This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced
by IoT devices are addressed along with newly Added Requirement for these devices. The Architecture which we will be using throughout our analysis is explained so as to a novice
user. We will summarize the possible attacks and countermeasures for each and every domain followed by a developer friendly checklist to be followed for security.
DC MACHINE-Motoring and generation, Armature circuit equation
Internet of things (IoT) Architecture Security Analysis
1. Concordia Institute for Information System Engineering (CIISE)
Concordia University
Internet of Things(IoT)
Three Domain Architecture Security Analysis
INSE-6150 PROJECT REPORT
Submitted to: Prof. Dr. Jeremy Clark
Date: 04/27//2018
MANAV CHAWLA & DAKSH RAJ CHOPRA
chawlamanav@hotmail.com dakshchopra15@gmail.com
40058312 40054446
2. IoT Three Domain Architecture Security Analysis
Abstract
This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet
of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced
by IoT devices are addressed along with newly Added Requirement for these devices. The
Architecture which we will be using throughout our analysis is explained so as to a novice
user. We will summarize the possible attacks and countermeasures for each and every
domain followed by a developer friendly checklist to be followed for security.
Introduction
Smart Devices are a part of everybody’s life now, Five years back we never pictured our
home making decisions on our own, Devices reading our thoughts and making decision
based on our schedule but today We cannot go out without Google Assistant pinging us up
at 9:00 am with work directions or my smart watch reminding me to drink water. Internet of
Things is Interconnection of Network of these cyber physical devices or so called smart
devices with the aim to make them smarter. Controlling them via apps is just a start and data
analytics to improve the product so as to create a product that knows me better than anyone
else. Human’s behaviour is sometimes so predictable and sometimes hard to guess. Your
device will know you better than your friend soon. main usage of smart devices is for
personal growth and for ease of use. IoT will help you save time for eg:- say you are out of
milk, your fridge will alert the Grocery store and they make the item ready to be picked up,
your phone sends you the location of the store and your car drive itself to that store while
you sit back and eat your nutella.
3. Motivation
Hacking via your smart device is one thing and using your Toaster to do this is the next big
Thing, The Sandwich it makes might be burned but you can depend on it to exploit that
buffer overflow bug. We are into an era of Internet of Thing (IoT), where everything is
digitally connected to gather information and help making appliances systematic and easy to
use for us. Just like guns were created for peace, and the world does its job to think critically
and creatively, There always are consequences of what we made and how the world
perceive it . Attackers have created their way through these smart devices as well. The
Power of these Devices and their capability are limited thus these are more prone to
Attackers as the level of security is offers is Not as much as our smartphones.The following
address the few issues we have faced in the Past Times.
So let's start with the consumer issues we face in IoT. With no encryption and zero
authentication check, the attacker can use reverse engineering and send commands to the
API which people generally don’t check . Attacker was able to read the packets and camera
system was compromised. As the devices have no firewall attached, The attacker
manipulated these devices to perform DoS attack on Dyn registrar bringing websites like
twitter down in 2015. .This is the time when should think about the importance of security in
IoT. The data going through all the devices. Where are they storing this data? Do they
encrypt this data?. Generally, On the local network, if you just know the user ID, you have
the access to the data. Data leakage amongst the devices is very common in the recent past
times. Adding encryption to the data adds a little cost to product, which the company
generally wants to avoid. IoT devices are generally made by the startups which are crowd
funded or on a very little budget. They want to invest more on the device than to spend on its
security.
The Future is unpredictable but statistics are never wrong , we can still guess what the future
holds for smart devices:-
● Even today it is not easy to keep just two devices a Mobile and a PC fully updated all
the time with the latest version of OS and Application, just imagine a situation when
we are loaded with many devices around us and keeping them free from the security
bugs.
● The volume of data will be so much that it would be difficult to track and identify the
suspicious traffic over the network. Missing such incidents will make a huge dent over
the larger network.
● Even today the number of cyber attacks are so much that there is not even one day
when we don’t have an attempt to barge the internet security. With the rise of IoT,
such phishing and attacks will be definitely on the rise.
● IPv6 is still not fully perfected even though it has been there for quite some time,
leave apart its complete implementation. With IoT in place, the threat is new and
unknown. We might something that has much higher and effective security than that
of IPv6.
There are more reasons yet to be found as security and exploit goes hand to hand
which we have witnessed over the past decade.
