one-step solution for the protection of the plethora of IoT devices does not exist. Hence, I started working on an idea to develop a secure router: IDRBT IoT Secure Router (IISR), which would be the primary node for IoT devices and could prevent any attacks from hackers. The experimental setup comprised of a Desktop PC, a Raspberry Pi 3, two microcontrollers- ESP32S (Wifi+Bluetooth), ESP8266, and four sensors. The Raspberry Pi was configured as the IISR. IoT devices with web interface were developed as test-beds using ESP32S and sensors. A variety of attacks were executed on the setup; from outside the network (Deauthentication and Fake authentication attack) as well as from inside the network (Port Scanning, Man in the Middle Attack, Denial of Service attack). The ESP8266 was used to detect attacks on the router executed from outside the network. For attacks within the network, a Snort-based Intrusion Detection System (IDS) was used. This work tackles attacks against the very fundamentals of cyber security: Confidentiality, Integrity, and Availability. Thus, we arrived at a solution which was a low power security node to handle the internet connectivity as well as the detection and mitigation of attacks on a network of IoT devices. The test results show that our router can detect and mitigate six out of ten attacks which were performed.

Keywords: cyberattacks, Confidentiality, Integrity, Availability, low power

Abbreviations

Abbreviations
ARP Address Resolution Protocol 
 BSSIDBasic Service sets ID
 DNSDomain Name System 
 DNNSSECDomain Name System Security Extensions 
 ESPEspressif Modules 
 FINUsed for meaning “Finish” 
 HTTPHyperText Transfer Protocol 
IDRBTInstitute for Development and Research in Banking Technology
 IDSIntrusion Detection System 
 IISRIDRBT IoT Secure Router 
 IoTInternet of Things
 MACMedia Access Control 
 OWASPOpen Web Application SecurityProject
 RAMRandom Access Memory 
 SDNSoftware-Defined Networking 
 TCPTransmission Control Protocol 
 UDPUser Datagram Protocol 
 USBUniversal Serial Bus 
 WAPWireless Access Point 
 WEPWired Equivalent Privacy 
 WPAWifi Protected Access

INTRODUCTION

Background/Rationale

Many researchers and scholars have tried to clarify the term “Things” in the context of IoT, but even today the definition is unclear. The definition proposed by Haller et al., goes like: “A world where physical objects are seamlessly integrated into the information network, and where the physical objects can become active participants in the business process.” This definition of IoT covers only the physical objects, but as we see today, the span of IoT has grown to virtual things as well. Many other experts have given their clarifications to make their definitions more specific. In this paper, we define “Thing” on IoT as any physical or virtual device which has connectivity to the internet that can send, process, and receive the information and can communicate with smarter models (including humans).

Statement of the Problems

Cyber attacks have threatened the world of computers right from the beginning, but with the advent of IoT into the picture, the simplicity and volume of these attacks have increased significantly. The basic reason for all this is the absence of proper security measures in IoT devices. The number of IoT devices is increasing by multiple folds each year, and so are the attacks on these devices. Figure 1 shows a monthly comparison of attacks on IoT devices in the years 2017 & 2018.

The increasing number of IoT devices also leads to more vulnerabilities, and it becomes easier for an attacker to attack the devices and a new problem of security of information and devices emerge. These devices are generally running on outdated security mechanisms, and proper shielding from malicious attacks is not present. With IoT, this problem takes a gigantic shape as a large portion of devices and gadgets in the network comprise of small devices which do not have much processing power and storage capacities. These shortcomings make them vulnerable to attackers and thereby threatening the security of the whole Internet. Not only can these devices be hacked, but they can also be maliciously used for large scale cyber attacks. These small devices can be hijacked, and an army of bots can be created, and thus it can lead to the breakdown of a major portion or whole of the internet. The Mirai Botnet Attack, on October 12, 2016, caused a massive Distributed Denial of Service (DDoS) attack which affected access to the internet.

iotg.jpg
    Comparison of IoT Attacks: 2017 & 2018

    Objectives of the Research

    Overall objective

    • Understand and analyse the threats to IoT devices and networks.
    • Implement and understand attacks done on IoT networks.
    • Develop safety mechanisms against the attacks.
    • Implement the mechanisms on a router for securing IoT devices and networks.
    • Test the router in a sample network to check its practical well-functioning.

