Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Social Engineering in The Internet of Everything: Cutter IT Journal July 2016

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/305495988

Social Engineering in the Internet of Everything

Article  in  Cutter IT Journal · July 2016

CITATIONS READS
6 2,177

2 authors:

Ryan Heartfield Diane Gan


University of Greenwich University of Greenwich
19 PUBLICATIONS   234 CITATIONS    36 PUBLICATIONS   314 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

EUNOMIA View project

Cyber physical security of autonomous vehicles View project

All content following this page was uploaded by Ryan Heartfield on 15 April 2018.

The user has requested enhancement of the downloaded file.


TO ERR IS HUMAN

Social Engineering in the Internet of Everything


by Ryan Heartfield and Diane Gan

It is well known that social engineering attacks are The more effective such cyber-physical attacks prove,1
designed to target the user-computer interface, rather the more the deception attack surface continues to
than exploiting a system’s technical vulnerability, to grow. For example, in the near future, fake tire pressure
enable attackers to deceive a user into performing an alerts shown on a car’s dashboard or gas leakage warn-
action that will breach a system’s information security. ings on a smart heating system’s GUI may be used to
They are a pervasive and existential threat to computer achieve deception in a manner not too dissimilar to
systems, because in any system, the user-computer current scareware pop-up alerts experienced by today’s
interface is always vulnerable to abuse by authorized mobile and desktop users. In the extreme, attackers
users, with or without their knowledge. may even begin to target medical devices (such as pace-
makers or mechanical insulin-delivering syringes) via
Historically, social engineering exploitations in com-
near field communications or wireless sensor networks,
puter systems were limited to traditional Internet
in an approach analogous to ransomware. This has
communications such as email and website platforms.
already occurred through the IoT using conventional
However, in the Internet of Things (IoT), the threat
hacking techniques (SSH vulnerabilities and unpatched
landscape includes vehicles, industrial control systems,
systems with default hardwired passwords) and is com-
and even smart home appliances. Add to this mix naive
monly known as a MEDIJACK attack. The major prob-
users and default passwords that are extremely weak
lem with these devices is that they remain unpatched
and easily guessed, and the threat becomes greater. As a
throughout their lifetime, and at the moment this is also
result, the effects of a deception-based attack will now
the situation within the IoT. Figure 1 provide a snap-
no longer be limited to cyberspace (stealing informa-
shot of the potential IoT social engineering threat space.
tion, compromising a system, crashing a Web service,
etc.), but can also result in physical impacts, including:
„ Damage to manufacturing plants Would Your Fridge Lie to You?
„ Disruption of train and tram signaling, causing Prior to the advent of the IoT, an email or instant mes-
death and injury sage purporting to originate from your fridge would
„ Discharge of sewage from water treatment plants seem ludicrous. Nowadays, however, the concept does
not seem so absurd. In fact, it is exactly this change in
„ Damage to nuclear power plants (e.g., Stuxnet) our expectations about the way we use technology and
In December 2014, a German steel mill furnace sus- the increasing capabilities of system-to-system commu-
tained damage when hackers used targeted phishing nication that poses the most risk. Today’s users expect
emails to capture user credentials, thereby gaining greater visibility and control over their environment,
access to the back office and ultimately the production leading to a proliferation of distributed interfaces
network, with devastating consequences. Another attached to what were traditionally isolated systems,
example occurred when households in Ukraine suffered sharing new types of data across a cyber-physical
a blackout on 23 December 2015 caused by an attack boundary. The result is an ever-richer user experience,
that brought down the power grid. Again, the attackers but also an augmented attack surface at the disposal of
used phishing emails to trick users at the electric willing cybercriminals. And as cybercriminals tend to
company into clicking on an attachment in an email, go in search of low-hanging fruit in order to exploit a
ostensibly from the prime minister of Ukraine. This is system, the user is now more than ever a soft target.
thought to be the first cyberattack that brought down Since attackers may not always have physical access to
an entire power grid, leaving 80,000 homes without IoT devices to exploit them directly, they can instead
electricity.

