DNS Rebinding Threat Modeling and Security Analysis for Local Area Network of Maritime Transportation Systems

Maritime ships and ports have become increasingly digital and intelligent. While intelligent maritime transportation systems bring convenience to the maritime industry, ship operation and management are also confronted with network risks. The Internet of Things (IoT) installed in the shipborne network collects and monitors the environmental data of the whole ship. It uses the collected data to make decisions to control the ship. The threat of Local Area Network (LAN) of IoT in ships has become an emerging issue. The DNS rebinding attack is a typical attack, which can bypass firewalls and seriously threaten the marine network in security and privacy of the local IoT. DNS rebinding attacks are difficult to model and detect, due to their sophisticated characteristics. In this work, we define threat models of DNS rebinding attacks and propose an effective method for the detection of and the defense against these attacks. First, we define threat models for DNS rebinding attacks. We employ a Markov chain to model the process of DNS rebinding attacks. With the threat modeling, the attack behaviors are clearly characterized and the most relevant attributes are thus extracted. Second, we propose an effective method for the detection of DNS rebinding attacks in the marine transportation system. The detection method includes the initialization method and the verification method, which manages and verifies access permission of equipment information and the service interface of the IoT in the shipborn network. Finally, we simulate the DNS rebinding attacks on the marine IoT. We analyze and test the security and the performance of the initialization method and the verification method in the simulated environment. The extensive experimental results demonstrate that the IoT in marine networks is vulnerable to DNS rebinding. Our method is effective and efficient to detect and defend against DNS rebinding attacks. It thus secures security and privacy in the local IoT on shipboard.