Internet of Threats and Context Aware Security: Part Two
by Junaid Chaudhry, Ahmed Ibrahim, and Ali Kashif Bashir
In part one of this two part article, we discussed fundamental issues with the Internet of Things (read it here). In this article, we present some of the technical issues with the Internet of Things that could prove as the downfall of the Internet of Things.
It is said the attack on Dyn was the one that that almost broke the Internet into numerous islands on October 21st 2016 and is considered to be the largest observed yet . Dyn is an organization that has both capability and infrastructure to process high volumes of data; it was an asynchronous yet persistent attack that flooded the Domain Name Servers. There is a wide consensus on the fact that the volume of attack is going to grow in the future. At the moment they come as unilateral requests. Had they been multilateral requests, they would have been impossible to contain. Keeping the root servers down for a couple of hours in order to shed the load can be enough to change the border-less, free, and ubiquitous Internet forever.
On one hand, the overwhelming popularity and high market penetration rates of the devices that are Internet enabled break open new markets for the IT industry. It happens so because the Internet enabled device manufacturers have software implementations confined to lower OSI stacks which bring the cost down. The lack of standards in manufacturing quality, software quality, and quality assurance also play a major role in low device quality. On the other hand, since the Internet of Things initiative is relatively new, there is a lack of protocols in how to amalgamate 50 billion more thin clients in Internet of Things enabled devices into the already existing size of the Internet .
In our research the ownership, functional restrictions, physical security, Internet of Things facilitated cyber-crimes, infrastructure, addressing, and usage are among the most troubled areas in Internet of Things roll-outs and need immediate consideration. We classify these issues in the order of OSI layers in the following passages:
The fundamental principle of the Internet of Things initiative is to enable devices from different manufacturers to be able to communicate with each other without a gateway for protocol translation. A digital device is not made to last forever. It needs to be retired, i.e. replaced, discarded, recycled, etc. after its life span is over. Throughout this life span of a digital device, it must be maintained too. The maintenance plan cannot be developed in the absence of a deployment and manufacturing plan. The manufacturing and deployment plans must follow standards so that different vendors may find harmony in cross deployments. Since the Internet of Things devices are typically not deployed within the four walls of an organization, an attacker can easily eavesdrop on the Internet of Things traffic. The Internet of Things devices generally have resource constraints. So manufacturers can not take data encryption on board because the resource demands of an encryption scheme can be detrimental to their profit margins. We propose  that the information flowing from the Internet of Things devices be so atomic in nature that in order to make a substantial use out of eavesdropping, the attackers need to eavesdrop on the considerably large population of the Internet of Things devices of various kinds. An example of this argument can be temperature sensors. An attacker may eavesdrop on the temperature reading of one point. But unless he eavesdrops on all the temperature sensors of the power plant, he might not know where the boiler room might be. One can argue about the radio interference among Internet of Things devices and advocate the use of adaptive radios; in our opinion, with the ubiquitous deployment considerations, restrictions on the scope of Internet of Things devices and their coverage range can complicate things beyond repair in no time.
One of the biggest shortcomings in Internet of Things device deployment is poor implementation of auto configuration of the devices. Since Internet of Things inherit a bulk of its security problems from the TCP/IP suit, the issues like ARP spoofing, Contents Address Table-based attacks, DHCP starvation, Hidden Node Attacks, Watering hole attacks, De-auth attacks, and the list goes on, are among common threats to the Internet of Things. Because the attack space is so wide, it is very tempting to beef up and customize the Intrusion Detection systems. Customization, in principle, is discouraged in a pervasive deployment. We propose, as discussed in the previous section, that the Internet of Things clusters should be atomic and small. The larger the cluster size, the more vulnerable it would be to attacks. The real value of Internet of Things applications is in services that run devoid of underlying networking details. Hence the value should be given to the quality of data. We are further researching a solution to overcome the data link layer security issues in the Internet of Things. We also believe that there is a serious lack in competition in management protocols at lower layers, specifically at data link layer in Internet of Things. The classic protocols for flow control, error control, timeout protocols, etc. were designed for deterministic traffic flows. However, Internet of Things devices broadcast in opportunistic fashion. In conclusion, it is exciting times for the Internet of Things industry but if by adopting TCP/IP as a lone ranger for the link layer problems, we can already see that it is not working out well for the Internet of Things industry.
We take the position of semantic quality in the Internet Protocol (IP) related issues in Internet of Things enabled devices. An IP is an identity given to a device through which it can use some services provided by the Internet. Our stance that how can a device with full OSI stack, in full compliance to standardization, and security controls be at the same service level as an Internet of Things device with less than desired implementation and design? The process of IP recycling and converting all their product line in an “IP enabled product” by the manufacturers further complicates the issues. So, it is not about the new Internet of Things devices. The problem has escalated to the older IP addresses too. The IEEE Standards Association (IEEESA) has IEEE P2413, and many alike are working in developing specifications for a shared Machine-to-Machine (M2M) network layer to connect Internet of Things devices globally. May be this is the solution we have all been waiting for. As proposed in , the Internet of Things enabled devices must be deployed in domains. However, we propose that these domains should be soft domain and must be created on the fly on a lease. This loosely coupled environment ensures cross domain functionality in a truly ubiquitous environment .