20 CUTTER IT JOURNAL July 2016 ©2016 Cutter Information LLC


Figure 1 — The Internet of Everything: people and smart devices, cars, homes, cities...

target the distributed functionality and associated a conventional exploitation such as system compromise
behavior integrated into new and existing systems. or theft of banking credentials. It is not a great leap to
For example, it would not be unreasonable to imagine envision that your fridge could be held to ransom by
an attacker crafting a spoofed instant message from a ransomware. Pay up, or your fridge won’t turn on.
user’s refrigerator (see Figure 2), reporting that it is run-
Unlike phishing emails claiming to originate from
ning low on milk and asking whether the user would
financial institutions and banks (which have existed
like to place an order with an Amazon-style “one-click”
for nearly 30 years), users are not sensitive to malicious
ordering button — which conveniently leads to a drive-
behavior originating from home/city automation sys-
by download. But how did the attacker know the user’s
tems, smart devices, or social media platforms that pro-
milk was low? Well, in the IoT they simply sniffed
vide access to e-health, emergency, or public services.
seemingly unimportant, unencrypted sensor node
To a large extent, this is because the physical appear-
data sent from the fridge to the home automation con-
ance of such systems does not require significant change
troller, which connects to the user over the Internet via
to become compatible with the Internet of Things; nor-
their home broadband router. Here, the attacker has
mally it is only the data these platforms generate that
exploited platform functionality that interfaces with
is shared. Specifically, the IoT is enhancing data accessi-
the IoT device (in this case, a fridge) by manipulating
bility, which is further augmenting the attack landscape
the perceived behavior of the system as opposed to
for cybercriminals seeking to develop convincing social
the device itself. In practice, such an attack can lead to
engineering attacks.

Home Automation Controller

Sensor data App messaging

INTERNET
Router
Sniff data and inject spoofed message

Figure 2 — Attacking a SMART fridge through intercepting and injecting spoofed application messages.

Get The Cutter Edge free: www.cutter.com Vol. 29, No. 7 CUTTER IT JOURNAL 21
Data Leakage: No Data Is Too Big or Small undertook a series of experiments to determine how
much information they could extract about three sub-
Just as the IoT expands the different types of user inter- jects using only social networking sites. By utilizing
faces that attackers can target, the different types of data three freely available tools (Twitonomy, Streamd.in,
(previously hidden from attackers) that can be acquired Creepy) that harvest information from Twitter, the data
is also increased. It is well known that attackers are revealed where the three subjects lived and worked,
adept at gathering user data and utilizing this informa- the route they took to work each day, where one sub-
tion as a mechanism to target a user and better design ject’s parents lived, and even where and when another
an attack specific to the user’s system or improve the subject went to the gym. It was also possible to follow
credibility of the deception techniques used. Nowadays, each of them through cyberspace to other sites such as
hackers use social networks to obtain personal data Facebook, LinkedIn, Foursquare, and Instagram, where
about a user, such as their children’s names, pet’s name, information missing from their “profile” was quickly
date of birth, where they graduated, and so on. By filled in. The experiment demonstrated how easy it is
detecting and exploiting systems that are of high value for cybercriminals to gather personal data to construct
and using their target’s “pattern of life” data, cyber- social engineering attacks that an individual would
criminals can develop effective deception mechanisms find credible.
by manipulating information the user has shared and is
therefore very familiar with and unlikely to repudiate.
Data leakage is exacerbated when geolocation is turned “Smart”er Attacks
on in IoT devices (see Figure 3). This enables anyone
Social engineering attacks against IoT devices are by
to determine the exact location where a smartphone
no means hypothetical, and exploitations abusing func-
picture was taken, for example, which can be a prob-
tionality in smart devices have already been observed in
lem if this identifies the user’s home and they have just
the wild. For example, from December 2013 to January
tweeted that they are going away on holiday. Burglars
2014, security provider Proofpoint detected a cyberattack
use Twitter as well!
that was originating from the IoT, where three times a
Recent research by the C-SAFE team at the University day, in bursts of 100,000, malicious emails targeting busi-
of Greenwich has demonstrated the ease with which nesses and individuals were sent out. In total, the global
an individual can be profiled through their leaked attack consisted of more than 750,000 malicious emails
personal data using only social networks (Facebook, originating from over 100,000 everyday consumer gad-
Twitter, LinkedIn, Instagram, etc.).2 Researchers gets, 25% of which originated from smart TVs, home

Figure 3 — Example of a cyberstalking experiment monitoring and geolocating Tweets from Twitter user, Twitter feed (top left, middle),
Creep.py (bottom left, right), Streamd.In (top right).

