A New Defensive Technique Against Sleep Deprivation Attacks Driven by Battery Usage
ResumoA significant amount of IoT devices are essentially powered by batteries and implements mechanisms to save energy, such as the sleep mode. The decision-making process deployed in IoT devices to enter to and exit from sleep mode can be exploited by remote users through sleep deprivation attacks, reducing the battery's lifetime and causing a denial of service. This paper presents a new defensive technique to mitigate and prevent sleep deprivation attacks. It is based on the local battery consumption data, that is an input to control the sleep mode. Performance evaluation carried out in a system based on an ESP32 showed that the technique could increase the battery's lifetime by 51.2% in a scenario under a sleep deprivation attack.
Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., and Disso, J. (2016). Cyber-Attack Modeling Analysis Techniques: An Overview. In Proceedings of the IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pages 69-76.
Alampalayam, S. and Kumar, A. (2003). An Adaptive Security Model for Mobile Agents in Wireless Networks. In Proceedings of the 2003 IEEE Global Telecommunications Conference (GLOBECOM), volume 3, pages 1516-1521 vol.3.
Babar, S., Mahalle, P., Stango, A., Prasad, N., and Prasad, R. (2010). Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT). In Proceedings of the International Conference on Network Security and Applications, pages 420-429.
Espressif Systems (2022). ESP32 Series Datasheet. [link]. Accessed 06/15/2022.
Hei, X., Du, X., Wu, J., and Hu, F. (2010). Defending Resource Depletion Attacks on Implantable Medical Devices. In Proceedings of the 2010 IEEE Global Telecommunications Conference (GLOBECOM), pages 1-5.
Jacoby, G. and Davis, N. (2004). Battery-Based Intrusion Detection. In Proceedings of the 2004 IEEE Global Telecommunications Conference (GLOBECOM), volume 4, pages 2250-2255 Vol.4.
Lima, M. N., dos Santos, A. L., and Pujolle, G. (2009). A Survey of Survivability in Mobile Ad Hoc Networks. IEEE Communications Surveys & Tutorials, 11(1):66-77.
Markets and Markets (2020). Battery Market for IoT by Type, Rechargeability, End-use Application, and Geography - Global Forecast to 2025. [link]. Accessed 06/15/2022.
Monnet, Q., Hammal, Y., Mokdad, L., and Ben-Othman, J. (2015). Fair Election of Monitoring Nodes in WSNs. In Proceedings of the 2015 IEEE Global Communications Conference (GLOBECOM), pages 1-6.
Nash, D., Martin, T., Ha, D., and Hsiao, M. (2005). Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices. In Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops, pages 141-145.
Nguyen, V.-L., Lin, P.-C., and Hwang, R.-H. (2019). Energy Depletion Attacks in Low Power Wireless Networks. IEEE Access, 7:51915-51932.
Pirretti, M., Zhu, S., Vijaykrishnan, N., McDaniel, P., Kandemir, M., and Brooks, R. (2006). The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense. International Journal of Distributed Sensor Networks, 2(3):267-287.
Rodriguez, L. G. A. and Batista, D. M. (2020). Program-Aware Fuzzing for MQTT Applications. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, page 582–586.
Salvatore Sanfilippo (2006). Hping - Active Network Security Tool. http://www.hping.org/. Accessed 06/15/2022.
Siddiqi, M. A., Serdijn, W. A., and Strydis, C. (2021). Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks. Journal of Signal Processing Systems, 93:421–437.
Statista (2022). Number of Internet of Things (IoT) Connected Devices Worldwide from 2019 to 2030. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/. Accessed 06/15/2022.