Search for: All records

Understanding network traffic characteristics of IoT devices plays a critical role in improving both the performance and security of IoT devices, including IoT device identification, classification, and anomaly detection. Although a number of existing research efforts have developed machine-learning based algorithms to help address the challenges in improving the security of IoT devices, none of them have provided detailed studies on the network traffic characteristics of IoT devices. In this paper we collect and analyze the network traffic generated in a typical smart homes environment consisting of a set of common IoT (and non-IoT) devices. We analyze the network traffic characteristics of IoT devices from three complementary aspects: remote network servers and port numbers that IoT devices connect to, flow-level traffic characteristics such as flow duration, and packet-level traffic characteristics such as packet inter-arrival time. Our study provides critical insights into the operational and behavioral characteristics of IoT devices, which can help develop more effective security and performance algorithms for IoT devices. 

While more and more consumer drones are abused in recent attacks, there is still very little systematical research on countering malicious consumer drones. In this paper, we focus on this issue and develop effective attacks to common autopilot control algorithms to compromise the flight paths of autopiloted drones, e.g., leading them away from its preset paths. We consider attacking an autopiloted drone in three phases: attacking its onboard sensors, attacking its state estimation, and attacking its autopilot algorithms. Several firstphase attacks have been developed (e.g., [1]–[4]); second-phase attacks (including our previous work [5], [6]) have also been investigated. In this paper, we focus on the third-phase attacks. We examine three common autopilot algorithms, and design several attacks by exploiting their weaknesses to mislead a drone from its preset path to a manipulated path. We present the formal analysis of the scope of such manipulated paths. We further discuss how to apply the proposed attacks to disrupt preset drone missions, such as missing a target in searching an area or misleading a drone to intercept another drone, etc. Many potential attacks can be built on top of the proposed attacks. We are currently investigating different models to apply such attacks on common drone missions and also building prototype systems on ArduPilot for real world tests. We will further investigate countermeasures to address the potential damages. 

Although consumer drones have been used in many attacks, besides specific methods such as jamming, very little research has been conducted on systematical methods to counter these drones. In this paper, we develop generic methods to compromise drone position control algorithms in order to make malicious drones deviate from their targets. Taking advantage of existing methods to remotely manipulate drone sensors through cyber or physical attacks (e.g., [1], [2]), we exploited the weaknesses of position estimation and autopilot controller algorithms on consumer drones in the proposed attacks. For compromising drone position control, we first designed two state estimation attacks: a maximum False Data Injection (FDI) attack and a generic FDI attack that compromised the Kalman-Filter-based position estimation (arguably the most popular method). Furthermore, based on the above attacks, we proposed two attacks on autopilot-based navigation, to compromise the actual position of a malicious drone. To the best of our knowledge, this is the first piece of work in this area. Our analysis and simulation results show that the proposed attacks can significantly affect the position estimation and the actual positions of drones. We also proposed potential countermeasures to address these attacks.