An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions

November 04, 2020 · The Cartographer · 🏛 IEEE Annual Information Technology, Electronics and Mobile Communication Conference

"No code URL or promise found in abstract"
"Title-pattern auto-detect: An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions"

Evidence collected by the PWNC Scanner

Authors Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam arXiv ID 2011.02587 Category cs.CR: Cryptography & Security Citations 13 Venue IEEE Annual Information Technology, Electronics and Mobile Communication Conference Last Checked 3 days ago

Abstract

Advances in the development and increased availability of smart devices ranging from small sensors to complex cloud infrastructures as well as various networking technologies and communication protocols have supported the rapid expansion of Internet of Things deployments. The Universal Plug and Play (UPnP) protocol has been widely accepted and used in the IoT domain to support interactions among heterogeneous IoT devices, in part due to zero configuration implementation which makes it feasible for use in large-scale networks. The popularity and ubiquity of UPnP to support IoT systems necessitate an exploration of security risks associated with the use of the protocol for IoT deployments. In this work, we analyze security vulnerabilities of UPnP-based IoT systems and identify attack opportunities by the adversaries leveraging the vulnerabilities. Finally, we propose prospective solutions to secure UPnP-based IoT systems from adversarial operations.