Data Analytics for IoT: Applications to Security and Privacy. Nick Feamster Princeton University

Similar documents
The Internet of Things. Steven M. Bellovin November 24,

Malling U3A Computer Group. Xmas Tech gift ideas. Chris Daly 3rd December 2018

WHY ARMIS. 1. Comprehensive Asset Discovery and Inventory. 2. Agentless. Top 10 Reasons To Consider Armis

Omar Alrawi. Security Evaluation of Home-based IoT Deployments

Communication Models in Internet of Things: A Survey

Qualys Cloud Platform

POWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security. Business, Opportunities and Risks

With turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure

Bark: Default-Off Networking and Access Control for the IoT. James Hong, Amit Levy, Laurynas Riliskis, Philip Levis Stanford University

arxiv: v1 [cs.cr] 18 May 2017

Web-based Attacks on Local IoT Devices. Gunes Acar Danny Huang Frank Li Arvind Narayanan Nick Feamster

Orchestrating an OpenStack* based IoT Smart Home

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS

10 FOCUS AREAS FOR BREACH PREVENTION

Artificial Intelligence Drives the next Generation of Internet Security

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

A SMART PORT CITY IN THE INTERNET OF EVERYTHING (IOE) ERA VERNON THAVER, CTO, CISCO SYSTEMS SOUTH AFRICA

IPv6 Home Automation. IGC/INET, 12/05/2004 Jordi Palet & Francisco Ortiz Consulintel

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

The SD-WAN security guide

Watchdata SIMachine (M2M Solution)

ExtremeWireless WiNG NX 9500

NRENs and IoT Security: Challenges and Opportunities. Karen O Donoghue TICAL 2018 Cartagena 4 September 2018

NX 9500 INTEGRATED SERVICES PLATFORM SERIES FOR THE PRIVATE CLOUD

USING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT

Libelium Cloud Hive. Technical Guide

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

P L A Y.

CSE 565 Computer Security Fall 2018

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Use Cases. E-Commerce. Enterprise

Out of the Fog: Use Case Scenarios. Industry. Smart Cities. Visual Security & Surveillance. Application

Information Security Policy

Qualys Cloud Platform

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

Smart Homes and Cities

Medigate and Palo Alto Networks Integration

IJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology

High Volume Messaging with IBM MessageSight for use in Mobile, Web and M2M solutions

Retail Stores & Restaurant Chains

Strong Security Elements for IoT Manufacturing

Michigan State University Team MSUFCU Banking with Amazon s Alexa and Apple s Siri Project Plan Spring 2017

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Introduction to Internet of Things Prof. Sudip Misra Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

Analyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS

Achieving End-to-End Security in the Internet of Things (IoT)

Copyright 2017 Ford Motor Company, All Rights Reserved

Compare Security Analytics Solutions

Note. Some History 8/8/2011. TECH 6 Approaches in Network Monitoring ip/f: A Novel Architecture for Programmable Network Visibility

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018

Awareness Technologies Systems Security. PHONE: (888)

IoT Ecosystem and Business Opportunities

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

Real-Time Insights from the Source

Security improvement in IOT based on Software

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

SMART LIGHTING SOLUTION

Intelligence for the connected world How European First-Movers Manage IoT Analytics Projects Successfully

Managing the Subscriber Experience

Voice Activated Devices

Data Centers. Tom Anderson

Internet Platform Management. We have covered a wide array of Intel Active Management Technology. Chapter12

Critical networking using mesh Wi-SUN technology Dr Simon Dunkley

Defining Security for an AWS EKS deployment

Introduction to Amazon Echo and Dot

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

ForeScout Extended Module for Carbon Black

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

PRE-ARRIVAL DESTINATION PREPARATION

Wireless Best Kept Secret For Now

Features: (no need for QR Code)

Digital Entertainment. Networking Made Easy

The Internet of Everything

Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic

Venusense UTM Introduction

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

B U I L D I N G O N T H E G A T E W A Y. Copyright 2015, Oracle and/or its affiliates. All rights reserved.

November 2017 WebRTC for Live Media and Broadcast Second screen and CDN traffic optimization. Author: Jesús Oliva Founder & Media Lead Architect

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Use Cases. Transportation. Enterprise

Smart Cities & The 4th Industrial Revolution

CS Final Exam

IoT: Here or Hype? Steve Eglash Executive Director, Secure Internet of Things Project. ǀ Secure Internet of Things Project 1

Information-Centric IoT Platforms for City-Scale Deployments

Gadgets & Gizmos Connected Devices that Could Hijack Your. Network

Network Device Forensics. Digital Forensics NETS1032 Winter 2018

Fig Data flow diagram and architecture when using the TCUP Cloud Server for PaaS for the Developers and large

IOT Accelerator. October, 2017

Orange Smart Cities. Smart Metering and Smart Grid : how can a telecom operator contribute? November

Voice Operated Assistants. APCUG VTC - 11/4/17 Greg Skalka

Internet of Things. Transforming How We Live and Work. Chris Perera Senior Director, AT&T International External & Regulatory Affairs.

