bolt-on network layer security for iot · 2020-07-07 · idea2: combine fsm inference (rpni) with...

Bolt-on network layer security for IoT

Vyas Sekar

1

Context for work: Assume IoT unfixable

Multi-stage CyberPhysical Privacy leaks

What can we do?• Measure

• Learn

• Adapt

3

Current and ongoing work• Measure– C3P0: Understanding vulnerabilities in connected 3D

printer deployments– CANVAS: A nmap for your car

• Learn – RADIO: Modeling “normal” behaviors – Tackling “blackboxes” in the real world with ML

• Adapt– A lightweight, trusted gateway for IoT– LEAF: Crowdsourcing

4

C3P0: Connected 3D Printer Observer

5

Intranet

02468

No Data

Protect

ion

Denial

of Serv

ice

Unused

Service

s

Known A

ttacks

Inputs

Crash

App

On Inte

rnet

Sam

pled

3D

Prin

ters

Vu

lner

able

Security Issue

0

2

4

6

No AssumedVulnerabilities

Phishing E-mailAttack on PC

Hacked IIoT AllNorm

alize

d At

tack

Pat

hs

(per

Prin

ter,

per

Devic

e)

Vulnerability Scenarios

Deployment A (local) Deployment A (remote)Deployment B (local) Deployment B (remote)Deployment C (local) Deployment C (remote)

Individual 3D Printers

3D Printers Deployments

CANvas: An nmap for your car

6

1. Identify ECUs2. Identify message

sender3. Identify message

receiver(s)

Source mapping

Destination mapping

Timestamped traffic log

Physical bus Source map

Destination map

Found an unexpectedECU in a 2009 Prius

ECU installed during apast vehicle modification




• Adapt– A lightweight, trusted gateway for IoT– LEAF: Crowdsourcing

7

RADIO: Modeling “normal” behaviors

8

“normal” behaviorse.g., login, video recording …

LearningCamera’s

network traces

Challenge 1: No abstraction for modeling IoT behaviors- Protocol spec too coarse-grained

Challenge 2: Historical traces can be polluted

Idea1: A precise FSM-based abstraction to capture key IoT-behavior characteristics

Idea2: combine FSM inference (RPNI) with outlier detection (RANSAC) to address pollution

9

• Example 1: generating protocol-compliant packets• Use cases:

• Approach:

Tackling “blackboxes” in the real world with ML

Black-box System

crashFuzzing

Analysts

Black-box System PacketsFormat?Protocol Reverse

EngineeringAnalysts

Packets GAN MorePackets

10

• Example 2: identifying attack inputs• Use cases:

• Approach:

Tackling “blackboxes” in the real world with ML

��

��

��#�$� ��

��

�� "� �� !�

�� "� �� !�� !�

��

Automated Model Inference

11

Config

Key Results: 1) Reduces FP and FN of network verification 2) Enables finding potential attacks against firewalls

Finite State MachineModel = NF(config)

Automatically infer a behavior model of network functionsfrom black-box observations

StatefulNF

Alembic: Active Learning-based Inference




• Adapt– LEAF: Crowdsourcing – A lightweight, trusted gateway for IoT

12

Lightweight, Trusted Gateway

13

Home RouterIoT

Non-IoT

• Low-cost• Scalable• Trusted

0

500

1000

1500

2000

0 10 20 30 40 50Mem

ory

Utili

zed

(MB)

Number of Simultaneous IDSes

Baseline IDS Optimized IDS

0

0.5

1

1.5

2

2.5

No SecurityFunction

Static Packet Tag CryptographicPacket Tag

Med

ian

Late

ncy

(mse

c)

Configuration

Runtime Latency ImpactWired Wireless

LEAF: Crowdsourcing

14

IoT Security Gateway



Our goal: learning context-based policies for smart homes

Strawman 1: using single-home data

Strawman 2: using all-home dataData sparsity

Diversity/Privacy

Our idea: applying federated multi-task learning

Federated: transfer model para than raw data

Provide privacy

Multi-task: customized model learned from all data

Address data sparsity/diversity

Conclusions• Grand Challenge: IoT devices with unfixable flaws

• Pragmatic “bolt-on” network security – Measure– Learn – Adapt

• Early successes across domains and use cases

• Many open directions!

15

bolt-on network layer security for iot · 2020-07-07 · idea2: combine fsm inference (rpni) with...

Documents