Tianlong Yu
ABSTRACT
The Internet-of-Things (IoT) has quickly moved from the realm of hype to reality with estimates of over 25 billion devices deployed by 2020. While IoT has huge potential for societal impact, it comes with a number of key security challenges---IoT devices can become the entry points into critical infrastructures and can be exploited to leak sensitive information. Traditional host-centric security solutions in today's IT ecosystems (e.g., antivirus, software patches) are fundamentally at odds with the realities of IoT (e.g., poor vendor security practices and constrained hardware). We argue that the network will have to play a critical role in securing IoT deployments. However, the scale, diversity, cyberphysical coupling, and cross-device use cases inherent to IoT require us to rethink network security along three key dimensions: (1) abstractions for security policies; (2) mechanisms to learn attack and normal profiles; and (3) dynamic and context-aware enforcement capabilities. Our goal in this paper is to highlight these challenges and sketch a roadmap to avoid this impending security disaster.
Supplemental Material
- Belkin Wemo. http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation/.Google Scholar
- Commtouch Antivirus for Embedded OS Datasheet. http://www.commtouch.com/uploads/pdf/Commtouch-Antivirus-for-Embedded-OS-Datasheet.pdf.Google Scholar
- Fridge sends spam emails as attack hits smart gadgets. http://www.bbc.com/news/technology-25780908.Google Scholar
- Gartner Says 4.9 Billion Connected "Things" Will Be in Use in 2015. http://www.gartner.com/newsroom/id/2905717.Google Scholar
- Google ON hub. https://on.google.com/hub/.Google Scholar
- Hackers attack shipping and logistics firms using malware laden handheld scanners. http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners.Google Scholar
- IFTTT Recipes. https://ifttt.com/recipes.Google Scholar
- Monkey. http://developer.android.com/tools/help/monkey.html.Google Scholar
- NEST. https://nest.com/.Google Scholar
- Netflix Simian Army. https://github.com/Netflix/SimianArmy.Google Scholar
- OpenDayLight. http://www.opendaylight.org/.Google Scholar
- Samsung Smartthings. http://www.smartthings.com/.Google Scholar
- Scout Alarm. https://www.scoutalarm.com/.Google Scholar
- SHODAN. https://www.shodan.io/.Google Scholar
- Smart meters can be hacked to cut power bills. http://www.bbc.com/news/technology-29643276.Google Scholar
- Squid. http://www.squid-cache.org/.Google Scholar
- The Internet of Things Is Wildly Insecure - And Often Unpatchable. http: //www.wired.com/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/.Google Scholar
- Will giving the internet eyes and ears mean the end of privacy? http://www.theguardian.com/technology/2013/may/16/internet-of-things-privacy-google.Google Scholar
- S. K. Cha, M. Woo, and D. Brumley. Program-adaptive mutational fuzzing. In Proc. of the IEEE Symposium on Security and Privacy, pages 725--741, May 2015.Google ScholarDigital Library
- A. Costin, J. Zaddach, A. Francillon, D. Balzarotti, and S. Antipolis. A large-scale analysis of the security of embedded firmwares. In USENIX Security Symposium, 2014. Google ScholarDigital Library
- A. K. Datta, M. Gradinariu, M. Raynal, and G. Simon. Anonymous publish/subscribe in p2p networks. In Parallel and Distributed Processing Symposium, 2003. Proceedings. International, pages 8--pp. IEEE, 2003. Google ScholarDigital Library
- P. Godefroid, M. Y. Levin, and D. Molnar. Sage: whitebox fuzzing for security testing. Queue, 10(1):20, 2012. Google ScholarDigital Library
- C. Kolbitsch, B. Livshits, B. Zorn, and C. Seifert. Rozzle: De-cloaking internet malware. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 443--457. IEEE, 2012. Google ScholarDigital Library
- T. Koponen et al. Onix: A Distributed Control Platform for Large-scale Production Network. In Proc. OSDI, 2010. Google ScholarDigital Library
