Prof. Anastasios A. Economides University of Macedonia, Thessaloniki, Greece [email protected] http://conta.uom.gr Internet of Things (IoT) & Sensor Network Security
Jan 28, 2015
Prof. Anastasios A. Economides
University of Macedonia, Thessaloniki, Greece
http://conta.uom.gr
Internet of Things (IoT) &
Sensor Network Security
2
Near to Thessaloniki…
Agio Oros Chalkidiki
Vergina - Phillip’s Tomb Nature
3
CONTA (COmputer Networks & Telematics Applications) lab
http://conta.uom.gr
University of Macedonia
Research on: • Networking Techno-Economics
• E-Services (E-learning, E-Commerce, …)
CCIT 2014 Keynote speaker Prof. A.A. Economides 4
• Definitions • Driving Forces • Characteristics • Forecasting & Economic Impact • Applications • Technology • Experiments & Standardization • Research challenges • Cisco IoT Challenges
Overview Internet of Things (IoT)
CCIT 2014 Keynote speaker Prof. A.A. Economides 5
Wireless Sensor Networks (WSN) WSN Security Defensive Measures Security Visualization Research Challenges & Open Issues Conclusions
Overview Sensor Network Security
CCIT 2014 Keynote speaker Prof. A.A. Economides 6
7
IoT Definitions, 1
8 CCIT 2014 Keynote speaker Prof. A.A. Economides
• things, especially everyday objects, that are readable, recognizable, locatable, addressable, and/or controllable via the Internet—whether via RFID, wireless LAN, wide-area network, or other means. NIC
• IoT will connect objects around us (electronic, electrical, non electrical) to provide seamless communication and contextual services provided by them. IETF
• An evolving convergent IoT and services that is available anywhere, anytime as part of an all-pervasive omnipresent socio–economic fabric, made up of converged services, shared data and an advanced wireless and fixed infrastructure linking people & machines to provide advanced services to business and citizens. UK Future Internet Strategy Group
• IoT enables the objects in our environment to become active participants, i.e.,
– they share information with other members of the network or with any other stakeholder,
– they are capable of recognizing events and changes in their surroundings and of acting and reacting autonomously in an appropriate manner. IERC (Internet of Things Research in Europe Cluster)
IoT Definitions, 2
9 CCIT 2014 Keynote speaker Prof. A.A. Economides
• the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment. Gartner
• A world-wide network of interconnected objects uniquely addressable, based on standard
communication protocol. Tata Consultancy • an evolution in which objects are capable of interacting with other objects. IBM
• Interconnected objects having an active role in what might be called the Future Internet.
INFSO
• A global, immersive, invisible, ambient networked computing environment built through the continued proliferation of smart sensors, cameras, software, databases, and massive data centers in a world-spanning information fabric. PEW
“Worldwide ICT infrastructure that supports ubiquitous applications among interacting humans, machines and objects/things” A.A. Economides
IoT Driving Forces
10
11
IoT Characteristics, 1
12 CCIT 2014 Keynote speaker Prof. A.A. Economides
• Pervasive, Ubiquitous, Seamless,
• Mobile,
• Scalable, Extensible,
• Integrated Heterogeneity(Variability), Convergence,
• Open Standards, Interoperability,
• Resource Constrains (e.g. energy, bandwidth, processing, buffering),
• Security, Assurance, Safety, Privacy,
IoT Characteristics, 2
13 CCIT 2014 Keynote speaker Prof. A.A. Economides
• Cost effective,
• Energy Efficient (Green),
• Reusable,
• Distributed, Decentralized,
• Dynamic, Adaptive,
• Resilience, Self-Healing, Fault Tolerance,
• Reliable, Maintainability,
• Automatic Upgrade/Reconfiguration/Management
IoT Forecast
14 CCIT 2014 Keynote speaker Prof. A.A. Economides
Cisco: 25 billion devices connected to the Internet by 2015 and 50 billion by 2020.
