{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T23:09:09Z","timestamp":1775603349384,"version":"3.50.1"},"reference-count":51,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2020,5,18]],"date-time":"2020-05-18T00:00:00Z","timestamp":1589760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100016320","name":"Keysight Technologies","doi-asserted-by":"crossref","award":["RTKS171003"],"award-info":[{"award-number":["RTKS171003"]}],"id":[{"id":"10.13039\/100016320","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2020,5,31]]},"abstract":"<jats:p>The revolutionary development of the Internet of Things has triggered a huge demand for Internet of Things devices. They are extensively applied to various fields of social activities, and concerning manufacturing, they are a key enabling concept for the Industry 4.0 ecosystem. Industrial Internet of Things (IIoT) devices share common vulnerabilities with standard IoT devices, which are increasingly exposed to the attackers. As such, connected industrial devices may become sources of cyber, as well as physical, threats for people and assets in industrial environments.<\/jats:p>\n          <jats:p>In this work, we examine the attack surfaces of a networked embedded system, composed of devices representative of those typically used in the IIoT field. We carry on an analysis of the current state of the security of IIoT technologies. The analysis guides the identification of a set of attack vectors for the examined networked embedded system. We set up the corresponding concrete attack scenarios to gain control of the system actuators and perform some hazardous operations. In particular, we propose a couple of variations of Mirai attack specifically tailored for attacking industrial environments. Finally, we discuss some possible<\/jats:p>","DOI":"10.1145\/3379542","type":"journal-article","created":{"date-parts":[[2020,5,22]],"date-time":"2020-05-22T22:32:38Z","timestamp":1590186758000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":80,"title":["An Experimental Analysis of Security Vulnerabilities in Industrial IoT Devices"],"prefix":"10.1145","volume":"20","author":[{"given":"Xingbin","family":"Jiang","sequence":"first","affiliation":[{"name":"Singapore University of Technology and Design, Somapah Rd, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6224-4313","authenticated-orcid":false,"given":"Michele","family":"Lora","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Somapah Rd, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sudipta","family":"Chattopadhyay","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Somapah Rd, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,5,18]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 5th International Conference on Electronic Devices, Systems, and Applications (ICEDSA\u201916)","author":"Ahamed Jinesh"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/IT-DREPS.2017.8277814"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2012.12.001"},{"key":"e_1_2_1_4_1","volume-title":"Timorin","author":"Andreeva Oxana","year":"2016"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the USENIX Security Symposium. 1092--1110","author":"Antonakakis Manos","year":"2017"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2014.03.001"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD.2017.8203896"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508148.2485970"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIE.2014.2312079"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASPDAC.2017.7858321"},{"key":"e_1_2_1_11_1","volume-title":"The Industrial Internet of Things","author":"Gilchrist Alasdair"},{"key":"e_1_2_1_12_1","volume-title":"Introduction to Trusted Execution Environment: ARM\u2019s TrustZone. Retrieved","author":"Guilbon Joffrey","year":"2019"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2009.2035462"},{"key":"e_1_2_1_14_1","volume-title":"Dyn Analysis Summary of Friday October 21 Attack. Retrieved","author":"Hilton Scott","year":"2018"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2014.07.010"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2016.7495554"},{"key":"e_1_2_1_18_1","volume-title":"Retrieved","author":"Lab Kaspersky","year":"2019"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_1"},{"key":"e_1_2_1_20_1","volume-title":"Practical ways to misuse a router. Positive Technologies. Retrieved","author":"Shipulin Kirill","year":"2018"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the USENIX Security Symposium","volume":"4","author":"Kolbitsch Clemens","year":"2009"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"e_1_2_1_23_1","volume-title":"Analysis of the Cyber Attack on the Ukrainian Power Grid","author":"Lee Michael J."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1080\/09636412.2013.816122"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIC.2016.065"},{"key":"e_1_2_1_26_1","unstructured":"NJCCIC. 2017. BlackEnergy. Retrieved October 3 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/blackenergy.  NJCCIC. 2017. BlackEnergy. Retrieved October 3 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/blackenergy."},{"key":"e_1_2_1_27_1","unstructured":"NJCCIC. 2017. CRASHOVERRIDE. Retrieved October 3 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/crashoverride.  NJCCIC. 2017. CRASHOVERRIDE. Retrieved October 3 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/crashoverride."},{"key":"e_1_2_1_28_1","unstructured":"NJCCIC. 2017. Havex. Retrieved October 3 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/havex.  NJCCIC. 2017. Havex. Retrieved October 3 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/havex."},{"key":"e_1_2_1_29_1","unstructured":"NJCCIC. 2017. Stuxnet. Retrieved October 2 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/stuxnet.  NJCCIC. 2017. Stuxnet. Retrieved October 2 2019 from https:\/\/www.cyber.nj.gov\/threat-profiles\/ics-malware-variants\/stuxnet."},{"key":"e_1_2_1_30_1","unstructured":"NJCCIC. 2017. TRISIS\/TRITON. Retrieved May 1 2020 from https:\/\/njccic.squarespace.com\/threat-profiles\/ics-malware-variants\/triton..  NJCCIC. 2017. TRISIS\/TRITON. Retrieved May 1 2020 from https:\/\/njccic.squarespace.com\/threat-profiles\/ics-malware-variants\/triton.."},{"key":"e_1_2_1_31_1","volume-title":"Retrieved","author":"OWASP.","year":"2018"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2015.7056070"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3061639.3062202"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 2013 International Workshop on Security in Cloud Computing. ACM","author":"Perez-Botero Diego"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.rcim.2015.12.011"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.20"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2747942"},{"key":"e_1_2_1_38_1","volume-title":"Onkar Randive, Sai Manoj P. D., Setareh Rafatirad, and Houman Homayoun.","author":"Sayadi Hossein","year":"2018"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3195970.3196047"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.23919\/SOFTCOM.2017.8115504"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2852491"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2014.2312291"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3233287"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SIOT.2015.9"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2015.2474374"},{"key":"e_1_2_1_46_1","volume-title":"Internet of Things\u2014New security and privacy challenges. Computer Law 8 Security Review 26, 1","author":"Weber Rolf H.","year":"2010"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASPDAC.2016.7428064"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2016.7495577"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2017.7927236"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2018.8342267"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2847733"}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3379542","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3379542","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:23Z","timestamp":1750197743000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3379542"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,5,18]]},"references-count":51,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,5,31]]}},"alternative-id":["10.1145\/3379542"],"URL":"https:\/\/doi.org\/10.1145\/3379542","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,5,18]]},"assertion":[{"value":"2019-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-05-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}