22 CUTTER IT JOURNAL July 2016 ©2016 Cutter Information LLC


routers, and even one fridge.3 Crucially, the attack
Attack Case B: The Internet of Social Things
demonstrated that botnets are now IoT botnets, capable
of recruiting almost any device with a network connec- Social networking and media are at the heart of the IoT,
tion and messaging software. where it is no longer only people that share information
with other people, but also things that are able to com-
municate with users or with other things. Think back to
Attack Case A: IoT Phishing in Smart Homes
your fridge kindly advising that you are low on milk.
Smart homes are becoming more common as people Your car might even want to tell your Facebook friends
connect up numerous devices and “things” within their that its carbon footprint is less than four other cars on
home. All these IoT things and devices connect to a net- the road this week (i.e., in-product advertising across
work, be it wireless or wired, and eventually connect to social media). The following attack considers a threat
a routing device. Individually they may not offer any actor scanning Twitter and looking for status posts that
obvious value to cybercriminals, but they can provide include metadata from IoT picture frames. IoT picture
a user interface that an attacker can manipulate to exe- frames often come bundled with an app that allows
cute a social engineering attack. The following attack their user to automatically download and upload pic-
considers a threat actor who has gained control of a tures to popular social media platforms. In this exam-
brand of IoT smart meter cloud-based services platform, ple, the attacker finds a tweet containing the metadata;
bundled with the product to deliver updates or new however, it is a retweet from an open Twitter account
content. Here, the attack can either monitor (what may following a particular user who owns the target picture
be) unencrypted communication between the cloud frame. Next the attacker sends a direct tweet to the user
services and the smart meter and inject information (whose account privacy settings were locked down)
into existing data flows, or potentially send direct from a spoofed Twitter account purporting to be the
messages to the meters if the attackers have gained picture frame’s manufacturer. The tweet contains a
complete control over the cloud environment. In both shortened URL to a Twitter app that will allow the user
examples, the attack triggers the following message to to install video functionality on their picture frame for
all smart meters when the heating sensor indicates that free. In reality, the Twitter app gives the attacker’s
the users are home (e.g., it has been turned up/down): account rights to download all the pictures from the
“Software Upgrade Required. Go to: www.heaterup- user’s IoT picture frame, which the attacker can then
grades.com/smartupgrade.” Run the patch from a use as ransomware data or to craft future phishing
Windows computer on this network” (see Figure 4). attacks (see Figure 5).
If the user complies, then they have been phished.

Cloud-based services
provided to IoT meter

INTERNET

Software Upgrade Required


Go to:
www.heaterupgrades.com/smartup
grade

Run the patch from a Windows


computer on this network

Figure 4 — Example of a smart meter phishing attack via compromised update and content services in the cloud.

Get The Cutter Edge free: www.cutter.com Vol. 29, No. 7 CUTTER IT JOURNAL 23
3 User’s Twitter account
Follower’s Twitter account

2
1
2
3

Spoofed Twitter account IoT picture frame


with Twitter app

Figure 5 — Example of an attacker exploiting Internet of Social Things contagion to deliver a social engineering attack.

