Your Smart Home Is not as Smart as You Think, Exposing Security Threats in IoT Devices
Internet Of Things Risks: Smart Home Device Security Threats
Abstract
The Internet of Things (IoT) devices connected to the Internet in 2015 is estimated to be five billion. This number is seen growing to twenty-five billion within the next five years and thought to be the third wave of the Internet boom as described by O’Brien (2015). This paper focuses on the security risks associated with smart home devices. Most consumers are unable to maintain smart home IoT devices. These device vulnerabilities are a safety hazard that motivated writing this paper. Weak authentication & authorization methods are security risks to IoT devices. Denial of service attacks (DoS) affects IoT device security and availability. The research includes the creation of a home network and sampling ten smart home IoT products. Vulnerability tests were conducted using system analysis software to determine if passwords are encrypted or clear text and to understand if a Denial of Service attack stopped the IoT device from providing service. Passwords were found to be clear text 60% of the time connecting from a web client to an IoT device. A DoS attack vulnerability test found 70% of the devices unusable. Ideas to resolve security issues would be adoption of an IoT device certification standard adopted by the industry IoT manufactures. Requirements to be put in place for manufacturers to release software updates through automated patching. The consumer’s smart home IoT security risk are growing as online device use explode, and IoT manufacturers must be held responsible for protecting consumers security and privacy.
Table of Contents
Limitations and Delimitations. 9
Architecture of Internet of Things. 10
Internet of Things Operating Systems. 11
Automated Software Updates. 12
Statistics and Data Analysis. 21
Internet of Things Risks: Smart Home Device Security Threats
Introduction
The computer revolution started years ago. Back then computers were as large as two refrigerators and disk drives were the size of refrigerators. They were cabled together with what were called bus and tag cables. The connectors on the end of the bus and tag cables were as large as today’s five and a half inch hard drive, and the cables were the thicker than garden hoses. Years have passed, and computers have continued to get smaller and faster. A new computer term arrived, The Internet Of Things (IoT).
Research by Farooq, Waseem, Mazhar, Khairi, and Kamal (2015) discusses the evolution of the IoT. They discuss that the term IoT arrived in 1982. They inform us that the first IoT project was a modified coke machine, which was network-enabled and connected to the internet. The coke machine was able to identify the number of drinks contained in the machine and whether the drinks were cold remotely over the Internet. By the time 1991 rolled around, Mark Weiser, a visionary that worked at Parc Xerox, had a contemporary vision of IoT, back then called ubiquitous computing. Weiser envisioned embedding microprocessors in everyday objects so they can communicate information. Kevin Ashton, in 1999, proposed the term “Internet of Things” to describe a system of interconnected devices. The idea of IoT is to allow the exchange of information between invisibly embedded different real world devices around us.
Problem
Barcena & Wueest (2015) discuss a research study by the Gartner Group. The research predicts more than 2.9 billion connected IoT devices in smart home environments in 2015. These Internet-based devices could provide a large target for attackers to target network enabled smart homes.
Research by Barcena & Wueest (2015) discusses that repeat use of weak passwords in IoT devices is a common security issue. Many IoT devices do not have a keyboard and configuration is typically done remotely. Many of the device vendors do not force the user to change the devices’ default passwords on installation. Some devices have unnecessary restrictions that can make the creation of long, complex passwords impossible.
Denial of Service attacks can affect the operations of an IoT. Kolias, Stavrou, Voas, Bojanova, & Kuhn (2016) discuss that denial of service attacks such as jamming, eavesdropping, or message injection are common and can go unnoticed. In a majority of cases, it is possible to manipulate media access control (MAC) layer messages execution by forging the transmission of the wireless protocol. The 802.11 Wi-Fi protocol is known to be susceptible to denial-of-service (DoS) and man-in-the-middle (MiM) attacks. The secret key is also known to be cracked quickly.
As Asplund and Nadjm-Tehrani (2016) pointed out a quiet revolution that impacts several sectors, ranging from transport, home automation, energy, industrial control, and health services is undergoing with the addition of new networked devices leading to enhanced services. In this paper, the aim is to identify information security risks that are common over several smart home IoT devices.
