Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Things (IoT), Cyber-Physical-Systems (CPS)

Web site: https://sites.google.com/view/iot-cps-2019/program?authuser=0

Trends on Data Graphs & Security
for the Internet of Things
Speaker:
Dr. Ghislain Atemezing
Research & Development Director, MONDECA, Paris, France
Credits:
Dr. Amelie Gyrard
Kno.e.sis, Wright State University, Ohio, USA

Agenda
● Motivation
● Background: Knowledge Graphs (KG), Semantic Web, Ontologies, etc.
● KGs for IoT
● Semantic Web approaches to security
○ Security Knowledge Graph with
STAC (Security Toolbox: Attacks & Countermeasures)
○ Ontology catalog for IoT Security
○ Helping IoT developers secure their applications
○ STAC demo
○ STAC evaluation
● Ontology Quality with Perfecto applied for security
● Take away message

Why do we Need to Secure IoT/CPS Applications?
We can control
people’s life otherwise!

https://www.ahajournals.org/doi/full/10.1161/CIRCULATIONAHA.118.037331
Why do we Need to Secure IoT/CPS Applications?

Classiﬁcation of Cybersecurity from Europol
● Class of incident
● Type of incident for
each class
● Description of the
incident

OWASP - Top 10 IoT Vulnerabilities
● I1 Weak Guessable, or Hardcoded Passwords
● I2 Insecure Network Services
● I3 Insecure Ecosystem Interfaces
● I4 Lack of Secure Update Mechanism
● I5 Use of Insecure or Outdated Components
● I6 Insufﬁcient Privacy Protection
● I7 Insecure Data Transfer and Storage
● I8 Lack of Device Management
● I9 Insecure Default Settings
● I10 Lack of Physical Hardening
https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-ﬁnal.pdf

Access Control Models in IoT/WoT Environment (1)
● ACS authenticates the user and
grants her the appropriate access
token, allowing her to access the
Thing’s resources for a certain period
of time or permanently depending on
the deployed policy,
● Better scalability and privacy in the
system.
● Complicated to implement in
constrained environment since the
Things themselves needs to check the
received access token
De-centralized Architecture

Access Control Models in IoT/ WoT Environment (2)
● User’s requests go through an access
control server that authorizes and
relays them to the right destination.
● This model is interesting in the WoT
since all the complexity can be carried
out by the server.
● Single point of failure, impersonation
and privacy problems since all the
requests and eventually responses
are monitored by the server
Centralized Architecture

Quizz Slide
Have you already heard about
Knowledge Graph (KG)?
What is a KG?

“A graph of data with the intention
to encode knowledge”
“Link things that were never connected before using
graph paradigm to transform business.”
“Knowledge that is represented in machine
readable format for data interoperability and
discovery”

Google’s Knowledge Graph (2012)
Video (2 mins 44): https://youtu.be/mmQl6VGvX-c
Blog: https://googleblog.blogspot.com/2012/05/introducing-knowledge-graph-things-not.html
Directed labeled graph

We are Using those Technologies Everyday
Technologies used in the
search engine back-end

Quizz Slide
Who already heard about:

Knowledge Graphs for
Internet of Things (IoT)

Graph of Things - Le-Phuoc et al.
Video (10 mins 33): https://www.youtube.com/watch?v=kNm6PlrBTi4
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]

Graph of Things
● Temperature
● Wind
● Traffic Camera
● Airport
● Flight
● Ship
● Harbour
● Travel Camera
● Twitter
● Bike Station
Water Level
● Metro Station

Graph of Things
Real-time -> temporal
and spatial aspects
Big Data Challenges:
Big volume, fast
real-time update and
messy data sources

IBM IoT KG
Video: https://www.youtube.com/watch?v=ebBTdH62yLg

Schema.org: Structured data on the Web by Google

iot.schema.org - Ongoing Extension
Ongoing
Extension
http://iotschema.org/

iot.schema.org
http://iotschema.org/Capability
Extension for IoT
domain. How to align
with other existing
ontologies?

How to decide
which concepts to
include?
http://iotschema.org/AirConditionerhttp://iotschema.org/Capability

How to decide
which concepts to
include?
http://iotschema.org/TemperatureSensinghttp://iotschema.org/Capability

Modeling the Security Domain
with Knowledge Graphs
STAC
(Security Toolbox:
Attack & Countermeasure)

● Creating a Knowledge Graph for
better interoperability and reuse
● Based on existing works in the
ﬁeld
● Collecting data from papers from
2005 to 2013
● Initial version during Gyrard’s
PhD thesis in 2013
The STAC Security Knowledge Graph

STAC: The First Security Knowledge Graph
Referenced by LOV

STAC referenced on LOV
April 2019

STAC Ontology and Dataset
STAC Ontology: http://securitytoolbox.appspot.com/stac#
STAC Dataset: http://securitytoolbox.appspot.com/stac-dataset

Technology Concept and Sub-Classes

Web Attacks Sub-Classes and Axioms

Obviously the ontology
to describe the security
domain must evolved!
Security Mechanisms Sub-Classes

Classiﬁcation of Attacks and Security Mechanisms
Speciﬁc to Sensor Networks
According to the OSI Model

Security Properties for
Sensor Security Mechanisms

Describing LLSP Security Mechanism in RDF/XML

An ontology catalog for
(IoT)-Security

LOV4IoT: An ontology Catalog for IoT
Demo: http://lov4iot.appspot.com/?p=ontologies
33 ontologies for
security referenced

LOV4IoT-Security
Demo: http://lov4iot.appspot.com/?p=lov4iot-security

A Potential Solution to Help
Developers
Secure IoT Applications

Motivation for IoT Developers
● How to secure IoT architectures and applications?
○ Communications
○ Data
○ Technologies employed
○ Security properties satisfied
● Time-consuming to be familiar with:
○ Attacks
○ Security Mechanisms
● “Security by design”
=> Reuse the Machine-to-Machine Framework for another purpose: the security
context
=> A tool to help choose the best security mechanism fitting our needs

Assisting Developers
in Securing IoT Apps with STAC

S4AC / Fine-Grained Access Control Policies
● Lightweight vocabulary to create ﬁne-grained access control policies for
Linked Data.
● Share security information specifying the access control conditions under
which the data is accessible.
S4AC: http://ns.inria.fr/s4ac/v1/s4ac_v1.html

Shi3ld: Context-Aware Authorization for Graph Stores
● Works on Named Graphs
● Step 0. The user defines the
Access Policy
● Step 1. Query Contextualization
● Step 2. Access Policy
Evaluation
● Step 3. Query Execution
http://wimmics.inria.fr/projects/shi3ld/

STAC Demo Online: Assisting
Developers in Securing IoT Apps

Demo: http://securitytoolbox.appspot.com/
STAC Application

STAC Application (Video)
STAC Demo: https://www.youtube.com/watch?v=vXYYbwM0xvY

Demo: http://securitytoolbox.appspot.com/?p=stac
Selecting a Technology
Numerous
technologies and
security
mechanisms to use
in IoT

Searching Attacks and Countermeasures
for a Speciﬁc Technology
Demo: http://securitytoolbox.appspot.com/?p=stac

Cryptography
Demo: http://securitytoolbox.appspot.com/?p=cryptography
Tooltip to
provide more
explanations

Security Properties
Demo: http://securitytoolbox.appspot.com/?p=security_property
All security mechanisms
addressing the
authentication security
property

Security Properties
Demo: http://securitytoolbox.appspot.com/?p=security_property

Security for GSM/ 2G
Demo: http://securitytoolbox.appspot.com/?p=cellular

Security for GPRS/ 2.5G & UMTS/ 3G
Demo: http://securitytoolbox.appspot.com/?p=cellular

Demo: http://securitytoolbox.appspot.com/?p=attack
Attacks & Countermeasures

STAC Application Template: GUI

Example: An health application needs to be secured!
STAC Application Template:
Data Graph (Back-end)