Defense Recommendations by applying criteria that are independent of the attack


vectors used.
In order to instill confidence in the smart technologies
that underpin the IoT, encourage their uptake, and Orchestration
ensure that they will be usable in the long term, it is Target Description (TD). How is the target chosen?
necessary for the security of these devices to be robust, Determine an attack’s targeting parameters to define
scalable, and above all practical. Here, we explore which user and/or system features a defense system
four approaches to defending the IoT against social should focus on. A targeted attack is likely to exploit a
engineering attacks. specific user’s attributes leaked by their IoT footprint
(e.g., a toll payment spear phishing email based on
Generic Attack Classification tweets mapped to the geolocation of their vehicle) as
part of the deception. In contrast, promiscuous targeting
Since deception-based attacks in the IoT can be
is opportunistic and random (e.g., an attacker plants a
launched in either cyber or physical space, identifying
malicious QR code in a shopping center).
the source of a deception attempt and the structure of
a social engineering attack can be extremely difficult. Method of Distribution (MD). How does the attack
For developers, the challenge of building an effective reach the target? Investigate the method in which the
defense that addresses a range of deception vectors attack’s deception is distributed and where it is exe-
would appear insurmountable when we consider all of cuted to identify the platforms that are involved in the
the different platforms that may been involved in an attack. Determine whether it is a remote system (hence
attack. It is more practical to employ generic classifica- involving a network) or a local system that requires
tion criteria to break down attacks into parameterized, monitoring and defending.
component parts. This approach can be used to reveal Mode of Automation (MA). Is the attack automated?
shared characteristics between attacks, which then aids Recognizing whether an attack is automatically or man-
the design of defenses that address multiple threats ually executed will help determine the most suitable
sharing similar traits. Using the taxonomy proposed response mechanism and the type of data that can be
elsewhere by Ryan and guest editor George Loukas,4 meaningful to collect about it. It may be possible to fin-
and summarized by each root category in Figure 6, the gerprint a fully automated attack based on patterns of
following recommendations can help developers cap- previously observed behavior, while a fully manual
ture the multiple variables involved in the construction, attack may need to focus on the attacker’s behavior
delivery, and execution of a social engineering attacks instead.

24 CUTTER IT JOURNAL July 2016 ©2016 Cutter Information LLC


Figure 6 — A high-level summary of taxonomic classification criteria for social engineering attacks in the Internet of Things.

Exploitation multiple user response steps may be detected earlier


and more easily than a single-step attack, and before it
Deception Vector (DV). Is it looks or behavior that completes, by looking for traces of its initial steps.
deceives the user? A defense mechanism needs to pin-
point mechanisms by which an attacker can deceive Attack Persistence (AP). Does the deception persist?
the user into a false expectation by manipulating visual Persistent attempts can be modeled by a learning-based
and/or system behavior aspects of a system. Within the defense system to identify the deception’s pattern of
IoT, it is not just GUIs that can be abused, but the physical behavior in order to block it. At the same time, it may
appearance or state of a sensor node in a home/work/city also have a higher chance of success against the target.
automation system as well (heating thermometer, heart- One-off deception attempts are by definition more dif-
beat monitor, vehicle speed, traffic lights, etc.). ficult to detect and may be missed if a defense is only
looking for patterns in system behavior or if the pattern
Interface Manipulator (IM). Is the platform used in is as yet unknown (i.e., a zero-day vulnerability).
the deception only (ab)used or also programmatically
modified? Depending on the system involved in an S-SDLC
attack, it may be impractical or impossible to patch
It is important that IoT platform developers have a
directly (e.g., pacemaker, legacy actuator). In order to
detailed understanding of how their system will inter-
reduce the scope of a defense, developers need to estab-
face with users, as well as how system functionality
lish whether the deception vector in an attack occurs in
may affect the wider ecosystem in which the system
code (e.g., embedded within the system or external) or
may be deployed. The Secure Software Development
abuses intended user space functionality built into the
Life Cycle (S-SDLC) provides developers with a guide-
platform by design.
line framework for the design and implementation of
Execution system software by integrating security considerations
systematically into the core requirements and design
Execution Steps (ES). Does the attack complete the of the software’s architecture. Within the S-SDLC
deception in one step? Model the effect that a single framework (see Figure 7), in each lifecycle stage, the
user action can have on the integrity of a platform, as it following key concepts can aid the development of
may be necessary to build in extra user authentication IoT platforms and functionality that are resistant to
steps to commit actions, especially in e-health services deception-based attacks.
or industrial control systems. An attack that relies on

Get The Cutter Edge free: www.cutter.com Vol. 29, No. 7 CUTTER IT JOURNAL 25
Interfaces

WSoI
SoI

Release/Maintainn Threat Model


Report

Detect / Classify
Patch

User Scenarios
arios Prog
Programmatic
Dete
Determinism
IF (X=0){
click=FALSE
X++}
ELSE{
warning()}

Figure 7 — Key concepts in the S-SDLC lifecycle for developing resistance to deception-based attacks in the IoT.

