Memcached: An Experimental Study of DDoS Attacks for the Wellbeing of IoT Applications
Abstract
:1. Introduction
- i.
- An architectural change was proposed to make Memcached more secure.
- ii.
- The solution acts as a pre-emptive measure for detecting DDoS attacks, thus enhancing system performance at large.
- iii.
- A threshold mechanism was introduced to create an identification pattern for detecting volume-based DDoS attacks, rendering the solution more user-friendly.
- iv.
- A case study for detecting DDoS attacks carried out using a Memcached server was analyzed and discussed.
2. Related Work
3. Cache Attacks and Internet of Things
4. The Necessity of Securing Memcached Architecture
4.1. Memcached Architecture
- A client sends a request to the Memcached server for data.
- The Memcached server looks for these data in its cache.
- If the data are present in the cache, the server sends them directly to the client.
- If the data are not present in the cache, then a query is sent to the database, and the retrieved data are saved in the Memcached server and sent to the client.
- If any data are changed or have expired for any value, the Memcached server updates the cache, thus providing updated information to the client.
4.2. Memcached Attack Mechanism and Case study with Momentum Botnet
5. Vulnerabilities of Memcached and Mitigation Techniques
- UDP ports are enabled by default for Memcached versions up to 1.5.5, and the update or manual disabling of the port is required in these versions. Even after version 1.5.6, attackers can generate Memcached DDoS attacks, but the impact is reduced.
- Memcached architecture is such that the servers do not interact with each other; thus, if many requests are coming from the same source IP to all the servers, then no flags could be raised.
- In Memcached, there is no authentication of the client, as it only requires a key to function. This may cause trouble, as a simple key can lead to data stealing, and it also becomes easier to launch attacks.
- The Memcached server has a user-configurable limit for stored value; by default, this value is 1 MB. This value is user-configurable when under attack. It can be changed and exploited.
- Like UDP, unprotected DNS can also be used for amplification attacks, so vulnerabilities in regard to this should also be checked.
- A Memcached DDoS attack tool named Memcrashed is available online [56]; it is written in Python. These kinds of tools can create havoc, as even an inexperienced hacker can exploit vulnerabilities. It was seen in the past with Mirai that once the code was made public, many Mirai variants came into the public domain.
Mitigation Techniques
- The most common and straightforward approach for this is blocking UDP/TCP port 11211 traffic.
- It has also been recommended not to use UDP frequently, and to keep it disabled by default.
- While using UDP, the response should be smaller than the request size; otherwise, there is always a chance of an amplification attack. UDP is a connectionless protocol and does not require authentication like the three-way handshake mechanism used by the TCP protocol for communication.
- The use of firewalls can always prevent DDoS attacks.
- Memcached is designed for private network use, so localhost binding with the help of a firewall can be of great help.
6. Proposed Solution
6.1. Architectural Change in Memcached
6.2. Case Study for Detecting DDoS Attack Using Memcached Servers
