research-article

Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things

Authors:

Srinivasan Seshan,

Yuvraj Agarwal,

Chenren XuAuthors Info & Claims

HotNets-XIV: Proceedings of the 14th ACM Workshop on Hot Topics in Networks

Article No.: 5, Pages 1 - 7

https://doi.org/10.1145/2834050.2834095

Published: 16 November 2015 Publication History

Abstract

The Internet-of-Things (IoT) has quickly moved from the realm of hype to reality with estimates of over 25 billion devices deployed by 2020. While IoT has huge potential for societal impact, it comes with a number of key security challenges---IoT devices can become the entry points into critical infrastructures and can be exploited to leak sensitive information. Traditional host-centric security solutions in today's IT ecosystems (e.g., antivirus, software patches) are fundamentally at odds with the realities of IoT (e.g., poor vendor security practices and constrained hardware). We argue that the network will have to play a critical role in securing IoT deployments. However, the scale, diversity, cyberphysical coupling, and cross-device use cases inherent to IoT require us to rethink network security along three key dimensions: (1) abstractions for security policies; (2) mechanisms to learn attack and normal profiles; and (3) dynamic and context-aware enforcement capabilities. Our goal in this paper is to highlight these challenges and sketch a roadmap to avoid this impending security disaster.

Supplementary Material

MP4 File (a5.mp4)

Download
843.10 MB

References

[1]

Belkin Wemo. http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation/.

[2]

Commtouch Antivirus for Embedded OS Datasheet. http://www.commtouch.com/uploads/pdf/Commtouch-Antivirus-for-Embedded-OS-Datasheet.pdf.

[3]

Fridge sends spam emails as attack hits smart gadgets. http://www.bbc.com/news/technology-25780908.

[4]

Gartner Says 4.9 Billion Connected "Things" Will Be in Use in 2015. http://www.gartner.com/newsroom/id/2905717.

[5]

Google ON hub. https://on.google.com/hub/.

[6]

Hackers attack shipping and logistics firms using malware laden handheld scanners. http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners.

[7]

IFTTT Recipes. https://ifttt.com/recipes.

[8]

Monkey. http://developer.android.com/tools/help/monkey.html.

[9]

NEST. https://nest.com/.

[10]

Netflix Simian Army. https://github.com/Netflix/SimianArmy.

[11]

OpenDayLight. http://www.opendaylight.org/.

[12]

Samsung Smartthings. http://www.smartthings.com/.

[13]

Scout Alarm. https://www.scoutalarm.com/.

[14]

SHODAN. https://www.shodan.io/.

[15]

Smart meters can be hacked to cut power bills. http://www.bbc.com/news/technology-29643276.

[16]

Squid. http://www.squid-cache.org/.

[17]

The Internet of Things Is Wildly Insecure - And Often Unpatchable. http: //www.wired.com/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/.

[18]

Will giving the internet eyes and ears mean the end of privacy? http://www.theguardian.com/technology/2013/may/16/internet-of-things-privacy-google.

[19]

S. K. Cha, M. Woo, and D. Brumley. Program-adaptive mutational fuzzing. In Proc. of the IEEE Symposium on Security and Privacy, pages 725--741, May 2015.

Digital Library

[20]

A. Costin, J. Zaddach, A. Francillon, D. Balzarotti, and S. Antipolis. A large-scale analysis of the security of embedded firmwares. In USENIX Security Symposium, 2014.

Digital Library

[21]

A. K. Datta, M. Gradinariu, M. Raynal, and G. Simon. Anonymous publish/subscribe in p2p networks. In Parallel and Distributed Processing Symposium, 2003. Proceedings. International, pages 8--pp. IEEE, 2003.

Digital Library

[22]

P. Godefroid, M. Y. Levin, and D. Molnar. Sage: whitebox fuzzing for security testing. Queue, 10(1):20, 2012.

Digital Library

[23]

C. Kolbitsch, B. Livshits, B. Zorn, and C. Seifert. Rozzle: De-cloaking internet malware. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 443--457. IEEE, 2012.