Purpose
The goal of this study is to examine Internet of Things (IoT) device security threats using mixed method research. Smart home IoT devices explored, and experiments will be conducted to understand the impact of authentication & authorization methods, denial of service attacks on IoT device security and quality of service quantitatively. Analysis and interpretation of data collected will yield recommendations for implementing security for IoT devices.
Research Questions
This paper will address two issues regarding smart home IoT security risks. First, why does the implementation of weak authentication & authorization methods change security risks to IoT devices? Second, does denial of service attacks affect IoT device security and availability?
Significance of the Study
The Internet of Things (IoT) is described by O’Brien (2015) as transforming and changing how we do business, go about daily activity and interact with others due to the undertaking of the rapid development of new software and hardware. IoT is the third wave of the Internet boom. Estimates and Predictions advise that up to five billion or more devices connected to the Internet. In the next five years, there will be twenty-five billion devices actively connected to the Internet. Sales from IoT are expected to exceed three hundred billion dollars.
O’Brien (2015) explained the IoT device application explosion is triggering concern about the security of the devices and the motives for which people’s personal data is collected and used. This personal data collection raised concerns and increased risk that corrupt individuals or groups with an ulterior motive will intercept this private information. Might IoT devices and products vulnerabilities trigger attacks against innocent consumers? The response is most likely yes. Hewlett-Packard reported in 2014 that it found seventy percent of IoT devices at risk to attack. The report found vulnerabilities include password security, encryption, and general lack of granular user access.
O’Brien (2015) conveyed that Federal Trade Commission (FTC) information identified that inexpensive IoT devices could be risky to buyers. IoT device manufacturers lack monetary incentives to provide software updates and support for their product vulnerabilities. Some examples of vulnerabilities identified by the FTC to customers are:
- Data transmissions of one’s personal information by smart televisions could be exploited or compromised
- Networks and systems attacked by IoT devices compromised used for denial-of-service attacks
- Risks to personal and physical safety. An insulin pump was hacked remotely and changed the settings to deny the delivery of further medicine
- Remote hacking of onboard automobile computer systems from another location
The significance of the study is to understand the security risks that are occurring in smart home IoT devices. Then present a policy to be followed by device manufacturers to make smart home IoT devices secure. The study will increase consumers awareness of security risks smart home devices have when making a choice to install IoT devices on their home network.
Definition of Terms
Denial-of-service (DoS) – An attack that is intended to prevent legitimate users from accessing or having full use of a computer system, rather than attempting to destroy, steal, or modify information Plant & Murrell (2007).
Man-in-the-middle (MiM) – an account hijacking threat where the attacker can alter or intercept messages in communications between two parties (Farooq, Waseem, Mazhar, Khairi, and Kamal 2015).
Media access control (MAC) – On an Ethernet LAN, each computer has a unique address (known as its MAC or hardware address), and all transmissions are strictly formatted to include source and destination addresses, plus error-detection codes to ensure that all collisions are detected (Plant & Murrell, 2007).
Limitations and Delimitations
A restriction or assumption for this research is that the network breached already occurred by a person or group. They have breached the network and are now working to gain access to the smart home IoT devices.
Assumptions
Weak authentication & authorization methods on IoT devices increase the threat of device penetration or security because breaking into weak authentication & authorization(clear text HTTP post) devices will be easier and faster than breaking into then and IoT device with high or strong encryption(HTTPS or SSL) method.
An increase in denial of services attacks on IoT device will decrease the availability of the IoT devices because it will not allow the IoT device to function by flooding the communication ports.
Literature Review
Many different industries use Internets of Things (IoT). Lin & Bergmann (2016) point out a few that are disrupting the industry verticals. Examples are smart home, industrial or manufacturing, automobile or transportation, healthcare, retail or merchandising and wellness and living. IoT devices, in most cases, are usually low powered and slower CPU chipsets that collect data and transmit back to a place to be centralized and turned into actionable information.
