Nowadays, the Internet of Things (IoT) is a consolidated paradigm increasingly present in our lives, from simple devices to more complex systems, such as health sensor or vehicular networks. Today, there are 20 billions on IoT devices connected in the world and the number will exponentially increase in the next years cite{hung2017leading}. From a practical point of view, the Internet of Things incorporates processing skills (also called "intelligence") and connection in the most varied devices. This involves the possibility of collecting data through these objects and analyzing them, greater automation and remote control, an analysis on how to improve the use and prevent malfunctions of the objects themselves, thus increasing the quality of their use over time. Among the many definitions on IoT, ENISA cite{enisa2017baseline} considers the IoT a "cyber-physical ecosystem of interconnected sensors and actuators, which allow intelligent decision-making". In summary, we could say, to extrapolate the concept, that we are dealing with objects (things) connected through a planetary communication network (Internet), capable of detecting, processing and transmitting information. In practice, the "thing" is in fact a computer, more or less powerful in relation to the functions for which it was designed: to detect the consumption of electricity, to allow the increasingly pushed automation governed by the control units of our cars, to automate our homes with home automation solutions, to digitize industrial plants or medical systems, to name just a few classes of IoT systems. The spread of the IoT and the birth of new application areas will draw significant advantages from the developments expected in the coming years on some enabling technologies, including the implementation of 5G/6G networks, which will lead to a significant increase in transmission speed and a contextual reduction of latency times in the use of devices, and the application of Artificial Intelligence (AI) and Machine Learning (ML) technologies, to exploit the amount of data generated by IoT devices for decision-making purposes, increasing the level of "intelligence” in the services enabled by the IoT devices themselves, benefiting in particular the applications in real time. The IoT can also consist of solutions identified as "embedded systems" in which sensors and actuators are incorporated into a single system that integrates network functions with the ability to collect and process information, which can operate standalone or interconnected with computers which act as information gathering centers: in this sense, IoT devices can be used by end users (consumers) and businesses (IoT devices can also be used in industrial plants, to create the so-called industry 4.0), with all the advantages that automation allows, but also with significant potential security and compliance problems. Just think of the need to ensure the operational continuity of medical devices and critical industrial plants and the privacy implications for devices that process personal health data or that collect information designed to profile the purchase of goods and services. Data and information are at the heart of the IoT, feeding a continuous cycle of detection (environmental data and device status), a decision-making process and the resulting actions. Moreover, communications security is a critical and important aspect, since the processed data/information are considered sensitive due to the possible application of IoT (e.g. medical, critical infrastructures, etc.). Security and the evolution of ICT technologies take on a decisive importance in the IoT world. The IoT device must ensure compliance with the basic CIA principles of security (confidentiality, availability and integrity). Vulnerabilities of an IoT system emerge from its components, including but not limited to sensor networks, wireless networks and the Internet. These vulnerabilities can result in a variety of cyber-security threats, from attacks on a physical device to communication protocols and services that access IoT device data. Since IoT devices are the basic building block of an IoT system, along with various device-level vulnerabilities, they have made such devices and protocols an attractive target for adversaries. With regard to security, it is important to emphasize that one of the so-called "deadly sins of the IoT" is to use the corporate network to collect information generated by unsafe IoT devices: malicious people are always around and can exploit IoT vulnerabilities to bring attacks on computer systems and networks. Based on these considerations, cyber-security aspects about IoT networks, devices and communication protocols are an interesting research topic to investigate to ensure security about this technology. In order to improve security about Internet of Things networks, devices and communication protocols, I decided to investigate these cyber-security aspects during my Ph.D. research activities. The main goals of this work is to identify possible vulnerabilities on IoT devices and networks, to develop innovative cyber-threats to able to exploit these vulnerabilities or by using IoT devices as attack vector and, finally, to implement innovative protection and mitigation systems from the innovative cyber-threats. I applied this approach to three communication protocols: ZigBee, Wi-Fi (in particular to a commercial constrain module called ESP8266) and Message Queue Telemetry Transport(MQTT). Regarding the ZigBee communication protocol, I performed security tests against well-known cyber-attacks (such as jamming, brute force, sniffing, flooding denial of service and replay attack) where the results obtained show how vulnerable the protocol is to these attacks. By focusing on Wi-Fi and on the ESP8266 module, I identified a vulnerability against replay attacks where I proposed a protection schema based on a shared key mechanism. Moreover, I adopted the ESP8266 module to perform two cyber-attacks: a slow denial of service attack against an Apache2 server and a captive portal attack used to steal sensitive information. Both the attacks are success. Finally. I studied the MQTT protocol where I identified a vulnerability on the KeepAlive parameter inside the protocol. By exploiting this vulnerability, I implemented two innovative slow denial of service attack able to saturate the connections available on the central node (called broker) to avoid legitimate connections. On this topic, I also developed an innovative dataset based on MQTT communication that simulates smart-space indoor environment. With the dataset, I implemented a machine learning detection system in order to identify possible cyber-attacks against an MQTT network. Finally on MQTT, I exploited the communication protocol to implement a tunneling system to steal sensitive information in a private network with a related machine learning detection system performed with hyperparameters optimization to improve accuracy and statistics metrics.
Security aspects about Internet of Things networks, devices and communication protocols
VACCARI, IVAN
2021-05-24
Abstract
Nowadays, the Internet of Things (IoT) is a consolidated paradigm increasingly present in our lives, from simple devices to more complex systems, such as health sensor or vehicular networks. Today, there are 20 billions on IoT devices connected in the world and the number will exponentially increase in the next years cite{hung2017leading}. From a practical point of view, the Internet of Things incorporates processing skills (also called "intelligence") and connection in the most varied devices. This involves the possibility of collecting data through these objects and analyzing them, greater automation and remote control, an analysis on how to improve the use and prevent malfunctions of the objects themselves, thus increasing the quality of their use over time. Among the many definitions on IoT, ENISA cite{enisa2017baseline} considers the IoT a "cyber-physical ecosystem of interconnected sensors and actuators, which allow intelligent decision-making". In summary, we could say, to extrapolate the concept, that we are dealing with objects (things) connected through a planetary communication network (Internet), capable of detecting, processing and transmitting information. In practice, the "thing" is in fact a computer, more or less powerful in relation to the functions for which it was designed: to detect the consumption of electricity, to allow the increasingly pushed automation governed by the control units of our cars, to automate our homes with home automation solutions, to digitize industrial plants or medical systems, to name just a few classes of IoT systems. The spread of the IoT and the birth of new application areas will draw significant advantages from the developments expected in the coming years on some enabling technologies, including the implementation of 5G/6G networks, which will lead to a significant increase in transmission speed and a contextual reduction of latency times in the use of devices, and the application of Artificial Intelligence (AI) and Machine Learning (ML) technologies, to exploit the amount of data generated by IoT devices for decision-making purposes, increasing the level of "intelligence” in the services enabled by the IoT devices themselves, benefiting in particular the applications in real time. The IoT can also consist of solutions identified as "embedded systems" in which sensors and actuators are incorporated into a single system that integrates network functions with the ability to collect and process information, which can operate standalone or interconnected with computers which act as information gathering centers: in this sense, IoT devices can be used by end users (consumers) and businesses (IoT devices can also be used in industrial plants, to create the so-called industry 4.0), with all the advantages that automation allows, but also with significant potential security and compliance problems. Just think of the need to ensure the operational continuity of medical devices and critical industrial plants and the privacy implications for devices that process personal health data or that collect information designed to profile the purchase of goods and services. Data and information are at the heart of the IoT, feeding a continuous cycle of detection (environmental data and device status), a decision-making process and the resulting actions. Moreover, communications security is a critical and important aspect, since the processed data/information are considered sensitive due to the possible application of IoT (e.g. medical, critical infrastructures, etc.). Security and the evolution of ICT technologies take on a decisive importance in the IoT world. The IoT device must ensure compliance with the basic CIA principles of security (confidentiality, availability and integrity). Vulnerabilities of an IoT system emerge from its components, including but not limited to sensor networks, wireless networks and the Internet. These vulnerabilities can result in a variety of cyber-security threats, from attacks on a physical device to communication protocols and services that access IoT device data. Since IoT devices are the basic building block of an IoT system, along with various device-level vulnerabilities, they have made such devices and protocols an attractive target for adversaries. With regard to security, it is important to emphasize that one of the so-called "deadly sins of the IoT" is to use the corporate network to collect information generated by unsafe IoT devices: malicious people are always around and can exploit IoT vulnerabilities to bring attacks on computer systems and networks. Based on these considerations, cyber-security aspects about IoT networks, devices and communication protocols are an interesting research topic to investigate to ensure security about this technology. In order to improve security about Internet of Things networks, devices and communication protocols, I decided to investigate these cyber-security aspects during my Ph.D. research activities. The main goals of this work is to identify possible vulnerabilities on IoT devices and networks, to develop innovative cyber-threats to able to exploit these vulnerabilities or by using IoT devices as attack vector and, finally, to implement innovative protection and mitigation systems from the innovative cyber-threats. I applied this approach to three communication protocols: ZigBee, Wi-Fi (in particular to a commercial constrain module called ESP8266) and Message Queue Telemetry Transport(MQTT). Regarding the ZigBee communication protocol, I performed security tests against well-known cyber-attacks (such as jamming, brute force, sniffing, flooding denial of service and replay attack) where the results obtained show how vulnerable the protocol is to these attacks. By focusing on Wi-Fi and on the ESP8266 module, I identified a vulnerability against replay attacks where I proposed a protection schema based on a shared key mechanism. Moreover, I adopted the ESP8266 module to perform two cyber-attacks: a slow denial of service attack against an Apache2 server and a captive portal attack used to steal sensitive information. Both the attacks are success. Finally. I studied the MQTT protocol where I identified a vulnerability on the KeepAlive parameter inside the protocol. By exploiting this vulnerability, I implemented two innovative slow denial of service attack able to saturate the connections available on the central node (called broker) to avoid legitimate connections. On this topic, I also developed an innovative dataset based on MQTT communication that simulates smart-space indoor environment. With the dataset, I implemented a machine learning detection system in order to identify possible cyber-attacks against an MQTT network. Finally on MQTT, I exploited the communication protocol to implement a tunneling system to steal sensitive information in a private network with a related machine learning detection system performed with hyperparameters optimization to improve accuracy and statistics metrics.
| File | Dimensione | Formato | |
|---|---|---|---|
|
phdunige_3544026.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Dimensione
16.8 MB
Formato
Adobe PDF
|
16.8 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
