I am using NetSim tool and trying to implement attack behaviors on CoAP layer of IoT.
COAP is still not available directly in their COTS product as of v10.1, and I think it may be available as a 'project'. You can check with their support.
There is already an existing sinkhole attack for IOT in http://tetcos.com/file-exchange.html and it may be best if you begin with that
Coap uses DTLS as a secure protocol and UDP is used as a transfer protocols.Therefore, the attacks on UDP or DTLS could be assign as CoAP attack. Most of the DTLS attacks can be carried out in a single session and strong authenticated encryption algorithm is needed .MITM is one the CoAP attacks, phishing and sniffing could be considered as CoAP attack
In the link http://tetcos.com/file-exchange.html there is already code and documentation for sinkhole attack.
Similar attacks can easily be programmed in NetSim.
Dear Abhishek,
the CoAP protocol can be maliciously exploited by various types of attacks. The RFC 7252 with CoAP specification (see Section 11) briefly analyzes several attack classes on the CoAP protocol.
In general, an HTTP to CoAP proxy is used on the route between the HTTP client on the Internet and the CoAP server on the IoT. See Figures 7933 and 7934 in my CoAP presentation at:
https://www.researchgate.net/publication/312174308_CoAP_-_Constrained_Application_Protocol
The communication on the transmission section between the HTTP client and the HTTP server in the HTTP-to-CoAP proxy can be secured according to the TLS protocol. Similarly, the transmission section between the CoAP client in the HTTP-to-CoAP proxy and the CoAP server in the IoT can be secured according to the DTLS protocol. However, the core of the HTTP-to-CoAP proxy, that is, the protocol mapping mainly, is not secure. The HTTP-to-CoAP proxy is thus an interesting target for the men-in-the-middle.
I just want to list here these types of attacks on the CoAP, which in particular can be made in an HTTP to CoAP proxy:
- Destructive changes in CoAP URIs (see Fig. 7940). These attacks lead to the loss of confidentiality and integrity.
- Spoofing attacks on IP addresses; See RFC 7252 (Section 11.4) for the consequences of these attacks.
- IP address hijacking attack that replaces the real CoAP server with a "wrong" CoAP server to create malicious "long / big" CoAP responses. This creates the so-called risk of amplification.
- Cross-protocol attacks - by hijacking IP address and port
Gut luck and best regards
Anatol Badach
We got their latest version NetSim v10.2 which has support for COAP protocol in IOT. I think if you are an existing customer you can ask them for the upgrade.
Yes COAP is available in the latest version and so are DDOS attacks. The source code and documentation can be found at http://tetcos.com/file-exchange.html
- Badges
- Science topic