NGF0502 AWS Student Slides

User Guide LC4. Before using this product, please read the guide carefully to avoid any damage to the product.

Anonymous Connections and Onion Routing

Internet of Things Deployment: The Evolution of M2M Connectivity

Video at the Edge passive delay measurements. Kathleen Nichols Pollere, Inc November 17, 2016

Transcription:

Data Analytics for IoT: Applications to Security and Privacy Nick Feamster Princeton University

Growing Market for IoT Analytics More than 25 billion devices by 2020 Each of these devices generates data. (Cows generating 200 MB of data per year!) Devices deployed in homes, industrial control systems, business, etc. 2

Established Companies Collecting IoT Data Google: Incorporation of data from phones, thermostats, streaming devices, etc. Amazon: Echo, Fire Phone, Fire TV, Fire TV stick Samsung: Smart TVs, Smart Things Hub Apple: Apple Watch, Car Play 3

Many Companies Developing Platforms for IoT Analytics Intel: Cloud Analytics Guavus, Pentaho: IoT Analytics, Smart Metering IoTivity: Platform for developing IoT devices Iobeam: Analytics for device operations (monitoring failures, etc.) Samsara: Easy sensor deployment for fleet monitoring, IT management, etc. 4

Applications of IoT Analytics Fault management: Identifying faults, root cause analysis of system faults Smart metering: What if scenarios for energy management, anomaly detection Predictive maintenance: predicting outages, real-time alerts, etc. Resource optimization: identifying underutilized assets, abnormal consumption patterns Asset tracking: monitor assets in real-time, trace asset use Security and breach detection: Alert operators to intrusion events and risks 5

Do you think concerns over data accuracy in IoT is slowing organizations ability to create solid strategies around analyzing the data? 6

This Talk: IoT Analytics for Security and Privacy Problem: Devices deployed with insecure software that will never be patched. Simply identifying what is connected to the network is difficult. Identifying anomalies, data leaks, etc. even more difficult: Each device is different, anomalous activities may not generate a lot of traffic. 7

Example: DoS Attacks on Smart House! 8

Empirical Study: Connect and Monitor SmartSense Multi-sensor PixStar Digital Photoframe Sharx Security IP Camera Smartthings Hub WiFi Z-Wave Laptop Gateway (Passive Monitor) Belkin WeMo Switch Nest Thermostat Ubi Smart Speaker 9

A Growing Security Problem Increasing number of Internet-connected IoT devices in consumer homes. Devices ship with security & privacy flaws. Cannot rely on manufacturers alone to secure software or devices 10

Current State of Consumer Smart Devices Many different manufacturers, small startups, novice programmers Low capability hardware, not enough for security protocols Most data goes to an online server on the cloud Even devices in the same home communicate via the cloud forgerock.com 11

Security Risks of IoT Devices Devices may be difficult (or impossible!) to patch Not isolated from one another (can attack one another) Not isolated from the Internet (can attack other devices on the Internet) 12

Approach IoT lab to collect, analyze IoT traffic Machine learning algorithms to address: Device identification: Which devices are connected to the network? Anomaly detection: Are devices behaving abnormally due to compromise? 13

Privacy Risks of IoT Data Leaks of private user information Leaks of what devices are being used Leaks about user activity and behavior Often do not use encryption by default email:xxx@y.com URI: smart-light json:{ activity : switch_on } 14

Technical Challenges Richness of patterns: Heterogeneous devices; diverse traffic patterns Feature design and selection: Succinct, effective feature representations Real-time anomaly detection: Balancing time efficiency with detection accuracy. Shifts in normal behavior over time Recalibration in deployment: Deployment settings differ from testbeds 15

Data Analytics of Existing IoT Devices SmartSense Multi-sensor PixStar Digital Photoframe Sharx Security IP Camera Smartthings Hub WiFi Z-Wave Laptop Gateway (Passive Monitor) Belkin WeMo Switch Nest Thermostat Ubi Smart Speaker 16

Subproblems for Security and Privacy Analytics What devices are connected to the network? Approach: Statistical approaches to analyze network traffic patterns. What data is being leaked to the cloud? Approach: Scalable traffic monitoring. (Note: When data is encrypted, this may become more challenging!) What are devices doing? Are devices infected? Approach: Statistical network anomaly detection. (Note: Anomalies may be low volume events.) 17

Device Fingerprinting: What is Connected to the Network? What devices are connected to the network? (What devices, what manufacturers?) What is the device doing? (Activity recognition.) Approach: Simple traffic analysis can reveal manufacturers (e.g., DNS lookup). Spectral clustering and reveal activity patterns. For example: Spectral clustering applied to simple traffic volume can identify different activities on thermostat. 18

