@inproceedings{96c35101bb9e4d8498f0b3ef962d680d,
title = "Keep rogue IoT away: IoT detector based on diversified tls negotiation",
abstract = "As Internet-of-Things (IoT) devices went popular in recent years, they have become ideal targets for malicious botnet activists. Due to the low cost nature of most IoT devices, the security protection among these cheap devices is often insufficient. Some network cameras are shipped to the market with default passwords, and botnets can conduct the password brute force attack against these IoT devices. Mirai botnet is a typical IoT botnet which uses compromised IoT devices to conduct such attack. Most IoT devices run a Web service on these devices as the configuration interface for their administrators. Such visiting coming from other strange IoT devices are basically undesired. To detect client-side IoT devices becomes necessary so that these domestic IoT devices can reject connections from foreign strange IoT devices to avoid potential brute force attack or vulnerability mining. This study proposes an approach, named IoTClientDetector, using the diversity of client-side TLS negotiation time to detect client IoT devices. IoTClientDetector is constructed and modeled by four representative sample devices. The evaluation of this study shows that the HTTPS server deployed with IoTClientDetector performing ECDHE RSA TLS negotiation with 4096-bit RSA key length can precisely detect client-side IoT devices with true positive rate of around 95% and false positive rate of only 7.8%.",
keywords = "Botnet, HTTPS, IoT, Security, TLS negotiation",
author = "Ou, {Chih Wen} and Hsu, {Fu Hau} and Lai, {Chia Min}",
note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 17th IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE 17th International Conference on Pervasive Intelligence and Computing, IEEE 5th International Conference on Cloud and Big Data Computing, 4th Cyber Science and Technology Congress, DASC-PiCom-CBDCom-CyberSciTech 2019 ; Conference date: 05-08-2019 Through 08-08-2019",
year = "2019",
month = aug,
doi = "10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00109",
language = "???core.languages.en_GB???",
series = "Proceedings - IEEE 17th International Conference on Dependable, Autonomic and Secure Computing, IEEE 17th International Conference on Pervasive Intelligence and Computing, IEEE 5th International Conference on Cloud and Big Data Computing, 4th Cyber Science and Technology Congress, DASC-PiCom-CBDCom-CyberSciTech 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "548--555",
booktitle = "Proceedings - IEEE 17th International Conference on Dependable, Autonomic and Secure Computing, IEEE 17th International Conference on Pervasive Intelligence and Computing, IEEE 5th International Conference on Cloud and Big Data Computing, 4th Cyber Science and Technology Congress, DASC-PiCom-CBDCom-CyberSciTech 2019",
}