A model checking-based security analysis framework for IoT systems

Abstract IoT systems are revolutionizing our life by providing ubiquitous computing, inter-connectivity, and automated control. However, the increasing system complexity poses huge challenges for security as IoT devices are distributed, highly heterogeneous, and can directly interact with the physical environment. In IoT systems, bugs in device firmware, defects in network protocols, and design flaws in automation rules can lead to system breach or failure. The challenge gets even more escalated as the possible attacks may be chained together in a long sequence across multiple layers, rendering the existing vulnerability analysis frameworks inapplicable. In this paper, we present ForeSee , a model checking-based framework to comprehensively evaluate IoT system security. It builds a multi-layer IoT hypothesis graph by simultaneously modeling all of the essential components in IoT systems, including the physical environment, devices, communication protocols, and applications. The model checker can then analyze the generated hypothesis graph to validate system security properties or generate attack paths if there are any violations. An optimization algorithm is further introduced to reduce the computational complexity of our analysis. Our framework verifies hypothesis graphs with millions of nodes in less than 100 seconds. The illustrative case studies show that our framework can detect more potential threats than the existing approaches.

[1]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[2]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[3]  Zhenkai Liang,et al.  A Novel Graph-based Mechanism for Identifying Traffic Vulnerabilities in Smart Home IoT , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[4]  Carl A. Gunter,et al.  Charting the Attack Surface of Trigger-Action IoT Platforms , 2019, CCS.

[5]  Nicholas Hopper,et al.  Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks , 2013, IEEE Transactions on Mobile Computing.

[6]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[7]  Jiguo Yu,et al.  Side-channel information leakage of encrypted video stream in video surveillance systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[8]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[9]  Guoliang Xue,et al.  IoTArgos: A Multi-Layer Security Monitoring System for Internet-of-Things in Smart Homes , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[10]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[11]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[12]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[13]  Ehab Al-Shaer,et al.  IoTSAT: A formal framework for security analysis of the internet of things (IoT) , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[14]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[15]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[16]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[17]  Kevin Fu,et al.  Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems , 2020, USENIX Security Symposium.

[18]  Gerard J. Holzmann,et al.  An improved protocol reachability analysis technique , 1988, Softw. Pract. Exp..

[19]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[20]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[21]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[22]  Aziz Mohaisen,et al.  XLF: A Cross-layer Framework to Secure the Internet of Things (IoT) , 2019, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[23]  Zahid Anwar,et al.  IoTRiskAnalyzer: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things , 2017, IEEE Access.

[24]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[25]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[26]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[27]  Salvatore J. Stolfo,et al.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation , 2013, NDSS.

[28]  Jeffrey Dean,et al.  Distributed Representations of Words and Phrases and their Compositionality , 2013, NIPS.

[29]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[30]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[31]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[32]  Yongdae Kim,et al.  Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors , 2015, USENIX Security Symposium.

[33]  Srikanth V. Krishnamurthy,et al.  IotSan: fortifying the safety of IoT systems , 2018, CoNEXT.

[34]  Prasant Mohapatra,et al.  BF-IoT: Securing the IoT Networks via Fingerprinting-Based Device Authentication , 2018, 2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS).

[35]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.