Securing Wireless IoT Networks from Backdoor Stealthy Attacks

1. 1/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq Department of Electrical & Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY 11201, USA. {mjf514,qz494}@nyu.edu Jul. 28, 2019 Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

2. 2/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Outline 1 Introduction Towards the IoT IoT Architecture Security Risks in IoT 2 Motivation The Security Focus Examples of Past Attacks 3 Threat Landscape Knowns and Unknowns Known Unknowns in IoT 4 Theoretical Modeling 5 Analysis 6 Results 7 Conclusion Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

3. 3/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Introduction From IoC to IoT We are moving from an “Internet of Computers” to an “Internet of Things (IoT)” Security of computers has become mature but security of things is still in its infancy IoT is much more vulnerable to attacks and malicious activity than computers Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

6. 4/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Introduction Emerging paradigms The IoT is revolutionizing the operation of electronic systems. New paradigms are emerging such as smart homes, factories, buildings, and cities. It brings tremendous amount of convenience Automated functionalities are not without risks Figure 1: Smart home, smart factory, smart buildings, smart city Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

10. 5/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Introduction IoT System Architecture The IoT ecosystem consists of the following components: Endpoint Devices (Sensors/ Actuators) Wireless Access Points (Hubs/ Routers/ Gateways) Cloud Computing Systems User Devices (Smart Phones/ Smart Watches/ Voice Assistants) Figure 2: IoT technology stack. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

14. 6/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Introduction Cyber-Physical Footprint of IoT Digital voice assistants are becoming increasingly powerful and capable Interaction with critical infrastructure systems Figure 3: Digital voice assistants for IoT. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

15. 6/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Introduction Cyber-Physical Footprint of IoT Digital voice assistants are becoming increasingly powerful and capable Interaction with critical infrastructure systems Figure 3: Digital voice assistants for IoT. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

16. 7/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Introduction Security Risks in IoT Main factors leading to vulnerabilities are as follows: low cost devices and little emphasis on security Rapid product development cycle ignoring security aspects Device inter-operability opens doors for malicious activity Less regulated ecosystem - oﬀ the shelf hardware can be programmed to interact with critical systems such as HVACs, Fire safety systems, electronic door locks, etc. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

20. 8/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation The Security Focus: Objective Knowing the tremendous vulnerabilities in the IoT, the key objective is to: Protect IoT systems and networks from malicious attacks Embed security features into the design and operation of networks Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

21. 9/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation The Security Focus: What Can Go Wrong? What is the underlying threat model? What is the security strategy? Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

22. 9/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation The Security Focus: What Can Go Wrong? What is the underlying threat model? What is the security strategy? Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

23. 10/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation The Security Focus: Potential Consequences Unlike luggage, IoT systems are not passive.They are mission oriented systems interacting with other devices to achieve certain functionalities. Example consequences are as follows: A simultaneous change in temperature control by large number of thermostats may lead to a massive surge in power requirements leading to grid breakdown A coordinated false alarm from smoke detectors may trigger simultaneous ﬁretruck requests sabotaging emergency response systems. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

24. 10/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation The Security Focus: Potential Consequences Unlike luggage, IoT systems are not passive.They are mission oriented systems interacting with other devices to achieve certain functionalities. Example consequences are as follows: A simultaneous change in temperature control by large number of thermostats may lead to a massive surge in power requirements leading to grid breakdown A coordinated false alarm from smoke detectors may trigger simultaneous ﬁretruck requests sabotaging emergency response systems. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

25. 11/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation Examples of Past Attacks - Mirai The Mirai is an example of a botnet that caused a disruption in the Internet in 2016 - largest of its kind in history Several websites such as Twitter, Netflix, CNN, and Guardian were affected It exploited default login and password information of IoT devices such as home appliances, DVRs, CC cameras to generate superfluous traffic resulting in a large scale DDoS attack Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

28. 12/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation Examples of Past Attacks - Ransomware In 2017, a hotel in Austria was attacked by malware that locked the electronic door locks on its rooms Attacker demanded ransom to open doors to customers Physical denial of service due to IoT Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

31. 13/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation Cyber-Physical Attacks in IoT: Knowns and Unknowns Figure 4: Source: Cyber Attacks: The Knowns & Unknowns SE Edition. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

