-
Enabling Cooperative IoT Security via Software Defined Networks (SDN)
Authors:
Garegin Grigoryan,
Yaoqing Liu,
Laurent Njilla,
Charles Kamhoua,
Kevin Kwiat
Abstract:
Internet of Things (IoT) is becoming an increasingly attractive target for cybercriminals. We observe that many attacks to IoTs are launched in a collusive way, such as brute-force hacking usernames and passwords, to target at a particular victim. However, most of the time our defending mechanisms to such kind of attacks are carried out individually and independently, which leads to ineffective an…
▽ More
Internet of Things (IoT) is becoming an increasingly attractive target for cybercriminals. We observe that many attacks to IoTs are launched in a collusive way, such as brute-force hacking usernames and passwords, to target at a particular victim. However, most of the time our defending mechanisms to such kind of attacks are carried out individually and independently, which leads to ineffective and weak defense. To this end, we propose to leverage Software Defined Networks (SDN) to enable cooperative security for legacy IP-based IoT devices. SDN decouples control plane and data plane, and can help bridge the knowledge divided between the application and network layers. In this paper, we discuss the IoT security problems and challenges, and present an SDN-based architecture to enable IoT security in a cooperative manner. Furthermore, we implemented a platform that can quickly share the attacking information with peer controllers and block the attacks. We carried out our experiments in both virtual and physical SDN environments with OpenFlow switches. Our evaluation results show that both environments can scale well to handle attacks, but hardware implementation is much more efficient than a virtual one.
△ Less
Submitted 5 June, 2018;
originally announced June 2018.
-
Hardware Trojan Detection Game: A Prospect-Theoretic Approach
Authors:
Walid Saad,
Anibal Sanjab,
Yunpeng Wang,
Charles Kamhoua,
Kevin Kwiat
Abstract:
Outsourcing integrated circuit (IC) manufacturing to offshore foundries has grown exponentially in recent years. Given the critical role of ICs in the control and operation of vehicular systems and other modern engineering designs, such offshore outsourcing has led to serious security threats due to the potential of insertion of hardware trojans - malicious designs that, when activated, can lead t…
▽ More
Outsourcing integrated circuit (IC) manufacturing to offshore foundries has grown exponentially in recent years. Given the critical role of ICs in the control and operation of vehicular systems and other modern engineering designs, such offshore outsourcing has led to serious security threats due to the potential of insertion of hardware trojans - malicious designs that, when activated, can lead to highly detrimental consequences. In this paper, a novel game-theoretic framework is proposed to analyze the interactions between a hardware manufacturer, acting as attacker, and an IC testing facility, acting as defender. The problem is formulated as a noncooperative game in which the attacker must decide on the type of trojan that it inserts while taking into account the detection penalty as well as the damage caused by the trojan. Meanwhile, the resource-constrained defender must decide on the best testing strategy that allows optimizing its overall utility which accounts for both damages and the fines. The proposed game is based on the robust behavioral framework of prospect theory (PT) which allows capturing the potential uncertainty, risk, and irrational behavior in the decision making of both the attacker and defender. For both, the standard rational expected utility (EUT) case and the PT case, a novel algorithm based on fictitious play is proposed and shown to converge to a mixed-strategy Nash equilibrium. For an illustrative case study, thorough analytical results are derived for both EUT and PT to study the properties of the reached equilibrium as well as the impact of key system parameters such as the defender-set fine. Simulation results assess the performance of the proposed framework under both EUT and PT and show that the use of PT will provide invaluable insights on the outcomes of the proposed hardware trojan game, in particular, and system security, in general.
△ Less
Submitted 21 March, 2017;
originally announced March 2017.
