SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Internet of Things Journal >Volume: 8 Issue: 14

SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things

PDF
Golam Kayas; Mahmud Hossain; Jamie Payton; S. M. Riazul Islam
All Authors

Abstract:

The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Int...Show More

Metadata

Abstract:

The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Internet-of-Things (IoT) deployments. However, the protocol’s service access mechanism does not consider security from the first principles and is therefore vulnerable to various attacks. In this article, we present an in-depth analysis of the service advertisement, discovery, and access methods of the UPnP protocol stack and identify security issues in an IoT network. Our analysis shows that adversaries can perform resource exhaustion, buffer overflow, reflection, and amplification attacks by exploiting the vulnerabilities of the UPnP protocol. To address these issues, we propose a capability-based security model for UPnP to ensure secure discovery, advertisement, and access of the UPnP services that considers the resource limitations of IoT devices. Our analysis shows the effectiveness of the proposed model against potential attacks, and our experimental evaluation highlights the feasibility of implementing our Secure UPnP (SUPnP) protocol in a network of IoT devices, incurring minimal network and performance overhead.
Published in: IEEE Internet of Things Journal ( Volume: 8, Issue: 14, 15 July 2021)
Page(s): 11561 - 11580
Date of Publication: 11 February 2021

ISSN Information:

DOI: 10.1109/JIOT.2021.3058699
Contents

I. Introduction

The Internet of Things (IoT) is propelling a paradigm shift in next-generation computing systems [1]. The IoT is rapidly becoming an essential element of applications across many domains, such as healthcare services, manufacturing industry, military domains, and transportation system, offering sensing, computation, and connectivity across a wide variety of smart devices [2]–[6]. The interest in IoT deployments continues to grow; the number of Internet-connected devices is projected to reach 24 billion by the end of 2020 [7].

Contact IEEE to Subscribe
More Like This
Internet of Things (IoT): A Review of Its Enabling Technologies in Healthcare Applications, Standards Protocols, Security, and Market Opportunities

IEEE Internet of Things Journal

Published: 2021

The Internet of Things for healthcare monitoring: Security review and proposed solution

2014 Third IEEE International Colloquium in Information Science and Technology (CIST)

Published: 2014

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.