4. IoT security challenges
IoT though being a computer system has some limitation and scalability issues which makes
it somewhat different than the challenges faced by a smartphone or Computer. It already
faces the challenges of current cyber Security along with that some specific IoT challenges
are worth mentioning. IoT has unique characteristics and constraints when it comes to
designing efficient defensive mechanisms against cyber-security threats that can be
summarized by the following:
● IoT relies on microcontrollers with limited memory and computational power. This often
makes it impractical to implement approaches designed for powerful computers. This in
turn requires constrained IoT devices to be hidden behind secure gateways.
● Anything that is exposed to the Internet must be securely software upgradable. Proper
Signature and encryption with high speed data delivery has so much constrain on the
small computational device
● Threats based upon gaining physical access to IoT devices. The size of certain smart
devices are smaller than a computer or even a smart phone while other could be
secure at your place.
● User experience must be good enough to avoid becoming a weak link in the chain.
● The necessity of keeping up to date with security best practices.Our smart devices OS
and computer OS provide tons of Updates ust to keep us secure is it feasible for small
cheaper smart device to follow this process as a single person is soon going to own 5
smart device each,
● Lots of sensors will generate a vast amount of data although this varies by domain but
the big data generated and used for analytics has various privacy and security
challenges that should be kept feasible for the near future.
IoT Security Requirements
IoT Security Demands Some new Requirements along with those CyberSecurity
Requirements of Confidentiality, Integrity, Authentication,Availability and Authorization.These
are mentioned and Explained below:-
● Freshness: The data generated should be fresh i.e. the attacker must not be able to
return an entity into its old state using old data.
● Non-repudiation: It ensures that an entity cannot deny an action that it has performed.If
an object forwarded a message it has to Accept it.
● Forward Secrecy: It ensures that after we leave the department, we should not be able
to hear communication happening inside the department.
● Backward Secrecy: It ensures that any new object that joins the network, it will not be
able to communication that happened before its joining.
5. The Three Domain Architecture
In Order to Understand the possible attacks and Exploits the architecture we are using for
our evaluation must be clear. Evaluating IoT security is a very vast domain, so as to To
achieve end-to-end security within an IoT solution, security must be a priority across all of
the layers of our IoT architecture. Adopting a multi-tiered architecture allows you to focus on
improving your understanding about how all of the most important aspects of the architecture
operate independently before you integrate them within your IoT application.
For our analysis we are considering the three Domain Architecture:-
1. Device Domain - This Domain is made up all the Smart Devices, These Devices
are expected to change their Environment over time. SMart Devices Senses all the data and
they forward the data to Edge Domain, This Domain also have actuators Responsible for
acting on the decisions made.
2. Edge Domain - Devices in this domain are allocated one or more smart
devices.Edge Domain Devices are typically responsible for performing operations on the
data collected included preprocessing, filtering and Aggregation.As Devices change there
location over time edge domain devices are also connected to each other so as to
coordinate the smart object.
3. Cloud Domain - Cloud Domain is composed of large number of servers that have
dedicated Virtual Machines(VMs) for each device and they are generally powerful system
created to perform analytics. They have dashboards(or device management pages) for each
device as well.
6. Attacks on IoT
Cloud Domain Attacks
On Cloud Servers , each Application is Dedicated one or more VMs where each VMs is
assigned to one or more servers in the data center and gets certain CPU and memory
resources allocation.HyperVisor is Responsible for monitoring those VMs and allocates the
shared hardware. It also Creates logical separation among VMs and also from the
underlying hardware.
Cloud
The Following attacks are possible on this domain:-
1. Hidden-Channel Attacks: VMs Share some hardware Components among each other
majorly the cache. So possibility for data breach and leakage among VMs is high .
Steps Followed:-
A. Map Target VM: The Attacker try to locate the VM’s exact zone and server. The
attacker rents VM in the same cluster using external IP
B. Malicious VM placement:The attacker places a malicious VM drive and traceroute to
determine whether the location is correct or not, else released the VM and send
another one.
C. Cross VM-Data leakage: Attacker uses cache and side channel time attack to
Determine the Memory address used by Targeted VM.
2. VM Migration Attacks: Data center supports live VM Migration service from one server to
another.
A. Control Plane attack: By exploiting the Bug in the migration module software, the
attacker can hack the server and take control over the module.migration module is
responsible for handling the migration process.The attacker either moves more VMs
than the capacity of server causing Denial of service or the attacker advertise high
resource availability of one of the server he already controls causing all VMs to
follow.
B. Data Plane attacks: Attacker targets the network links over which the VM is moved
from one server to another this can be done by packet sniffing or Man in the middle
attack.
3. Theft-of-Service Attack: Malicious VM Demands more resources than the share it is
supposed to obtain causing other VMs performance degrade.
4. VM Escape Attack: Malicious VM gain root access by exploiting software bug and
breaking the isolation.VM escape the hypervisor layer and now have the full access.