IDC: 15 billion devices will be communicating over the network by 2015 and 212 billion devices or things connected to networks by 2020.
ABI Research: There are more than 10 billion wirelessly connected devices in
the market today; with over 30 billion devices by 2020. Gartner: 26 billion units installed by 2020. IBM: 1 trillion cloud-ready devices by 2015.
Ericsson: 50 billion connected devices by 2020.
15
16
17
IoT Economic Impact, 1
18 CCIT 2014 Keynote speaker Prof. A.A. Economides
Harbor Research: Service Revenues for the IoT will reach $500 Billion by 2018, dwarfing the $33 Billion in revenue expected from devices in 2018.
McKinsey Global Institute: the potential economic impact of IoT will
be $2.7 trillion to $6.2 trillion per year by 2025. Across the health-care applications, IoT technology could have an economic impact of $1.1 trillion to $2.5 trillion per year by 2025.
GSMA & Machina Research: A $ 4.5 trillion global impact in 2020.
The global business impact of the IoT can be split into two broad categories: ‘revenues’ ($2.5 trillion) and ‘cost reduction’ ($1 trillion) and ‘service improvements’ ($1 trillion).
IoT Economic Impact, 2
19 CCIT 2014 Keynote speaker Prof. A.A. Economides
Cisco: The IoE Value at Stake will be $14.4 trillion for companies and industries worldwide in the next decade (2013 – 2022).
IDC: The IoT technology and services revenue will expand from $4.8 trillion in 2012 to $7.3 trillion by 2017 and $8.9 trillion by 2020.
Gartner: IoT product and service suppliers will generate
incremental revenue exceeding $300 billion, mostly in services, in 2020. It will result in $1.9 trillion in global economic value-add through sales into diverse end markets. The verticals that are leading its adoption are manufacturing (15 percent), healthcare (15 percent) and insurance (11 percent).
20
21
• Standards. • Education & Training. • Business Models. • Partnerships. • Technology. • Applications. • Security & Privacy. • Technology Humanization. • Social changes, Ethics. • New consumer behavior. • Legislation & Regulation. • Affordability.
Needed:
CCIT 2014 Keynote speaker Prof. A.A. Economides 22
75% of companies from across industries are already exploring the IoT.
15 % of organizations across the globe already have an IoT
solution in place. 53 % plan to implement one within the next 24 months,
and another 14 % in the next two to five years. 21 % of transportation and logistics companies already
have IoT solutions in place. (Zebra Technologies / Forrester Consulting).
APPLICATIONS
CCIT 2014 Keynote speaker Prof. A.A. Economides 23
24
• Personal Health, • Personal Devices (e.g. glass, watch, mobile), • Clothes, • Personal Exercise, • Infant/ Elderly/Patient Monitoring, • Special needs persons Assistance, • Hospitals, Health Retreat, • Pharmaceuticals, • Emergency, • Recreational activities, etc.
Smart Healthcare & Wellbeing
CCIT 2014 Keynote speaker Prof. A.A. Economides 25
26
• Home equipment/appliances Control, • Safety Detectors (e.g. smoke, gas, motion), • Security, Surveillance, • Environment (e.g. heat, air, light), • Entertainment,etc.
Smart Home
CCIT 2014 Keynote speaker Prof. A.A. Economides 27
28
29
• Energy & Lighting, • Security, Surveillance, • Emergency (e.g. fire, gas), • Metering, • Offices, • Hotels,etc.
Smart Building
CCIT 2014 Keynote speaker Prof. A.A. Economides 30
31
• Monitoring, Fault Detection, • Metering, • Electricity, • Waste Management, • Water, • Gas, • Tolls, • Bridges, etc.
Smart Utilities
32
33
• E-Government, • Security, Surveillance, • Emergency (e.g. fire, flood, tsunami), • Energy Management (e.g. lighting), • Air & Water Quality Monitoring, • Traffic Control, Parking, • Transportation (e.g. cars, buses, metro, trams,…), • Tourism, • Culture, Arts, • Education, etc.
