Modeling, analysis, and detection of threats in the internet-of-things ecosystem

• Autores: Javier Carrillo Mondéjar
• Directores de la Tesis: José Luis Martínez Martínez (dir. tes.), Guillermo Nicolás Suárez de Tangil Rotaeche (codir. tes.)
• Lectura: En la Universidad de Castilla-La Mancha ( España ) en 2022
• Idioma: inglés
• Tribunal Calificador de la Tesis: Jose Miguel Such Aparicio (presid.), Ricardo Julio Rodríguez Fernández (secret.), Carlos Hernández Gañán (voc.)
• Programa de doctorado: Programa de Doctorado en Tecnologías Informáticas Avanzadas por la Universidad de Castilla-La Mancha
• Materias:
  • Matemáticas
    • Ciencia de los ordenadores
      • Informática
• Enlaces
  • Tesis en acceso abierto en: RUIdeRA
• Resumen

  • The appearance of the Internet of Things (IoT) in the technological world has brought about a revolution when it comes to integrating technology into the most everyday aspects of our lives. While traditional technological scenarios require direct interaction with devices, such as a computer or a mobile phone, the IoT world bases much of its logic on being transparent to the user while providing functionality. We find immediate examples in smart assistants, sensors, smart watches and video surveillance cameras. In addition, as if this were not enough, its application in certain areas has given rise to new technological scenarios such as smart cities, smart homes, cyber medicine and Industry 5.0.

    Although the success of IoT is undoubted and has changed the way users interact with technology, it brings with it great concerns regarding user security and privacy. The IoT ecosystem is made up of a large number of networked devices that interact with each other using a wide range of communication protocols. In general, these devices are designed to offer innovative services at a low price, but not much attention has been paid to security in their development. This, together with the inherent characteristics of this type of device, such as limited computing capacity and storage, as well as lack of updates from manufacturers, have led to these devices often presenting major security flaws that range from the use of default passwords or configurations to outdated software that contains publicly-known security vulnerabilities. This has caused the IoT to become one of the main targets for cybercriminals to attack, and the number of samples of malware specially designed for the IoT has grown significantly in recent years.

    In view of all the above, this thesis analyzes the problem of security in the IoT ecosystem with the aim of modeling, analyzing and detecting the main threats. First, we explore the SSH, Telnet and VoIP protocols through honeypot systems to analyze and understand how these protocols are exploited by cybercriminals and what actions they carry out. Second, we design and develop a framework to address the problem of Linux-based malware that is specially aimed at IoT environments, allowing the analysis and extraction of malware features both statically and dynamically, as well as a comparison with other samples that have already been studied. Then, we propose a methodology for automating the process of relating malware to known threats and vetting new unknown samples. Finally, we propose a methodology for adding defensive capabilities to IoT devices that are abandoned and no longer maintained by the manufacturer, allowing the addition of an additional layer of security against known threats in order to protect the devices against such attacks.