Abstract:
Presently Internet of Things (IoT) devices perform variety of services ranging from control of home appliances to their application in industrial sector. This technology has achieved broad acceptance by all sectors of life due to its features like low cost, energy efficient, and availability. According to a report there will be 20.4 billion IoT devices by 2020 [1]. Cyber criminals use this wide spread use of IoT as an amplifying platform to launch cyber-attacks [2]. IoT devices consume low power and have less computational capability. Complex cryptographic solutions are not considered efficient or feasible in IoT world. These devices do not have very convenient user interface to facilitate complex password management and regular patching of firmware. IoT objects have become ‘once fix and remain on’ type of devices. Users do not bother till the device is working. In most cases IoT devices have 24/7 Internet connection. Such environment ideally suits the cyber criminals. In the absence of common industry standards and less user awareness, criminals can breed IoT based botnet without much difficulty. These botnets can be used to carryout various malicious activities including DDoS attack against a particular target. Considering the constraints of IoT realm, updating large scale IoT devices remains a challenge. The main contribution of this thesis work is a patching scheme which aims at patching intermediary nodes to mitigate the propagation of IoT botnet. This thesis work gives an overview of main building blocks of IoT technology, overview of IoT botnets, analyses a framework to secure IoT assets. Finally it presents a gateway patching scheme to mitigate the propagation of malware.