Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achieve a system goal, such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. We demonstrated that a software-defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of “when” and “how” strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

Download Full-text

A Moving Target Defense Strategy for Internet of Things Cybersecurity

IEEE Access ◽

10.1109/access.2021.3107403 ◽

2021 ◽

pp. 1-1

Author(s):

Andres A. Mercado-Velazquez ◽

Ponciano J. Escamilla-Ambrosio ◽

Floriberto Ortiz-Rodriguez

Keyword(s):

Internet Of Things ◽

Moving Target ◽

Moving Target Defense ◽

Defense Strategy

Download Full-text

Moving target defense for Internet of Things using context aware code partitioning and code diversification

2016 IEEE 3rd World Forum on Internet of Things (WF-IoT) ◽

10.1109/wf-iot.2016.7845457 ◽

2016 ◽

Cited By ~ 6

Author(s):

Kaleel Mahmood ◽

Devu Manikantan Shila

Keyword(s):

Internet Of Things ◽

Moving Target ◽

Context Aware ◽

Moving Target Defense ◽

Code Partitioning

Download Full-text

PUF Based Authentication Protocol for IoT

Symmetry ◽

10.3390/sym10080352 ◽

2018 ◽

Vol 10 (8) ◽

pp. 352 ◽

Cited By ~ 33

Author(s):

An Braeken

Keyword(s):

Internet Of Things ◽

Key Agreement ◽

Essential Feature ◽

Low Cost ◽

Security Model ◽

Alternative Scheme ◽

Physical Unclonable Functions ◽

Authentication Server ◽

Random Patterns ◽

Iot Devices

Key agreement between two constrained Internet of Things (IoT) devices that have not met each other is an essential feature to provide in order to establish trust among its users. Physical Unclonable Functions (PUFs) on a device represent a low cost primitive exploiting the unique random patterns in the device and have been already applied in a multitude of applications for secure key generation and key agreement in order to avoid an attacker to take over the identity of a tampered device, whose key material has been extracted. This paper shows that the key agreement scheme of a recently proposed PUF based protocol, presented by Chatterjee et al., for Internet of Things (IoT) is vulnerable for man-in-the-middle, impersonation, and replay attacks in the Yao–Dolev security model. We propose an alternative scheme, which is able to solve these issues and can provide in addition a more efficient key agreement and subsequently a communication phase between two IoT devices connected to the same authentication server. The scheme also offers identity based authentication and repudiation, when only using elliptic curve multiplications and additions, instead of the compute intensive pairing operations.

Download Full-text

Advanced Security Model for Internet of Things Environment

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f8815.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 3387-3392

Keyword(s):

Internet Of Things ◽

User Experience ◽

Security Level ◽

Security Model ◽

Accurate Data ◽

Operational Costs ◽

Internet Of Things Environment ◽

Iot Devices ◽

Almost All ◽

Security Checks

IoT has become one of the most prominent used industry which is been intensively used in various applications across the globe. This usage has also made it more vulnerable to numerous attacks from within and outside the industry. Though this remains as one of the most predominant challenges in almost all of the industries, most of the organizations fail to allocate security budgets in order to secure their sub-networks from being misused and attacked. One of the most important aspects of this drawback is the unawareness of various upcoming IoT devices and infrastructures that are not technically sound enough to handle and meet the challenges caused by the various attacking methods. Implementation of highly secure IoT based infrastructure could basically produce various other benefits that include obtaining greater revenues from new inculcated methods and models while minimizing the operational costs by making use of the various optimized processes. This, in turn, leads to various meaningful and accurate data with a better knowledge of user experience. In order to develop such an IoT infrastructure, all the organizations have to mandatory build built-in security checks in each and every level of the applications being used by them. The paper presents a new design model that is used for securing all the devices from various malicious attacks. The paper also compares the newly designed model with the existing model and has proved the betterment of the security level that is been achieved.

Download Full-text

Moving Target Defense for Internet of Things Based on the Zero-Determinant Theory

IEEE Internet of Things Journal ◽

10.1109/jiot.2019.2943151 ◽

2020 ◽

Vol 7 (1) ◽

pp. 661-668 ◽

Cited By ~ 3

Author(s):

Shengling Wang ◽

Hongwei Shi ◽

Qin Hu ◽

Bin Lin ◽

Xiuzhen Cheng

Keyword(s):

Internet Of Things ◽

Moving Target ◽

Moving Target Defense ◽

Determinant Theory

Download Full-text

A Review of Moving Target Defense Mechanisms for Internet of Things Applications

Modeling and Design of Secure Internet of Things ◽

10.1002/9781119593386.ch24 ◽

2020 ◽

pp. 563-614

Author(s):

Nico Saputro ◽

Samet Tonyali ◽

Abdullah Aydeger ◽

Kemal Akkaya ◽

Mohammad A. Rahman ◽

...

Keyword(s):

Internet Of Things ◽

Defense Mechanisms ◽

Moving Target ◽

Moving Target Defense

Download Full-text

IANVS: A Moving Target Defense Framework for a Resilient Internet of Things

2020 IEEE Symposium on Computers and Communications (ISCC) ◽

10.1109/iscc50000.2020.9219728 ◽

2020 ◽

Author(s):

Renzo E. Navas ◽

Hakon Sandaker ◽

Frederic Cuppens ◽

Nora Cuppens ◽

Laurent Toutain ◽

...

Keyword(s):

Internet Of Things ◽

Moving Target ◽

Moving Target Defense

Download Full-text

DES Based Dynamic Encryption Scheme for Moving Target Defense in Network

International Journal of Emerging Trends in Engineering Research ◽

10.30534/ijeter/2020/198102020 ◽

2020 ◽

Vol 8 (10) ◽

pp. 6742-6745

Keyword(s):

Moving Target ◽

Encryption Scheme ◽

Moving Target Defense ◽

Dynamic Encryption

Download Full-text

Bringing Security to The Smallest Embedded Systems

10.34048/2017.1.f5 ◽

2017 ◽

Author(s):

JOSEPH YIU

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Low Cost ◽

Security Requirements ◽

The Internet ◽

Security Measures ◽

Significant Challenge ◽

Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

Download Full-text

Comment on “DIO Suppression Attack Against Routing in the Internet of Things”

10.36227/techrxiv.11346335.v1 ◽

2019 ◽

Author(s):

Abhishek Verma ◽

Virender Ranga

Keyword(s):

Internet Of Things ◽

Network Topology ◽

Impact Analysis ◽

The Internet ◽

Routing Performance ◽

Routing Attack ◽

The Internet Of Things ◽

Specific Reason

<div>We have thoroughly studied the paper of Perazzo et al., which presents a routing attack named DIO suppression attack with its impact analysis. However, the considered simulation grid of size 20mx20m does not correspond to the results presented in their paper. We believe that the incorrect simulation detail needs to be rectified further for the scientific correctness of the results. In this comment, it is shown that the suppression attack on such small sized network topology does not have any major impact on routing performance, and specific reason is discussed for such behavior.</div>

Download Full-text