Semantics based Security Analytics for Internet of Things

Abstract

The advent of Internet of Things (IoT) has revolutionized networks by transforming legacy dumb devices into smart connected 'things'; observing, interacting and impacting the environment with minimal human intervention. These features, while promising a variety of innovative solutions and business bene ts, are vulnerable to a host of new threat vectors and security risks. A typical IoT network comprises of thousands of IoT devices using heterogeneous protocols, having varying resources, complex interdependencies and diverse networking and security requirements. The con guration data of IoT networks is mostly unstructured, lacking machine interpretable semantics and thus traditional management techniques cannot tackle the IoT-speci c con guration challenges of scalability, inter-operability and robust security. In order to address these challenges, a formal framework is presented to model IoT con guration data and then employ that model to automatically arrest con guration anomalies and gauge the impact of IoT-speci c attack vectors and accidental malfunctions. The approach reuses existing Web Ontology Language (OWL) based ontologies, by extending them with IoT and security speci c concepts and populating them with IoT instances. Con guration analytics are performed automatically by describing the context of complex IoT interactions and dependencies and security requirements through rulessupported reasoning. An IOT speci c attack taxonomy has been designed based on thorough study of IOT speci c vulnerabilities, exploitation entry points and realtime attack case studies. The practicality of the approach is veri ed through implementation, evaluation and simulation over realistic IoT topologies. Our automated approach has proven to be scalable, easily manageable, formally veri able, visibly applicable through simulations and free from errors induced by tedious manual con gurations.