Architecture of Internet of Things
Architecture and standards produced by the Internet Engineering Task Force (IETF) played a key role in standardizing IoT industry as discussed by Lin & Bergmann (2016) and Kumar & Patel (2014). The layers adopted were the Application Layer (IETF, COAP), transport layer (UDP), network layer (IPv6, RPL), adaption layer (6LoWPAN), mac layer (802.15.4), and the physical layer (802.15.4). Today after these standards have been adopted, most IoT’s are usually run on light-weight communication protocols because the environments are constrained.
Lin & Bergmann (2016) concluded there were three architectures for data collection methods in IoT. They are middleware, cloud storage, and gateway architectures. The software layer called middleware sits between a low-level layer of devices and the high-level application layer. It usually provides a standard data exchange structure. Data collection in the cloud gives IoT devices an easy place to monitor, collect, store and process data. Data analyzed in the cloud can trigger actions defined by manufacturer or users for IoT control. The IoT gateway is the third example of data collection. This device runs on the network with other sensors and collects the data on that network centrally and then pushes the data to another location for analysis and processing.
Simply put by Lin & Bergmann (2016) informed the reader that the most common risks and attacks have three themes. Confidentiality, authentication, and access. Con?dentiality means allowing authorized users, both humans, and machines access to data. Cryptography is key to achieving con?dentiality. Authentication is verifying data is untampered with, and that the data can be veri?ed sent to the claimed author. Access refers to allowing authorized users to access data, communications infrastructure, and computing resources.
Internet of Things Operating Systems
Asim & Iqbal (2016) and Hahm, Baccelli, Petersen & Tsiftes (2016) identified common Operating Systems (OS) for IoT Environment are Mbed, RIOT, Contiki, and FreeRTOS. Integration of IoT to objects are possible via software along with Wireless Sensor Network (WSN) and RFID technologies. Interactions with objects or devices get enabled through the OS. The OS for IoT occupies a few kilobytes of memory and has low power consumption. The OS for IoT has some unique security features to avoid compromise of usability and stability of the OS. The OS for IoT is quite different compared to the regular operating system(Windows or Linux) because the goal is to use a low amount of resources, efficiently, when exchanging information between various devices. The IoT OS is still prone to third party attacks. Encryption, intrusion detection, and data hiding techniques are used to protect IoT infrastructure.
Network Protocols
Lin & Bergmann (2016) discuss the creation of low power Internet-enabled network protocols by the Internet Engineering Task Force (IETF) working groups. The following are the most used:
- IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN)
- IPv6 Routing Protocol for Low power and Lossy Networks (RPL)
These standards have played a significant role in the creation of light-weight communication protocols for constrained environments over the existing IP network.
Network Vulnerabilities
Asim & Iqbal (2016) identified Smurf, Black Hole, Sybil, Clone ID and Hello flooding vulnerabilities occurring on RPL networks. The 6LoWPAN network has fragmentation, confidentiality and authentication vulnerabilities. Lin & Bergmann (2016) consider the biggest vulnerability in Smart Home IoT devices is that homeowners cannot afford to hire security professionals to manage a complex smart home network.
Privacy Concerns
O’Brien (2015) discusses the liability that will occur more frequently as IoT devices get breached. An example is an autonomous car driving down the road. If the person that owns the autonomous car hits a person on the street, who is liable to pay for the injuries of the person hit? Would it be the manufacturer that built the vehicle that was driving the car or the person who purchased the car? These are interesting questions that will evolve with IoT devices in the years to come.
Automated Software Updates
One project discussed by Lin & Bergmann (2016) called Generic Extension for Internet-of-Things Architectures (GITAR), is meant to create a regular software patching or update system. The idea is similar to the way Microsoft Windows Update gets software patches installed on the Windows operating systems. The same would hold true for IoT manufacturers. They would integrate GITAR into the various IoT operating systems closing off the security vulnerabilities by automation of software updates before a breach occurs. As the IoT industry continues to grow over the next few years, more automatic update and patching of devices and sensors will make it easier for all the device manufacturers across industries to upgrade the software on a regular basis and lower the security risks for all IoT devices.