Digital Library

[24]

T. Koponen et al. Onix: A Distributed Control Platform for Large-scale Production Network. In Proc. OSDI, 2010.

Digital Library

[25]

P. Levis, S. Madden, D. Gay, J. Polastre, R. Szewczyk, A. Woo, E. A. Brewer, and D. E. Culler. The emergence of networking abstractions and techniques in tinyos. In NSDI, volume 4, pages 1--1, 2004.

Digital Library

[26]

A. Madhavapeddy, T. Leonard, M. Skjegstad, T. Gazagnaire, D. Sheets, D. Scott, R. Mortier, A. Chaudhry, B. Singh, J. Ludlam, et al. Jitsu: Just-in-time summoning of unikernels. In 12th USENIX Symposium on Networked System Design and Implementation, 2015.

Digital Library

[27]

J. Martins, M. Ahmed, C. Raiciu, V. Olteanu, M. Honda, R. Bifulco, and F. Huici. ClickOS and the art of network function virtualization. In Proc. NSDI, 2014.

Digital Library

[28]

F. McSherry and R. Mahajan. Differentially-private network trace analysis. ACM SIGCOMM Computer Communication Review, 41(4):123--134, 2011.

Digital Library

[29]

P. Mittal, V. Paxson, R. Sommer, and M. Winterrowd. Securing mediated trace access using black-box permutation analysis. In HotNets. Citeseer, 2009.

[30]

X. Ou, S. Govindavajhala, and A. W. Appel. Mulval: A logic-based network security analyzer. In USENIX security, 2005.

Digital Library

[31]

J. Pang, B. Greenstein, M. Kaminsky, D. McCoy, and S. Seshan. Wifi-reports: Improving wireless network selection with collaboration. In Proceedings of the 7th International Conference on Mobile Systems, Applications, and Services, MobiSys '09, pages 123--136, New York, NY, USA, 2009. ACM.

Digital Library

[32]

A. Platzer. Verification of cyberphysical transportation systems. Intelligent Systems, IEEE, 24(4):10--13, 2009.

Digital Library

[33]

C. Prakash, J. Lee, Y. Turner, J.-M. Kang, A. Akella, S. Banerjee, C. Clark, Y. Ma, P. Sharma, and Y. Zhang. Pga: Using graphs to express and automatically reconcile network policies. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pages 29--42. ACM, 2015.

Digital Library

[34]

L. Ravindranath, S. Nath, J. Padhye, and H. Balakrishnan. Automatic and scalable fault detection for mobile applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services, pages 190--203. ACM, 2014.

Digital Library

[35]

M. Roesch et al. Snort: Lightweight intrusion detection for networks. In LISA, volume 99, pages 229--238, 1999.

Digital Library

[36]

O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated generation and analysis of attack graphs. In Security and privacy, 2002. Proceedings. 2002 IEEE Symposium on, pages 273--284. IEEE, 2002.

Digital Library

[37]

K. Walsh and E. G. Sirer. Experience with an object reputation system for peer-to-peer filesharing. In USENIX NSDI, volume 6, 2006.

Digital Library

Cited By

Andrade Pineda RDuque Prieto A(2024)Listeria monocytogenes y mecanismo de caballo de Troya a través de la barrera hematoencefálicaRevista Digital de Postgrado10.37910/RDP.2024.13.1.e38913:1Online publication date: 6-May-2024
https://doi.org/10.37910/RDP.2024.13.1.e389
Tahir NRashid UHadi HAhmad NCao YAlshara MJaved Y(2024)Blockchain-Based Healthcare Records Management Framework: Enhancing Security, Privacy, and InteroperabilityTechnologies10.3390/technologies1209016812:9(168)Online publication date: 14-Sep-2024
https://doi.org/10.3390/technologies12090168
Chen CShu DRavishankar HLi XAgarwal YCranor L(2024)Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and BehaviorProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642011(1-32)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642011
Show More Cited By

Index Terms

Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks
  1. Network architectures

