Research & Security Innovation Lab for IoT
Duration: 14 Sep 15 to 13 Mar 19
PI and Co-PIs: Prof Yuval Elovici (PI), Asst Prof Martin Ochoa, Asst Prof Nils Ole Tippenhauer
Overseas Collaborator: Asst. Prof Asaf Shabtai, Ben-Gurion University
Funding agency: Ministry of Defence
The Internet of Things (IoT) connects a large number of communication and information systems to support and simplify everyday life by means of technology. The application domains in the IoT are diverse, spanning from medical and healthcare systems, building and home automation, transportation and logistics, media, and environmental monitoring, to infrastructure management and manufacturing—including smart wearable devices, smart home, smart city, smart environment, and smart enterprise devices—as well as human beings and animals as things in the IoT environment.
The vision behind the IoT concept is the ability to connect any type of object—known as things in IoT terms—with one another, as well as to the traditional Internet. It is expected that in 2020, the number of connected devices will be 50B, or 6.58 per person (Cisco 2012). This would be done using a global unique identifier, forming the Future Internet. The IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications.
The Research and Security Innovation Lab for Internet of Things focus on various research aspects of IoT. Currently, we have three innovative tracks:
Internet of Things Automatic Security Testbed
The goal of the automatic security testbed is to test for security and privacy of various state of the art IoT devices existing in the market. The testbed setup consists of a shielded room, three different stand-alone machines to perform the tests, access point within the shielded room and various state of the art IoT devices. Currently the testbed can perform various tests to show how vulnerable the IoT devices are. The testbed is also focusing on developing a system architecture that can allow various testing modules to be called for any kinds of tests. The testbed can support various communication protocols such as Wi-Fi, ZigBee, and Bluetooth etc.
Furthermore, the testbed will also be focusing on developing various attack and defense models to expose and find the vulnerabilities of the IoT devices. In future, the testbed will be open and made available to anyone who is willing to test their own IoT devices. The long term vision of the testbed and the lab itself will be to provide certification to any IoT devices in the market to check if it is secure or not.
Figure 1: Shielded Room in the Lab for Testing IoT Devices
Internet of Things HoneyPot
In this track we aim at building a high-interactive, scalable and distributed HoneyPot. Our goal is to better understand the behavior of attackers when interacting with IoT devices. As a first step we had deployed a global IP camera HoneyPot over 16 cities worldwide. We are gradually including more heterogenous IoT devices. Our devices are listed by IoT search engines such as Shodan. Such unsolicited traffic will be diverted to the Lab for in-depth analysis. With the consolidated data, we aim at measuring the most common attacks, the level of interest for different geographic regions and, to compare the quality of the honeypot with respect to a low‐interaction HoneyPot.
Figure 2: Abstract View of the IoT HoneyPot
Internet of Things Scanner
The aim of IoT Scanner is to create a system (hardware and software) where one can scan the known and the unknown environment. The idea behind IoT scanner is to understand the environment and show the list of available IoT devices in the environment. With the use of the IoT scanner one could identify the anomaly devices and protect the environment.
Currently, the IoT Scanner has integrated a range of radios to allow local reconnaissance of existing wireless infrastructure and participating nodes. IoT Scanner would enumerate IoT devices, identify communication patterns, and provide valuable insights for technical support and home users alike. IoT Scanner would help to determine the structure of underlying local communication network at a device‐to‐device level that would allow the user to observe the IoT devices present in the local network. Furthermore, to classify the IoT devices according to device‐to‐access‐point association, and the amount of traffic in local network. IoT Scanner will empower users to keep control of local environment.
Figure 3: IoT Scanner Architectural and Implementation View.
Internet of Things Device Identification
Many organizations nowadays deploy IoT devices across their IT infrastructure and this trend is expected to further accelerate in the coming years. Security experts have demonstrated the risk posed by IoT devices to organizations. Due to the widespread adoption of such devices, their diversity, standardization obstacles and inherent mobility, organizations are in need of an intelligent mechanism capable of detecting suspicious IoT devices connected to the network while not registered in a list of trustworthy IoT devices (white list) allowed to be used within the organization. In this research, we apply machine learning algorithms with the purpose of accurately identifying IoT devices listed in the approved white list and identifying other IoT devices.