IoTChecker: A data-driven framework for security analytics of Internet of Things configurations

Abstract The advent of the Internet of Things (IoT) has revolutionized networks by transforming legacy dumb devices into smart connected “things”; observing, interacting and impacting the environment with minimal human intervention. These features, while promising a variety of innovative solutions and business benefits, are vulnerable to a host of new threat vectors and security risks. A typical IoT network comprises thousands of IoT devices using heterogeneous protocols, having varying resources, complex interdependencies and diverse networking and security requirements. The configuration data of IoT systems is mostly unstructured, lacking machine interpretable semantics and thus, traditional analysis techniques cannot tackle the IoT-specific configuration challenges of scalability, interoperability and security. In this paper, we present IoTChecker , a novel data-driven framework to semantically model IoT configurations and then employ that model to automatically arrest security configuration anomalies and analyze IoT-specific threat vectors. The approach leverages a combination of newly constructed as well as extended and aligned versions of existing ontologies. Configuration analytics are performed automatically by describing the context of complex IoT interactions and dependencies through rules-supported reasoning and queries. The evaluation involves ontology-based security classification of 954 real-world IoT products and security analysis of their practically-deployed system configurations. Our automated approach has proven to be scalable, easily manageable, formally verifiable and free from errors induced by tedious manual configurations.

[1]  Stefan Katzenbeisser,et al.  PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon , 2012, CHES.

[2]  Amit P. Sheth,et al.  The SSN ontology of the W3C semantic sensor network incubator group , 2012, J. Web Semant..

[3]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[4]  Josef Noll,et al.  Interoperability of Security-Enabled Internet of Things , 2011, Wirel. Pers. Commun..

[5]  Luca Spalazzi,et al.  An Internet of Things ontology for earthquake emergency evaluation and response , 2014, 2014 International Conference on Collaboration Technologies and Systems (CTS).

[6]  Lilian Bossuet,et al.  New paradigms for access control in constrained environments , 2014, 2014 9th International Symposium on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC).

[7]  Daniel Jackson,et al.  Model-Based Security Analysis of a Water Treatment System , 2016, 2016 IEEE/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[8]  Jane Sinclair,et al.  Deductive Reasoning versus Model Checking: Two Formal Approaches for System Development , 1999, IFM.

[9]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[10]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[11]  Jerry R. Hobbs,et al.  DAML-S: Semantic Markup for Web Services , 2001, SWWS.

[12]  Zahid Anwar,et al.  IoTRiskAnalyzer: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things , 2017, IEEE Access.

[13]  H. Landau Sampling, data transmission, and the Nyquist rate , 1967 .

[14]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]  Benjamin Muschko Gradle in Action , 2014 .

[16]  Holger Knublauch,et al.  The Protégé OWL Plugin: An Open Development Environment for Semantic Web Applications , 2004, SEMWEB.

[17]  Dong Yang,et al.  Product configuration knowledge modeling using ontology web language , 2009, Expert Syst. Appl..

[18]  Robert A. Morris,et al.  Machine reasoning about anomalous sensor data , 2010, Ecol. Informatics.

[19]  Tiziana Catarci,et al.  Service Composition and Advanced User Interfaces in the Home of Tomorrow: The SM4All Approach , 2011, AMBI-SYS.

[20]  Asunción Gómez-Pérez,et al.  Ontology Engineering in a Networked World , 2012, Springer Berlin Heidelberg.

[21]  Alexander Gluhak,et al.  The SENSEI Real World Internet Architecture , 2010, Future Internet Assembly.

[22]  Peter Rosengren,et al.  A Development Platform for Integrating Wireless Devices and Sensors into Ambient Intelligence Systems , 2009, 2009 6th IEEE Annual Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks Workshops.

[23]  Nicola Guarino,et al.  Evaluating ontological decisions with OntoClean , 2002, CACM.

[24]  Kerry L. Taylor,et al.  Reasoning about Sensors and Compositions , 2009, SSN.

[25]  Christian Bonnet,et al.  An Ontology-Based Approach for Helping to Secure the ETSI Machine-to-Machine Architecture , 2014, 2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom).

[26]  Martin J. O'Connor,et al.  SQWRL: A Query Language for OWL , 2009, OWLED.

[27]  Roberto Di Pietro,et al.  Security in wireless ad-hoc networks - A survey , 2014, Comput. Commun..

[28]  Anand R. Tripathi,et al.  Static verification of security requirements in role based CSCW systems , 2003, SACMAT '03.

[29]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[30]  Kay Römer,et al.  SPITFIRE: toward a semantic web of things , 2011, IEEE Communications Magazine.

[31]  Martin Bauer,et al.  Proceedings of the Federated Conference on Computer Science and Information Systems pp. 949–955 ISBN 978-83-60810-22-4 Service Modelling for the Internet of Things , 2022 .

[32]  Dong Yang,et al.  Ontology-based service product configuration system modeling and development , 2011, Expert Syst. Appl..

[33]  Mahdi Ben Alaya,et al.  Toward semantic interoperability in oneM2M architecture , 2015, IEEE Communications Magazine.

[34]  Cartik R. Kothari,et al.  Building a Sensor Ontology: A Practical Approach Leveraging ISO and OGC Models , 2005, IC-AI.