TY - GEN
T1 - IoTSE-based open database vulnerability inspection in three Baltic countries: ShoBEVODSDT sees you
AU - Daskevics, Artjoms
AU - Ņikiforova, Anastasija
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - This study aims to analyze the state of the security of open data databases, i.e. being accessible from the outside of organization, representing both relational databases and NoSQL of three Baltic countries - Latvia, Lithuania, Estonia. This is done by using previously proposed tool for non-intrusive detection of vulnerable data sources called ShoBEVODSDT (Shodan- and Binary Edge-based vulnerable open data sources detection tool). ShoBEVODSDT is based on the use of Internet of Things Search Engines (IoTSE). It is found to be suitable for this study since it conducts the passive assessment, which means that its use does not harm the databases but rather checks for potentially existing bottlenecks or weaknesses which, if the attack would take place, could be exposed. It allows for both comprehensive analysis for all unprotected data sources falling into the list of predefined data sources - MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra and Memcached, or to define IP range to examine what can be seen from the outside of the organization about the data source. Although some data sources can be described as following the security-by-design principle, some of them face serious challenges in this respect. The study carries out cross-country comparative study on 8 data sources. We inspect both, (1) the most vulnerable data sources and (2) countries characterized by the highest number of open data sources and the highest degree of 'value' of data being available to external actors.
AB - This study aims to analyze the state of the security of open data databases, i.e. being accessible from the outside of organization, representing both relational databases and NoSQL of three Baltic countries - Latvia, Lithuania, Estonia. This is done by using previously proposed tool for non-intrusive detection of vulnerable data sources called ShoBEVODSDT (Shodan- and Binary Edge-based vulnerable open data sources detection tool). ShoBEVODSDT is based on the use of Internet of Things Search Engines (IoTSE). It is found to be suitable for this study since it conducts the passive assessment, which means that its use does not harm the databases but rather checks for potentially existing bottlenecks or weaknesses which, if the attack would take place, could be exposed. It allows for both comprehensive analysis for all unprotected data sources falling into the list of predefined data sources - MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra and Memcached, or to define IP range to examine what can be seen from the outside of the organization about the data source. Although some data sources can be described as following the security-by-design principle, some of them face serious challenges in this respect. The study carries out cross-country comparative study on 8 data sources. We inspect both, (1) the most vulnerable data sources and (2) countries characterized by the highest number of open data sources and the highest degree of 'value' of data being available to external actors.
KW - BinaryEdge
KW - Database
KW - Internet of Things (IoT)
KW - Internet of Things Search Engine (IoTSE)
KW - NoSQL
KW - Shodan
KW - Vulnerability
UR - https://ieeexplore.ieee.org/document/9704952/authors#authors
UR - https://www.scopus.com/pages/publications/85124071327
U2 - 10.1109/IOTSMS53705.2021.9704952
DO - 10.1109/IOTSMS53705.2021.9704952
M3 - Conference paper
SN - 978-166545868-9
SN - 9781665458689
T3 - 2021 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2021
SP - 1
EP - 8
BT - 2021 8th International Conference on Internet of Things
PB - IEEE
CY - [New York]
ER -