bolt-on network layer security for iot · 2020-07-07 · idea2: combine fsm inference (rpni) with...
TRANSCRIPT
Bolt-on network layer security for IoT
Vyas Sekar
1
Context for work: Assume IoT unfixable
Multi-stage CyberPhysical Privacy leaks
What can we do?• Measure
• Learn
• Adapt
3
Current and ongoing work• Measure– C3P0: Understanding vulnerabilities in connected 3D
printer deployments– CANVAS: A nmap for your car
• Learn – RADIO: Modeling “normal” behaviors – Tackling “blackboxes” in the real world with ML
• Adapt– A lightweight, trusted gateway for IoT– LEAF: Crowdsourcing
4
C3P0: Connected 3D Printer Observer
5
Intranet
02468
No Data
Protect
ion
Denial
of Serv
ice
Unused
Service
s
Known A
ttacks
Inputs
Crash
App
On Inte
rnet
Sam
pled
3D
Prin
ters
Vu
lner
able
Security Issue
0
2
4
6
No AssumedVulnerabilities
Phishing E-mailAttack on PC
Hacked IIoT AllNorm
alize
d At
tack
Pat
hs
(per
Prin
ter,
per
Devic
e)
Vulnerability Scenarios
Deployment A (local) Deployment A (remote)Deployment B (local) Deployment B (remote)Deployment C (local) Deployment C (remote)
Individual 3D Printers
3D Printers Deployments
CANvas: An nmap for your car
6
1. Identify ECUs2. Identify message
sender3. Identify message
receiver(s)
Source mapping
Destination mapping
Timestamped traffic log
Physical bus Source map
Destination map
Found an unexpectedECU in a 2009 Prius
ECU installed during apast vehicle modification
Current and ongoing work• Measure– C3P0: Understanding vulnerabilities in connected 3D
printer deployments– CANVAS: A nmap for your car
• Learn – RADIO: Modeling “normal” behaviors – Tackling “blackboxes” in the real world with ML
• Adapt– A lightweight, trusted gateway for IoT– LEAF: Crowdsourcing
7
RADIO: Modeling “normal” behaviors
8
“normal” behaviorse.g., login, video recording …
LearningCamera’s
network traces
Challenge 1: No abstraction for modeling IoT behaviors- Protocol spec too coarse-grained
Challenge 2: Historical traces can be polluted
Idea1: A precise FSM-based abstraction to capture key IoT-behavior characteristics
Idea2: combine FSM inference (RPNI) with outlier detection (RANSAC) to address pollution
9
• Example 1: generating protocol-compliant packets• Use cases:
• Approach:
Tackling “blackboxes” in the real world with ML
Black-box System
crashFuzzing
Analysts
Black-box System PacketsFormat?Protocol Reverse
EngineeringAnalysts
Packets GAN MorePackets
10
• Example 2: identifying attack inputs• Use cases:
• Approach:
Tackling “blackboxes” in the real world with ML
��������� ��� ���
�����
�������#�$� ��
�� ����� ����� �
�� ����� ������ � "� ������ �������� �!�
����� � "� ����� �!������ �!�
������
Automated Model Inference
11
Config
Key Results: 1) Reduces FP and FN of network verification 2) Enables finding potential attacks against firewalls
Finite State MachineModel = NF(config)
Automatically infer a behavior model of network functionsfrom black-box observations
StatefulNF
Alembic: Active Learning-based Inference
Current and ongoing work• Measure– C3P0: Understanding vulnerabilities in connected 3D
printer deployments– CANVAS: A nmap for your car
• Learn – RADIO: Modeling “normal” behaviors – Tackling “blackboxes” in the real world with ML
• Adapt– LEAF: Crowdsourcing – A lightweight, trusted gateway for IoT
12
Lightweight, Trusted Gateway
13
Home RouterIoT
Non-IoT
• Low-cost• Scalable• Trusted
0
500
1000
1500
2000
0 10 20 30 40 50Mem
ory
Utili
zed
(MB)
Number of Simultaneous IDSes
Baseline IDS Optimized IDS
0
0.5
1
1.5
2
2.5
No SecurityFunction
Static Packet Tag CryptographicPacket Tag
Med
ian
Late
ncy
(mse
c)
Configuration
Runtime Latency ImpactWired Wireless
LEAF: Crowdsourcing
14
IoT Security Gateway
IoT Security Gateway
IoT Security Gateway
Our goal: learning context-based policies for smart homes
Strawman 1: using single-home data
Strawman 2: using all-home dataData sparsity
Diversity/Privacy
Our idea: applying federated multi-task learning
Federated: transfer model para than raw data
Provide privacy
Multi-task: customized model learned from all data
Address data sparsity/diversity
Conclusions• Grand Challenge: IoT devices with unfixable flaws
• Pragmatic “bolt-on” network security – Measure– Learn – Adapt
• Early successes across domains and use cases
• Many open directions!
15