-
Contract-Theoretic Resource Allocation for Critical Infrastructure Protection
Authors:
AbdelRahman Eldosouky,
Walid Saad,
Charles Kamhoua,
and Kevin Kwiat
Abstract:
Critical infrastructure protection (CIP) is envisioned to be one of the most challenging security problems in the coming decade. One key challenge in CIP is the ability to allocate resources, either personnel or cyber, to critical infrastructures with different vulnerability and criticality levels. In this work, a contract-theoretic approach is proposed to solve the problem of resource allocation…
▽ More
Critical infrastructure protection (CIP) is envisioned to be one of the most challenging security problems in the coming decade. One key challenge in CIP is the ability to allocate resources, either personnel or cyber, to critical infrastructures with different vulnerability and criticality levels. In this work, a contract-theoretic approach is proposed to solve the problem of resource allocation in critical infrastructure with asymmetric information. A control center (CC) is used to design contracts and offer them to infrastructures' owners. A contract can be seen as an agreement between the CC and infrastructures using which the CC allocates resources and gets rewards in return. Contracts are designed in a way to maximize the CC's benefit and motivate each infrastructure to accept a contract and obtain proper resources for its protection. Infrastructures are defined by both vulnerability levels and criticality levels which are unknown to the CC. Therefore, each infrastructure can claim that it is the most vulnerable or critical to gain more resources. A novel mechanism is developed to handle such an asymmetric information while providing the optimal contract that motivates each infrastructure to reveal its actual type. The necessary and sufficient conditions for such resource allocation contracts under asymmetric information are derived. Simulation results show that the proposed contract-theoretic approach maximizes the CC's utility while ensuring that no infrastructure has an incentive to ask for another contract, despite the lack of exact information at the CC.
△ Less
Submitted 21 February, 2017;
originally announced February 2017.
-
Beyond Free Riding: Quality of Indicators for Assessing Participation in Information Sharing for Threat Intelligence
Authors:
Omar Al-Ibrahim,
Aziz Mohaisen,
Charles Kamhoua,
Kevin Kwiat,
Laurent Njilla
Abstract:
Threat intelligence sharing has become a growing concept, whereby entities can exchange patterns of threats with each other, in the form of indicators, to a community of trust for threat analysis and incident response. However, sharing threat-related information have posed various risks to an organization that pertains to its security, privacy, and competitiveness. Given the coinciding benefits an…
▽ More
Threat intelligence sharing has become a growing concept, whereby entities can exchange patterns of threats with each other, in the form of indicators, to a community of trust for threat analysis and incident response. However, sharing threat-related information have posed various risks to an organization that pertains to its security, privacy, and competitiveness. Given the coinciding benefits and risks of threat information sharing, some entities have adopted an elusive behavior of "free-riding" so that they can acquire the benefits of sharing without contributing much to the community. So far, understanding the effectiveness of sharing has been viewed from the perspective of the amount of information exchanged as opposed to its quality. In this paper, we introduce the notion of quality of indicators (\qoi) for the assessment of the level of contribution by participants in information sharing for threat intelligence. We exemplify this notion through various metrics, including correctness, relevance, utility, and uniqueness of indicators. In order to realize the notion of \qoi, we conducted an empirical study and taken a benchmark approach to define quality metrics, then we obtained a reference dataset and utilized tools from the machine learning literature for quality assessment. We compared these results against a model that only considers the volume of information as a metric for contribution, and unveiled various interesting observations, including the ability to spot low quality contributions that are synonym to free riding in threat information sharing.
△ Less
Submitted 2 February, 2017;
originally announced February 2017.
-
Rethinking Information Sharing for Actionable Threat Intelligence
Authors:
Aziz Mohaisen,
Omar Al-Ibrahim,
Charles Kamhoua,
Kevin Kwiat,
Laurent Njilla
Abstract:
In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introduc- ing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators ar…
▽ More
In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introduc- ing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are pro- posed in the literature, although various issues are undermined. In this paper, we rethink information sharing for actionable intelli- gence, by highlighting various issues that deserve further explo- ration. We argue that information sharing can benefit from well- defined use models, threat models, well-understood risk by mea- surement and robust scoring, well-understood and preserved pri- vacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agent. We call for using the differential nature of data and community structures for optimizing sharing.
△ Less
Submitted 2 February, 2017;
originally announced February 2017.