    Scope

    IISR is a one-step solution for securing IoT devices. It has been implemented in a manner so that it can be deployed in all types of network architectures. Its purpose is to augment the security and efficiency of connected IoT devices in the currently existing protocols. It can be used in already deployed networks and is suitable for any architecture. Even though it was tested on a small scale network, its architecture makes it suitable for all kinds of applications: industrial, military, and corporate networks. Thus, IISR can be scaled for bigger networks as well.

    The future work will be concerned about extending this solution on a bigger scale and strengthening the security measures. To scale it for bigger networks for military or industrial purposes, one can use a cluster of Raspberry Pi devices to increase processing power. To cover other attacks & vulnerabilities for a more secure environment for IoT devices, one can add more defense mechanisms. More Snort rules can be added to tackle any new attacks. It may also cover other protocols like Bluetooth, Zigbee, etc. to protect IoT devices operating on different protocols.

    LITERATURE REVIEW

    Information

    Kai Zhao et al., have surveyed the Internet of Things and discussed the current architecture and its security aspects. They have explained each of the layers: Application layer, Network layer, and Perception layer. The vulnerabilities and threats of each of the layer have also been discussed and categorized. The possible protection mechanisms for each of the layers have also been given in their work. This work helped us understand the various layers in IoT architecture and their security issues.

    Angela et al. have described the vulnerabilities in Bluetooth technologies used in IoT systems. They have discussed the vulnerabilities in each of the protocol stacks of the respective Bluetooth versions. This helped us understand the architecture of Bluetooth technologies and the security issues for each version.

    Vishal Kumkar et al., have discussed the vulnerabilities of Wireless Security Protocols: WEP and WPA2. They have explained the architecture of these protocol standards and the method of authentication and authorization in these protocols. They have explained the vulnerabilities and threats based on them by implementing attacks on experimental networks, which helped us form defense mechanisms for attacks against WEP and WPA2 networks.

    Zhi-Kai Zhang et al., have described the current security challenges in IoT networks. The current protocols used in IoT networks have bugs in Authentication, Authorisation, Privacy, and Location-based functionalities. In such functionality categories, the various vulnerable points have been identified in their work. This helped us identify the areas in which we needed to work to improve the security of IoT networks.

    M.U. Farooq et al., have done work similar to Kai Zhao et al. They have elaborated IoT into 4 layers. The vulnerabilities and security loopholes of each layer have been highlighted by them. This added extensive knowledge of the various weak points in IoT protocols.

    In the work by Bruno Dorsemaine et al., the possible attacks to an Internet of Things (IoT) system in a corporate environment have been discussed. Their work also discusses a case study of connected smart thermostats. Their work discusses only the corporate environment. We require a solution that suits not only the corporate environment but others as well, namely home, military, and industrial.

    Markus Miettinen et al. have described a method for securing IoT systems. Their model comprises of an SDN (Software-Defined Networking) security gateway that analyses the vulnerability level of each new IoT device that connects to the network using a cloud service. They constraint the communications of the IoT device to make a more secure environment. Moreover, constraining communications is not an efficient method to achieve security.

    Using BlockChain based methods, Ali Dorri et al. have proposed a model to secure IoT devices. Their work makes use of local BlockChain Ledger and its immutability to create a secure network for IoT devices. This is a very promising method for securing IoT devices, but it comes at the cost of high processing overhead. Their model requires a BlockChain Manager to manage the transactions among the devices as well as communications to the internet. This system leads to delays and increased overheads with a higher number of IoT devices.

    Abdul Fuad et al. discussed the security threats & vulnerabilities of all layers in IoT Architecture. Their proposed framework requires security mechanisms to be constructed at each layer of the diverse IoT Architecture to provide a more secure IoT environment and cloud system. Also, the implementation feasibility of their method is a questionable proposition.

    Xiao et al. have formulated Machine Learning based methods to achieve security for IoT networks. They have developed models to detect attacks and malware in the network. However, once deployed, this system requires a training process which takes time. Also, machine learning methods and computations involve high processing overhead, which is not suitable for low power IoT devices. Moreover, this method can also result in the dismantling of the whole network.

    Summary

    The Internet of Things (IoT) is being used widely today. However, it still has a lot of vulnerabilities and bugs in its protocols and architecture. Due to the low processing power of IoT devices, their security aspects have been neglected in the past. IoT architecture is made up of 4-layers: Perception Layer, Network Layer, Middle-Ware Layer, and Application Layer. Each of these layers can be exploited by hackers. However, it is not feasible to implement security mechanisms at each layer. Currently, there is no one-step solution to protect IoT networks and connected devices. The proposed systems for securing IoT lack the quality of being efficient as well as feasible for deployment. Hence, we focused on the required solution, i.e. to develop a router to handle the security of IoT devices. This would be feasible to deploy and is a single defense mechanism against cyber attacks on IoT networks.

    METHODOLOGY

    Experimental Setup

    To implement the idea of IISR, we created an experimental test bed network comprising of the IISR router, five IoT devices, a Packet Sniffer and an Attacker machine. We built this setup using Raspberry Pi, ESP8266 and ESP32S modules, and five sensors. Figure 2 and 3 show the diagrammatical representation of our setup.

    iotexp1.jpg
      Experimental Setup for Inside Network Attacks
      iotexp2.jpg
        Experimental Setup for Outside Network Attacks

        IISR secure router

        We configured the Raspberry Pi Model 3 Model B+ with internet connectivity as IISR. This offers a low-cost and low-processing power solution to the security requirement of IoT devices. The internet connection through the Ethernet port was bridged with the WiFi broadcasting network interface. The router was configured with WPA security using CCM Mode Protocol encryption. IoT devices were connected to this router and were provided internet connectivity. We installed the official Raspbian OS and setup Snort IDS on it. Using it, we were able to monitor and study all data packets to, from, and within the network.

        IoT devices

        For realistic testing, we made IoT devices with the help of ESP32 module and sensors. The sensors used were the temperature and humidity sensor (DHT11), motion detector (DSun Hc-Sr501), LM393 photosensitive light-dependent control sensor module, and MPU6050 (gyroscope + accelerometer + temperature) sensor module. We connected an ESP32 module with IISR to connect to the wireless network. The module captured the sensor readings and broadcasted them through the network using an HTTP server. The server was also protected with login credentials to simulate the real scenario. Also, we installed an Android application "IP WebCam" on a smartphone which streamed the video feed of its camera to a local HTTP server. This worked as an IoT camera.

        Attacker machine

        To perform attacks, we set up a computer with 4GB RAM and 3.8GHz Intel i7 processor. We installed Kali Linux OS (Version 2019.1) on it. Using the former, we performed attacks, both from outside as well as inside the network. Attacks from outside the network, namely deauthentication and fake authentication attacks were conducted by sending malicious packets from outside the network with the help of a WiFi adapter (Atheros AR9271) by using it in monitor mode. To execute attacks within the network, we connected the attacker machine with the IISR Wifi network. Post that, we implemented attacks such as ARP Spoofing, Vulnerable Port Scan on the IoT devices present in the network.

        Packet sniffer

        To protect our IISR Wifi from attacks such as Deauthentication, Fake Authentication, and Wifi Credential Cracking, we programmed an ESP8266 Wifi Module using Arduino IDE as a packet sniffer. It was programmed using Arduino IDE and was powered through the USB Port of the Raspberry Pi. The purpose of this module was to continuously monitor packets in the air and create an alert whenever such an attack was detected on the network. Thus, whenever such an attack was conducted on the router network, alarm (light/beep) was shown by the module.

        Proposed Approach

        In order to secure IoT networks and systems, we implemented IISR to which IoT devices will be connected. IISR would include safety mechanisms for the detection and mitigation of attacks. We implemented IISR on a Raspberry Pi device and tested the setup as discussed in section 3.1.

        In general, mainly two types of attack scenarios are possible: attacks from outside the network and attacks from inside of the network. Attacks from outside network target the network itself. They are mostly attempting to enter the network. According to the attacks, we developed defense mechanisms using Snort IDS, Arduino programming and by configuring the connection methods. 

        Method

        In order to test IISR, we have classified the IoT attacks into four-levels according to their nature and complexity. The complexity, as well as the threat-level of the attacks, increases as the number of levels increases. We performed ten attacks from level-0 to level-3, as shown in figure 4.

        iota.png
          Level Wise IoT Attacks Classification

          Level-Wise IoT-Attacks Detection & Mitigation

          Level 0 IoT-attacks

           A. Deauthentication & Fake Authentication Attacks

          Deauthentication & Fake authentication attacks that fall in this category originate outside the network. Authentication & Authorization problems arise when measures are taken to verify the authenticity of a device is insufficient. Deauthentication is not a very advanced attack. The attacker needs to generate only one packet for every six packets generated by the client and server to deauthenticate or disconnect the client from the WAP. Fake-authentication is another attack in which the attacker associates with the target network when he is not authorized to do so. It can be launched against WAPs using WEP security. These attacks are the stepping stones towards cracking WiFi credentials. Hence, even though they are not very advanced or complex, they lead to higher level attacks.

          We have performed these attacks on our setup and studied the packets during the attack. A scan was done by “airodump-ng <interface>” command to scan the whole network and select the victim WAP. This scan shows the various WAPs nearby along with the MAC Addresses of the devices connected to the respective network. The figure 5 shows the deauthentication attack and our interface is sending the deauthentication packets to the victim BSSID (MAC address of the wireless access point) and all the devices connected with the WAP are deauthenticated. Each entry in the highlighted portion shows a deauthenticating packet being sent to the WAP.

          The packets are sent by the attacker machine to the router but do not enter the network and hence cannot be detected using tools like Snort, Wireshark, etc. One solution to tackle fake authentication attacks is to use better security methods like Wi-Fi Protected Access (WPA) or WPA2. We detect both these attacks using a packet sniffer by programming an ESP8266 Wifi Module in monitor mode using Arduino IDE to detect such packets. The module was deployed on the IISR, and it successfully detected these attacks. Figure 6 shows the successful detection of the deauthentication packets. The first entry in the highlighted section shows the detection of the deauthentication packets, and the last entry shows that the attack has been stopped by the hacker. All entries in between show the rate of the deauthentication packets being received (packets/s).

          The figure 7 shows a fake-authentication attack where the entries in the figure show the successful authentication and successful association by the attacker machine. The malicious device is associated with the router using fake credentials.

          deauth.png
            Attacker machine sending deauthentication packets
            s.png
              Detection of deauthentication packets using PacketSniffer (Number of packets shown in rectangle)
              assoc.jpg
                Successful Fake Authentication Attack usingaireplay-ng tool

                B. Port Scanning

                Port Scanning attack originates within the network. It finds all the open ports which a hacker can use to exploit the target device. Once open ports of a device have been found, they can be used to deliver dangerous payloads and malware. We performed port scanning using the widely used NMAP Tool and studied the packets using Wireshark. To tackle these attacks, we formulated Snort rules on the IISR. These rules detect packets associated with port scanning and also provide us with the info of the attacker IP address as well the victim(s) IP. Post-deployment of the same, all kinds of NMAP Scans, namely TCP, UDP, XMAS, FIN, and NULL were detected. Figure 8 shows the Detection of NMAP TCP Scan being executed by the Attacker machine present in the same network. The highlighted section in the figure shows a TCP scan launched by the device 192.168.50.147:42876 against the device 192.168.50.1:903.

                n.png
                  Detection of NMAP TCP Scan where A -> B represents A attacking B

                  Level 1 attacks

                   A. ARP Poisoning

                  Address Resolution Protocol (ARP) is a standard protocol which maps the logical address of a device with the physical address of that device. Whenever a device wants to know the MAC address of a device it broadcasts an ARP request in the network with the IP address of that device and the device with the specified IP replies back and tells its MAC address to the requesting device. The vulnerability in ARP exists because of the inherent way in which ARP protocol functions. It depends on mainly three factors:

                  I. Every ARP request is trusted, so any device can broadcast telling other devices that it is the router and each device will trust it.

                  II. Any device can tell the router that it is a particular device and the AP will trust it.

                  III. A device could accept a response even if it did not request for it.

                  To launch this attack first, an NMAP scan is done to know the IP and MAC addresses of all the devices, including the gateway in the network. This framework also does the SSL stripping, and thus, all the traffic of the victim devices start flowing through the attacker machine, and the attacker has access to all the data of the victims.