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Abbreviations
Terminology | Description |
IoT | Internet of Things |
IIoT | Industrial Internet of Things |
QoS | Quality of service |
DDoS | Distributed denial of service |
CPDoS | Cache-poisoned denial of service |
IDS | Intrusion detection system |
BAF | Bandwidth amplification factor |
CoAP | Constrained Application Protocol |
ARMS | Apple remote management services |
TCP | Transmission Control Protocol |
UDP | User Datagram Protocol |
DNS | Domain name system |
SNMP | Simple Network Management Protocol |
WS-Discovery | Web Services Dynamic Discovery |
SSDP | Simple Service Discovery Protocol |
LDAP | Lightweight Directory Access Protocol |
QOTD | Quote of the Day |
NTP | Network Time Protocol |
SOAP | Simple Object Access Protocol |
RAM | Random-access memory |
DRAM | Dynamic random-access memory |
CV2X | Cellular vehicle-to-everything |
CVE | Common Vulnerabilities and Exposures |
LRU | Least recently used |
FIFO | First in, first out |
TLRU | Time-aware least recently used |
ACK | Acknowledgement |
SYN | Synchronize |
Gbps | Gigabits per second |
References
- Huraj, L.; Šimon, M.; Horák, T. Resistance of IoT sensors against DDOS attack in smart home environment. Sensors 2020, 20, 5298. [Google Scholar] [CrossRef]
- Bojjagani, S.; Brabin, D.R.D.; Rao, P.V.V. PhishPreventer: A secure authentication protocol for prevention of phishing attacks in mobile environment with formal verification. Procedia Comput. Sci. 2020, 171, 1110–1119. [Google Scholar] [CrossRef]
- Prabadevi, B.; Jeyanthi, N. A review on various sniffing attacks and its mitigation techniques. Indones. J. Electr. Eng. Comput. Sci. 2018, 12, 1117–1125. [Google Scholar] [CrossRef]
- Cauteruccio, F.; Cinelli, L.; Corradini, E.; Terracina, G.; Ursino, D.; Virgili, L.; Savaglio, C.; Liotta, A.; Fortino, G. A framework for anomaly detection and classification in multiple IoT scenarios. Future Gener. Comput. Syst. 2021, 114, 322–335. [Google Scholar] [CrossRef]
- Ma, Z.; Xiao, M.; Xiao, Y.; Pang, Z.; Poor, H.V.; Vucetic, B. High-reliability and low-latency wireless communication for internet of things: Challenges, fundamentals, and enabling technologies. IEEE Internet Things J. 2019, 6, 7946–7970. [Google Scholar] [CrossRef]
- Mishra, N.; Pandya, S. Internet of things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review. IEEE Access 2021, 9, 59353–59377. [Google Scholar] [CrossRef]
- Hussain, S.; Atallah, R.; Kamsin, A. DDoS reflection attack based on IoT: A case study. In Proceedings of the Computer Science Online Conference, Zlin, Czech Republic, 25 April 2018; Springer: Cham, Switzerland, 2019; pp. 44–52. [Google Scholar]
- Colella, A.; Colombini, C.M. Amplification DDoS attacks: Emerging threats and defense strategies. In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer: Cham, Switzerland, 2014; Volume 8708, pp. 298–310. [Google Scholar]
- Wu, H.; Han, H.; Wang, X.; Sun, S. Research on artificial intelligence enhancing internet of things security: A survey. IEEE Access 2020, 8, 153826–153848. [Google Scholar] [CrossRef]
- Azaria, J.; Zawoznik, A. Inside a New DDoS Amplification Attack Vector via Memcached Servers. Imperva. 2018. Available online: https://www.imperva.com/blog/new-ddos-amplification-attack-vector-via-memcached-servers/ (accessed on 29 November 2021).
- Dormando. Memcached-a Distributed Memory Object Caching System. Available online: https://memcached.org/ (accessed on 15 November 2021).