Smart City/ Community
CCIT 2014 Keynote speaker Prof. A.A. Economides 34
35
• Farming, Agriculture, Livestock, • Water, • Pollution, • Weather, • Nature, etc.
Smart Environment
36
• Smart Factory, • Manufacturing, Robotics, • Transportation (e.g. Airlines, Rails, Shipping), • Logistics, Supply Chain Management, • Financial Services, • Banking, • Insurance, etc.
Smart Industry & Services
37
Sensors & Actuators.
Wireless: RFID, WiFi, Bluetooth, Cellular, Satellite.
Sensor Networks (HW & SW).
Addressing.
Cloud Computing (Storage, Processing, Analytics, Security, etc.)
TECHNOLOGY
CCIT 2014 Keynote speaker Prof. A.A. Economides 38
39
40
41
Connected device software platforms: TinyOS Contiki OS MantisOS Nano-RK Android
Connectivity software platforms: Arrayent, Californium, Java CoAP framework , Erbium, CoAP framework for Contiki, XMesh networking stack.
CCIT 2014 Keynote speaker Prof. A.A. Economides 42
• WiFi (IEEE 802.11 a/b/g/n) • Bluetooth (IEEE 802.15.1) • UWB (IEEE 802.15.3) • Zigbee (IEEE 802.15.4) • WBAN (IEEE 802.15.6 • IEEE P1451.5
Wireless interface
CCIT 2014 Keynote speaker Prof. A.A. Economides 43
IERC (Internet of Things European Research Cluster) projects: CASAGRAS2, IoT-A, IoT Lab,…
IoT-I (IoT Initiative)
Smart Santander project
Auto-ID lab
IPSO (Internet Protocol for Smart Objects) etc.
IoT Experiments
CCIT 2014 Keynote speaker Prof. A.A. Economides 44
Devices (Sensors, Actuators, etc.), Networking & Communications, Data Management, Decision Making, Security & Privacy, Social & Legal issues, Economics, Human Behavior & Usability, Marketing, etc.
Research Challenges
CCIT 2014 Keynote speaker Prof. A.A. Economides 45
• Deadline: July 1, 2014.
• Three winners of the IoT Innovation Grand Challenge will share US $250,000 in award money.
• Submissions must be entered into one of five categories: Applications and Application Enablement, Analytics, Management, Networking, or Things.
• Each submission must map to one of a variety of industries: Education, Energy, Healthcare, Manufacturing, Oil and Gas, Retail, Smart Cities, Sports and Entertainment or Transportation
• https://iotchallenge.cisco.spigit.com/Page/AboutTheContest
Cisco IoT Innovation Grand Challenge
CCIT 2014 Keynote speaker Prof. A.A. Economides 46
• Deadline: June 17, 2014. • Cisco will be awarding $300,000 for breakthrough
approaches in malware defense, security credential management, and privacy protection to secure the IoT.
• Cisco will select up together six winners with awards from $50,000 to $75,000.
• https://www.ninesights.com/community/cisco
Cisco Security Grand Challenge
CCIT 2014 Keynote speaker Prof. A.A. Economides 47
+ Wireless Sensor Network (WSN) (co-author: Dr. E. Karapistoli)
A wireless network consists of a large number of autonomous sensors that are spatially distributed in area of interest in order to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, pollutants, etc.
Sensor:
Sensors
ADC
Processor
Memory Transceiver
Location finding system (optional)
Mobilizer (optional)
Sensing Unit Processing Unit
Power unit
Communication Unit
48
+ WSN Architecture
Internet, Satellite
Sink
Sink
Task Manager
User
Sensor Field
Sensor Node
Figure – The big picture CCIT 2014 Keynote speaker Prof. A.A. Economides 49
+ Design factors
Power Consumption
Fault Tolerance (Reliability)
Scalability
Production Costs
Operating
Hardware Constraints
CCIT 2014 Keynote speaker Prof. A.A. Economides 50
+ WSNs are vulnerable to various types of attacks
Internet, Satellite
Sink
Sink
Task Manager
User
Sensor Field
Sensor Node
Spoofed Routing
information
Wormhole Attack
CCIT 2014 Keynote speaker Prof. A.A. Economides 51
+ Security Goals
Availability: ensuring the survivability of network services despite denial-of-service (DoS) attacks
Confidentiality: ensuring that information is accessible only to those authorized to have access.
Integrity: guaranteeing that a message being transferred is never corrupted.
Data Freshness: ensuring that the data is recent, and that no old messages have been replayed.
Authentication: enabling a node to ensure the identity of the peer node with which it communicates.
Non-repudiation: ensuring that the origin of a message cannot deny having sent the message.
CCIT 2014 Keynote speaker Prof. A.A. Economides 52
+ Threats and Attacks • An attack can be either internal or external (origin-based classification):
– External attacks include attacks launched by a node that does not belong to the logical network.
– Internal attacks include attacks launched by a compromised node or an authorized participant of the network that has gone bad by running malicious code.
• Moreover, attacks can be either passive or active (nature-based classification):
– Passive attacks are able to retrieve data from the network that might be used later when launching an active attack.
• These attacks do not influence over the behavior of the network.
– Active attacks, on the other hand, directly hinder the provisioning of services.
• Most of these attacks result in a denial of service (DoS), which is a degradation or a complete halt in communication between nodes. CCIT 2014 Keynote speaker Prof. A.A. Economides 53
+ Attack Models
Eavesdropping: an attacker intercepts packets transmitted over the air for further cryptanalysis or traffic analysis.
Traffic analysis: allows an attacker to determine that there is activity in the network, the location of the BSs, and the type of protocols being used.
Message injection: an adversary injects bogus control information into the data stream.
Message modification: a previously captured message is modified before being retransmitted
Node capture: An embedded device is considered being compromised when an attacker, through various means, gains control to the node itself.
Denial-of-Service (DoS) attacks: can be grouped into two categories
– Service degradation (e.g., collision attack), and
– Service disablement through power exhaustion (e.g. jamming)
Pass
ive
atta
cks
Act
ive
atta
cks
54
+ Layer-based attack categorization
Application Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Flooding Attack | Desynchronization attacks
Replay Attack | Sybil Attack | Spoofed, altered, or replayed routing information | Sinkhole, Wormhole Attack | Hello Flood Attack
Collision Attack | Sybil Attack | Node Replication | Acknowledgement Spoofing Attack
Eavesdropping | Jamming | Battery Exhaustion
Power M
anagement P
lane
Mobility M
anagement P
lane
Task Managem
ent Plane
Data Aggregation Distortion | Message Injection or Modification
Figure – Sensor Network Protocol Stack CCIT 2014 Keynote speaker Prof. A.A. Economides 55
+ Overview of Countermeasures Confidentiality is provided through the use of encryption technologies.
Cryptographic algorithms such as the DES, RC5, RSA are used to protect the secrecy of a message.
MAC (Message Authentication Code) or Digital Signature Algorithms (DSA) can be used to assure the recipient’s integrity of the data and authenticity of the message
Digital Signatures can be used to ensure non-repudiation.
Availability can be achieved by adding redundant nodes. Multi path and probabilistic routing can also be used to minimize the impact of unavailability.
Data freshness is ensured by adding a counter value in each message.
CCIT 2014 Keynote speaker Prof. A.A. Economides 56
+ IEEE 802.15.4 (ZigBee): Security Suites
Name Description
Null No security
AES-CTR Encryption only, CTR mode
AES-CBC-MAC-128 128-bit MAC
AES-CBC-MAC-64 64-bit MAC
AES-CBC-MAC-32 32-bit MAC
AES-CCM-128 Encryption and 128-bit MAC
AES-CCM-64 Encryption and 64-bit MAC
AES-CCM-32 Encryption and 32-bit MAC
CCIT 2014 Keynote speaker Prof. A.A. Economides 57
+ Standalone Security Protocols for WSNs
• Secure Network Encryption Protocol (SNEP) – SNEP provides with confidentiality, two-party data
authentication, and data freshness • μTESLA
– extension of the TESLA protocol (by considering resource limitations)
– focuses on the need for authenticated broadcast in WSNs • TinySec
– A lightweight and generic link-layer security package – Supports two different security options: 1. authenticated encryption (TinySec-AE)
Data payload is encrypted MAC is used to authenticate packet
2. authentication only (TinySec-Auth) CCIT 2014 Keynote speaker Prof. A.A. Economides 58
+ Network Security Visualization
• Various security mechanisms have been proposed to address the security concerns of WSNs.