                  This attack was performed using “mitmf” (Man-In-The-Middle-Framework) tool of Kali Linux. This attack requires the attacker to be in the same network in which the victim device is present. The command to launch this attack is

                   mitmf --arp --spoof --gateway <gateway ip> --targets <ips of target machines> -i <interface name>

                  The victim device replies and sends its MAC address. Figure 9 shows the entries of the ARP table in the victim device before the attack. The figure shows the content of the ARP table in the victim device after the attack. The first entry in both figures & show the 'Gateway' entry, and we can see the difference in the physical addresses of the gateway before and after the attack.

                  To detect and mitigate ARP-Spoofing attacks, we modified the Snort configuration file snort.conf to include local.rules file where our formulated rules are written. These Snort rules will be applied on all packets generating from and to the network. They will generate alerts whenever malicious attack packets are detected within the network. We can do it as follows:

                   I. Open the snort.conf, find the following two lines:

                    #preprocessor arpspoof

                  #preprocessor arpspooC detect_host 192.168.40.1 fO:Of:OO:fO:Of:OO

                   II. Remove the front "#", and then modify the content as follows:

                  preprocessor arpspoof preprocessor arpspooC detect_host: host_ip host_mac

                  preprocessor arpspooC detect_host: gateway_ip gateway mac

                  arp-spoof-device1.png
                    ARP Spoofing attack on the target device

                    B. Wifi Cracking

                    Wifi cracking attacks are common for IoT devices as they pose a great potential for further exploitation. To resist such attacks, it is advised to use WPA/WPA-PSK security methods for WiFi authentication. However, the credentials can still be cracked using intensive attacks. The process to execute such intense attacks involves Deauthentication. Mitigation of Deauthentication attacks has already been discussed in Level 0 attacks.

                    Level 2 IoT-attacks

                    A. Denial of Service

                    A denial-of-service (DoS) attack is where hackers render a device inaccessible to legitimate customers. They do this by overwhelming the device with traffic and data until it stops its regular functioning. IoT devices usually are low bandwidth devices due to their characteristic features. Hence, hackers can easily generate a massive amount of traffic to overload an IoT device thus create lag or even crash its working. To perform this attack, an attacker targets the IoT device’s IP address and floods it with the huge amount of packets through any of the network protocols (TCP/UDP/HTTP). We performed this attack on our network using the Metasploitable tool. We captured the packets of the attack using Wireshark. To detect such attacks on devices within our network, we formulated Snort rules and configured the IDS for the same. This alerted us whenever such an attack was being performed. Also, the attacker and the victim IP addresses were shown.

                    B. MAC Spoofing

                    MAC spoofing is another attack which is most commonly used to connect to a router on which MAC filtering is deployed. Figure 10 shows MAC-Spoofing and changing the MAC address of an interface to any desired MAC address. In this attack, the attacker monitors the devices connected to the network using monitor mode and clones the MAC Address and bypasses the MAC filter configuration of the network. This attack can be easily executed using the macchanger tool in Kali Linux, once the MAC address to be spoofed to, is known.

                    mac.png
                      MAC Spoofing to a random MAC address using Macchanger

                      C. DNS Spoofing

                      DNS stands for Domain Name System, and the main use of this server is to convert the domain names to the respective IP addresses. Even if the DNS is unavailable for a very short period, it can cause huge losses. The simple nature of the DNS protocol and mainly use of the UDP packets make it quite vulnerable to spoofing and DoS attacks. Various DNS spoofing attacks have been reported in the past. One such attack is reported by Computer Wire. It reports that seven of the thirteen root DNS servers became inaccessible for almost an hour.

                      ettercap.png
                        DNS Spoofing using Ettercap tool

                        Figure 10 shows a DNS attack using the Ettercap tool. The highlighted section shows the successful launching of the attack against the victim device. Whenever the victim device is trying to go to yahoo.com, it is being redirected to the attacker machine.

                        To mitigate DNS spoofing, we can implement DNS spoofing detection mechanisms:

                        I. Using encrypted data transfer protocols using end-to-end encryption via SSL/TLS will help decrease the chance that a website or its visitors are compromised by DNS spoofing. This type of encryption allows the users to verify whether the server’s digital certificate is valid and belongs to the website’s expected owner.

                        II. Use DNSSEC; it uses digitally signed DNS records to help determine data authenticity. DNSSEC is still a work in progress as far as deployment goes, but is useful, especially in IoT scenarios.

