Successfully reported this slideshow.
Your SlideShare is downloading. ×

IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you

Ad

IOTSE-BASED OPEN DATABASE
VULNERABILITY INSPECTION IN THREE
BALTIC COUNTRIES: SHOBEVODSDT
SEES YOU
International conferenc...

Ad

AIM
(1) to validate our self-developed Shodan- and Binary Edge- based vulnerable open
data sources detection tool (ShoBEVO...

Ad

RESEARCH QUESTIONS
Three types of sources – (1) relational databases, (2) NoSQL databases, both types, (2a)
document-orie...

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Check these out next

1 of 15 Ad
1 of 15 Ad

IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you

Download to read offline

This presentation is devoted to the "IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you" research paper developed by Artjoms Daskevics and Anastasija Nikiforova and presented during the The International conference on Internet of Things, Systems, Management and Security (IOTSMS2021) co-located with The 8th International Conference on Social Networks Analysis, Management and Security (SNAMS2021), December 6-9, 2021, Valencia, Spain (online)
Read paper here -> Daskevics, A., & Nikiforova, A. (2021, December). IoTSE-based open database vulnerability inspection in three Baltic countries: ShoBEVODSDT sees you. In 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS) (pp. 1-8). IEEE -> https://ieeexplore.ieee.org/abstract/document/9704952?casa_token=NfEjYuud0wEAAAAA:6QxucVPuY762I3qzD6D_oWqa0B9eMUFRNMG-E7dyHKohSYIzI0bH1V9bLaAcly_Lp-Ll52ghO5Y

This presentation is devoted to the "IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you" research paper developed by Artjoms Daskevics and Anastasija Nikiforova and presented during the The International conference on Internet of Things, Systems, Management and Security (IOTSMS2021) co-located with The 8th International Conference on Social Networks Analysis, Management and Security (SNAMS2021), December 6-9, 2021, Valencia, Spain (online)
Read paper here -> Daskevics, A., & Nikiforova, A. (2021, December). IoTSE-based open database vulnerability inspection in three Baltic countries: ShoBEVODSDT sees you. In 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS) (pp. 1-8). IEEE -> https://ieeexplore.ieee.org/abstract/document/9704952?casa_token=NfEjYuud0wEAAAAA:6QxucVPuY762I3qzD6D_oWqa0B9eMUFRNMG-E7dyHKohSYIzI0bH1V9bLaAcly_Lp-Ll52ghO5Y

Advertisement
Advertisement

More Related Content

Slideshows for you (19)

