2017-00176 - PhD Position / Predictive Security Monitoring for Large-Scale Cyber-Physical Systems

Scientific Context: In last years, Internet-of-Things became a reality with numerous protocols, platforms and devices [8] being developed and used to support the growing deployment of smart* services: smart-home, transport, -health, -city... and even the rather usual rigid systems with industry 4.0. Providing new services have required first the development of new functionalities with as underlining goals to have more powerand computeefficient devices which can embed various sensors. Obviously, IoT also supposes a full infrastructure to guarantee the efficiency of communications and processing of information. The embedded devices are thus completed by access points, routers, servers, etc. At the higher levels services are developed and provided to the users. This ecosystem is very rich and cannot be controlled by a unique entity, e.g. services are o en developed by third parties, manufacturer of embed devices are different to those providing connectivity... As a result, such a complex system is naturally a source of potential threats and real cases recently demonstrates that IoT can be affected by naïve weaknesses [1,6]. At Inria, we even demonstrated how simple and cheap IoT device can be used to take over the control of a Z-Wave home installation in a silent manner [2]. Therefore, security is paramount of importance. In the last decade, many IoT architectures have been proposed, such as the reference model IoT-A [3], including security modules. However, as highlighted before, security cannot be guaranteed without failure or by-design and this is true with evolving ecosystems such as IoT, with now the emerging trend of using fog-based architecture rather than well-established cloud models. To enhance security, one option is to redesign an IoT architecture with stronger security but this will face the same problems as before, since some security issues can appear a erwards and the trade off between security features and their cost is hard to establish mainly multiple IoT devices. Maintaining the architecture with new security elements would be therefore required but a remaining problem is the large number protocols or platforms that already exist. Nowadays, the only viable solution is so to provide new security mechanisms that could be composed on demand and deployed in any IoT platforms by the operators, the integrators or the vendors rather than developing protocolor architecture-centric security solutions. Bibliography: [1] Manos Antonakakis et. al , Understanding the Mirai Botnet, USENIX Security, 2017 [2] L. Rouch et. Al, A Universal Controller to Take Over a Z-Wave Network, Black Hat Europe, 2017 [3] Alessandro Bassi, Martin Bauer, Martin Fiedler, Thorsten Kramp, Rob van Kranenburg, Sebastian Lange, Stefan Meissner (eds), “Enabling Things to Talk”, Designing IoT solutions with the IoT Architectural Reference Model, Springer, 2013 [4] J. François et. al, PTF: Passive Temporal Fingerprinting, IFIP/IEEE International Symposium on Integrated Network Management (IM), 2011 [5] BF Van Dongen et. al, The prom framework: A new era in process mining tool support, ICATPN 2005 [6] C. Kolias, G. Kambourakis, A. Stavrou and J. Voas, "DDoS in the IoT: Mirai and Other Botnets," in Computer, vol. 50, no. 7, pp. 80-84, 2017. [7] Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, Sasu Tarkoma: IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. ICDCS 2017: [8] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," in IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347-2376, Fourthquarter 2015. [9] G. Hurel, R. Badonnel, A. Lahmadi and O. Festor, "Behavioral and Dynamic Security Functions Chaining for Android Devices", in Proceedings of the 11th International Conference on Network and Service Management (CNSM 2015), Barcelona, 2015, pp. 57-63. [10] N. Schnepf, R. Badonnel, A. Lahmadi and S. Merz, "Automated Verification of Security Chains in So ware-defined Networks with Synaptic", in Proceedings of the IEEE Conference on Network Softwarization (NetSoft 2017), Bologna, 2017, pp. 1-9. General Information