- Nishtala, R.; Fugal, H.; Grimm, S.; Kwiatkowski, M.; Lee, H.; Li, C.H.; McElroy, R.; Paleczny, M.; Peek, D.; Saab, P.; et al. Scaling memcache at facebook. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI, Lombard, IL, USA, 2–5 April 2013; pp. 385–398. [Google Scholar]
- Subramani, K.; Perdisci, R.; Konte, M. Detecting and measuring in-the-wild DRDoS attacks at IXPs BT-detection of intrusions and malware, and vulnerability assessment. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Saclay, France, 14 July 2021; pp. 42–67. [Google Scholar]
- Lim, K.; Meisner, D.; Saidi, A.G.; Ranganathan, P.; Wenisch, T.F. Thin servers with smart pipes: Designing soc accelerators for memcached. ACM SIGARCH Comput. Archit. News 2013, 41, 36–47. [Google Scholar] [CrossRef]
- Lu, Y.; Sun, H.; Wang, X.; Liu, X. R-Memcached: A consistent cache replication scheme with Memcached. In Proceedings of the Posters & Demos Session, Bordeaux, France, 8–12 December 2014; pp. 29–30. [Google Scholar]
- Blott, M.; Liu, L.; Karras, K.; Vissers, K. Scaling out to a single-node 80 gbps memcached server with 40 terabytes of memory. In Proceedings of the 7th USENIX Workshop on Hot Topics in Storage and File Systems, Santa Clara, CA, USA, 6–7 July 2015; pp. 1–5. [Google Scholar]
- Zaidenberg, N.; Gavish, L.; Meir, Y. New caching algorithms performance evaluation. In Proceedings of the 2015 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), San Diego, CA, USA, 26–29 July 2015; pp. 1–7. [Google Scholar]
- Bakar, K.A.; Shaharill, M.H.M.; Ahmed, M. Performance evaluation of a clustered memcache. In Proceedings of the 3rd International Conference on Information and Communication Technology for the Moslem World (ICT4M), Jakarta, Indonesia, 13–14 December 2010; pp. E54–E60. [Google Scholar]
- Cheng, W.; Ren, F.; Jiang, W.; Zhang, T. Modeling and Analyzing Latency in the Memcached system. In Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA, 5–8 June 2017; pp. 538–548. [Google Scholar]
- Singh, K.; Singh, A. Memcached DDoS exploits: Operations, vulnerabilities, preventions and mitigations. In Proceedings of the 2018 IEEE 3rd International Conference on Computing, Communication and Security (ICCCS), Kathmandu, Nepal, 25–27 October 2018; pp. 171–179. [Google Scholar]
- Wu, H.; Feng, Z.; Guo, C.; Zhang, Y. ICTCP: Incast congestion control for TCP in data-center networks. IEEE ACM Trans. Netw 2012, 21, 345–358. [Google Scholar]
- Hasan, K.; Jeong, S.H. Efficient caching for data-driven IoT applications and fast content delivery with low latency in ICN. Appl. Sci. 2019, 9, 4730. [Google Scholar] [CrossRef] [Green Version]
- Hasslinger, G.; Heikkinen, J.; Ntougias, K.; Hasslinger, F.; Hohlfeld, O. Optimum caching versus LRU and LFU: Comparison and combined limited look-ahead strategies. In Proceedings of the 2018 16th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt), Shanghai, China, 7–11 May 2018; pp. 1–6. [Google Scholar]
- Ghayvat, H.; Nitin Pandya, S.; Bhattacharya, P.; Zuhair, M.; Rashid, M.; Hakak, S.; Dev, K. CP-BDHCA: Blockchain-based Confidentiality-privacy preserving big data scheme for healthcare clouds and applications. IEEE J. Biomed. Health Inform. 2021, 1. [Google Scholar] [CrossRef] [PubMed]
- Silva, F.S.D.; Silva, E.; Neto, E.P.; Lemos, M.; Venancio Neto, A.J.; Esposito, F. A taxonomy of DDoS attack mitigation approaches featured by SDN technologies in IoT scenarios. Sensors 2020, 20, 3078. [Google Scholar] [CrossRef] [PubMed]
