Advanced search
Publication Cover
Connection Science Volume 34, 2022 - Issue 1
Submit an article Journal homepage
1,444
Views
1
CrossRef citations to date
0
Altmetric
Special Issue: Advanced Security on Software and Systems

Assessing smart light enabled cyber-physical attack paths on urban infrastructures and services

Ioannis StelliosSecLab, Department of Informatics, University of Piraeus, Piraeus, GreeceCorrespondence[email protected]
View further author information
,
Kostas MokosSecLab, Department of Informatics, University of Piraeus, Piraeus, GreeceView further author information
&
Panayiotis KotzanikolaouSecLab, Department of Informatics, University of Piraeus, Piraeus, GreeceView further author information
Pages 1401-1429 | Received 18 Jan 2022, Accepted 25 Apr 2022, Published online: 14 May 2022

References

  • Agadakos, I., Chen, C. Y., Campanelli, M., Anantharaman, P., Hasan, M., Copos, B., Lepoint, T., Locasto, M., Ciocarlie, G. F., & Lindqvist, U. (2017). Jumping the air gap: Modeling cyber-physical attack paths in the Internet-of-Things. In Proceedings of the 2017 workshop on cyber-physical systems security and privacy (pp. 37–48). ACM.
  • Akhavan, Z., Esmaeili, M., Sikeridis, D., & Devetsikiotis, M. (2021). Internet of things-enabled passive contact tracing in smart cities. Internet of Things, 18(1533), 100397. https://doi.org/10.1016/j.iot.2021.100397
  • AlDairi, A. (2017). Cyber security attacks on smart cities and associated mobile technologies. Procedia Computer Science, 109(1), 1086–1091. https://doi.org/10.1016/j.procs.2017.05.391
  • Andrade, R. O., Yoo, S. G., Tello-Oquendo, L., & Ortiz-Garcés, I. (2020). A comprehensive study of the IoT cybersecurity in smart cities. IEEE Access, 8, 228922–228941. https://doi.org/10.1109/Access.6287639
  • Apthorpe, N., Reisman, D., & Feamster, N. (2017). A smart home is no castle: Privacy vulnerabilities of encrypted IOT traffic. arXiv preprint arXiv:1705.06805.
  • Cerrudo, C. (2015). An emerging US (and world) threat: Cities wide open to cyber attacks. Securing Smart Cities, 17, 137–151.
  • Costin, A. (2016). Security of CCTV and video surveillance systems: Threats, vulnerabilities, attacks, and mitigations. In Proceedings of the 6th international workshop on trustworthy embedded devices (pp. 45–54). ACM.
  • Dhanjani, N. (2013). Hacking lightbulbs: Security evaluation of the Philips Hue personal wireless lighting system. Internet of Things Security Evaluation Series, 1–46.
  • Do, Q., Martini, B., & Choo, K. K. R. (2018). Cyber-physical systems information gathering: A smart home case study. Computer Networks, 138(15), 1–12. https://doi.org/10.1016/j.comnet.2018.03.024
  • Ferrigno, J., & Hlaváč, M. (2008). When AES blinks: introducing optical side channel. IET Information Security, 2(3), 94–98. https://doi.org/10.1049/iet-ifs:20080038
  • FIRST.Org (2019). Common vulnerability scoring system v3.1: User guide [Computer Software Manual]. Retrieved from https://www.first.org/cvss/v3-1/cvss-v31-user-guide_r1.pdf.
  • Ghena, B., Beyer, W., Hillaker, A., Pevarnek, J., & Halderman, J. A. (2014). Green lights forever: Analyzing the security of traffic infrastructure. In 8th {USENIX} workshop on offensive technologies ({WOOT} 14). USENIX.
  • Guri, M., & Bykhovsky, D. (2019). Air-jumper: Covert air-gap exfiltration/infiltration via security cameras & infrared (IR). Computers & Security, 82(11), 15–29. https://doi.org/10.1016/j.cose.2018.11.004
  • Guri, M., Hasson, O., Kedma, G., & Elovici, Y. (2016). An optical covert-channel to leak data through an air-gap. In 2016 14th annual conference on privacy, security and trust (pst) (pp. 642–649). IEEE.
  • Herzberg, B., Bekerman, D., & Zeifman, I. (2016). Breaking down mirai: An IoT DDoS botnet analysis. Incapsula Blog, Bots and DDoS, Security.
  • Huang, E. (2018). Smart lighting most widely adopted in industrial market yet grows at fastest pace in residential space. Retrieved from https://www.ledinside.com/news/2018/2/smart_lighting_most_widely_adopted_in_industrial_market_yet_grows_at_fastest_pace_in_residential_space.
  • Kayas, G., Hossain, M., Payton, J., & Islam, S. R. (2020). An overview of UPnP-based IoT security: Threats, vulnerabilities, and prospective solutions. In 11th IEEE annual information technology, electronics and mobile communication conference (IEMCON) (pp. 0452–0460). IEEE.
  • Kurtz, G. (2021). 2021 global threat report [Techreport].
  • Lella, I., Theocharidou, M., Tsekmezoglou, E., & Malatras, A. (2021, October). ENISA threat landscape 2021. ENISA.
