# Do we have the time for IRM?: Service denial attacks and SDN-based   defences

**Authors:** Ryan Shah, Shishir Nagaraja

arXiv: 1812.10875 · 2018-12-31

## TL;DR

This paper investigates the vulnerability of IRM systems in IoT sensor networks to time synchronization attacks, demonstrating their fragility and proposing SDN-based defenses to mitigate such service denial attacks.

## Contribution

It uncovers a critical weakness in IRM architectures related to time dependence and introduces SDN-based filtering methods to defend against amplified denial-of-service attacks.

## Key findings

- Time synchronization attacks can disable IRM data access.
- IRM systems are vulnerable to amplified denial-of-service attacks.
- SDN-based filters can detect and isolate attack traffic.

## Abstract

Distributed sensor networks such as IoT deployments generate large quantities of measurement data. Often, the analytics that runs on this data is available as a web service which can be purchased for a fee. A major concern in the analytics ecosystem is ensuring the security of the data. Often, companies offer Information Rights Management (IRM) as a solution to the problem of managing usage and access rights of the data that transits administrative boundaries. IRM enables individuals and corporations to create restricted IoT data, which can have its flow from organisation to individual control -- disabling copying, forwarding, and allowing timed expiry. We describe our investigations into this functionality and uncover a weak-spot in the architecture -- its dependence upon the accurate global availability of \emph{time}. We present an amplified denial-of-service attack which attacks time synchronisation and could prevent all the users in an organisation from reading any sort of restricted data until their software has been re-installed and re-configured. We argue that IRM systems built on current technology will be too fragile for businesses to risk widespread use. We also present defences that leverage the capabilities of Software-Defined Networks to apply a simple filter-based approach to detect and isolate attack traffic.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.10875/full.md

## Figures

3 figures with captions in the complete paper: https://tomesphere.com/paper/1812.10875/full.md

## References

17 references — full list in the complete paper: https://tomesphere.com/paper/1812.10875/full.md

---
Source: https://tomesphere.com/paper/1812.10875