- P. Levis, S. Madden, D. Gay, J. Polastre, R. Szewczyk, A. Woo, E. A. Brewer, and D. E. Culler. The emergence of networking abstractions and techniques in tinyos. In NSDI, volume 4, pages 1--1, 2004. Google ScholarDigital Library
- A. Madhavapeddy, T. Leonard, M. Skjegstad, T. Gazagnaire, D. Sheets, D. Scott, R. Mortier, A. Chaudhry, B. Singh, J. Ludlam, et al. Jitsu: Just-in-time summoning of unikernels. In 12th USENIX Symposium on Networked System Design and Implementation, 2015. Google ScholarDigital Library
- J. Martins, M. Ahmed, C. Raiciu, V. Olteanu, M. Honda, R. Bifulco, and F. Huici. ClickOS and the art of network function virtualization. In Proc. NSDI, 2014. Google ScholarDigital Library
- F. McSherry and R. Mahajan. Differentially-private network trace analysis. ACM SIGCOMM Computer Communication Review, 41(4):123--134, 2011. Google ScholarDigital Library
- P. Mittal, V. Paxson, R. Sommer, and M. Winterrowd. Securing mediated trace access using black-box permutation analysis. In HotNets. Citeseer, 2009.Google Scholar
- X. Ou, S. Govindavajhala, and A. W. Appel. Mulval: A logic-based network security analyzer. In USENIX security, 2005. Google ScholarDigital Library
- J. Pang, B. Greenstein, M. Kaminsky, D. McCoy, and S. Seshan. Wifi-reports: Improving wireless network selection with collaboration. In Proceedings of the 7th International Conference on Mobile Systems, Applications, and Services, MobiSys '09, pages 123--136, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- A. Platzer. Verification of cyberphysical transportation systems. Intelligent Systems, IEEE, 24(4):10--13, 2009. Google ScholarDigital Library
- C. Prakash, J. Lee, Y. Turner, J.-M. Kang, A. Akella, S. Banerjee, C. Clark, Y. Ma, P. Sharma, and Y. Zhang. Pga: Using graphs to express and automatically reconcile network policies. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pages 29--42. ACM, 2015. Google ScholarDigital Library
- L. Ravindranath, S. Nath, J. Padhye, and H. Balakrishnan. Automatic and scalable fault detection for mobile applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services, pages 190--203. ACM, 2014. Google ScholarDigital Library
- M. Roesch et al. Snort: Lightweight intrusion detection for networks. In LISA, volume 99, pages 229--238, 1999. Google ScholarDigital Library
- O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated generation and analysis of attack graphs. In Security and privacy, 2002. Proceedings. 2002 IEEE Symposium on, pages 273--284. IEEE, 2002. Google ScholarDigital Library
- K. Walsh and E. G. Sirer. Experience with an object reputation system for peer-to-peer filesharing. In USENIX NSDI, volume 6, 2006. Google ScholarDigital Library
Index Terms
- Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things
Recommendations
An intelligent agent-oriented system for integrating network security devices and handling large amount of security events
PAISI'07: Proceedings of the 2007 Pacific Asia conference on Intelligence and security informaticsTo integrate network security devices to make them act as a battle team and efficiently handle the large amount of security events produced by various network applications, Network Security Intelligent Centralized Management is a basic solution. In this ...
Analyzing websites for user-visible security design flaws
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and securityAn increasing number of people rely on secure websites to carry out their daily business. A survey conducted by Pew Internet states 42% of all internet users bank online. Considering the types of secure transactions being conducted, businesses are ...
IoT---Cloud collaboration to establish a secure connection for lightweight devices
Internet of Things (IoT) technologies allow everyday objects including small devices in sensor networks to be capable of connecting to the Internet. Such an innovative technology can lead to positive changes in human life. However, if there is no proper ...
Comments