Requirements Testing
Identify the attack surface for an IoT platform by clearly Design and implement scenarios where different user
defining the intended functionality and its expected behavior is arbitrarily executed (e.g., fuzzing) in order
limitations. Document the system-to-system and to identify anomalous situations when the user interface
system-to-user interfaces forming the overall system or functionality can become part of a deception-based
of interest (SoI) and determine how these communicate attack. In testing, developers should generate and exe-
and affect interfaces within the wider SoI (WSoI; e.g., cute random input parameters, physical and logical,
the deployment environment). against the IoT platform in an attempt to elicit unhan-
dled or anomalous behavior that may lead to
Design exploitable vulnerabilities.
Develop threat models that run through different fea-
Release/Maintain
tures of the platform’s design and WSoI interactions.
Pinpoint weak spots in the user interface that can be Establish monitoring or reporting functionality within
abused or vulnerabilities in data transfer and network the platform deployment environment to help detect
communications that may allow attackers to inject mali- attacks. This will facilitate continuous patching and
cious data or code or gather information about the user. security hardening of the specific platform and/or
external platforms that have lower-security features.
Coding
Employ static code analysis to determine whether the Attack Classification and Defense
platform’s programmatic features are deterministic to
By applying each taxonomy criterion against each of the
ensure spoofed or injected data does not force the plat-
two IoT attack cases, we can use classification to employ
form to exhibit a deceptive behavior toward the user.
S-SDLC principles that help suggest a single approach
Similarly, evaluate user interface controls (whether
to defense that would prevent both attacks.
graphical or physical; e.g., a button) to ascertain
whether these can be (ab)used through intended
functionality.

26 CUTTER IT JOURNAL July 2016 ©2016 Cutter Information LLC


Case A By applying the taxonomy classification to each attack
case, we can establish that a number of similar traits are
TD. Promiscuously targets any user who owns the shared in the orchestration, exploitation, and execution
smart meter, by flooding connected devices with mes- phases of these attacks. Firstly, both attacks target users
sages and commands (e.g., malicious updates) via promiscuously, so it would appear the attacker is seek-
the cloud. ing to build the deception around a vulnerability in
MA. Functions as an automated message sent from an IoT platform and its use case rather than a specific
the cloud-based service. user’s platform profile. Both attacks are behaviorally
deceptive, irrespective of whether they are visually
MD. Distributed to execute the deception via local convincing or not, and both attacks are one-off in their
software on the smart meter. deception but require multiple user steps to complete
DV. Deception is both cosmetic and behaviorally the deception and exploitation. By showing that both
convincing, as the user would expect communications attacks focus on the IoT product behavior, rather than
from the cloud platform. the users, it becomes clear that the S-SDLC require-
ments and testing stages would play a pivotal role in
IM. Injecting malicious messages through the cloud
helping to mitigate these attacks. Crucially, it is the
attacks the programmatic interface of the smart meter
system-to-system interfaces of each IoT platform and
by adjusting the internal code to display a deceptive
their interaction with the ecosystem’s WSoI (Case A:
message.
cloud-based services over the Internet, Case B: Twitter
ES. The user must exercise multiple steps in order for application add-ons) that need addressing.
the deception to be successful. The first step downloads
the supposed patch; the second step then requires the
user to install the patch.
AP. The message’s particular deception is one-off, as it Since both attacks’ deceptions are one-off,
is unlikely the attacker will reissue the same phishing they may be hard to identify and prevent.
message and thus compromise the attack’s integrity.