The transport layer inherits the shortcomings of the TCP and UDP. At this stage, the industry is looking toward academia for more alternatives to the TCP and the UDP. The machine to machine layer that sits on top of the transport layer in Internet of Things devices is still at its developmental stage. However, the smart applications layer running on top of it all has had a good run. A few experimental setups were built, but due to lack of business models and to some extent non-availability of mature technologies, the market trust in starting a new technology was minimal.
The situation has changed and we all are very excited about the Internet of Things and the traction it brings for the IT market. There are still issues like Internet of Things device ownership, refined business model, revenue sharing, device life cycle management, trust and security of personal data, privacy and reliable information delivery that we are working on and soon we shall overcome them all. Until we address the issues mentioned above, the Internet of Things be seen as Internet of Threats.
- Cyber Attacks on Dyn, http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/, Last accessed 24 February 2017.
- Internet of Things: How the Next Evolution of the Internet Is Changing Everything by Cisco, http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf, Last Accessed 24 February 2017.
- Tommaso Pecorella, Luca Brilli * and Lorenzo Mucchi, The Role of Physical Layer Security in IoT: A Novel Perspective, Information 2016, 7(3), 49.
- Thomas Zachariah, Noah Klugman, Bradford Campbell, Joshua Adkins, Neal Jackson, and Prabal Dutta, The Internet of Things Has a Gateway Problem, HotMobile’15, February 12–13, 2015.
- Chaudhry J. A., (2011) Autonomic service composition through context orientation approach. Journal of Theoretical and Applied Information Technology, 34 (1). pp. 50-56. ISSN 1992-8645.
- Junaid Chaudhry, Uvais Qidwai, Mehdi Miraz, Healthcare Data Security among ISO/IEEE 11073 Personal Health Devices through Statistical Fingerprinting, 9th IEEE-GCC Conference and Exhibition 2017.
Dr. Junaid Chaudhry is an information security and computer networks enthusiast. Currently, Junaid is a key member of the Security Research Institute at Edith Cowan University where along with his team, is working on cutting edge cyber security solutions. He is also leading a startup of perfectionistic bunch of security researchers, digital forensics and information retrieval experts, penetration testers and bug hunters, interdisciplinary research aficionados, software coders, social scientists, medical science researchers that are passionate about making the world a better and more secure place. He has spent more than 5 years in designing, delivering, and researching in institutes at tertiary level, 6 years at research centres, and for the last 5 years he has been working in the information security industry. He worked at University of Amsterdam, Qatar University, Universiti Teknologi Malaysia, Univeristy of Hail, Univeristy of Trento, and University of South Pacific. He has also worked with Al-Jazeera, State of Qatar, Qatar Foundation, FBK, etc as consultant. Dr. Chaudhry has obtained training at teaching excellence from Harvard Business School, Univeristy of Amsterdam, Universiti Teknologi Malaysia, and maintains a certified professional status with Australian Computing Society. Junaid’s research interests are cross disciplinary research, malware analysis, anomalies detection, cyber hunting, and digital forensics. He has published more than 50 papers and have authored 3 international books.
Dr. Ahmed Ibrahim received his BSc. (Hons) in Computing from Staffordshire University in 2005, Master of Computer Security from Edith Cowan University in 2008, and Ph.D. from Edith Cowan University in 2016. Presently, he is a Post-Doctoral Research Fellow at the Edith Cowan University Security Research Institute. Ahmed’s Ph.D. research was focused on detecting covertly hidden content in digital images. His areas of research include Steganography, Steganalysis, Digital Forensics, Network Security, Image Processing, Language Technologies, Machine Learning, Protocol Classification, and Internet of Things. Ahmed has previously worked as a Security Consultant, Lecturer, and Tutor in Australia; and over 17 years of experience working in the industry, government, and academia in the Maldives.
Dr. Ali Kashif Bashir received his Ph.D. in Computer Science and Engineering from Korea University, South Korea. He is currently working for Graduate School of Information Science and Technology, Osaka University. Dr. Ali is a senior member of IEEE and an active member of ACM and IEICE. He has given several invited and keynote talks and is a reviewer of top journals and conferences. His research interests include: cloud computing (NFV/SDN), network virtualization, IoT, network security, wireless networks, etc. He is also serving IEEE Internet Technology Policy eNewsletter as editor in chief.
Dr. Rasheed Hussain received his B.S. in Computer Software Engineering from N-W.F.P University of Engineering and Technology, Peshawar, Pakistan in 2007, MS and PhD degrees in Computer Engineering from Hanyang University, South Korea in 2010 and February 2015, respectively. He also worked as a Postdoctoral Research Fellow in Hanyang University South Korea from March 2015 till August 2015. Furthermore, he worked as a Guest researcher in University of Amsterdam (UvA), Netherlands and consultant for Innopolis University, Russia from September 2015 till June 2016. Dr. Hussain is currently working as Assistant Professor at Innopolis University, Russia and establishing a new Masters program (Secure System and Network Engineering). He has authored and co-authored more than 45 papers in renowned national and international journals and conferences. He serves as reviewer for many journals from IEEE, Springer, Elsevier, and IET that include IEEE Sensors Journal, IEEE TVT, IEEE T-ITS, IEEE TIE, IEEE Comm. Magazine, Elsevier ADHOC, Elsevier JPDC, Elsevier VehCom, Springer WIRE, Springer JNSM, and many more. He also served as reviewer and/or TPC for renowned international conferences of repute including IEEE INFOCOM, IEEE GLOBECOM, IEEE VTC, IEEE VNC, IEEE ICC, IEEE PCCC, IEEE NoF, and many more.