IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT ...installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks-without requiring explicit attack signatures or sophisticated hardware.
Data-hiding in deoxyribonucleic acid (DNA) sequences can be used to develop an organic memory and to track parent genes in an offspring as well as in genetically modified organism. However, the main ...concerns regarding data-hiding in DNA sequences are the survival of organism and successful extraction of watermark from DNA. This implies that the organism should live and reproduce without any functional disorder even in the presence of the embedded data. Consequently, performing synonymous substitution in amino acids for watermarking becomes a primary option. In this regard, a hybrid watermark embedding strategy that employs synonymous substitution in both twofold and fourfold codons of amino acids is proposed. This work thus presents a high-capacity and mutation-resistant watermarking technique, DNA-LCEB, for hiding secret information in DNA of living organisms. By employing the different types of synonymous codons of amino acids, the data storage capacity has been significantly increased. It is further observed that the proposed DNA-LCEB employing a combination of synonymous substitution, lossless compression, encryption, and Bose–Chaudary–Hocquenghem coding is secure and performs better in terms of both capacity and robustness compared to existing DNA data-hiding schemes. The proposed DNA-LCEB is tested against different mutations, including silent, miss-sense, and non-sense mutations, and provides substantial improvement in terms of mutation detection/correction rate and bits per nucleotide. A web application for DNA-LCEB is available at
http://111.68.99.218/DNA-LCEB
.
The emergence of numerous new manufacturers producing devices for the Internet-of-Things (IoT) has given rise to new security concerns. Many IoT devices exhibit security flaws making them vulnerable ...for attacks and manufacturers have difficulties in providing appropriate security patches to their products in a timely and user-friendly manner. In this paper, we present our implementation of IoT Sentinel, which is a system aimed at protecting the user's network from vulnerable IoT devices. IoT Sentinel automatically identifies vulnerable devices when they are first introduced to the network and enforces appropriate traffic filtering rules to protect other devices from the threats originating from the vulnerable devices.
Traffic analysis attacks allow an attacker to infer sensitive information about users by analyzing network traffic of user devices. These attacks are passive in nature and are difficult to detect. In ...this paper, we demonstrate that an adversary, with access to upstream traffic from a smart home network, can identify the device types and user interactions with IoT devices, with significant confidence. These attacks are practical even when device traffic is encrypted because they only utilize statistical properties, such as traffic rates, for analysis. In order to mitigate the privacy implications of traffic analysis attacks, we propose a traffic morphing technique, which shapes network traffic thus making it more difficult to identify IoT devices and their activities. Our evaluation shows that the proposed technique provides protection against traffic analysis attacks and prevent privacy leakages for smart home users.
Our communication networks have grown in size and have witnessed an influx of heterogeneous devices and their specialized device controllers. These devices include traditional computers, light-weight ...Internet-of- Things devices and their con-trollers, and also programmable switches and routers. Managing and protecting networks used by these devices is non-trivial, especially since the devices either use different standards or no standards at all for control and management. In this article, we discuss PraNA, an SDN-based architecture for managing and orchestrating such heterogeneous networks. At the heart of PraNA is the PraNA Orchestrator which offers a comprehensive network-wide view of the devices by using the services of a wide range of specialized controllers.
The number of mobile and IoT devices connected to home and enterprise networks is growing fast. These devices offer new services and experiences for the users; however, they also present new classes ...of security threats pertaining to data and device safety and user privacy. In this article, we first analyze the potential threats presented by these devices connected to edge networks. We then propose Securebox: a new cloud-driven, low cost Security-as-a-Service solution that applies Software-Defined Networking (SDN) to improve network monitoring, security and management. Securebox enables remote management of networks through a cloud security service (CSS) with minimal user intervention required. To reduce costs and improve the scalability, Securebox is based on virtualized middleboxes provided by CSS. Our proposal differs from the existing solutions by integrating the SDN and cloud into a unified edge security solution, and by offering a collaborative protection mechanism that enables rapid security policy dissemination across all connected networks in mitigating new threats or attacks detected by the system. We have implemented two Securebox prototypes, using a low-cost Raspberry-PI and off-the-shelf fanless PC. Our system evaluation has shown that Securebox can achieve automatic network security and be deployed incrementally to the infrastructure with low management overhead.
Poster: IoTURVA Hafeez, Ibbad; Ding, Aaron Yi; Antikainen, Markku ...
Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking,
10/2017
Conference Proceeding
In this poster we present IoTurva, a platform for securing Device-to-Device (D2D) communication in IoT. Our solution takes a blackbox approach to secure IoT edge-networks. We combine user and ...device-centric context-information together with network data to classify network communication as normal or malicious. We have designed a dual-layer traffic classification scheme based on fuzzy logic, where the classification model is trained remotely. The remotely trained model is then used by the edge gateway to classify the network traffic. We have implemented a proof-of-concept prototype and evaluate its performance in a real world environment. Theevaluation shows that IoTurva causes very small overhead while it works with minimal hardware, and that our model training and classification approach can improve system efficiency and privacy.
The number of connected devices is increasing exponentially, which has made the job of managing and securing networks more complex and demanding than ever before. In this paper, we present a novel ...service-based solution for securing edge networks that are poorly managed and do not offer adequate security and management features. Our proposed system includes a smart gateway Securebox offering advanced security and network management features at device level granularity and a Security and Management Service (SMS) which provides services including traffic analysis services, management services for remote device, network and securitypolicy etc. Instead of tight coupling with hardware, our systemenables flexible and on-demand deployment of security servicesto detect and block malicious activities in the network. Ourdemonstration 1 shows that the proposed system is easy todeploy, manage and operate different networks and resolves a number of challenges in network security management domain.
The increased popularity of IoT devices have made them lucrative targets for attackers. Due to insecure product development practices, these devices are often vulnerable even to very trivial attacks ...and can be easily compromised. Due to the sheer number and heterogeneity of IoT devices, it is not possible to secure the IoT ecosystem using traditional endpoint and network security solutions. To address the challenges and requirements of securing IoT devices in edge networks, we present IoT-Keeper, which is a novel system capable of securing the network against any malicious activity, in real time. The proposed system uses a lightweight anomaly detection technique, to secure both device-to-device and device-to-infrastructure communications, while using limited resources available on the gateway. It uses unlabeled network data to distinguish between benign and malicious traffic patterns observed in the network. A detailed evaluation, done with real world testbed, shows that IoT-Keeper detects any device generating malicious traffic with high accuracy (0.982) and low false positive rate (0.01). The results demonstrate that IoT-Keeper is lightweight, responsive and can effectively handle complex D2D interactions without requiring explicit attack signatures or sophisticated hardware.
PDF