Case B
TD. Promiscuously targets any user who owns an IoT Each of the IoT devices, their interface contracts between
picture frame with social media app functionality. other IoT platforms/devices, and the functionality they
extend should be clearly defined and then evaluated
MA. Functions as a manual operation by searching against different user deployment scenarios. In this
for tweets, then creates a custom Twitter account and way, developers can pinpoint specific functionality sup-
tweets once a target is found. plied by the system that is vulnerable to manipulation.
MD. Distributed to execute the deception via remote Here, the manipulation of features supplied by the IoT
software on the Twitter platform. devices in each attack case could easily be highlighted
by reviewing each interface contract, then conducting a
DV. Deception is behaviorally convincing, as product robust test of its functionality in different user deploy-
suppliers often communicate with customers via social ment scenarios. Since both attacks’ deceptions are one-
media so as to gain customer data analytics. It is off, they may be hard to identify and prevent; therefore
unlikely the Twitter account is visually credible (e.g., it is even more important to rationalize system interface
there are few or no followers, and as the account is not requirements before providing the users with func-
official, tweets are not authenticated — no blue tick!). tionality that the developers are not able (or willing)
IM. Here the attacks simply (ab)use the user interface to protect. Where each attack requires multiple user
functionality of the Twitter platform. steps to complete, integration of further authentication
mechanisms for more significant functionality requests
ES. The deception completes in multiple steps, as the
between interfaces should be enforced and reviewed
user must click on the URL and then add the malicious
through testing. This approach can help to determine
Twitter app permissions to their account.
whether extra security procedures should be enforced
AP. The message’s particular deception is one-off as it before a user commits a potentially compromising action
is unlikely the attacker will reissue the same phishing (e.g., forcing a user to review a warning or confirm their
message and thus compromise the attack’s integrity. identity through multi-factor authenticating).

Get The Cutter Edge free: www.cutter.com Vol. 29, No. 7 CUTTER IT JOURNAL 27
User Susceptibility Profiling Within a smart city, users are likely to be exposed to
many different IoT interfaces, such as advertising, mul-
In order to provide a robust defense against social timedia, and wireless multicast feeds in the local geo-
engineering attacks, responsibility cannot be laid graphic area (e.g., local car park capacity, what’s on at
solely upon the shoulders of system developers or the cinema, popular restaurants). Should any of these
the organizations that provide access to a computer interfaces be targeted by an attacker using social engi-
system, whether that is an IoT platform connected to neering, users can play an important role in identifying
the Internet, a local area network, or a near field com- deception attempts. In this example, the user can open
munications medium. The users of the system are just their HaaS tool within their smartphone to report any
as important, if not relied upon even more to act and suspected attacks, which can then be directly fed to the
use the computer securely to ensure that their actions smart city security-monitoring system. Free car parking
do not inadvertently result in information security com- might even be an incentive for correctly reported
promise. Remember, there is no silver bullet for protect- attacks!
ing against human error.
Identifying a key set of measurable user attributes can
help to provide a basis for modeling which type(s) of
Conclusion
user profiles are more or less likely to be susceptible to The IoT promises to synergize technology in new
a deception-based attack. Such attributes could be used and innovative ways, and in doing so it presents
to define features for predicting and estimating user major social, business, and economic benefits for
susceptibility when using a specific platform or range of modern society. Equally, for cybercriminals, the IoT
platforms. Crucially, access to a user susceptibility pro- promises significant rewards if they can execute a
file provides the basis for applying a threshold at which social engineering attack successfully, because hacking
the probability of user susceptibility triggers security- the user can provide access to all the “things” that they
enforcing actions aimed at minimizing and/or mitigat- control. The more successful social engineering attacks
ing exploitation. against the IoT are, the more user confidence in its secu-
rity is undermined, ultimately delaying adoption of the
IoT and the realization of its potential benefits.
Fundamentally, protecting the integrity of the IoT is a
Fundamentally, protecting the integrity of two-way street. System developers should ensure that
the IoT is a two-way street. they employ best practice frameworks for producing
secure IoT platforms. Security should be treated as an
enabler of system functionality and not be a cost-based
bolt-on or ignored completely. For their part, users are
a crucial firewall in detecting social engineering threats
Human as a Sensor (HaaS) in the IoT, and it is important that they be empowered
The concept of the human as a sensor has been employed to report potential threats, especially as they will be
extensively and successfully for the detection of threats familiar with their own environment and more sen-
and adverse conditions in physical space; for example, sitive to its anomalous behavior. At the same time, it is
to report road traffic anomalies, detect unfolding emer- helpful to be able to measure whether users will likely
gencies, and improve the situational awareness of first be deceived by social engineering attacks in an IoT
responders through social media.5 In a similar manner, ecosystem; therefore, as part of security awareness, it is
human sensing can be applied to detect and report crucial that the IoT be factored into training material.
threats in cyberspace as well. In fact, as the IoT crosses Finally, as shown in Figure 8, each of these approaches
the cyber-physical boundary, the ability of users to report provides complementary tools that help provide a
suspected attacks, both cyber and physical, may help to through-life defense architecture against social engi-
detect attacks initiated in one space that result in an effect neering attacks in the IoT.
on the other. In this respect, it then becomes particularly To improve IoT security, system developers must
important to be able to tell to what extent users can cor- empower user threat detection with a mechanism
rectly detect deception-based security threats, leveraging to report suspected attacks and review/analyze user
the intelligence provided by users to augment IoT cyber reports to determine their credibility. If they decide an
situational awareness.