                        Level 4 attacks

                        A. Firmware Vulnerabilities

                        IoT devices for practical purposes come with a firmware installed on them to function properly. It contains the operational code for the device. Firmware installed on IoT devices is easily extractable and in some cases available freely on the internet. Moreover, they usually do not have any security mechanism. Therefore, the vulnerabilities in the developers’ code are easily known. They are not regularly updated, which makes their vulnerabilities more open as time passes by. Open source tools like Firmadyne and Binwalk have been developed to reverse engineer firmware to find vulnerabilities in the developer’s code itself. These tools can also be used by hackers to exploit the latter. The figure shows an example of the same. This has proven to be a very high-level threat to IoT devices in terms of harm done. OWASP IoT Project also recognizes it as a major security threat, especially highlighting the lack of a secure channel for updating.

                        We can tackle this threat by regular patching vulnerabilities to the devices and also add non-tampering mechanism such as application obfuscation to prevent reverse engineering of the firmware.

                        B. Malware and Botnets

                        Due to lack of security mechanism in IoT devices, malware injection of these devices is quite simple and prevalent. There can be various ways through which this malware infect the systems. Some of them include the use of USB drives to execute a malicious file on a system; other methods may include Phishing, drive-by downloads, etc. Malware also causes the IoT devices to act as bots for bigger coordinated attacks like DDoS. To mitigate this, we proposed a security router that handles all data traffic to and from these devices. The router makes sure that no unusual or malicious traffic goes to the IoT device.

                        RESULTS AND DISCUSSION

                        conclusion_1.png
                          Table concluding the test results
                          • Figures 5-11 show the screenshot of the attacks performed and/or their detection.
                          • The attacks generated from outside the network were unsuccessful after the deployment of the ESP8266 module, which detected malicious packets coming to the router.
                          • In the case of Port Scanning, the rules mitigated scans of all the protocols TCP, UDP, XMAS, etc.
                          • The snort rules formulated can detect both the types of ARP-Spoofing attacks. It generates alert packets whenever an attack is launched and mitigates the attack.
                          • Figure 12 shows the summary for the detection and mitigation of various attacks that we executed on our setup. Remark [✔] in a cell means that the respective task is performed successfully while the [✘] shows otherwise.

                          CONCLUSION AND RECOMMENDATIONS

                          • IISR is a one-step solution for securing IoT devices. It can be easily deployed on currently existing networks.
                          • The proposed system detected and mitigated six out of ten attacks, namely: Deauthentication, Fake-Authentication, Denial of Service, Port Scanning, WiFi Cracking, and ARP Poisoning. Thus, it protects connected IoT devices from these attacks.
                          • The attacks generated from outside the network were unsuccessful after the deployment of the ESP8266 module, which detected malicious packets coming to the router.
                          • The snort rules detected malicious packets in the network. They caused alerts whenever an attack was launched which showed the IP address of both, the attacker as well as the victim. This enabled us to mitigate an attack.
                          • IISR’s architecture makes it suitable for all kinds of applications: industrial, military, and corporate networks.
                          • IISR was tested with five connected devices. It can be scaled for bigger networks as well by using a cluster of Raspberry Pi devices in order to increase processing power.
                          • IISR was able to detect but could not mitigate the attack of MAC Spoofing. The three attacks that it was unable to detect as well as mitigate are DNS Spoofing, Firmware Vulnerability, and Malware Injection. 
                          • Our future work will be concerned about extending this solution on a bigger scale and strengthening the security measures to cover many other attacks & vulnerabilities so that a more secure environment can be created for the deployment of IoT devices. We plan on adding more Snort rules to tackle any new attacks.
                          • In the future, IISR may also cover other protocols like Bluetooth, Zigbee, etc. to protect IoT devices operating on different protocols.

