IOT CYBER SECURITY RESEARCH AT UTS [email protected] Prof. Eryk Dutkiewicz Head of School School of Computing and Communications
IOT CYBER SECURITY RESEARCH AT UTS
Prof. Eryk DutkiewiczHead of School
School of Computing and Communications
IoT enables objects to talk to other objects. Billions of devices envisaged with a wide range of applications. Greatly extends the current Internet. Security is essential for many applications.
An Example
Internet of Things and Cyber Security
Secure Connectivity and Configuration
Secure Production and Data Collection Telemetry
Localisation, Sensing/Actuation
, Collection,
Aggregation and Filtering
Throughput and Per-message
QoS
NotificationsScheduling and
Targeting (Edge Devices, Device Groups
within large populations)
Command/Control and Query
Correlation, Sessions and Batching
Secure Brokerage, Storage & Integration
Interoperation and Integration,
APIs, 3rd Party Support, Legacy Systems
Secure Visualisation and Action
Predictive Analytics, Load Balancing.
Scenario Generation,Simulation and Training
• Secure production and visualization of image of image-based IoT applications
• Secure communications for hard-to-secure devices
Secure Connectivity and
Configuration
Secure Production and Data Collection
TelemetryLocalisation,
Sensing/Actuation, Collection, Aggregation
and FilteringThroughput and Per-
message QoS
NotificationsScheduling and Targeting (Edge Devices, Device
Groups within large populations)
Command/Control and QueryCorrelation,
Sessions and Batching
Secure Brokerage, Storage & Integration
Interoperation and Integration, APIs, 3rd Party Support,
Legacy Systems
Secure Visualisation and Action Predictive Analytics,
Load Balancing. Scenario Generation,
Simulation and Training
1. Secure production and visualization in image-based IoT applications
2. Secure communications for hard-to-secure IoT devices
Figure 4: General architecture of proposed model Figure 3: Relation between contrast and human sensitivity
Figure 1: This image contains 100 pages of text with various facts about Sydney
Figure 2: The concept
Securing Information in Digital Artifacts
Contact: Dr Zenon Chaczko
Encoding and Securing Data: Time Stamping, Invisible Copyrighting, …
Steganography
Social Event Identification and TrackingTime Series Analysis
Causality Analysis
Dynamic sparse representation
Contact: Dr Min XuCross-domain event analysis
Easier-to-secure devices: smart phone, laptops...
IoT Devices and Security Challenges
Hard-to-secure devices: limited in power and computational capability
Smart meters, wearable devices, sensors, implantable devices (e.g., pacemakers)
Smart metters
Fitbit actifity tracker
Pacemaker
CoAP uses client/server interaction model similar to HTTPIn our scheme, the clients and server challenge each other for the authentication> Involves four handshake messages
> Payload of each message does not exceed 256 bits
Advanced Encryption Standard 128-bit is used for the payload encryption> Optimised for low energy consumption
A Lightweight Mutual Authentication SchemeUsing Payload-Based Encryption
Four Phases > Session/Connection initiation
> Server challenge
> Client response and challenge
> Server response
Pre-Requisite> Provisioning Phase
Contact: Dr Priyadarsi Nanda
• Legal and security/privacy issues• Monitor everything causing privacy concerns
• Data is everywhere
• Distributed nature• Management of a large number of distributed devices
• Sensors in public areas unprotected
• Hard-to-secure devices• Limited power, computation capability, storage ...
• Wireless links vulnerable to simple attacks (e.g. eavesdropping, jamming)
• Passive RFID tags
Unprecedented Security Challenges in IoT
Smart meters/sensors fieldSource: WinLab Rutgers
• TI MSP430 16-bit microcontroller, CC1150 Radio
Example:
• 14B packet at 250kbps requires 448 µsec for transmission and consumes 34.9 µJ
• If security overhead is about the same only about 448 x 10-6 x 12 x 106 = 5376 security operations can be performed
• But light TSL requires 16 millions operations*
Conventional encryption/TSL does not apply
Need novel approaches to secure little devices in IoTs
Conventional Encryption Does not Apply
*Source: WinLab Rutgers
Unauthorized Access:
Read smart meters, wearable devices, implant devicess
Eavesdropping:
Leak confidential information (e.g., RFID and chip on credit cards)
Modification of Information
Typical Threats to Hard-to-Secure Devices
• Blind eavesdroppers with Artificial Interference/Jamming
• Meter reader injects interference to conceal readings
• Cancels it own interference through self-
interference suppression
Solution 1: Rx-based Friendly Jamming
x+2
x+3
y+21
Address eavesdropping and information modification
Reader
Contact: Dr Diep Nguyen
Solution 2: Data Forensics or Big Data for Little Devices
Address unauthorized access/authentication issues
Detect spoofing via anomaly detection:
• Physical channel statistics: RSSI readings, fading profile
• MAC layer statistics: packet sequence number, packet loss ratio
• Traffic statistics: inter-arrival packet time
B
AX
SpoofingReader
Contact: Dr Diep Nguyen
Thank You!