28 CUTTER IT JOURNAL July 2016 ©2016 Cutter Information LLC


Platform Platform
Classification Analytics
Security Platform
Ops. Provider

Platform Platform
S-SDLC Reports
Developer
User
Figure 8 — A four-phase approach to through life management of user interfaces in an Internet-capable platform.

4
attack report is credible, they can then apply a generic Heartfield, Ryan, and George Loukas. “A Taxonomy of Attacks
classification to determine the key aspects of the attack and a Survey of Defence Mechanisms for Semantic Social
Engineering Attacks.” ACM Computing Surveys, Vol. 48, No. 3,
and finally integrate these attack vectors as patch para-
February 2016 (http://dl.acm.org/citation.cfm?id=2835375).
meters within the platform “release/maintain” phase of
5
the S-SDLC. Dave, Rakesh, et al. “Augmenting Situational Awareness for
First Responders Using Social Media as a Sensor.” IFAC
As Bruce Schneier once said, “People don’t understand Proceedings Volumes, Vol. 46, No. 15, 2013 (www.sciencedirect.
computers. Computers are magical boxes that do things. com/science/article/pii/S1474667016330567).
People believe what computers tell them.” Trust lies at
Ryan Heartfield received his BSc degree from the University of
the heart of securing the IoT against deception-based Greenwich in 2011 in computer systems and networking. He
attacks, and thus in order to instill trust, it is device currently works as a Network Architect for the UK Government,
integrity that must be protected to prevent user and since 2014 he has been working toward a PhD in the CSAFE
compromise. group in the Department of Computing and Information Systems
of the University of Greenwich. Mr. Heartfield’s research interests
include social engineering, computer networks, cloud computing,
Endnotes and network security. He can be reached at R.J.Heartfield@
greenwich.ac.uk.
1
Loukas, George. Cyber-Physical Attacks: A Growing Invisible Diane Gan is a Principal Lecturer in the Department of Computing
Threat. Butterworth-Heinemann (Elsevier), 2015. and Information Systems at the University of Greenwich. She has a
2
Gan, Diane, and Lily R. Jenkins. “Social Networking Privacy — PhD in the field of computer networks, is a chartered engineer with
Who’s Stalking You?” Future Internet, Vol. 7, No. 1, March 2015 the Institution of Engineering and Technology (IET), and a Senior
(www.mdpi.com/1999-5903/7/1/67). Fellow of the Higher Education Academy (HEA). Dr. Gan’s current
3 engagements include research and teaching within the areas of
“Proofpoint Uncovers Internet of Things (IoT) Cyberattack.”
cybersecurity and digital forensics. She can be reached at
Press release, Proofpoint, 16 January 2014 (http://investors.
D.Gan@greenwich.ac.uk.
proofpoint.com/releasedetail.cfm?releaseid=819799).

Get The Cutter Edge free: www.cutter.com Vol. 29, No. 7 CUTTER IT JOURNAL 29

View publication stats

You might also like