10 Citations (Scopus)

Abstract

Developments in the field of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) mean that sensor devices can now be uniquely identified using an IPv6 address and, if suitably connected, can be directly reached from the Internet. This has a series of advantages but also introduces new security vulnerabilities and exposes sensor deployments to attack. A compromised Internet host can send malicious information to the system and trigger incorrect actions. Should an attack take place, post-incident analysis can reveal information about the state of the network at the time of the attack and ultimately provide clues about the tools used to implement it, or about the attacker's identity. In this paper we critically assess and analyse information retrieved from a device used for IoT networking, in order to identify the factors which may have contributed to a security breach. To achieve this, we present an approach for the extraction of RAM and flash contents from a sensor node. Subsequently, we analyse extracted network connectivity information and we investigate the possibility of correlating information gathered from multiple devices in order to reconstruct the network topology. Further, we discuss experiments and analyse how much information can be retrieved in different scenarios. Our major contribution is a mechanism for the extraction, analysis and correlation of forensic data for IPv6-based WSN deployments, accompanied by a tool which can analyse RAM dumps from devices running the Contiki Operating System (OS) and powered by 8051-based, 8-bit micro-controllers.
Original languageEnglish
Pages (from-to)S66-S75
Number of pages12
JournalDigital Investigation
Volume11
Issue numberSupplement 2
Early online date17 Jul 2014
DOIs
Publication statusPublished - Aug 2014
EventDFRWS USA 2014 - Denver, United States
Duration: 3 Aug 20147 Aug 2014

    Fingerprint

Keywords

  • Internet of Things
  • Wireless Sensor Networks
  • RAM and flash memory extraction
  • RAM content analysis
  • Contiki Operating System
  • Wireless sensor forensics

Cite this