Publication Details

Ben Lupton, Mackenzie Zappe, Jay Thom, Shamik Sengupta, and David Feil-Seifer. "Analysis and Prevention of Security Vulnerabilities in a Smart City." In Computing and Communication Workshop and Conference, Las Vegas, NV, USA, Jan 2022. IEEE (best paper winner). doi: 10.1109/CCWC54503.2022.9720824 ( pdf )


  • Keywords:
  • REU

Abstract

In recent years, there has been a growing interest in so-called smart cities. These cities use technology to connect and enhance the lives of their citizens. Smart cities use many Internet of Things (IoT) devices, such as sensors and video cameras, that are interconnected to provide constant feedback and up-to-date information on everything that is happening. Despite the benefits of these cities, they introduce a numerous new vulnerabilities as well. These smart cities are now susceptible to cyber-attacks that aim to “alter, disrupt, deceive, degrade, or destroy computer systems.” Through the use of an educational and research-based IoT test-bed with multiple networking layers and heterogeneous devices connected to simultaneously support networking research, anomaly detection, and security principles, we can pinpoint some of these vulnerabilities. This work will contribute potential solutions to these vulnerabilities that can hopefully be replicated in smart cities around the world. Specifically, in the transportation section of our educational smart city several vulnerabilities in the signal lights, street lights, and the cities train network were discovered. To conduct this research two scenarios were developed. These consisted of inside the network security and network perimeter security. For the latter we were able to find extensive vulnerabilities that would allow an attacker to map the entire smart city sub-network. Solutions to this problem are outlined that utilize an Intrusion Detection System and Port Mirroring. However, while we were able to exploit the city's Programmable Logic Controller (PLC) once inside the network, it was found that due to dated Supervisory Control and Data Acquisition (SCADA) systems, there were almost no solutions to these exploits.

Author Details

Name: Ben Lupton
Status: Inactive

Name: Mackenzie Zappe
Status: Inactive

Name: Jay Thom
Status: Inactive

Name: Shamik Sengupta
email: ssengupta@unr.edu
Website: http://www.cse.unr.edu/~shamik/
Status: Inactive

Name: David Feil-Seifer
email: dave@cse.unr.edu
Website: http://cse.unr.edu/~dave
Phone: (775) 784-6469
Status: Active

BibTex Reference

@inproceedings{lupton2022analysis,
  title={Analysis and Prevention of Security Vulnerabilities in a Smart City},
  author={Ben Lupton and Mackenzie Zappe and Jay Thom and Shamik Sengupta and David Feil-Seifer},
  year={2022},
  month={January},
  address={Las Vegas, NV, USA},
  publisher={IEEE (best paper winner)},
  doi={10.1109/CCWC54503.2022.9720824},
  booktitle={Computing and Communication Workshop and Conference},
}

HTML Reference

<span class="authors">Ben Lupton, Mackenzie Zappe, Jay Thom, Shamik Sengupta, and David Feil-Seifer</span>. <span class="title">"Analysis and Prevention of Security Vulnerabilities in a Smart City." </span> In <span class="booktitle">Computing and Communication Workshop and Conference</span>, <span class="address">Las Vegas, NV, USA</span>, <span class="month">Jan</span> <span class="year">2022</span>. <span class="ending">IEEE (best paper winner).</span> <span class="doi">doi: 10.1109/CCWC54503.2022.9720824</span>

Support

REU Site: Collaborative Human-Robot Interaction, National Science Foundation PI: David Feil-Seifer, co-PI: Shamik Sengupta, Amount: $360,000, Feb. 1, 2018 - Jan. 31, 2022