An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions
This addresses security risks for IoT deployments using the widely adopted UPnP protocol, but it is incremental as it reviews and synthesizes existing knowledge rather than introducing new methods.
The paper analyzes security vulnerabilities in UPnP-based IoT systems, identifying attack opportunities for adversaries, and proposes prospective solutions to secure these systems from such threats.
Advances in the development and increased availability of smart devices ranging from small sensors to complex cloud infrastructures as well as various networking technologies and communication protocols have supported the rapid expansion of Internet of Things deployments. The Universal Plug and Play (UPnP) protocol has been widely accepted and used in the IoT domain to support interactions among heterogeneous IoT devices, in part due to zero configuration implementation which makes it feasible for use in large-scale networks. The popularity and ubiquity of UPnP to support IoT systems necessitate an exploration of security risks associated with the use of the protocol for IoT deployments. In this work, we analyze security vulnerabilities of UPnP-based IoT systems and identify attack opportunities by the adversaries leveraging the vulnerabilities. Finally, we propose prospective solutions to secure UPnP-based IoT systems from adversarial operations.