  • Levy, J. (2021). Sophos 2022 threat report: Interrelated threats target an interdependent world [Techreport].
  • Liu, H., Spink, T., & Patras, P. (2019). Uncovering security vulnerabilities in the Belkin WeMo home automation ecosystem. In 2019 IEEE international conference on pervasive computing and communications workshops (PerCom workshops) (pp. 894–899). IEEE.
  • Maiti, A., & Jadliwala, M. (2019). Light ears: Information leakage via smart lights. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 3(3), 1–27. https://doi.org/10.1145/3351256
  • Maiti, A., & Jadliwala, M. (2020). Smart light-based information leakage attacks. GetMobile: Mobile Computing and Communications, 24(1), 28–32. https://doi.org/10.1145/3417084.3417091
  • Mi, X., Qian, F., Zhang, Y., & Wang, X. (2017). An empirical characterisation of IFTTT: Ecosystem, usage, and performance. In Proceedings of the 2017 internet measurement conference (pp. 398–404). ACM.
  • Morgner, P., Mattejat, S., & Benenson, Z. (2016). All your bulbs are belong to us: Investigating the current state of security in connected lighting systems. arXiv preprint arXiv:1608.03732.
  • Notra, S., Siddiqi, M., Gharakheili, H. H., Sivaraman, V., & Boreli, R. (2014). An experimental study of security and privacy risks with emerging household appliances. In 2014 IEEE conference on communications and network security (pp. 79–84). IEEE.
  • Ronen, E., O'Flynn, C., Shamir, A., & Weingarten, A. O. (2016). IoT goes nuclear: Creating a ZigBee chain reaction. IACR Cryptology EPrint Archive, 2016, 1047. https://doi.org/10.1109/SP.2017.14
  • Ronen, E., & Shamir, A. (2016). Extended functionality attacks on IoT devices: The case of smart lights. In 2016 IEEE european symposium on security and privacy (Euros&P) (pp. 3–12). IEEE.
  • Ross, R. S. (2012). NIST SP-800-30rev1 guide for conducting risk assessments. The National Institute of Standards and Technology (NIST).
  • Schwittmann, L., Boelmann, C., Matkovic, V., Wander, M., & Weis, T. (2017). Identifying TV channels & on-demand videos using ambient light sensors. Pervasive and Mobile Computing, 38(1), 363–380. https://doi.org/10.1016/j.pmcj.2016.08.018
  • Schwittmann, L., Matkovic, V., & Weis, T. (2016). Video recognition using ambient light sensors. In 2016 IEEE international conference on pervasive computing and communications (PerCom) (pp. 1–9). IEEE.
  • Sikder, A. K., Babun, L., Aksu, H., & Uluagac, A. S. (2019). Aegis: A context-aware security framework for smart home systems. In Proceedings of the 35th annual computer security applications conference (pp. 28–41). ACM.
  • Stellios, I., Kotzanikolaou, P., & Grigoriadis, C. (2021). Assessing IoT enabled cyber-physical attack paths against critical systems. Computers & Security, 107, 102316. https://doi.org/10.1016/j.cose.2021.102316
  • Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., & Lopez, J. (2018). A survey of iot-enabled cyberattacks: Assessing attack paths to critical infrastructures and services. IEEE Communications Surveys & Tutorials, 20(4), 3453–3495. https://doi.org/10.1109/COMST.9739
  • Stellios, I., Mokos, K., & Kotzanikolaou, P. (2021). Assessing vulnerabilities and IoT-enabled attacks on smart lighting systems. In 4th international workshop on attacks and defenses for internet-of-things. Springer.
  • Wu, L., Wei, X., Meng, L., Zhao, S., & Wang, H. (2022). Privacy-preserving location-based traffic density monitoring. Connection Science, 24(1), 1–21. https://doi.org/10.1080/09540091.2021.1993137
  • Xu, Y., Frahm, J. M., & Monrose, F. (2014). Watching the watchers: Automatically inferring tv content from outdoor light effusions. In Proceedings of the 2014 ACM sigsac conference on computer and communications security (pp. 418–428). ACM.
  • Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., & Shen, X. S. (2017). Security and privacy in smart city applications: Challenges and solutions. IEEE Communications Magazine, 55(1), 122–129. https://doi.org/10.1109/MCOM.2017.1600267CM
  • Zhang, L., & Xu, J. (2022). Blockchain-based anonymous authentication for traffic reporting in VANETs. Connection Science, 34(1), 1038–1065. https://doi.org/10.1080/09540091.2022.2026888
  • Zheng, Z., Zhou, Y., Sun, Y., Wang, Z., Liu, B., & Li, K. (2022). Applications of federated learning in smart cities: recent advances, taxonomy, and open challenges. Connection Science, 34(1), 1–28.
  • Zhou, Z., Zhang, W., & Yu, N. (2018). IREXF: Data exfiltration from air-gaped networks by infrared remote control signals. arXiv preprint arXiv:1801.03218.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.