Visible to the public Biblio

Filters: Author is Husnain, Muhammad  [Clear All Filters]
2021-11-08
Abbas, Syed Ghazanfar, Zahid, Shahzaib, Hussain, Faisal, Shah, Ghalib A., Husnain, Muhammad.  2020.  A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case. 2020 IEEE 14th International Conference on Big Data Science and Engineering (BigDataSE). :122–129.
Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.
2021-08-12
Abbas, Syed Ghazanfar, Husnain, Muhammad, Fayyaz, Ubaid Ullah, Shahzad, Farrukh, Shah, Ghalib A., Zafar, Kashif.  2020.  IoT-Sphere: A Framework to Secure IoT Devices from Becoming Attack Target and Attack Source. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1402—1409.
In this research we propose a framework that will strengthen the IoT devices security from dual perspectives; avoid devices to become attack target as well as a source of an attack. Unlike traditional devices, IoT devices are equipped with insufficient host-based defense system and a continuous internet connection. All time internet enabled devices with insufficient security allures the attackers to use such devices and carry out their attacks on rest of internet. When plethora of vulnerable devices become source of an attack, intensity of such attacks increases exponentially. Mirai was one of the first well-known attack that exploited large number of vulnerable IoT devices, that bring down a large part of Internet. To strengthen the IoT devices from dual security perspective, we propose a two step framework. Firstly, confine the communication boundary of IoT devices; IoT-Sphere. A sphere of IPs that are allowed to communicate with a device. Any communication that violates the sphere will be blocked at the gateway level. Secondly, only allowed communication will be evaluated for potential attacks and anomalies using advance detection engines. To show the effectiveness of our proposed framework, we perform couple of attacks on IoT devices; camera and google home and show the feasibility of IoT-Sphere.