• Despite the fast development of computer security mechanisms, the scale and complexity of the generated wireless data put major challenges to the representation and understanding of security-relevant network information.
• To address this issue, efficient visualization techniques have been adopted by the researchers to bridge the gap.
A new security discipline emerges! CCIT 2014 Keynote speaker Prof. A.A. Economides 59
+ Until now…Visualization only for network traffic monitoring
• Network traffic visualization is one of the first directions to take when it comes to understanding, and analyzing information in vast amounts of network data.
• Many visualization tools graphically monitor real-world or simulated WSNs
(e.g. Surge, MoteView, Octopus, SNA, TOSSIM, OPNET, NS-2).
• While these tools offer some form of visualization, they are designed for
applications other than wireless security. Accordingly, these tools:
– lack the specialized techniques in visualizing security-related data.
– tend to miss abnormalities and security attacks that occur unpredictably.
CCIT 2014 Keynote speaker Prof. A.A. Economides 60
+ In the near future… Visualization for network security
• Visualization should go beyond the simple ”illustration” of network behavior in order to help the analysts discriminate between normal and abnormal network activities.
• Network security visualization provides insight into areas that other system fail to enlighten by integrating visualization and machine learning techniques.
61
+ Security Visualization Techniques
Node Links
Glyphs
Parallel Coordinates
Bundle Diagrams
Radial Panels
CCIT 2014 Keynote speaker Prof. A.A. Economides 62
+ Research Challenges
Security is somewhat difficult to achieve in WSNs:
Public-key cryptographic systems are inefficient on low-end devices. Moreover, cryptography by itself is not enough for insiders.
Link layer security with key management can prevent the majority of outsider attacks. However, it provides little protection against insiders, HELLO floods, and wormholes.
Wormholes and DoS attacks are difficult to defend against and can be mounted effectively by both laptop-class insiders and outsiders.
Nodes that are near to base stations are attractive to compromise requiring protocols to reduce their significance.
The development of secure routing protocols is challenging because sensor nodes are prone to failures and the topology of a sensor network changes frequently due to node failures and possible mobility.
CCIT 2014 Keynote speaker Prof. A.A. Economides 63
+ Open Issues
Improving the efficiency of symmetric key operations on sensor nodes is still an open research issue.
Although most secure schemes are able to limit the effects of attacks, intelligent attack detecting mechanisms are still of need for security.
Currently, there are some protocols that let routing paths bypass the detected compromised nodes or attacks. However, current secure routing algorithms have no effect to conquer undetected attacks. Hence, new secure routing protocols that can defend against undetected attacks or even node compromise are highly desirable.
Most approaches assume the base station is secure and robust enough. However, in some special application environments, such as battlefield surveillance, base stations may be easy to be destroyed or attacked. Under such conditions, base station protection must be carefully investigated.
Most current security studies focus on individual topics of security issues. However, security overhead will degrade other performances of the WSN. Hence, the tradeoff between security and Quality of Service (QoS) needs to be evaluated.
CCIT 2014 Keynote speaker Prof. A.A. Economides 64
IoT enables dramatic society transformation! WSN is a main ingredient of IoT.
WSN Security is important!
Visualization for IoT security.
Conclusions
CCIT 2014 Keynote speaker Prof. A.A. Economides 65
Thank you for your attention
Prof. Anastasios A. Economides
http://conta.uom.gr