7. 5. Insider Attack: Data centre administrator have ability to access and modify collected data.
Extremely sensitive data require extra care and cannot be placed in the hands of third party
centres.
We tested our Attacks on the basis of the requirements of IoT and here is the summary
Attack
Security Violation
Hidden Channel
ATtack
VM Migration
Attacks
Theft-of Service
Attack
VM escape
Attack
Insider Attack
Confidentiality
Integrity
Availability
Non-Repudiation
Edge Domain Devices
Edge Devices or fog devices collects the sensing data that is reported from a set of smart
objects. The fog device performs different operations on the collected data. Edge Devices
share a lot of attacks and issues faced by Cloud domain
The following Privacy or security concerns are applicable to this domain:-
1. Authentication and Trust: The identity of the owner of the fog device is the major concern,
whether is should be trusted or not by the smart device, the smart device .As the location
of smart device is not fixed and different fog devices are assigned to it over time.Selecting
a trustworthy fog device is a hard decision.
2. Migration Security attack : similar to the cloud domain, but the risk is higher here as
migration is over the Internet not the VPN.
3. DoS Attack: Fog devices does not generally have firewalls and has limited resources and
power, thus attacking devices are way easier.
4. Container Threat: A fog device may choose container over a VM so as to serve more
Smart Device,Container share same Operating System among the different devices. THis
raises more security concerns for data leakage and Hijacking.
Attack
Security Violation
Authentication
and Trust
Migration
Security Attack
DoS Attack Container
Threat
Confidentiality
Integrity
Availability
Authentication
8. Devices Domain Attacks
Smart Devices consist of sensors that view the world as some numerical equation. The data
is collected and sent to the fog devices, fog device perform some processing and send
response to actuators which are responsible for performing some action like changing
temperature or simple beep. Smart Device send data directly to fog devices or in a multi-hop
fashion by using other smart devices.
The Following Attacks are possible in Device domain layer:-
1. Jamming Attack : When Malicious user called jammer emits a signal that interferes with
the legitimate signal.The Signal degrades the quality of signal if receiver is attacked or
blocks the signal from transmitting if sender is jammed. The physical layer in the OSI
stack of the device is the target for this attack.
2. Vampire Attack: Certain smart devices like smart watch , fitness bands and other wireless
devices have very limited battery life, Vampire Attacks as the name suggests drain the
battery by making the device misbehave in a way that consumes extra power.
a. Denial of Sleep: smart devices are designed with a capability to switch to sleep
mode when not in use, in this exploit the attacker prevents the smart device to enter
into deep sleep mode.
b. Flooding attack: Adversary floods the smart device(multihop) with packets to be
delivered to the fog device, making it consume extra amount of battery.
c. Carrousel Attack: If SOurce Routing is Supported, the Attacker makes the packet to
route back and forth from the same target leading to power waste.
d. Stretch Attack: If Source Routing is not supported then attacker can still select the
longest possible path covering every node in order to increase the power
consumption of theses devices.
3. Selective-Forwarding Attack: Smart Devices Does not generally have high transmission
rate, thus they rely on the multihop networks for delivery of packets to fog device. A
malicious object is placed in the hop network and this object is expected to forward only a
portion of packet to next hop causing it to resend again and again.
4. Sinkhole Attack: A Malicious object portray as having the shortest path to fog device,
causing other device to use his pathway and then the attacker can look into the packets if
sent unencrypted or can perform selective forwarding attack.
Attack
Security Violation
Jamming Attack Vampire Attack Selective
Forwarding Attack
Sinkhole Attack
Confidentiality
Availability
Freshness
9. Preventive Measures of IoT Attacks
Cloud Domain Measures
The following measures or defense can be used against Hidden-Channel Attacks:-
1. Hard Isolation: The basic idea behind this preventive technique is to maintain high levels
of isolation among the VMs. One way to do this is to complete isolate the cache dedicated
for each VM, without being said this is really hard to achieve because the data in the
cloud is shared and if this is not achieved there will be underutilization of servers in the
cloud. A better way to achieve hard isolation is by letting each cloud client specify a list of
trusted cloud users called the white list. The cloud client is fine with sharing the server
with only the VMs belonging to the whitelist users. New algorithms are needed in that
case to decide what sever each VM should be placed such that only VM belonging to
whitelist share the memory.
2. Cache Flushing: This technique flushes the shared cache every time the allocation of the
cache is switched from a VM to another. The downside of this countermeasure is that the
VMs running on the server will experience frequent performance degradation as the
shared cache will be emptied 8.5 Cloud Domain Attacks and Countermeasures 203 every
time a switch from a VM to another occurs, which increases the time needed to access
and fetch data due to higher cache misses.