● Methodologies:
○ Ontology Development 101: A guide to creating your
ﬁrst ontology [Noy et al. 2001]
● Semantic Web tools:
○ Oops, TripleChecker, RDF Validators, Vapour
○ Linked Open Vocabularies (LOV)
○ Linked Open Data (LOD)
● 24 security ontologies
○ More than 14 ontologies are online
● Evaluation user form:
○ 24 responses
=> STAC improved with new security domains
Evaluation: STAC Ontology on LOV

Evaluation: STAC dataset on DataHub
https://old.datahub.io/dataset/stac

STAC Evaluation
STAC evaluation form:
https://docs.google.com/forms/d/e/1FAIpQLScEoyupQi69NjNWygb1
I7lfJ6ClSQ6JrVY3YjeFo0h31j7K5g/viewform?usp=sf_link
STAC evaluation results:
https://docs.google.com/spreadsheets/d/1G21C2-uv47jeulGZnVdUq
n0M2MR9gyejw8QpWsc4JHE/edit?usp=sharing

Ontology/
Knowledge Graph Quality
with PerfectO

Security Ontology Quality
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT
Selecting the
security domain!

Selecting one specific
ontology!

Automatic integration with
ontology quality tools

Automatic ontology
visualization

Automatic Integration with
Ontology Visualization

Automatic ontology
syntax validator

Is your Security Ontology
not Referenced yet on LOV4IoT?
Writing your ontology
URL here!
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation

Evaluating your Security Ontology
Automatic integration with
ontology quality tools

Improving your Security Ontology

● We can’t stop the IoT/WoT revolution.
● Users are worried about their personal data that they will share
with the smart objects and more importantly who can access
them.
● Need to implement strong security mechanisms to protect their
data inside and outside the infrastructure.
● Semantic technologies offer standards (ontologies, rules, RDF
models) to leverage existing security issues in IoT for better
interoperability mostly in identiﬁcation, or to data
control/access.
Take Away Message!

Challenges
● Semantic Web technologies to support both data
producers and consumers in understanding, combining
and interpreting policies in a meaningful and valuable
way.
● Semantic Web technologies address issues such as
appropriation, distortion, or challenges associated with
invasion.

Bibliography
● An ontology-based approach for helping to secure the ETSI Machine-to-Machine Architecture.
IEEE International Conference on Internet of Things 2014 (iThings), 2014
PDF, Paper via IEEE, Slides
● The STAC (Security Toolbox: Attacks & Countermeasures) ontology
WWW 2013, 22nd International World Wide Web Conference, Poster, Brazil
Paper, Poster
● Chapter 5 Security Toolbox: Attacks & Countermeasures (STAC)
PhD: Designing Cross-Domain Semantic Web of Things Applications (2015)
Thesis's defense, Eurecom, Sophia Antipolis, 24 April 2015
PhD thesis (has been selected as one of the 10 nominees for Best PhD Thesis Price - Telecom
ParisTech 2015 - France)
Slides, Demo

Bibliography
● Semantic Web Methodologies, Best Practices and Ontology Engineering Applied to Internet of
Things
IEEE World Forum on Internet of Things (WF-IoT), 2015
PDF, Paper via IEEE, Slides
● A survey and analysis of ontology-based software tools for semantic interoperability in IoT and
WoT landscapes.
IEEE World Forum on Internet of Things (WF-IoT), 2018
PDF
● Privacy, Security and Policies: A review of Problems and Solutions with Semantic Web
Technologies,
SWJ (2018)
● Social Semantic Web Access Control.
International Workshop Social Data on the Web (SDoW), 2011.
● An Access Control Model for Linked Data
International IFIP Workshop on Semantic Web & Web Semantics (SWWS), 2011

Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Things (IoT), Cyber-Physical-Systems (CPS)

More Related Content

What's hot (16)

Similar to Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Things (IoT), Cyber-Physical-Systems (CPS) (20)

More from Amélie Gyrard (11)

Recently uploaded (20)

Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Things (IoT), Cyber-Physical-Systems (CPS)