Recommendations

An intelligent agent-oriented system for integrating network security devices and handling large amount of security events
PAISI'07: Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics

To integrate network security devices to make them act as a battle team and efficiently handle the large amount of security events produced by various network applications, Network Security Intelligent Centralized Management is a basic solution. In this ...
Analyzing websites for user-visible security design flaws
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

An increasing number of people rely on secure websites to carry out their daily business. A survey conducted by Pew Internet states 42% of all internet users bank online. Considering the types of secure transactions being conducted, businesses are ...
IoT---Cloud collaboration to establish a secure connection for lightweight devices

Internet of Things (IoT) technologies allow everyday objects including small devices in sensor networks to be capable of connecting to the Internet. Such an innovative technology can lead to positive changes in human life. However, if there is no proper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HotNets-XIV: Proceedings of the 14th ACM Workshop on Hot Topics in Networks

November 2015

189 pages

ISBN:9781450340472

DOI:10.1145/2834050

General Chairs:
Jaudelice de Oliveira
Drexel University
,
Jonathan Smith
University of Pennsylvania
,
Program Chairs:
Katerina Argyraki
EPFL
,
Philip Levis
Stanford University

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 November 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

HotNets-XIV

Sponsor:

SIGCOMM

HotNets-XIV: The 14th ACM Workshop on Hot Topics in Networks

November 16 - 17, 2015

PA, Philadelphia, USA

Acceptance Rates

Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

214
Total Citations
View Citations
2,599
Total Downloads

Downloads (Last 12 months)96
Downloads (Last 6 weeks)7

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Andrade Pineda RDuque Prieto A(2024)Listeria monocytogenes y mecanismo de caballo de Troya a través de la barrera hematoencefálicaRevista Digital de Postgrado10.37910/RDP.2024.13.1.e38913:1Online publication date: 6-May-2024
https://doi.org/10.37910/RDP.2024.13.1.e389
Tahir NRashid UHadi HAhmad NCao YAlshara MJaved Y(2024)Blockchain-Based Healthcare Records Management Framework: Enhancing Security, Privacy, and InteroperabilityTechnologies10.3390/technologies1209016812:9(168)Online publication date: 14-Sep-2024
https://doi.org/10.3390/technologies12090168
Chen CShu DRavishankar HLi XAgarwal YCranor L(2024)Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and BehaviorProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642011(1-32)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642011
Lawrence MWang Y(2024)Revolutionizing IoT Security: Integrating Audio Data Transfer and Multi-Factor Authentication with Smartphones2024 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT60633.2024.10609946(310-315)Online publication date: 30-May-2024
https://doi.org/10.1109/eIT60633.2024.10609946
Youssef ELabeau FKassouf M(2024)Adversarial Dynamic Load-Altering Cyberattacks Against Peak Shaving Using Residential Electric Water HeatersIEEE Transactions on Smart Grid10.1109/TSG.2023.330023915:2(2073-2088)Online publication date: Mar-2024
https://doi.org/10.1109/TSG.2023.3300239
de Hoz Diego JMadi TKonstantinou C(2024)CMXsafe: A Proxy Layer for Securing Internet-of-Things CommunicationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340425819(5767-5782)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3404258
Xu YBao YWang SZhang T(2024)Function Interaction Risks in Robot Apps: Analysis and Policy-Based SolutionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.334877221:4(4236-4253)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3348772
Chen LWang YLinghu JHou QCai QGuo SXue Z(2024)SaTC: Shared-Keyword Aware Taint Checking for Detecting Bugs in Embedded SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330743021:4(2421-2433)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3307430
Timko DSharko MLi Y(2024)Security Analysis of Wearable Smart Health Devices and Their Companion Apps2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00033(274-280)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00033
Zang MZheng CDittmann LZilberman N(2024)Toward Continuous Threat Defense: in-Network Traffic Analysis for IoT GatewaysIEEE Internet of Things Journal10.1109/JIOT.2023.332377111:6(9244-9257)Online publication date: 15-Mar-2024
https://doi.org/10.1109/JIOT.2023.3323771
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents