Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Bachelor's Thesis |
| Scope | Discipline-based scholarship |
| Title | Design and Implementation of Moving Target Defense Techniques to Break the Cyber Kill Chain in IoT Devices |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2023 |
| Abstract Text | With rising popularity of Internet of Things (IoT) devices for smart homes and industry 4.0, the cyber attacks affecting those devices also increases. Due to their static nature, low security and resource limitation, they are easy targets for Cybercriminals. To make it more difficult for attackers to attack IoT devices, Moving Target Defense (MTD) as paradigm seems promising. The goal of MTD is to dynamically change the static nature of the device by changing system parameters to disturb or mitigate the ongoing attack. This thesis proposes a design and an implementation of a lightweight MTD framework, which is able to deploy security solutions against two specific cyber attacks on an IoT device which is based on a Linux operating system. The device fulfils the purpose of a radio spectrum sensor. Depending on the attack report from an external monitoring application, the MTD framework deploys the corresponding MTD solution to deal with Reconnaissance attacks and Cryptojackers. To measure the effectiveness and performance of the provided MTD solution, the solutions are run against real malware. The results seem promising and are able to mitigate the ongoing attack in a lightweight manner without consuming too much resources of the IoT device. The result for dealing with Reconnaissance attacks includes a firewall setup and a dynamic change of the MAC address to confuse the attacker. This leads to 3933.3% more waiting time for the attacker to receive an unusable result which contains only the wrong MAC address that indicates another device instead of the Raspberry Pi used in this thesis. For the Cryptojacker a dynamic solution is proposed which uses the knowledge about the consensus of Proof of Work, to monitor the network traffic to mitigate the ongoing Cryptojacker. By using a whitelist of allowed tasks using network, every deviation from the whitelist indicates malicious behaviour. By changing the moving parameter, which is the nice value of the task scheduler, it does not provide better results by mitigating the Cryptojacker and can therefore be omitted. In combination with the firewall from the Reconnaissance attack after the Cryptojacker was detected and killed, there is no chance for the Cryptojacker to restart again, since the firewall only allows certain ports and already established connections to send and receive data from the internet. This thesis shows that a combination of a static firewall with a dynamic MTD solution achieves great results defending against Cryberattacks which target IoT devices. Also some information gathered about resource consumption is discussed to illustrate the impact of the attacks on resource constrained IoT devices. |
| PDF File |
Download
|
| Export |
BibTeX
|