- Niyato, D.; Kim, D.I.; Wang, P.; Song, L. A novel caching mechanism for Internet of Things (IoT) sensing service with energy harvesting. In Proceedings of the 2016 IEEE International Conference on Communications (ICC), Kuala Lumpur, Malaysia, 23–27 May 2016; pp. 1–6. [Google Scholar]
- Baptista, G.; Carvalho, F.; Colcher, S.; Endler, M. A middleware for data-centric and dynamic distributed complex event processing for iot real-time analytics in the cloud. In Proceedings of the 34th Brazilian Symposium on Computer Networks and Distributed Systems (SBRC’2016), Salvador, Brazil, 30 May–3 June 2016; pp. 1–14. [Google Scholar]
- Trajano, A.F.R.; Fernandez, M.P. Two-phase load balancing of in-memory key-value storages using network functions virtualization (NFV). J. Netw. Comput. Appl. 2016, 69, 1–13. [Google Scholar] [CrossRef]
- Chen, T.J.; Sheu, J.P.; Kuo, Y.C. Prefetching and caching schemes for IoT data in hierarchical edge computing architecture. Int. J. Ad Hoc Ubiquitous Comput. 2020, 33, 109–121. [Google Scholar] [CrossRef]
- Fu, J.S.; Liu, Y.; Chao, H.C.; Bhargava, B.K.; Zhang, Z.J. Secure data storage and searching for industrial IoT by integrating fog computing and cloud computing. IEEE Trans. Ind. Inform. 2018, 14, 4519–4528. [Google Scholar] [CrossRef]
- Foremski, P.; Nowak, S.; Fröhlich, P.; Hernández-Ramos, J.L.; Baldini, G. Autopolicy: Automated traffic policing for improved iot network security. Sensors 2020, 20, 4265. [Google Scholar] [CrossRef]
- Nishtala, R.; Carpenter, P.; Petrucci, V.; Martorell, X. Hipster: Hybrid task manager for latency-critical cloud workloads. In Proceedings of the 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA), Austin, TX, USA, 4–8 February 2017; pp. 409–420. [Google Scholar]
- Alamri, H.A.; Thayananthan, V. Bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against DDoS attacks. IEEE Access 2020, 8, 194269–194288. [Google Scholar] [CrossRef]
- Singh, K.; Dhindsa, K.S.; Nehra, D. T-CAD: A threshold based collaborative DDoS attack detection in multiple autonomous systems. J. Inf. Secur. Appl. 2020, 51, 102457. [Google Scholar] [CrossRef]
- Baskar, M.; Ramkumar, J.; Karthikeyan, C.; Anbarasu, V.; Balaji, A.; Arulananth, T.S. Low rate DDoS mitigation using real-time multi threshold traffic monitoring system. J. Ambient Intell. Humaniz. Comput. 2021, 1–9. [Google Scholar] [CrossRef]
- David, J.; Thomas, C. Discriminating flash crowds from DDoS attacks using efficient thresholding algorithm. J. Parallel Distrib. Comput. 2021, 152, 79–87. [Google Scholar] [CrossRef]
- Tourani, R.; Torres, G.; Misra, S. PERSIA: A PuzzlE-based InteReSt FloodIng Attack Countermeasure. In Proceedings of the 7th ACM Conference on Information-Centric Networking, Montreal, QC, Canada, 29 September–1 October 2020; pp. 117–128. [Google Scholar]
- Nguyen, H.V.; Iacono, L.L.; Federrath, H. Your cache has fallen: Cache-poisoned denial-of-service attack. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 1915–1930. [Google Scholar]
- Sun, X.; Ansari, N. Dynamic resource caching in the IoT application layer for smart cities. IEEE Internet Things J. 2018, 5, 606–613. [Google Scholar] [CrossRef]
- Naeem, M.A.; Ali, R.; Kim, B.S.; Nor, S.A.; Hassan, S. A periodic caching strategy solution for the smart city in information-centric Internet of Things. Sustainability 2018, 10, 2576. [Google Scholar] [CrossRef] [Green Version]