3. Noisy Data Access Time: This technique adds random noise to the amount of time
needed to fetch data, which makes it hard to tell whether or not the data was fetched from
the cache or from the memory. This helps us in the way that the attacker won’t be able to
know if the data was fetched from another VM that shares the same server. But adding
noise to the data, it also adds time to fetch the data.
4. Limiting Cache Switching Rate: A relief system to constrain the measure of information
that can be spilled crosswise over VMs can be accomplished by constraining how
regularly the store is changed from a VM to another. The thought here is that if the store
isn't changed from a VM to another too early, at that point the VM that has the store will
adjust the substance of the where different lines of store will be supplanted different
circumstances. This makes it hard for another VM to achieve fine-grained information of
what information the past VM has gotten to while testing the reserve.
The following measures or defense can be used against VM Migration Attacks:-
1. Server Authentication: We need to authenticate the servers while the VM migration is
going on since in this process live data is transferred in some other VM. This is done by
transmitting the memory of one VM server to another. So, if no authentication is done
then the malicious attacker will be able to read all the content on this VM.
10. 2. Encrypting migrated memory pages: When the VM migration is going on, before doing
that we can encrypt the memory pages, which helps in the way that if attacker is seeing
the data in the migration process, it will be no use to him as all the memory pages will be
encrypted. This measure doesn’t affect the performance as much and will be a good
security measure for the migration.
The following measures or defense can be used against Theft-of-Service Attacks:-
1. Fine-grain sampling using high precision clocks: This measure helps in a way that since
the malicious attacker assigns more resources to the hypervisor totally than to share it.
So by using these high precision clocks we can do the sampling of resources to the
hypervisor by giving it a limited time for the resource allocation.
11. 2. Random sampling: This is another good technique to randomly allocate the resources to
the hypervisor so that no more resources can be added to it by anyone and everything
will be distributed evenly in the VM. It will help us if the attacker wants to give more
resources, he will not be able to do so.
The following measure can be used against VM escape Attacks:-
Add an isolation domain between the hypervisor and hardware: An example of such
techniques is CloudVisor which basically adds an extra isolation layer between the
hardware and the hypervisor through nested virtualization that prevents the malicious VM
from obtaining the root privileges even if it bypasses the hypervisor layer. Other
architecture solutions were also proposed to avoid VM Escape attacks.
The following measures or defense can be used against Insider Attacks:-
1. Homomorphic Encryption: It is a type of encryption that allows computations on
ciphertext, hence generating an encrypted result. So when it is decrypted, it matched the
result of operation as if they were performed on the plaintext. Applying this, in the IoT
allows cloud servers to perform the necessary processing operations on the encrypted
data that is collected from the smart devices without giving the cloud servers the ability to
interpret neither the input data nor the result as they are both encrypted using a secret
key that is not shared with the cloud. Only the smart objects and the user running the IoT
application can interpret these data as they have the key needed for decryption.
2. Secret storage through data chopping and permutation based on a secret key: Another
form of protection against insider attacks is to chop the data collected by the smart object
into multiple chunks and then to use a secret key to perform certain permutations on
those chunks before sending the data to the cloud servers. This allows storing the data on
the cloud servers in an uninterpretable form for the cloud administrators. Only authorized
entities that have the secret key can return the stored data to an interpretable form by
performing the correct permutations.
12. Edge Domain Measures
Edge devices uses the same VM or container concept of Cloud domain thus the same
measures can be used for Edge devices along with an Obfuscator device that prevents
Information leakage by by emitting signals that make it hard for an unauthorized receiver to
infer the amplitude, the frequency, and the time shift of the originally signals. The obfuscator
does not only prevent such leakages but also acts as a relay that rebroadcasts some of the
sent messages which increases the transmission rate between the sensing objects and the
fog domain.
Device Domain Measures
The following measures or defense can be used against Jamming Attack:-
1. Frequency Hopping: This is a technique when the sender and receiver switch from a
frequency to another in order to escape from any possible jamming signal. This switching
is based on a random sequence. If the attacker comes to know about this, he will try to
switch the frequency and collide with same frequency. But since it’s a 2 person game, the
chances of him colliding in the same frequency is very less.
2. Spread Spectrum: This technique uses a hopping sequence that converts the narrow
band signal into a signal with a very wide band, which makes it harder for malicious users
to detect or jam the resulting signal. This technique is also very efficient when the
transmitted data is protected by an error correction technique as it allows the
reconstruction of the original signal even if few bits of the transmitted data was jammed
by the attacker.