Many research papers had common themes. They were experiments on devices that discussed vulnerabilities or the overview of the IoT business outlining IoT Architecture and standards, operating systems used for IoT, methods of data collection and centralization, security vulnerabilities in current IoT environment and ideas around lowering security risks in the IoT device marketplace.
Hypothesis
Introduction
This research design will be an information security assessment of smart home IoT devices. The evaluation conducted is defined in the research design and hypothesis of the document. Scarfone, Souppaya, Cody, & Orebaugh (2008), in their paper, describes an information security assessment as a process of determining how effectively an entity assessment, an IoT device, in this case, meets specific security objectives. The paper identifies three types of evaluation methods used to accomplish the assessment. They are testing, examination, and interviewing. The process of exercising objects under stated conditions to equate real and projected behaviors is testing. The process of checking, inspecting, reviewing, witnessing, studying, or analyzing one or many objects to gain an understanding, reach an explanation, or find evidence is known as an examination. Interviewing is leading a discussion with a person or team inside an organization or business which answers a question or questions, checks evidence, or creates and explanation. In this research design, we will be using testing and examination evaluation methods.
Research Questions
This research design will address two issues regarding smart home IoT security risks. First, why does the implementation of weak authentication & authorization methods change security risks to IoT devices? The second research question is how a denial of service attack affects IoT device safety, security, and availability.
Hypothesis
Weak authentication & authorization methods on IoT devices increase the threat of device penetration or security because breaking into weak authentication & authorization(clear text HTTP post) devices will be easier and faster than breaking into then and IoT device with high or strong encryption(HTTPS or SSL) method.
An increase in denial of service attacks on IoT device will decrease the availability of the IoT devices because it will not allow the IoT device to function by flooding the communication ports.
Null Hypothesis
Weak authentication & authorization methods on IoT devices does not increase the threat of device penetration because breaking into weak authentication & authorization(clear text HTTP post) devices will be easier and faster than breaking into then and IoT device with high or strong encryption(HTTPS or SSL) method.
An increase in denial of service attacks on IoT device will not decrease the availability of the IoT devices because it will not allow the IoT device to function by flooding the communication ports.
Research Design
Introduction
The purpose of this research design is to conduct vulnerability tests on the smart home internet of things (IoT) devices and identify the security threats using mixed method research. Goel & Mehtre (2015), in their research paper, refer to vulnerabilities flaw in the application, which allows an attacker to harm the user of the application or gain elevated privileges.
A selected sampling of smart home IoT devices picked, and vulnerability tests carried out on the authentication & authorization methods and denial of service attacks on IoT device security and quality of service quantitatively. Analysis and interpretation of data collected will yield results of the test.
IoT Sampling Size
The sampling size, as defined by Kumar (2014) is a process of picking a few, or a sample from a larger group (the sampling population) which is the basis for estimating or predicting the frequency of an unidentified piece of information, situation or outcome regarding the bigger group. A subgroup of the population that is studied is known as a sample.
This research design will select a sample of ten smart home IoT devices. Sample size for this research design use the following selection criteria:
- Home users install the device, not professionals
- Continuous IoT connection to the Internet
- Device is accessible via web page to configure
- The device uses a wireless connection
Research Method
The research instrument for testing the hypothesis’s of this paper will be software installed on the simulated home computer network. The result of the literature review uncovered many discussions about vulnerabilities of smart home IoT devices. None of the literature stated the method of collecting the raw data for a vulnerability discussed. Asim & Iqbal (2016) discussed the IoT operating systems and security challenges, but there was no mention the process or steps that were taken to identify the vulnerability. In this research method, we will describe the method planned for each hypothesis described.
This research method is a simple process. It will discuss the software to be used as the instrument or the software to conduct data collection, the home installation and configuration of the network router, IoT device installation on the network and data collection. Last the data collection format for the data collected from each vulnerability test. Then perform one test per hypothesis per smart home IoT device.
Network and Computer Environment Set-up.
For each smart home IoT device, we will need the following:
- Network router set-up defined in installation instructions
- The IoT device installed per manufactures installation instructions
- A computer to run diagnostic software and software for data collection
- Wireshark network sniffing software
- Denial of service emulation software
- Excel spreadsheet to record results
Software Used in Test
Software used during the data collection:
Wireshark.
