SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things | IEEE Journals & Magazine | IEEE Xplore

SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things


Abstract:

The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Int...Show More

Abstract:

The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Internet-of-Things (IoT) deployments. However, the protocol’s service access mechanism does not consider security from the first principles and is therefore vulnerable to various attacks. In this article, we present an in-depth analysis of the service advertisement, discovery, and access methods of the UPnP protocol stack and identify security issues in an IoT network. Our analysis shows that adversaries can perform resource exhaustion, buffer overflow, reflection, and amplification attacks by exploiting the vulnerabilities of the UPnP protocol. To address these issues, we propose a capability-based security model for UPnP to ensure secure discovery, advertisement, and access of the UPnP services that considers the resource limitations of IoT devices. Our analysis shows the effectiveness of the proposed model against potential attacks, and our experimental evaluation highlights the feasibility of implementing our Secure UPnP (SUPnP) protocol in a network of IoT devices, incurring minimal network and performance overhead.
Published in: IEEE Internet of Things Journal ( Volume: 8, Issue: 14, 15 July 2021)
Page(s): 11561 - 11580
Date of Publication: 11 February 2021

ISSN Information:


I. Introduction

The Internet of Things (IoT) is propelling a paradigm shift in next-generation computing systems [1]. The IoT is rapidly becoming an essential element of applications across many domains, such as healthcare services, manufacturing industry, military domains, and transportation system, offering sensing, computation, and connectivity across a wide variety of smart devices [2]–[6]. The interest in IoT deployments continues to grow; the number of Internet-connected devices is projected to reach 24 billion by the end of 2020 [7].

Contact IEEE to Subscribe

References

References is not available for this document.