Danish Internet Day Security of the Internet of Things Mitigating infections spread through immunisation techniques Farell FOLLY, Ph.D Researcher folly.farell@unibw.de Copenhague, October 1st. � 1
Agenda 1. Introduction to the IoT 2. Security Challenges in IoT 3. State of the Art of the IoT Security 4. Immunisation Techniques and our Approach � 2
Introduction “The Internet of Things (IoT) is a network of dedicated physical objects (things) that contain embedded technology to communicate and sense or interact with their internal states or the external environment.” - Gartner � 3
Introduction 1. Physical World •People, Devices 2. Virtual World •Applications, Digital Artefacts 3. Processes •Actuation, sensing, etc. � 4
Introduction UML representation of IoT Domain Model Source: « Enable Things to talk » , Designing IoT solutions with the IoT Architectural Reference Model, Alexandro Bassi et al, Springer Edition, ISBN : 978-3-642-40403-0 � 5
Security Challenges •Number of devices •High diversity of things •Variety and number of Applications •Speed of change … Hard to plan for a systematic Approach for Security � 6
Security Challenges •Unpredictable attacks •Cybercriminals keep improving their techniques •Zero-Day attacks •Propagation of vulnerabilities towards billions of devices � 7
Security Challenges Traditionally IoT Context Almost infeasible in this Packet Inspection context (Big Data) Blocking Traffic based Not adaptive / too much on flags, Signatures human intervention Security built around IoT networks are highly static schemes dynamic � 8
Security Challenges 1. 70% of the most commonly used IoT devices contain vulnerabilities. 2. 56% of respondents say that it is “unlikely or highly unlikely” that their organisation would be able to detect a sophisticated attack. 3. 253 billions of free Apps (2017). Malicious apps (malware): the increase in the number of apps on the device increases the likelihood that some may contain malicious code or security holes Source: EY insights � 9
State-of-the-Art � 10
State-of-the-Art •No universal framework or common approach for IoT security •Most devices are not primarily designed with security and interoperability in mind •Many manufacturers mostly rely on existing traditional security measures � 11
State-of-the-Art •So far, no security approach tackles all security aspects associated with the IoT •Many projects do exist, however; that address some specific concerns: 1. NEBULA: www.nebula-fia.org 2. uTRUSTit: www.utrustit.eu 3. IoT-A: www.iot-a.eu •Many authors considered the use of the Graph Theory to cope with the size of IoT networks and their dynamics � 12
State-of-the-Art • Auto-immunity • Security and Identification. • Trust • deterministic, policy-based, reputation-based, social network-based � 13
State-of-the-Art •Cognitive approach (Context-Awareness) 1. Enable devices and network with the intelligence to perceive things 2. Adaptive actions based on continuous learning in a hostile environment Tetrahedron model in the IoT context Source: A roadmap for the Security in the Internet of Things, Arbia et al (2018). � 14
Our Approach � 15
Our Approach “Since we can never produce a 100% secure general system or network, we need methods to mitigate the spread of damage.” - Mathematical underpinnings for Science-based Cybersecurity. United States Department of Energy. � 16
Our Approach 1. Minimise exposure factor 2. Control how threats spread 3. Design an efficient patch or vaccines distribution mechanism Immunisation � 17
Our Approach NoN model with three layers Source : Towards a Networks-of-Networks Framework for Cyber Security, � 18 Mahantesh Halappanavar et al.
Our Approach Is the system in danger? What action to take? • Minimise Risk ⬄ Maximise Entropy • Risk increases • Reduce exposure factor • Vulnerability reaches a • Trigger updates / recovery processes towards threshold specific targets • The most exposed (boundary nodes, • An infection is spreading important links, giant clusters, inside dominant set, etc.) • Use graph theory analysis to find the most suitable metrics and influence This node This cluster is having is having too many members, is them accurately : Immunisation too many it possible to algorithms links !!! disconnect some or move them to another cluster ? � 19
Our Approach Graph Theory IoT Security Immunization � 20
Our Approach Clustering • Centrality • Graph-based Betweenness • Graph Security metrics Type of graph Reachability • Structure Percolation • …etc. • Graph-based IoT Graph Theory Representation IoT Security Immunization � 21
Our Approach Clustering • Centrality • Graph-based Betweenness • Graph Security metrics Type of graph Reachability • Structure Percolation • …etc. • Graph-based IoT Graph Theory Representation IoT Security Infection propagation Immunization and containment Immune system learning : Detect (trust rating, • classify as fraudulent or legal, semantic analysis) Analogy of Human Activate virtual Antibodies to heal the rest • Immune system Infection Infection or to efficiently stop the propagation. propagation containment � 22
Our Approach •Epidemic process : Susceptible-Infected-Recovered 1. How fast does an infection spread 2. What is the threat strategy? 3. What is the IoT network topology? 4. How resistant are the nodes/Clusters? Resistance Topology Strategy Infectiousness � 23
Our Approach •Graph challenges : clustering, groupings, and simplification Devices Apps interconnection Devices Original graph topology Forming cliques Final compressed graph � 24
Summary “In parallel with the increasing autonomy of things to perceive and act on the environment, IoT security should move towards a greater autonomy in perceiving threats and reacting to attacks, based on a cognitive and systemic approach” - Arbia et al. � 25
Use cases discussions 1. A trusted device connects to a car and has been granted permission to launch a service, What are the requirements of such an equipment? 2. How does a human decide to collaborate with a random person? � 26 Picture credit to @Gartner
folly.farell@unibw.de www.twitter.com/__ff__ www.linkedin.com/in/farellf Akpé kaka ! � 27
Recommend
More recommend