Wireshark, a network analyzer or know by some as a network sniffer is one piece of software used. Banerjee Vashishtha & Saxena (2010) describe this software as logging data packets. Data packet holds information such as the protocol used, destination hardware address and much more information. Unreliable packets detection occurs studying the contents. This study design we will search for the user id and password sent from the web browser to the IoT device.
Opnet Modeler Suite.
The Opnet Modeler suit is a product that can simulate a denial of service attack. Bahl, Sharma, & Verma (2012) describe a denial of service (DoS) attack as series of packets flooding the network that leaves a device unable to send and receive packets. The device is no longer able to perform the service it was designed to do(an example might be a webcam or thermostat).
Microsoft Excel.
Tracking, collection and graphing of data documented with Microsoft Excel.
Network Configuration.
Comcast Network will simulate a consumer’s network; The Surfboard SBG6782-AC will be set-up following the Comcast installation instructions contained in ARRIS Enterprises (2015). ARRIS Enterprises (2015) Describes the specifications as a device with four products in one. Which includes:
- DOCSIS 3.0 cable modem
- Dual-Band Concurrent 802.11ac Wi-Fi Access Point
- 4-Port Gigabit Ethernet Router and MoCA Technology
- MoCA Technology
IoT Device Installation.
A sample of smart home IoT devices are complete, and devices purchased or on loan from the manufacturer. The devices installed on the Comcast network as documented in the installation guide supplied. Each IoT device installed according to the manufacturer instructions.
Data Collection Method
Two software vulnerability tests performed against each IoT device to collect data. The data will assist in answering the research questions and hypothesis.
Network Analysis For User Id and Password.
Network traffic will be collected using Wireshark as the connection from the computer workstation to the smart home IoT device passes the user id and password over the network to log in. The high-level process will include the following steps:
- Start Wireshark network sniffing
- Record default username and password to login into the IoT device
- Login with username and password
- Stop Wireshark sniffing software
- Save file off for data analysis
Denial of Service Attack.
Network traffic will be collected using Wireshark as the connection from the computer workstation to the smart home IoT devices passes the user id and password over the network to log in. A simulated DoS attack started using Opnet Modeler Suite. With a DoS attack in progress, the login processes are conducted again and confirm or deny a successful login.
The high-level process will include the following steps:
- Install IoT device
- Record default username and password to login into the IoT device
- Start Wireshark network sniffing
- Login to the site via URL supplied in documentation
- Log out of the site provided by the IoT device
- Save file off for data analysis
- Start a DoS simulation targeted at the IoT Device
- Repeat step 3 through 5
- Save file off for data analysis
Summary and Analysis
The data collected will be analyzed. The data to be analyzed is from the Wireshark network logs, the DoS data gathered by the Opnet Modeler Suite, and the raw data recorded in the Excel spreadsheet. The data will produce a report and discuss the findings for each IoT device. The objective of the document is to describe for each IoT device tested:
- The password was cleartext or encrypted on login from the client to the IoT device URL
- The IoT device could be logged into from web client to IoT device URL while a DoS attack was in process
We also summarize the results to depict the percentages of the two tests described above.
Limitations of Study
A restriction or assumption for this research is that the network breached already occurred by a person or group. The attackers have breached the user’s home network and are now working to gain access to the smart home IoT devices.
Another limitation of study could be the cost to buy the hardware if the manufacturers can not lend hardware for a security test.
Results
Introduction
The results of the research will cover the sample devices selection, the results and the analysis performed on the data.
Sample
A sampling of ten smart home IoT devices collected. Selection criteria for the sample size are using only devices installed by the home user. Other criteria for selecting the sample size were the user must log into the device via a URL to configure the device and device is always on, available, and communicating over the Internet wirelessly. Table 1 shows the sample devices used in data collection**.**
Table 1
NOTE: These is not valid data. Ran out of time with the research Paper
Smart Home IoT Device Sample
Device
Name
Type
ACTi IP Camera
Web Camera
Dahua DVR
DVR
Dahua Ip Camera
Web Camera
Honeywell Wi-Fi Smart Thermostat
Thermostat
IPX-DDK DVR
DVR
Mobotix Network Camera
Web Camera
Nest Camera
Web Camera
Samsung Thermostat
Thermostat
Swann 8-Channel 1080p DVR
DVR
Vivotek IP Camera
Web Camera
A summary of the device types selected in the sample are:
- 5 Home web cameras
- 3 Digital Video Recorders (DVR)
- 2 Thermostats
Collected Data
NOTE: These is not valid data. Ran out of time with the research Paper
Data collection for the IoT devices completed now the data most be coded and prepared for data analysis. The first set of the data gathered in Table 2 includes the default user id and password obtained from each IoT device installation manual. Scanning of the raw network logs for the user id and password while the client logged into to the IoT device. The data collected were the device name, user id, password and a Yes or No variable called Password Encrypted. The value of Yes indicates the password is encrypted. If No then the password was found to be in clear text in the log analysis.
The second data collection for the DoS attack on an IoT device is the use of Wireshark to sniff the network traffic and save two log files. One log file with no DoS attack simulated and one log file saved after login in from client to IoT device during a simulated DoS attack on the IoT device using the Opnet Modeler Suite software. DoS and login before a DoS service attack and a Login during a DoS attack. This data is available in Table 2. Both values were recorded as Yes if the login is successful and No if login is unsuccessful.
Table 2
Data Collection Results For Password Authentication and DoS Login
NOTE: These is not valid data. Ran out of time with the research Paper
Password
DoS Login
Device Name
User id
Password
Encrypted
Before
During
ACTi IP Camera
admin
123456
No
Yes
No
Dahua DVR
root
8888888
Yes
Yes
No
Dahua Ip Camera
root
7ujMk0admin
No
Yes
Yes
Honeywell Wi-Fi Smart Thermostat
admin
hwadmin
Yes
Yes
No
IPX-DDK DVR
supervisor
supervisor
No
Yes
No
Mobotix Network Camera
admin
meinsm
No
Yes
No
Nest Camera
nestadmin
54321
Yes
Yes
Yes
Samsung Thermostat
sadmin
temp123
No
Yes
No
Swann 8-Channel 1080p DVR
admin
VideoIQ
Yes
Yes
No
Vivotek IP Camera
root
zipper
No
Yes
Yes
Statistics and Data Analysis
NOTE: These is not valid data. Ran out of time with the research Paper
All ten devices were attached to the network and tested. The results of the research found that clear text authentication & authorization methods on IoT devices occurred 60% of the time. The other 40% had an encryption applied to the password. The results confirmed the hypotheses set-up to test was true.
While a simulated DoS attack occurred, 70% of the time, the login to the IoT device failed from a web browser client. These results confirm the hypothesis that the DoS flooded the communication ports of the devices and stopped the device from providing any services.
Discussion and Conclusion
Resolving the security issues of IoT devices is achievable. Many IoT devices are installed with default passwords and have no requirement to change the password on the first login to the device. This paper examined IoT security threats. It questioned if the implementation of weak authentication & authorization methods changes security risks to IoT devices. The paper also examined another research problem, which was to find out if denial of service attacks affect IoT device security and availability.
The purpose of the paper was to identify if IoT devices use clear text or encrypted passwords when authenticating the login into the IoT device and discover if a DoS on IoT devices affect its service.
The research method sample included ten smart home IoT devices vulnerability tested with specific a data collection method on a network installed with a default configuration. For each device, two vulnerability tests were conducted to identify security risks in the smart home IoT products.
The research results supported both hypotheses. A majority or 70% of IoT devices services are dysfunctional with a simulated DoS attack in progress. More than half of the devices or 60% of them use clear text when a login in occurs from a web client to the IoT device. From a consumer’s perspective, this is a high risk for devices that take on crucial functions in a home such as heating and cooling or monitoring security.
The results of the literature review found much of the existing research outlined know vulnerabilities that can occur. None of the research papers reviewed conducted vulnerability test that collected data on devices and outlined results. Further research should be carried out in the future on the most popular smart home IoT products. Once done consumers need an awareness of the security risks, they may encounter before purchasing smart home IoT merchandise off the shelf.