- Li, R.; Asaeda, H.; Li, J.; Fu, X. A verifiable and flexible data sharing mechanism for information-centric IoT. In Proceedings of the 2017 IEEE International Conference on Communications (ICC), Paris, France, 21–25 May 2017; pp. 1–7. [Google Scholar]
- Chen, J.; Ran, X. Deep Learning With Edge Computing: A Review. Proc. IEEE. 2019, 8, 1655–1674. [Google Scholar] [CrossRef]
- Yin, F.; Zeng, M.; Zhang, Z.; Liu, D. Coded caching for smart grid enabled HetNets with resource allocation and energy cooperation. IEEE Trans. Veh. Technol. 2020, 69, 12058–12071. [Google Scholar] [CrossRef]
- Bera, S.; Misra, S.; Rodrigues, J.J.P.C. Cloud computing applications for smart grid: A survey. IEEE Trans. Parallel Distrib. Syst. 2015, 26, 1477–1494. [Google Scholar] [CrossRef]
- Huo, Y.; Tu, W.; Sheng, Z.; Leung, V.C. A survey of in-vehicle communications: Requirements, solutions and opportunities in IoT. In Proceedings of the 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy, 14–16 December 2015; pp. 132–137. [Google Scholar]
- Payalan, Y.F.; Guvensan, M.A. Towards Next-Generation Vehicles Featuring the Vehicle Intelligence. IEEE Trans. Intell. Transp. Syst. 2019, 21, 30–47. [Google Scholar] [CrossRef]
- Bibani, O.; Mouradian, C.; Yangui, S.; Glitho, R.H.; Gaaloul, W.; Hadj-Alouane, N.B.; Morrow, M.; Polakos, P. A demo of iot healthcare application provisioning in hybrid cloud/fog environment. In Proceedings of the 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Luxembourg, Germany, 12–15 December 2016; pp. 472–475. [Google Scholar]
- Shukla, S.; Hassan, M.F.; Jung, L.T.; Awang, A.; Khan, M.K. A 3-tier architecture for network latency reduction in healthcare internet-of-things using fog computing and machine learning. In Proceedings of the ACM International Conference Proceeding Series, New York, NY, USA, 19–21 February 2019; pp. 522–528. [Google Scholar]
- Djenna, A.; Saïdouni, D.E. Cyber attacks classification in IoT-based-healthcare infrastructure. In Proceedings of the 2018 2nd Cyber Security in Networking Conference (CSNet), Paris, France, 24–26 October 2018; pp. 1–4. [Google Scholar]
- Jovanov, E. Wearables meet IoT: Synergistic personal area networks (SPANs). Sensors 2019, 19, 4295. [Google Scholar] [CrossRef] [Green Version]
- Cortés, R.; Bonnaire, X.; Marin, O.; Sens, P. Stream processing of healthcare sensor data: Studying user traces to identify challenges from a big data perspective. Procedia Comput. Sci. 2015, 52, 1004–1009. [Google Scholar] [CrossRef] [Green Version]
- Metongnon, L.; Sadre, R. Prevalence of IoT protocols in telescope and honeypot measurements. J. Cyber Secur. Mobil. 2019, 8, 321–340. [Google Scholar] [CrossRef]
- Blaise, A.; Bouet, M.; Conan, V.; Secci, S. Detection of zero-day attacks: An unsupervised port-based approach. Comput. Netw. Elsevier 2020, 180, 107391. [Google Scholar] [CrossRef]
- Zahravi, A. Momentum Botnet’s Newest DDoS Attacks and IoT Exploits. Trend Micro. 2020. Available online: https://www.trendmicro.com/en_in/research/19/l/ddos-attacks-and-iot-exploits-new-activity-from-momentum-botnet.html (accessed on 13 November 2021).
- CVE Details, CVE Security Vulnerability Database. Available online: https://www.cvedetails.com/ (accessed on 13 November 2021).
- Memcrashed DDoS Exploit Tool. GitHub. 2018. Available online: https://github.com/649/Memcrashed-DDoS-Exploit/ (accessed on 12 November 2021).
- Shodan. Available online: https://www.shodan.io/ (accessed on 13 November 2021).
