Article Preview
TopIntroduction
In recent years, the number of Internet enabled devices is increasing everyday exponentially. According to Ericsson Mobility Report (Ericsson, 2016) in the third quarter of 2016 there are more than 7.5 billion mobile subscriptions worldwide and most of the half of them are broadband. In most of the countries the penetration rate is over 100% which means that there are more mobile devices than the population. In UK in the first quarter of 2016 the percentage of mobile users between the adult population was 93% while more than 71% of the adult population use smart phones and 66% of the mobile users use their smart phone to access the Internet as reported by OfCom (OfCom, 2017). Apart from smart phones, other internet-enabled devices have appeared such as smart TVs, watches, security cameras, printers, washing machines, etc. which are connected to the Internet either directly or through pairing with a smart phone. All these devices are potential victims of the malevolent hackers who wish to exploit security weaknesses of the new devices and the privacy insensitivity or even ignorance of the users. As the number of the devices is increasing and as more and more types of devices are Internet-connected, the possibility of a device high jacking is also increasing. The most apparent reason for this is stealing private information such as financial information, personal emails and photos, etc. which can be used by the attacker for personal gain. However, someone would wonder why someone would like to take control of a smart washing machine apart from playing a trick on the device owner? A smart device, part of the Internet of Things (IoT), since it is connected to Internet is a valuable resource of the network and can be used in the service of, for example, a bot network to attack other legitimate users of the network. This type of attacks has already been reported (Kührer et al., 2014) especially using devices such as routers, VoIP gateways, network printers and surveillance cameras. Latest reports from various security firms have disclosed several serious attempts for distributed denial-of-service volumetric attacks attributed to IoT botnets. An example of such a DDoS attack was reported on September 2016 against the Brian Krebs’s security blog. An attack that created traffic of over 600 Gbps and was attributed to an IoT botnet created by Mirai malware (Bertino & Islam, 2017). The same month another attack was reported against the OVH French webhost at 1.1 or more Tbps (US CERT, 2017). On October 21st, 2016, Dyn Service Provider in the US experienced the largest so far reported DDoS attack of more than 1 Tbps which again is attributed to the infected from Mirai malware IoT devices (Arbor Networks, 2016).