Device Fingerprinting: Network Traffic Analysis Statistical analysis of network traffic features uniquely identify devices, and their characteristic behavior Challenge: Often the features that identify a device type are not high energy (needle in a haystack!) Sensor Switch 19

Device Fingerprinting: Powerline Analysis Signatures in frequency spectrum on powerline can identify devices and activities. Switched mode power supplies and low-power devices are more challenging to discern. 20

Subproblems for Security and Privacy Analytics What devices are connected to the network? Approach: Statistical approaches to analyze network traffic patterns. What data is being leaked to the cloud? Approach: Scalable traffic monitoring. (Note: When data is encrypted, this may become more challenging!) What are devices doing? Are devices infected? Approach: Statistical network anomaly detection. (Note: Anomalies may be low volume events.) 21

Example: Nest Thermostat: Traffic Analysis All traffic to nest is HTTPS on port 443 and 9543 Uses TLSv1.2 and TLSv1.0 for all traffic We found some incoming weather updates containing location information of the home and weather station in the clear. Nest has fixed this bug after our report. DNS query: time.nestlabs.com, frontdoor.nest.com, log-rts01- iad01.devices.nest.net. transport01-rts04- iad01.transport.home.nest.com 22

Nest: Privacy Issues Fairly secure device: all outgoing personal traffic, including configuration settings and updates to the server, use HTTPS *User zip code bug has been fixed user zip code* DNS query as well as the use of the unique port 9543 clearly identifies a Nest device. 23

Digital Photoframe: Traffic Analysis All traffic and feeds (RSS) cleartext over HTTP port 80 All actions sent to server in HTTP GET packet Downloads radio streams in cleartext over different ports DNS queries: api.pix-star.com, iptime.pix-star.com 24

Photoframe: Privacy Issues User email ID is in clear text when syncing account Current user activity in clear text in HTTP GET DNS queries and HTTP traffic identifies a pix-star photoframe current activity email 25

IP Camera: Traffic Analysis All traffic over cleartext HTTP port 80, even though viewing the stream requires login password Actions are sent as HTTP GET URI strings Videos are sent as image/jpeg and image/gif in the clear FTP requests also sent in clear over port 21, and FTP data is sent in clear text over many ports above 30,000 DNS query: www.sharxsecurity.com 26

IP Camera: Privacy Issues Video can be recovered from FTP data traffic by network eavesdropper DNS query, HTTP headers, and ports identify a Sharx security camera private user data 27

Ubi: Traffic Analysis All voice-to-text traffic sent in clear over port 80 Activities sent in clear, and radio streamed over port 80 Sensor readings are synced with server in the background over port 80 Only communication with google API used HTTPS on port 443 and port 5228 (google talk) DNS query: portal.theubi.com, www.google.com, mtalk.google.com, api.grooveshark.com 28

current state Ubi: Privacy Issues Although HTTPS is clearly available, Ubi still uses HTTP to communicate to its portal. Eavesdropper can intercept all voice chats and sensor readings to Ubi s main portal Sensor values such as sound, temperature, light, humidity can identify if the user is home and currently active Email in the clear can identify the user DNS query, HTTP header (UA, Host) clearly identifies Ubi device current activity 29

Are companies that are investing in IoT doing enough to ensure end-toend encryption of data or do you feel like they have a long way to go? 30

Subproblems for Security and Privacy Analytics What devices are connected to the network? Approach: Statistical approaches to analyze network traffic patterns. What data is being leaked to the cloud? Approach: Scalable traffic monitoring. (Note: When data is encrypted, this may become more challenging!) What are devices doing? Are devices infected? Approach: Statistical network anomaly detection. (Note: Anomalies may be low volume events.) 31

Network Traffic from Home Routers Network traffic patterns reveal usage, sometimes reveal power cycling. In some cases, could determine anomalous activity, or human behavior. 32

Gathering IoT Data from Powerline Capture voltage samples first 200 KHz from Powerline Sample rate of 400 khz Extract Time Domain features min, max, mean, variance, kurtosis, skewness, IQR etc. over 5 sec window Run machine learning algorithm with above tuple as features Decision Tree, Random Forest 33

Activity Data from Powerline Activity periods clearly visible from differences in powerline frequency. IoT data analytics can determine whether devices are active in normal or unusual ways. Detection of activities, infections, etc. likely 34

Conclusion: Much Left to Do! Large and growing market for IoT Analytics Security and privacy will be huge markets for IoT Analytics Devices are difficult to secure, patch, and maintain. Insecure devices will always be connected to the network. IoT devices will continue to send data to the cloud, third parties, etc. Identifying data leaks will be important. Collection of IoT data at the network gateway is a promising approach. Both network traffic and powerline information may be revealing Plenty of opportunities for new businesses, technologies in this space. Get in Touch! Nick Feamster: feamster@cs.princeton.edu 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback