Graphical security modelling and assessment for the internet of things.
Thesis DisciplineComputer Science
Degree GrantorUniversity of Canterbury
Degree NameDoctor of Philosophy
The Internet of Things (IoT) is enabling innovative applications in various domains and offering convenience in different aspects of people’s life. Characterised by the constrained resources, heterogeneous techniques and wide-scale structure, the IoT introduces a variety of known and unknown vulnerabilities that can be exploited by the attackers to break into the systems to conduct malicious activities (e.g., steal sensitive data, compromise the IoT devices). Therefore, protecting the IoT to defend against the potential attacks is of critical importance. The motivation of the thesis lies within the field of the security modelling and assessment for the IoT to mitigate the impact of potential attacks. Current research on the IoT security modelling is very limited due to the pioneering features of the IoT. Besides, there is no previous work on constructing a formal graphical security model (e.g., Attack Graphs (AGs) , Attack Trees (ATs) ) for the IoT. Additionally, traditional defence mechanisms may not work well in securing the IoT due to the existence of the forever-day vulnerabilities (i.e., non-patchable vulnerabilities) in the IoT devices. Lastly, there lacks an approach that can combine different defence mechanisms in an optimal way to increase the security of the IoT at a reasonable cost. In order to address the above security issues, we have three goals in the thesis, which are: (i) to develop the security assessment framework for the IoT that can model and assess the security of the IoT; (ii) to develop the proactive defence mechanisms to address the security issues arising from the non-patchable vulnerabilities in the IoT devices; and (iii) to develop an approach to optimise the combinations of different defence mechanisms to improve the security of the IoT under the budget constraint.
To achieve goal (i), we propose a framework for security modelling and assessment of the IoT, named the security assessment framework for the IoT. The driving idea behind the framework is to mitigate the impact of potential attacks in the IoT and increase the IoT security level via the graphical security model along with the evaluation metrics. Generally, the framework consists of five phases: 1) data processing, 2) security model generation, 3) security visualization, 4) security analysis, and 5) model updates. By using the framework, we can identify potential attack paths in the IoT, analyse the security of the IoT using the well-defined security metrics, and assess the effectiveness of different defence mechanisms. Three different IoT deployment scenarios are used to evaluate the framework, which are the smart home, wearable healthcare monitoring and environment monitoring. The analysis results show the capabilities of the proposed framework for capturing potential attack paths in both small-scale and large-scale IoT networks and assessing the effectiveness of the device-centric and network-level defence mechanisms on mitigating the impact of attacks.
To achieve goal (ii), we propose to change the attack surface of the IoT to increase the attack effort with the existence of the non-patchable vulnerabilities in the IoT devices. With the support of software-defined networking (SDN), we develop two proactive defence mechanisms that reconfigure the network topology of the IoT. We implement the reconfiguration algorithms and integrate them with the security assessment framework. We analyse how the security and performance change when the proposed mechanisms are deployed through simulations. The results show our proactive defence mechanisms in the SD-IoT effectively increase the attack effort, while maintaining the performance in terms of the average shortest path length.
with three evaluation metrics to evaluate the effectiveness and efficiency of the proposed defence mechanisms. We apply the multi-objective genetic algorithm to compute the Pareto optimal deployments of the defence mechanisms to maximise the security and minimise the deployment cost. We present a case study to show the feasibility of the proposed approach and to provide the defenders with various ways to choose the optimal deployments of the defence mechanisms for the IoT. We also compare the runtime and accuracy of the genetic algorithm against the exhaustive search algorithm. The results show that the genetic algorithm is much more efficient to compute a good spread of the deployments compared with the exhaustive search algorithm when the scale of the IoT increases.
In summary, the contributions of the thesis are: (1) the development of the security assessment framework for the IoT to improve the security of the IoT and to mitigate the impact of potential attacks; (2) the evaluation of the framework via various use cases; (3) the development of the defence mechanisms and reconfiguration algorithms that change the attack surface of the IoT under the support of SDN to increase the security of the IoT with the non-patchable vulnerabilities; (4) the development of the approach to compute the optimal deployments of the defence mechanisms for the IoT under the budget constraint.