Protecting RESTful IoT Devices from Battery Exhaustion DoS Attacks

by   Stefan Hristozov, et al.

Many IoT use cases involve constrained battery-powered devices offering services in a RESTful manner to their communication partners. Such services may involve, e.g., costly computations or actuator/sensor usage, which may have significant influence on the power consumption of the service Providers. Remote attackers may excessively use those services in order to exhaust the Providers' batteries, which is a form of a Denial of Service (DoS) attack. Previous work proposed solutions based on lightweight symmetric authentication. These solutions scale poorly due to requiring pre-shared keys and do not provide protection against compromised service Requesters. In contrast, we consider more powerful attackers even capable of compromising legit Requesters. We propose a method that combines attacker detection and throttling, conducted by a third trusted Backend, with a lightweight authentication protocol. For attacker detection and throttling, we propose a novel approach using rate limitation algorithms. In addition, we propose and formally verify two authentication protocols suitable for different, widely used IoT network topologies. Our protocols ensure service availability for benign Requesters even if Providers are under a battery exhaustion attack. The protocols do neither require pre-shared keys between Requesters and Providers, nor the usage of asymmetric cryptography and public key infrastructures on the Provider. This makes our protocols suitable for a variety of IoT deployments involving constrained devices and constrained networks. We demonstrate the feasibility of our method through a simulation and a proof of concept implementation.


BLEWhisperer: Exploiting BLE Advertisements for Data Exfiltration

Bluetooth technology has enabled short-range wireless communication for ...

Towards Realistic Battery-DoS Protection of Implantable Medical Devices

Modern Implantable Medical Devices (IMDs) feature wireless connectivity,...

Access-based Lightweight Physical Layer Authentication for the Internet of Things Devices

Physical-layer authentication is a popular alternative to the convention...

Cloud-Based Secure Authentication (CSA) Protocol Suite for Defense against DoS Attacks

Cloud-based services have become part of our day-to-day software solutio...

Detecting FDI Attack on Dense IoT Network with Distributed Filtering Collaboration and Consensus

The rise of IoT has made possible the development of personalized servi...

The Cost of OSCORE and EDHOC for Constrained Devices

Many modern IoT applications rely on the Constrained Application Protoco...

Performance Analysis of Symmetric Key Ciphers in Linear and Grid Based Sensor Networks

The linear and grid based Wireless Sensor Networks (WSN) are formed by a...

Please sign up or login with your details

Forgot password? Click here to reset