Advertisement

IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you

  1. 1. IOTSE-BASED OPEN DATABASE VULNERABILITY INSPECTION IN THREE BALTIC COUNTRIES: SHOBEVODSDT SEES YOU International conference on Internet of Things, Systems, Management and Security (IOTSMS2021) Artjoms Daskevics1, Anastasija Nikiforova1,2 1 Faculty of Computing, University of Latvia 2 European Open Science Cloud (EOSC) Nikiforova.Anastasija@gmail.com co-located with The 8th International Conference on Social Networks Analysis, Management and Security (SNAMS2021) December 6-9, 2021, Valencia, Spain (online)
  2. 2. AIM (1) to validate our self-developed Shodan- and Binary Edge- based vulnerable open data sources detection tool (ShoBEVODSDT) for non-intrusive testing of open data sources for detecting their vulnerabilities * in real-life circumstances, (2) to analyze the state of the security of open data databases, i.e. being accessible from the outside of organization, representing both relational databases and NoSQL of three Baltic countries - Latvia, Lithuania, Estonia, and draw conclusions on similarities or differences in three Baltic countries patterns** **whether the technological development of Estonia will be also seen in this matter, (3) to draw conclusions on the relationships between more vulnerable open data sources in respect of specific data source, i.e. allowing the detection of less ”protected by design” data sources. *Daskevics A., Nikiforova A. (2021) ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you, In proceedings of The International Conference on Intelligent Data Science Technologies and Applications (IDSTA2021), IEEE
  3. 3. RESEARCH QUESTIONS Three types of sources – (1) relational databases, (2) NoSQL databases, both types, (2a) document-oriented, (2b) column-oriented and (2c) key-value databases, (3) data stores. 8 types of data sources– MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra and Memcached. (RQ1.1) What data source is the most likely to be open database among eight analyzed? (RQ1.2) What data source is the most likely to be vulnerable? (RQ2.1) Which country has the most open data sources? (RQ2.2) What country has the most vulnerable open data sources?
  4. 4. ShoBeVODSDT ShoBEVODSDT is based on the use of Open Source Intelligence (OSINT) tools, more precisely the Internet of Things Search Engines (IoTSE) - Shodan and Binary Edge: conducts the passive assessment - its use does not harm the data asources but rather checks for potentially existing bottlenecks or weaknesses which, if the attack would take place, could be exposed, allows for both comprehensive analysis for all unprotected data sources falling into the list of predefined data sources - MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra and Memcached, or to define a specific IP or IP range to examine what can be seen from the outside of the organization about the data source. We inspect both, (1) the most vulnerable data sources and (2) countries characterized by the highest number of open data sources and the highest degree of “value” of data being available to external actors.
  5. 5. ShoBeVODSDT ACTION searches for files in a “checked” folder that corresponds to the service and country being checked; opens the file and checks IP address using the “check” class method associated with the service; if the connection has been successful, the IP address is stored in „good/<service_name> _ <country>.txt”, if failed - the IP address and error information are stored in the „bad/<service_name>_ <country>.txt”. Step I IP address search (gather) uses BinaryEdge and Shodan libraries to find service IP addresses that belong to an user-defined country; combines results from BinaryEdge and Shodan by eliminating duplicates; saves results in the “parsed/<service_name_>_<country>.txt”; Step II IP address check Step III Retrieving information from an IP address (parse) searches for files in a “parsed/good” folder that corresponds to the service and country to be checked; opens the file and tries to reconnect. If the connection was successful - tries to download the information from the database. For each type of database, the is different; saves the information in the “parsed” ,“<IP_ ADDRESS>.txt”.
  6. 6. ShoBeVODSDT IN ACTION Use-case - data on Latvia, Estonia and Lithuania (Baltic States) 15180 IP addresses were processed, Lithuania (7453) Estonia (5352) Latvia (2375) 98.43% of the addresses have failed to connect Category Description 0 failed to connect 1 has managed to connect but failed to gather data or information 2 has managed to connect, but the database is empty 3 has managed to connect by gathering system data or non-sensitive information 4 has managed to connect and gather sensitive data 5 compromised database ✔ the further actions took place with 1.57% or 238 IP addresses only
  7. 7. ShoBeVODSDT IN ACTION 8% 2% 2% 66% 20% 2% Latvia: distribution of successful connections by service MySQL PostgreSQL MongoDB Redis Memcached ElasticSearch CouchDB Cassandra M ySQ L PostgreSQ L M ongoDB Redis M em cached ElasticSearch CouchDB Cassandra 0 5 10 15 20 25 Latvia: clasification of IP addresses by service and gathered data "value" (from 1 to 5 points) 1 - has managed to connect but failed to gather data or informa- tion 2 - has managed to connect, but the DB is empty 3 - has managed to connect by gathering system data or non-sensi- tive information 4 - has managed to connect and gather sensi- tive data 5 - compromised data- base data source number of data sources