3. Directional Antennas: The use of directional antennas can mitigate jamming attacks from
being successful as the sender and receiver antennas will have less sensitivity to the
noise coming from the random directions that are different from the direction that
connects the sender and the receiver.
4. Jamming Detection: Different detective techniques were proposed in the literature to
detect jamming attacks. The receiver can detect that it is a victim of a jamming attack by
collecting features such as the received signal strength (RSS) and the ratio of corrupted
received packets. Advanced machine learning technique can then be used to differentiate
jamming attacks from the degradation caused by the poor quality of the channel due to
normal changes in the wireless link.
The following measures or defense can be used against Vampire Attack:-
1. Rate limitation: This technique is widely used in the datacenters on the hypervisor layer.
This is done to dedicate more resources to the rate limiters in the sense to enhance
performance and control the rate of traffic.
2. Monitor whether or not the forwarded packets are making progress towards their
destination: By this way, we can check if the packets being sent are received by the
receiver or not. If they are no making any progress then some on stealing packets in
between and data is being sent to the attacker.
The following measures or defense can be used against Selective Forwarding Attack:-
13. 1. Path Redundancy: The longer the path, more are the chances that there is a man in
middle to read all the data travelling in that path. Path redundancy helps in successful
packets sent to the receiver since, the distance is shot making it less vulnerable to any
attack.
2. Choose certain intermediate objects as checkpoints to acknowledge received packets:
This technique will ensure that the packets sent are received at every node. If there is a
reduction in received packets then keeping intermediate objects as checkpoints, we can
check where is the attacker and can fix that part.
The following measure can be used against Sinkhole Attack:-
Analyze the collected routing information from multiple objects: Another technique to
know about the packets received are equal to the packets sent from different objects in
the network.
Conclusion
Consumer should now indulge in simple practice to update passwords, softwares of these
current generation smart devices and manually check if its correct manufacturer version or
not.The user must also follow proper guidelines described by manufacturer for creating a
secure environment.
We have created a checklist practice for developer to follow based on Countermeasures to
be followed for up for upcoming products. The current Generation of IoT devices made the
manufacturers lot to learn from the security perspective, so for the next wave of devices the
following is a mandatory checklist:-
1. Authentication: Routers when first launched came with a default open link and
“admin“ password but now they are more secure by a complex set of initial password
because over the period of time the manufactures learned and implemented the
same should be followed for now smart devices.
2. Debug: Manufactures have bad habit of leaving debug access enabled on certain
devices with some hardcoded password and non standard port but attacks are one
step ahead it will eventually be discovered and exploited when physical access to
device is granted. So no debug mode.
3. Encryption: The world would be so simple if humans start trusting each other and we
stop investing in the cyber crime world probably in some parallel universe. Sending
unencrypted packets to other smart device/fog device or cloud device was a bad
idea. All communications between an IoT device and the cloud need to be
encrypted. Use SSL/TLS where appropriate.
4. Privacy: Ethical consideration is added whenever the term privacy is used. The data
stored in cloud server and used for analytics must be encrypted with the least amount
of personal data possible or better use links rather than real information.
5. Web Interface: Any web or app interface to communicate with the smart device must
be protected from other cyber security web attacks.
14. 6. Firmware updates: Frequent security patches are a must for current and future
generation devices. Bugs in code can be exploited and may cause security concerns.
Therefore all IoT devices should support Over-The-Air (OTA) updates along with
Signature verification.
The following covers enough for the next generation devices. The next gen devices will open
up new but hard to crack portals for attackers leading to more extended research on the
security of IoTs.
References
1. Ammar Rayes, Salam Samer (auth.), “Internet of Things From Hype to Reality: The Road
to Digitization [1 ed.]”
2. https://www.ibm.com/developerworks/library/iot-lp201-iot-architectures/
3. https://www.w3.org/Talks/2016/0614-iot-security.pdf
4. https://www.androidauthority.com/iot-security-gary-explains-727977/
5. https://medium.com/@Willitchang/bankex-iot-and-financial-revolution-660cc2e0584a
6. https://www.quora.com/Is-there-any-good-tutorial-resource-to-understand-Homomor
hic-Enc
7. ryption-from-scratch-OR-any-flow-of-background-study-to-understand-it
8. https://wso2.com/library/articles/2017/09/securing-communication-between-devices-and-t
he-iot-platform/
9. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/perform
ance/encrypted-vmotion-vsphere65-perf.pdf
10. https://en.wikipedia.org/wiki/Rate_limiting
11. https://en.wikipedia.org/wiki/Homomorphic_encryption