- Chen, L.; Li, J.; Ma, R.; Guan, H.; Jacobsen, H.A. EnclaveCache: A secure and scalable key-value cache in multi-tenant clouds using Intel SGX. In Proceedings of the 20th International Middleware Conference, Davis, CA, USA, 9–13 December 2019; pp. 14–27. [Google Scholar]
Reference | Year | Problem Statement | Architectural Change | Achievement |
---|---|---|---|---|
Lim et al. [14] | 2013 | Increased load on the network and database. | Authors introduced thin servers with smart pipes by coupling embedded low-power cores to the Memcached server, enabling GET requests to be processed in hardware. | Power–performance trade-off. |
Lu et al. [15] | 2014 | Single-point failure mechanism of Memcached. | Authors proposed R-Memcached, where caches are replicated in the Memcached server. | Consistency among cache replicas. |
Blott et al. [16] | 2015 | Limited value-store capacity in in-memory key-value stores such as Memcached. | A Hybrid of DRAM and serial-attached flash drive was proposed for increasing the value-store capacity. | High throughput and scalability. |
Zaidenberg et al. [17] | 2015 | Data-discarding algorithm for Memcached. | In this work, five new algorithms were presented in place of the least-recently-used (LRU) algorithm for discarding data in Memcached. | Improved hit rate. |
Singh et al. [20] | 2018 | Flaws in Memcached architecture and operations. | The authors identified flaws of Memcached architecture, and the prevention of DDoS attacks was also discussed. | Security steps for avoiding DDoS attacks. |
Proposed work | 2021 | DDoS attack using Memcached. | Communication between Memcached servers is proposed in the undertaken study for detecting volume-based attacks. | High security from DDoS attacks while maintaining throughput latency. |
Vulnerability Reference | Description |
---|---|
CVE-2020-10931 | Insufficient authentication of user input is why this vulnerability exists in memcached.c when a binary protocol header is parsed in the try_read_command_binary() function. DoS attacks can be performed using this vulnerability. |
CVE-2019-11596 | “lru mode” and “lru temp_ttl” commands were found to be dereferencing the NULL pointer in Memcached versions before 1.5.14, making it prone to denial of service. |
CVE-2019-15026 | In Memcached version 1.5.16, while using UNIX sockets in memcached.c, a buffer over-read was found in conn_to_str, causing a denial of service. |
CVE-2018-1000115 | This is the vulnerability caused due to open UDP port at 11211. In UDP support up to Memcached version 1.5.5, network message volume could not be controlled sufficiently, making it vulnerable to denial-of-service attacks. An amplification factor of 50,000 could be achieved using this. |
Author | Year | Applied Technique for Intrusion Detection in DDoS Attacks | IDS Applied for Detecting Attack Type | Remarks |
---|---|---|---|---|
Alamri et al. [33] | 2020 | Bandwidth control mechanism and XGBoost algorithm | DDoS attacks in Software-Defined Network | Trigger-based detection is applied using an adaptive-bandwidth-profile-based threshold where flawed flows are penalized for preventing bandwidth depletion. |
Singh et al. [34] | 2020 | Threshold and entropy-based detection mechanism | Discriminating flash-crowd events from DDoS attacks | DDoS attacks on edge routers are detected using entropy and a threshold-based system. |
Baskar et al. [35] | 2021 | Real-time traffic-monitoring algorithm using a multi-threshold system | Low-rate DDoS attacks | Low-rate DDoS attacks are detected using a multi-threshold traffic-analysis approach. |
Jisa et al. [36] | 2021 | Threshold-based algorithm using network traffic parameter | Discriminating flash-crowd events from DDoS attacks | Dynamic threshold algorithm is introduced with less processing time for DDoS attack detection. |
Proposed work | 2021 | Context-aware computing-based threshold mechanism | Memcached-based DDoS attacks | DDoS attacks using Memcached as an attack vector are mitigated efficiently by introducing architectural change in Memcached and using a context-aware threshold mechanism. |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Mishra, N.; Pandya, S.; Patel, C.; Cholli, N.; Modi, K.; Shah, P.; Chopade, M.; Patel, S.; Kotecha, K. Memcached: An Experimental Study of DDoS Attacks for the Wellbeing of IoT Applications. Sensors 2021, 21, 8071. https://doi.org/10.3390/s21238071
Mishra N, Pandya S, Patel C, Cholli N, Modi K, Shah P, Chopade M, Patel S, Kotecha K. Memcached: An Experimental Study of DDoS Attacks for the Wellbeing of IoT Applications. Sensors. 2021; 21(23):8071. https://doi.org/10.3390/s21238071
Chicago/Turabian StyleMishra, Nivedita, Sharnil Pandya, Chirag Patel, Nagaraj Cholli, Kirit Modi, Pooja Shah, Madhuri Chopade, Sudha Patel, and Ketan Kotecha. 2021. "Memcached: An Experimental Study of DDoS Attacks for the Wellbeing of IoT Applications" Sensors 21, no. 23: 8071. https://doi.org/10.3390/s21238071