  8. 8. ShoBeVODSDT IN ACTION 22% 4% 7% 2% 18% 47% Estonia: distribution of successful connections by service MySQL PostgreSQL MongoDB Redis Memcached ElasticSearch CouchDB Cassandra M ySQ L PostgreSQ L M ongoDB Redis M em cached ElasticSearch CouchDB Cassandra 0 1 2 3 4 5 6 7 8 9 10 Estonia: clasification of IP addresses by service and gathered data "value" (from 1 to 5 points) 1 - has managed to connect but failed to gather data or information 2 - has managed to connect, but the DB is empty 3 - has managed to connect by gathe- ring system data or non-sensitive in- formation 4 - has managed to connect and gather sensitive data 5 - compromised database
  9. 9. ShoBeVODSDT IN ACTION 3% 1% 14% 7% 36% 38% Lithuania: distribution of successful connections by service MySQL PostgreSQL MongoDB Redis Memcached ElasticSearch CouchDB Cassandra M ySQ L PostgreSQ L M ongoDB Redis M em cached ElasticSearch CouchDB Cassandra 0 5 10 15 20 25 30 35 40 Lithuania: clasification of IP addresses by service and gathered data "value" (from 1 to 5 points) 1 - has managed to connect but failed to gather data or information 2 - has managed to connect, but the DB is empty 3 - has managed to connect by gathe- ring system data or non-sensitive in- formation 4 - has managed to connect and gather sensitive data 5 - compromised database
  10. 10. SUMMARY OF RESULTS IN THE COUNTRY-BY- COUNTRY CONTEXT Latvia Estonia Lithuania Total found 2375 5352 7453 Connection successful 2.1% 0.8% 1.9% Compromised DB (5 points) 8% 18.6% 24.5% Sensitive data (4 points) 40% 48.8% 18.9% System or non-sensitive data (3 points) 44% 48.8% 35% DB is empty (2 points) 22% 16.3% 20.3% Failed to gather data (1 point) 6% 7% 2.1% AVG data “value” 3.02 3.18 3.45
  11. 11. SUMMARY OF RESULTS IN THE CONTEXT OF DATA SOURCE MySQL PostgreSQL MongoDB Redis Memcached ElasticSearch Cassandra Total found 13471 1187 177 122 116 86 7 Connection successful 0.14% 0.3% 7.9% 9.8% 80% 100% 14% Compromised DB (5 points) 5.3% 33% 71% 0 2.2% 27% 0 sensitive data (4 points) 0 0 7.1% 83% 24% 8% 0 Failed to gather data (1 point) 21% 0 0 17% 0 3.5% 0 AVG data “value” 2.7 3.67 4.5 3.5 3.15 3.17 2 MySQL PostgreSQL MongoDB Redis Memcached ElasticSearch CouchDB Cassandra 0,00% 20,00% 40,00% 60,00% 80,00% 100,00% Sensitivity of gathered data by service (1 to 5 points) 1 - has managed to connect but fai- led to gather data or information 2 - has managed to connect, but the DB is empty 3 - has managed to connect by gathering system data or non- sensitive information 4 - has managed to connect and gather sensitive data 5 - compromised database
  12. 12. FUTURE WORKS In the future we plan to perform a comparison of the results obtained with CVE Details aimed at verifying whether there is a relationship between the registered “Gain Information” vulnerabilities and the data that we have managed to collect. The list of used IoTSE may be extended to other well-known Search Engines such as Censys, ZoomEye etc. to allow more extensive investigation and determine whether the number of IoTSE has an impact on the results. Similarly, the number of data sources can be supplemented by other data sources identified as the most popular; especially given Oracle and MS SQL are somteimes found to have high number of vulnerabilities. Although our aim was to propose the tool for investigating databases only, further studies may also cover other “types of devices”, such as Network Equipments, Terminal, Server, Office Equipment, Industrial Control Equipment, Smart Home, Power Supply Equipment, Web Camera, Remote Management Equipment, Blockchain and industrial based connected devices in the cloud.
  13. 13. RESULTS AND CONCLUSIONS I In this study, we have applied the IoTSE-based tool ShoBEVODSDT we have presented in our previous study to inspect the state of play of three countries in the Baltic region - Latvia, Estonia and Lithuania, with regard to unprotected open databases accessible outside the organization and the „value” of the data that can be gathered from them, in the case of successful connection. although the total number of open databases accessible outside the organization is less than 2% of the data sources scanned, there are data sources that may pose risks to organizations. Even more, for 12% of open data sources this has already taken place. the weakest results are demonstrated by Lithuania with 3.45 of 5 points, followed by Estonia with 3.18 and Latvia with 3.02 points. For the services under question, the worst results are demonstrated by MongoDB, followed by PostgreSQL, ElasticSearch and Memcached.
  14. 14. RESULTS AND CONCLUSIONS II ShoBEVODSDT can be useful for (1) individual organizations to determine whether their data source data are visible and even accessible outside the organization, (2) testers to effectively map the potential attack surface and advance targeted vulnerability assessments, with their further inspection and development of preventive activities and security mechanisms, (3) scientists and developers to carry out a comprehensive multidimensional and longitudinal analysis of uprotected data sources, (4) countries and their governments, defining guidelines and laws according to state of the art on a country level that would promote technological development and better protection. While the tool covers 8 data sources representing both rational databases, NoSQL databases and data stores, it is designed to be easily scalable by extending the publicly available code  https://github.com/zhmyh/ShoBEVODST
  15. 15. THANK YOU FOR ATTENTION! QUESTIONS? For more information, see ResearchGate See also anastasijanikiforova.com For questions or any other queries, contact me via email - Nikiforova.Anastasija@gmail.com

×