No Arabic abstract
The increased popularity of IoT devices have made them lucrative targets for attackers. Due to insecure product development practices, these devices are often vulnerable even to very trivial attacks and can be easily compromised. Due to the sheer number and heterogeneity of IoT devices, it is not possible to secure the IoT ecosystem using traditional endpoint and network security solutions. To address the challenges and requirements of securing IoT devices in edge networks, we present IoT-Keeper, which is a novel system capable of securing the network against any malicious activity, in real time. The proposed system uses a lightweight anomaly detection technique, to secure both device-to-device and device-to-infrastructure communications, while using limited resources available on the gateway. It uses unlabeled network data to distinguish between benign and malicious traffic patterns observed in the network. A detailed evaluation, done with real world testbed, shows that IoT-Keeper detects any device generating malicious traffic with high accuracy (0.982) and low false positive rate (0.01). The results demonstrate that IoT-Keeper is lightweight, responsive and can effectively handle complex D2D interactions without requiring explicit attack signatures or sophisticated hardware.
The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoT-guard, for identifying malicious traffic flows. IoT-guard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoT-guard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.
The number of mobile and IoT devices connected to home and enterprise networks is growing fast. These devices offer new services and experiences for the users; however, they also present new classes of security threats pertaining to data and device safety and user privacy. In this article, we first analyze the potential threats presented by these devices connected to edge networks. We then propose Securebox: a new cloud-driven, low cost Security-as-a-Service solution that applies Software-Defined Networking (SDN) to improve network monitoring, security and management. Securebox enables remote management of networks through a cloud security service (CSS) with minimal user intervention required. To reduce costs and improve the scalability, Securebox is based on virtualized middleboxes provided by CSS. Our proposal differs from the existing solutions by integrating the SDN and cloud into a unified edge security solution, and by offering a collaborative protection mechanism that enables rapid security policy dissemination across all connected networks in mitigating new threats or attacks detected by the system. We have implemented two Securebox prototypes, using a low-cost Raspberry-PI and off-the-shelf fanless PC. Our system evaluation has shown that Securebox can achieve automatic network security and be deployed incrementally to the infrastructure with low management overhead.
Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced -- IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals privacy or service integrity. To address such concerns, we propose IoT Notary, a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable `proof-of-integrity, based on which a verifier can attest that captured sensor data adheres to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at the University of California Irvine to provide various real-time location-based services on the campus. We present extensive experiments over realtime WiFi connectivity data to evaluate IoT Notary, and the results show that IoT Notary imposes nominal overheads. The secure logs only take 21% more storage, while users can verify their one days data in less than two seconds even using a resource-limited device.
The Internet of Things (IoT) will soon be omnipresent and billions of sensors and actuators will support our industries and well-being. IoT devices are embedded systems that are connected using wireless technology for most of the cases. The availability of the wireless network serving the IoT, the privacy, integrity, and trustworthiness of the data are of critical importance, since IoT will drive businesses and personal decisions. This paper proposes a new approach in the wireless security domain that leverages advanced wireless technology and the emergence of the unmanned aerial system or vehicle (UAS or UAV). We consider the problem of eavesdropping and analyze how UAVs can aid in reducing, or overcoming this threat in the mobile IoT context. The results show that huge improvements in terms of channel secrecy rate can be achieved when UAVs assist base stations for relaying the information to the desired IoT nodes. Our approach is technology agnostic and can be expanded to address other communications security aspects.
With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead.