Mitigating IoT security threats with a trusted Network element

Kuusijärvi, Jarkko; Savola, Reijo; Savolainen, Pekka; Evesti, Antti

doi:10.1109/icitst.2016.7856708

Cited by 26 publications

(9 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, all the solutions analysed in Table 27 require an additional node/server/gateway that perform verification operations. Kuusijärvi et al [35] and our solution have a small benefit over the others: The gateway is not a dedicated node, unlike the MUD controller used by MUD-based solutions, for example. This reduces costs and network complexity to a certain extent.…”

Section: Related Workmentioning

confidence: 99%

“…Kuusijärvi et al [35] proposed to strengthen IoT security through a network edge device (NED), a secure device that stores the user-defined policies and enforces them on resource-constraint IoT devices. However, this kind of approach fails to identify specific requirements of the devices (i.e., they do not envision anything like a contract), offloading to the end-user the cumbersome task of defining fine-grained policies.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices

Giaretta

Dragoni

Massacci

2021

ACM Trans. Sen. Netw.

View full text Add to dashboard Cite

The Internet of Things (IoT) revolutionised the way devices, and human beings, cooperate and interact. The interconnectivity and mobility brought by IoT devices led to extremely variable networks, as well as unpredictable information flows. In turn, security proved to be a serious issue for the IoT, far more serious than it has been in the past for other technologies. We claim that IoT devices need detailed descriptions of their behaviour to achieve secure default configurations, sufficient security configurability, and self-configurability. In this article, we propose S×C4IoT, a framework that addresses these issues by combining two paradigms: Security by Contract (S×C) and Fog computing. First, we summarise the necessary background such as the basic S×C definitions. Then, we describe how devices interact within S×C4IoT and how our framework manages the dynamic evolution that naturally result from IoT devices life-cycles. Furthermore, we show that S×C4IoT can allow legacy S×C-noncompliant devices to participate with an S×C network, we illustrate two different integration approaches, and we show how they fit into S×C4IoT. Last, we implement the framework as a proof-of-concept. We show the feasibility of S×C4IoT and we run different experiments to evaluate its impact in terms of communication and storage space overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices

Giaretta

Dragoni

Massacci

2021

ACM Trans. Sen. Netw.

View full text Add to dashboard Cite

show abstract

“…When viewing DERs from the IoT perspective, most of the security implications and attack mitigation strategies applicable for IoT end-devices could be exercised. In [131], the authors suggest the use of a personal security application (PSA) as a countermeasure for IoT-related attacks. PSA resembles a combination of security features, such as access control mechanisms, malware detection, network traffic, and resource utilization monitoring, etc., to strengthen the security posture of IoT devices and networks.…”

Section: B Der Device Levelmentioning

confidence: 99%

“…Attacks Reference Network connection auditing using authentication, authorization, and accounting servers, role-based access control, authentication-based MAC address white-listing, unused port hardening MAC Spoofing, MAC Flooding, DoS, MitM, SYN flooding [34], [38] IP header (Sequence number) inclusion in TCP, cryptographically enhanced address resolution protocols (ARP), secure key distribution and exchange schemes Packet Replay, DoS, MitM, SYN flooding [43], [38] Firewalls, intrusion detection/prevention systems (ID/IPS), traceback and push-back services, cryptographic hashing and stack tweaking Mac Flooding, DoS, MitM, SYN flooding [43], [44], [34] Password management systems, access restriction after multiple failed log-in attempts, hardened operating system kernels, roll-back firmware updates Brute force attacks, DoS, Packet Replay, Eavesdropping [125] Personal security and privacy practises (e.g., security updates, password managers, encryption, ephemeral keys, etc.) Packet Replay, Eavesdropping [131] standardization and policy-making procedures can strengthen the cybersecurity posture of DERs and prevent vulnerabilities from materializing into treats and attacks. However, if the discussed practices fail to prevent or detect DER attacks, risk metrics, detailed system modeling, and mitigation plans can orchestrate available resources to inhibit or overcome undesirable grid conditions, thus enhancing EPS resilience.…”

Section: Mitigationsmentioning

confidence: 99%

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

Zografopoulos¹,

Konstantinou²,

Hatziargyriou³

2022

Preprint

View full text Add to dashboard Cite

The digitalization and decentralization of the electric power grid are key thrusts towards an economically and environmentally sustainable future. Towards this goal, distributed energy resources (DER), including rooftop solar panels, battery storage, electric vehicles, etc., are becoming ubiquitous in power systems, effectively replacing fossil-fuel based generation. Power utilities benefit from DERs as they minimize transmission costs, provide voltage support through ancillary services, and reduce operational risks via their autonomous operation. Similarly, DERs grant users and aggregators control over the power they produce and consume. Apart from their sustainability and operational objectives, the cybersecurity of DER-supported power systems is of cardinal importance. DERs are interconnected, interoperable, and support remotely controllable features, thus, their cybersecurity should be thoroughly considered. DER communication dependencies and the diversity of DER architectures (e.g., hardware/software components of embedded devices, inverters, controllable loads, etc.) widen the threat surface and aggravate the cybersecurity posture of power systems. In this work, we focus on security oversights that reside in the cyber and physical layers of DERs and can jeopardize grid operations. We analyze adversarial capabilities and objectives when manipulating DER assets, and then present how protocol and device -level vulnerabilities can materialize into cyberattacks impacting power system operations. Finally, we provide mitigation strategies to thwart adversaries and directions for future DER cybersecurity.

show abstract

“…Kuusijärvi et al [15] proposed to strengthen IoT security through a network edge device (NED), a secure device which stores the user-defined policies and enforces them on resource-constraint IoT devices. However, this kind of approach fails to identify specific requirements of the devices (i.e., they do not envision anything like a contract), offloading on the end-user the cumbersome task of defining fine-grained policies.…”

Section: Related Workmentioning

confidence: 99%

IoT Security Configurability with Security-by-Contract

Giaretta

Dragoni

Massacci

2019

Sensors

View full text Add to dashboard Cite

Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

show abstract

Mitigating IoT security threats with a trusted Network element

Cited by 26 publications

References 5 publications

S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices

S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

IoT Security Configurability with Security-by-Contract

Contact Info

Product

Resources

About