Abstract:
The advent of Internet of Things (IoT) has revolutionized networks by
transforming legacy dumb devices into smart connected 'things'; observing,
interacting and impacting the environment with minimal human intervention.
These features, while promising a variety of innovative solutions and
business bene ts, are vulnerable to a host of new threat vectors and security
risks. A typical IoT network comprises of thousands of IoT devices using heterogeneous
protocols, having varying resources, complex interdependencies
and diverse networking and security requirements. The con guration data of
IoT networks is mostly unstructured, lacking machine interpretable semantics
and thus traditional management techniques cannot tackle the IoT-speci c
con guration challenges of scalability, inter-operability and robust security.
In order to address these challenges, a formal framework is presented to model
IoT con guration data and then employ that model to automatically arrest
con guration anomalies and gauge the impact of IoT-speci c attack vectors
and accidental malfunctions. The approach reuses existing Web Ontology
Language (OWL) based ontologies, by extending them with IoT and security
speci c concepts and populating them with IoT instances. Con guration
analytics are performed automatically by describing the context of complex
IoT interactions and dependencies and security requirements through rulessupported
reasoning. An IOT speci c attack taxonomy has been designed
based on thorough study of IOT speci c vulnerabilities, exploitation entry
points and realtime attack case studies. The practicality of the approach
is veri ed through implementation, evaluation and simulation over realistic
IoT topologies. Our automated approach has proven to be scalable, easily
manageable, formally veri able, visibly applicable through simulations and
free from errors induced by tedious manual con gurations.
