Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Adaptive Counteraction Against Denial of Service Attack
KTH, School of Electrical Engineering (EES), Network and Systems engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Adaptiv Motverkan mot Denial of Service Attack (Swedish)
Abstract [en]

The Internet of Things (IoT) is the next generation of networked society where billions of, everyday-life, devices are directly connected to the Internet and able to communicate with each other. In particular, the Constrained Application Protocol (CoAP) has become the de-facto IoT standard for communication at the application layer, as a lightweight web transfer protocol affordable also for resource-constrained platforms. However, as IoT devices are directly connected to the Internet, they are especially vulnerable to a number of security attacks including Denial of Service (DoS), which can seriously worsen their performance and responsiveness, and even make them totally unavailable to serve legitimate requests.

In this Master's Thesis project, we have developed a cross-layer and context-aware approach that adaptively counteracts DoS attacks against CoAP server devices, by dynamically adjusting their operative state according to the attack intensity. This considerably limits the impact of DoS attacks and preserves service availability of victim devices to the best possible extent. The proposed approach leverages a trusted Proxy that adaptively shields victim devices, while effectively forwarding and caching messages if needed. We have made a proof-of-concept implementation of our solution for the Californium framework and the CoAP protocol, and experimentally evaluated its effectiveness in counteracting DoS and preserving availability of devices under attack.

This Master's Thesis project has been conducted in collaboration with RISE SICS, a research institute for applied information and communication technology in Sweden.

Abstract [sv]

Sakernas Internet (IoT) är nästa generations nätverkssamhälle där miljarder av, vardagliga, enheter är direkt anslutna till Internet och har möjlighet att kommunicera med varandra. Särskilt har CoAP, ett lättviktsprotokoll för webbtrafik som även fungerar för plattformar med begränsade resurser, blivit Sakernas Internets standard för kommunikation på applikationslagret. Men eftersom IoT-enheter är direkt anslutna till Internet så är de också speciellt utsatta för ett antal säkerhetsattacker, inklusive DoS, som kan försämra deras prestanda och mottaglighet avsevärt och i värsta fall göra dem helt otillgängliga för legitima förfrågningar.

I detta examensarbete har vi utvecklat en lageröverskridande och kontextmedveten metod som adaptivt motverkar DoS attacker mot CoAP serverenheter genom att dynamiskt anpassa enhetens operativa tillstånd i enlighet med attackintensiteten. Detta begränsar DoS-attackers påverkan på enheterna avsevärt samtidigt som det bibehåller tillgänglighet för tjänster på utsatta enheter till största möjliga utsträckning. Den föreslagna metoden utnyttjar en betrodd proxy som adaptivt skyddar utsatta enheter, samtidigt som den effektivt vidarebefordrar och sparar meddelanden om så behövs. I detta arbete har vi skapat en proof of concept-implementation av vår lösning för Californium-ramverket och CoAP protokollet. Arbetet har utvärderats experimentellt för att undersöka lösningens effektivitet när det gäller att motarbeta DoS-attacker samt hur den bibehåller enheters tillgänglighet under attacker.

Detta uppsatsprojekt har utförts i samarbete med RISE SICS som är ett forskningsinstitut för tillämpad informations- och kommunikationsteknik i Sverige.

Place, publisher, year, edition, pages
2017. , p. 90
Series
TRITA-EE, ISSN 1653-5146 ; 2017:119
Keywords [en]
Security, Denial of Service, Adaptive Counteraction, Cross-Layer, CoAP, Internet of Things.
Keywords [sv]
Säkerhet, Överbelastningsattacker, Adaptiv Motverkan, Lageröverskridande, CoAP, Sakernas Internet
National Category
Communication Systems Telecommunications
Identifiers
URN: urn:nbn:se:kth:diva-219382OAI: oai:DiVA.org:kth-219382DiVA, id: diva2:1162616
External cooperation
RISE SICS (Swedish Institute of Computer Science)
Subject / course
Communication Networks
Educational program
Master of Science - Network Services and Systems
Presentation
2017-09-13, NSE seminar room, Osquldas vag 6-8, Floor 4, Stockholm, 14:00 (English)
Supervisors
Examiners
Available from: 2017-12-07 Created: 2017-12-05 Last updated: 2017-12-07Bibliographically approved

Open Access in DiVA

thesis-syafiq(1523 kB)147 downloads
File information
File name FULLTEXT01.pdfFile size 1523 kBChecksum SHA-512
a2966360ec3b98b87ca901f198d19627dce595323294c90a0a65382491c7cefa1260c7f099fd85b9aa07fb40279a1a99d66a6ff66d555386017f7376505a3af4
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Atiiq, Syafiq Al
By organisation
Network and Systems engineering
Communication SystemsTelecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 147 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 304 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf