This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present disclosure that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present disclosure. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
The Internet of Things (IoT) is made up of connected embedded systems, that often are small and specialised, such as different kinds of sensors. The IoT is currently growing rapidly. According to “The Internet of Things—How the Next Evolution of the Internet Is Changing Everything” by Dave Evans published in April 2011, Cisco estimated the number of IoT devices in 2020 to 50 billion.
IoT devices embed firmware or an operating system (OS). For various reasons, IoT devices tend to be unmaintained which can mean that they implement old software versions and/or are poorly protected—see Andrei Costin et al. “A Large-Scale Analysis of the Security of Embedded Firmware” 23rd USENIX Security Symposium, 2014. As a result, IoT devices can suffer from a large number of vulnerabilities—see Andrei Costin et al. “Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces” Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016.
Given the large and increasing number of IoT devices, the vulnerabilities pose a significant security problem: attackers can exploit them to take control over a large number of IoT devices and use these for different attacks, for example Denial of Service (DoS) attacks. The larger the number of IoT devices that are deployed, the bigger the problem can get, but even currently deployed IoT devices are sufficient to be used by Botnets to launch a large-scale DoS attack, according to Tim Greene in “Largest DDoS attack ever delivered by botnet of hijacked IoT devices” published in Network World on Sep. 23, 2016.
One reason underlying the possibility to take control of IoT devices is that these often require their services to be remotely accessible over the Internet to enable legitimate users to use services provided by the device. An example is an IoT camera with an embedded webserver that provides access to the video stream.
A common conventional way of enabling remote access is to combine Dynamic DNS (DDNS) and port forwarding. In DDNS, the domain name used to access the IoT device leads to a (potentially changing) Internet Protocol address of a connecting device, for example a gateway, that provides access to the IoT device. Port forwarding maps a specific port on the external side of the connecting device to a specific port on its internal side. A connection to the IoT device thus goes to the external port where it is translated to the internal port to which the IoT device is connected.
It will be appreciated that using DDNS and port forwarding leaves the IoT devices exposed to the Internet and hence to possible attacks. Indeed, attackers can use robots to search for IoT devices and then exploit a known vulnerability to take control of the IoT device. In some cases, the vulnerability can be as simple as the continued use of default login and password, for example “admin” and “admin”. As attacks using robots can be automated, it can be possible for attackers to take control of a large number (possibly millions) of IoT devices.
It will be appreciated that it is desired to have a solution that overcomes at least part of the conventional problems related to protection of IoT devices accessible through a gateway using port forwarding. The present principles provide such a solution.