IoT device security certification testing and standards adoption is paramount to be put in place by the IoT manufacturers or the governing body for IoT manufacturers. As more and more consumer smart home IoT devices come online, the security risk is growing, and IoT manufacturers must be held accountable for protecting consumers security, privacy and held legally libel from breaches that should be prevented by automated product patching. This paper is one step towards exposing consumers to the manufacturer’s security vulnerabilities and the hope that future research continues to conduct simple vulnerability tests which increase the legal liabilities and force changes to the way devices manufacturers produce products in the future.
References
Asim, M., & Iqbal, W. (2016). IoT operating systems and security challenges. International Journal of Computer Science and Information Security, 14(7), 314-318. Retrieved from http://search.proquest.com.ezproxy2.apus.edu/docview/1815514758?accountid=8289
ARRIS Enterprises. (2015). Surfboard SBG6782-AC Wireless Gateway with MoCA User Guide. [PDF]. Retrieved from
http://surfboard.com/wp-content/uploads/2016/05/ARRIS_SURFboard_SBG6782-AC_User_Guide.pdf
Asplund, M., & Nadjm-Tehrani, S. (2016). Attitudes and perceptions of IoT security in critical societal services. IEEE Access, 4, 2130-2138. doi:10.1109/ACCESS.2016.2560919
Bahl, N., Sharma, A. K., & Verma, H. K. (2012). On denial of service attacks for wireless sensor networks. International Journal of Computer Applications, 43(6), 43-47. doi:10.5120/6111-8348
Banerjee, U., Vashishtha, A., & Saxena, M. (2010). Evaluation of the capabilities of WireShark as a tool for intrusion detection. International Journal of Computer Applications, 6(7) doi:http://dx.doi.org.ezproxy1.apus.edu/10.5120/1092-1427
Barcena, M. B., & Wueest, C. (2015, March 12). Insecurity in the Internet of Things [PDF Document]. Retrieved from https://www.symantec.com/content/dam/symantec/docs/white-papers/insecurity-in-the-internet-of-things-en.pdf
Farooq, M. U., Waseem, M., Mazhar, S., Khairi, A., & Kamal, T. (2015). A review on internet of things (IoT). International Journal of Computer Applications, 113(1) doi:http://dx.doi.org.ezproxy2.apus.edu/10.5120/19787-1571
Goel, J. N., & Mehtre, B. M. (2015). Vulnerability assessment & penetration testing as a cyber defence technology. Procedia Computer Science, 57, 710-715. doi:10.1016/j.procs.2015.07.458
Kolias, C., Stavrou, A., Voas, J., Bojanova, I., & Kuhn, R. (2016). Learning internet-of-things security “hands-on”. IEEE Security & Privacy, 14(1), 37-46. doi:10.1109/MSP.2016.4
Kumar, R. (2014). Research methodology: A step-by-step guide for beginners (4th ed.). Los Angeles, CA: SAGE Publications.
Kumar, J. S., & Patel, D. R. (2014). A survey on internet of things: Security and privacy issues. International Journal of Computer Applications, 90(11) doi:http://dx.doi.org.ezproxy1.apus.edu/10.5120/15764-4454
Lin, H., & Bergmann, N. W. (2016). IoT privacy and security challenges for smart home environments. Information, 7(3), 44. doi:http://dx.doi.org.ezproxy1.apus.edu/10.3390/info703004
O’Brien, H. M. (2015, 10). The internet of things: The inevitable collision with product liability. The Licensing Journal, 35, 6-12. Retrieved from http://search.proquest.com.ezproxy1.apus.edu/docview/1729721023?accountid=8289
Plant, R. T., & Murrell, S. (2007). An Executive’s Guide to Information Technology: Principles, Business Models, and Terminology. Cambridge: Cambridge University Press.
Scarfone K., Souppaya M., Cody A., Orebaugh A. (2008) Technical Guide To Information Security Testing and Assessment (NIST Special Publication800-115). National Institute of Standards and Technology. Retrieved from: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf.