An increasing number of smart interconnected objects, known as the Internet of Things (IoT), are becoming affordable, popular, and rich in functionality. While these devices enabled a wide range of societal benefits including health, safety, accessibility and sustainability, they also present important security, privacy, and management challenges due to the large set of diverse services they offer. The fundamental problem that opens the door to such behavior is that IoT systems are traditionally closed systems that provide consumers and investigators with little-to-no information about whether a device (or set of devices) is behaving in ways that might violate expectations such as privacy, security, and correctness. To address this problem, this project will investigate how to automatically determine when IoT systems compromise privacy, security and correctness, and how to mitigate such problems. The key idea is to focus on information gleaned from the network traffic that such devices generate, since network traffic is the common platform that all such IoT systems ultimately rely upon. Specifically, the project will develop technology that models the behavior of an IoT system from its network traffic, then use these models to identify unexpected behavior. To mitigate unexpected behavior, the project will identify in-network strategies such as isolating, changing, and/or blocking such traffic. By understanding and modeling device behavior and addressing unexpected behavior from IoT devices, this project has the potential to improve safety and security for users. Further, by raising awareness of new and existing threats, our proposed work can encourage device manufacturers to improve the privacy, security, and correctness of their deployments.
The goal of this project is to explore the extent to which network-inferred behavioral analysis of IoT deployments, combined with control over the network traffic they generate, can identify and mitigate misbehavior in IoT systems. Our key insight is that IoT devices are particularly amenable to state-machine analysis, as they tend to have a limited set of functionality (i.e., states such as "camera recording", "microphone listening", etc.) that is triggered by a limited set of events. To address the fact that one cannot rely on source code to build such models via static analysis, this project will instead treat IoT devices as black boxes and inferring state-machine models that describe their behavior using the one externally observable signal all IoT devices generate: net- work traffic. After building such inferred state machines (and their transition probabilities), the project will analyze their evolution over time to identify misbehaviors -- when a device transitions between states in unexpected or unwanted ways (e.g., due to compromise, data exfiltration, or misconfiguration). To provide coverage of a wide range of misbehaviors, the project will (i) detect behaviors that never before encountered by relying on unsupervised classification techniques; (ii) consider the behavior of the system as a whole by combining in our model the behavior of individual IoT devices, thus capturing the cause of any emergent global system behavior; (iii) produce a system-wide behavior model that is easy to understand and analyze in practice, such as a state machine in which states represents changes in the behavior of individual IoT devices, and transitions show temporal dependencies expressed as probabilities. Finally, the project will employ middleboxes to actually use state machine models as a way to protect a whole IoT system from both individual and global misbehavior. An advantage to this approach is that it is naturally platform-independent by relying on the common denominator in IoT systems, i.e., Internet traffic; further, an in-network solution can be immediately deployed (e.g., in a home or enterprise gateway) for broad impact.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