                          REFERENCES

                          • Aneesh Dua, Vibhor Tyagi, ND Patel, BM Mehtre (2019) IISR: A Secure Router for IoT Networks. Accepted in 4th IEEE International Conference on Information Systems and Computer Networks ISCON 2019
                          • Haller S., Karnouskos S., Schroth C. (2009) The Internet of Things in an Enterprise Context. In: Domingue J., Fensel D., Traverso P. (eds) Future Internet – FIS 2008. FIS 2008. Lecture Notes in Computer Science, vol 5468. Springer, Berlin, Heidelberg
                          • Sivaraman, H. H. Gharakheili, A. Vishwanath, R. Boreli and O. Mehani, ‘Network-level security and privacy control for smart-home iot devices’, in 2015 IEEE 11th International conference on wireless and mobile computing, networking and communications (WiMob), IEEE, 2015, pp. 163–167.
                          • C. Kolias, G. Kambourakis, A. Stavrou and J. Voas, Ddos in the iot: Mirai and other botnets’, Computer, vol. 50, no. 7, pp. 80–84, 2017.
                          • B. Dorsemaine, J.-P. Gaulier, J.-P. Wary, N. Kheir and P. Urien, ‘A new approach to investigate iot threats based on a four layer model’, in 2016 13th International Conference on New Technologies for Distributed Systems (NOTERE), IEEE, 2016, pp. 1–6.
                          • M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi and S. Tarkoma, ‘Iot sentinel: Automated device-type identification for security enforcement in iot’, in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), IEEE, 2017, pp. 2177–2184.
                          • A. Dorri, S. S. Kanhere, R. Jurdak and P. Gauravaram, ‘Lsb: A lightweight scalable blockchain for iot security and privacy’, arXiv preprint arXiv:1712.02969, 2017.
                          • A. F. A. Rahman, M. Daud and M. Z. Mohamad, ‘Securing sensor to cloud ecosystem using internet of things (iot) security framework’, in Proceedings of the International Conference on Internet of things and Cloud Computing, ACM, 2016, p. 79.
                          • L. Xiao, X. Wan, X. Lu, Y. Zhang and D. Wu, ‘Iot security techniques based on machine learning’, arXiv preprint arXiv:1801.06275, 2018.
                          • Raspberry Pi Documentation, Retrieved from,https://www.raspberrypi.org/documentation/installation/installing-images/README.md.
                          • H. Xu, D. Sgandurra, K. Mayes, P. Li and R. Wang, ‘Analysing the resilience of the internet of things against physical and proximity attacks’, in International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, Springer, 2017, pp. 291–301
                          • M. Waliullah, A. Moniruzzaman, M. S. Rahman et al., ‘An experimental study analysis of security attacks at ieee 802. 11 wireless local area network’, International Journal of Future Generation Communication and Networking, vol. 8, no. 1, pp. 9–18, 2015.
                          • M. De Vivo, E. Carrasco, G. Isern and G. O. de Vivo, ‘A review of port scanning techniques’, ACM SIGCOMM Computer Communication Review, vol. 29, no. 2, pp. 41–48, 1999.
                          • C. L. Abad and R. I. Bonilla, ‘An analysis on the schemes for detecting and preventing arp cache poisoning attacks’, in 27th International Conference on Distributed Computing Systems Workshops (ICDCSW’07), IEEE, 2007, pp. 60–60.
                          • M. U. Farooq, M. Waseem, A. Khairi and S. Mazhar, ‘A critical analysis on the security concerns of internet of things (iot)’, International Journal of Computer Applications, vol. 111, no. 7, 2015.
                          • J. Yu, E. Kim, H. Kim and J. Huh, ‘A framework for detecting mac and ip spoofing attacks with network characteristics’, in 2016 International Conference on Software Security and Assurance (ICSSA), IEEE, 2016,pp. 49–53.
                          • W. Xie, Y. Jiang, Y. Tang, N. Ding and Y. Gao, ‘Vulnerability detection in iot firmware: A survey’, in 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS), IEEE, 2017, pp. 769–772.

                          ACKNOWLEDGEMENTS

                          I would like to express my deepest gratitude to my research guide Prof. B.M Mehtre, who supported me to carry out this work in a proper manner.

                          This work was a joint project. I would also like to thank my colleagues, Vibhor Tyagi (FENGS485), Summer Research Fellow and ND Patel (PhD. Research Fellow) for their constant support in carrying out this research and for their valuable suggestions. I would also like to thank each member of the Centre for Excellence in Cyber Security Lab, IDRBT for all the support and discussions.

                          I would also like to thank the Institute for Development and Research in Banking Technology, Hyderabad for providing me the whole infrastructure, resources, accommodation, hence, making my stay comfortable.

                           I also thank Indian Academy of Sciences for their support throughout the programme and for giving me this great opportunity. It would have not been possible without this Summer Research Fellowship Programme.

                          More
                          Written, reviewed, revised, proofed and published with