TY - GEN
T1 - Deep Dive into the IoT Backend Ecosystem
AU - Saidi, Said Jawad
AU - Matic, Srdjan
AU - Gasser, Oliver
AU - Smaragdakis, Georgios
AU - Feldmann, Anja
PY - 2022
Y1 - 2022
N2 - Internet of Things (IoT) devices are becoming increasingly ubiquitous, e.g., at home, in enterprise environments, and in production lines. To support the advanced functionalities of IoT devices, IoT vendors as well as service and cloud companies operate IoT backendsÐthe focus of this paper. We propose a methodology to identify and locate them by (a) compiling a list of domains used exclusively by major IoT backend providers and (b) then identifying their server IP addresses. We rely on multiple sources, including IoT backend provider documentation, passive DNS data, and active scanning. For analyzing IoT traffic patterns, we rely on passive network flows from a major European ISP. Our analysis focuses on the top IoT backends and unveils diverse operational strategiesÐfrom operating their own infrastructure to utilizing the public cloud. We find that the majority of the top IoT backend providers are located in multiple locations and countries. Still, a handful are located only in one country, which could raise regulatory scrutiny as the client IoT devices are located in other regions. Indeed, our analysis shows that up to 35% of IoT traffic is exchanged with IoT backend servers located in other continents. We also find that at least six of the top IoT backends rely on other IoT backend providers. We also evaluate if cascading effects among the IoT backend providers are possible in the event of an outage, a misconfiguration, or an attack.
AB - Internet of Things (IoT) devices are becoming increasingly ubiquitous, e.g., at home, in enterprise environments, and in production lines. To support the advanced functionalities of IoT devices, IoT vendors as well as service and cloud companies operate IoT backendsÐthe focus of this paper. We propose a methodology to identify and locate them by (a) compiling a list of domains used exclusively by major IoT backend providers and (b) then identifying their server IP addresses. We rely on multiple sources, including IoT backend provider documentation, passive DNS data, and active scanning. For analyzing IoT traffic patterns, we rely on passive network flows from a major European ISP. Our analysis focuses on the top IoT backends and unveils diverse operational strategiesÐfrom operating their own infrastructure to utilizing the public cloud. We find that the majority of the top IoT backend providers are located in multiple locations and countries. Still, a handful are located only in one country, which could raise regulatory scrutiny as the client IoT devices are located in other regions. Indeed, our analysis shows that up to 35% of IoT traffic is exchanged with IoT backend servers located in other continents. We also find that at least six of the top IoT backends rely on other IoT backend providers. We also evaluate if cascading effects among the IoT backend providers are possible in the event of an outage, a misconfiguration, or an attack.
KW - IoT operation
KW - IoT security and privacy
KW - internet measurement
KW - internet of things (IoT)
UR - http://www.scopus.com/inward/record.url?scp=85141362692&partnerID=8YFLogxK
U2 - 10.1145/3517745.3561431
DO - 10.1145/3517745.3561431
M3 - Conference contribution
SN - 9781450392594
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 488
EP - 503
BT - Proceedings of the 22nd ACM Internet Measurement Conference
PB - ACM
CY - New York, NY, USA
ER -