32. 14/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation The Known Unknowns in IoT? New forms of attacks are emerging such as Advanced Persistent Threats (APTs) - stealthy, prolonged, and targeted cyberattacks Backdoor channels may allow supply chain actors to attack the system There are reports that IoTroop and Reaper are two Mirai-variant botnets1 that are stealthily propagating using IoT device vulnerabilities. How do we tackle the known unknowns? Do not leave the devices/network unattended 1 P. Moriuchi and S. Chohan, “Mirai-variant IoT botnet used to target ﬁnancial sector in January 2018,” Insikt Group, Apr. 2018. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

37. 15/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Motivation Mitigation Approach How can we mitigate the risk of stealthy botnet attacks? We can use the “do not leave unattended” philosophy to check on the devices One way is to patch devices periodically to ensure that it is not in a compromised state How often the devices should be patched? Even though the attacker may be able to compromise a portion of the network, it will not be able to intrude and cause a large scale coordinated attack. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

41. 16/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion System Model Network Abstraction IoT Device IoT Device IoT Device IoT Device IoT Device IoT Device IoT Device i IoT Device Malware Process Regular Process IoT Device IoT Devicer Consider wireless IoT devices uniformly distributed in R2 according to a homogeneous Poisson Point Process (PPP) with intensity λ ∈ N Each device has computing capabilities and a wireless interface for communication Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

42. 16/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion System Model Network Abstraction IoT Device IoT Device IoT Device IoT Device IoT Device IoT Device IoT Device i IoT Device Malware Process Regular Process IoT Device IoT Devicer Consider wireless IoT devices uniformly distributed in R2 according to a homogeneous Poisson Point Process (PPP) with intensity λ ∈ N Each device has computing capabilities and a wireless interface for communication Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

43. 17/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion System Model Network Abstraction (Cont’d) The devices are assumed to have omni-directional transmissions with a communication range of r m. A typical device located at xi is connected wirelessly with K = |Ni | other devices, where Ni = {j : xi − xj ≤ r, ∀j = i} and |.| denotes the cardinality operator. Since the devices in the network are distributed according to a PPP, the degree K is a random variable with P[K = k] = πk = e−λπr2 (λπr2)k k! . Furthermore, the average degree of a typical device is E[K] = λπr2 Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

46. 18/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion System Model Model Validation 0 2 4 6 8 10 12 14 16 18 Device degree, k 0 0.02 0.04 0.06 0.08 0.1 0.12 0.14 0.16 0.18 ProbabilityDensity Communication Range = 140 m Link NYC Data Poisson degree Figure 5: Analyzing potential connectivity of WiFi hotspots in NYC. We use location data of WiFi access points in New York City, referred to as LinkNYC 652 hotspots located in Midtown Manhattan and surrounding neighborhoods are used in analysis A communication range of 140 m for each hotspot is used Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

47. 19/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion System Model Threat Model We assume that a botmaster possesses powerful capabilities to exploit loopholes in vulnerable wireless IoT devices to infiltrate them and install malicious software process on them. We assume that a proportion p ∈ [0, 1] of the network is vulnerable to being compromised or infiltrated by the malware if the malware has been successfully transmitted over the wireless interface. The bots use a fraction of the communication resources of the host device to infiltrate nearby devices and to share control commands. γb ≥ 0 - malware spreading rate γc ≥ 0 - control command propagation rate Patching removes malware as well as control commands on the device Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

51. 20/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Malware & Information Evolution State-Space Representation An epidemic-inspired model is used to study malware propagation. B BI BI ~ ~ µk µk  kσ1 kσ2 k kk Figure 6: State evolution diagram for a typical device. The possible system states of the population of degree k devices are: ˜Bk - the proportion of degree k devices in the network that are un-compromised. B˜Ik - the proportion of degree k devices in the network that are bots but uninformed about control commands. BIk - the proportion of degree k devices in the network that are bots and are also informed with control commands. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

52. 21/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Malware & Information Evolution State-Space Dynamics The state evolution can be described by the following dynamical system of equations: d ˜Bk (t) dt = µk (B˜Ik (t) + BIk (t)) − kσ1 ˜Bk (t), = µk (1 − ˜Bk (t)) − kσ1 ˜Bk (t), (1) dB˜Ik (t) dt = −(µk + kσ2)B˜Ik (t)+ kσ1 ˜Bk (t) + βBIk (t), (2) dBIk (t) dt = −(µk + β)BIk (t) + kσ2B˜Ik (t). (3) Since ˜Bk (t) + B˜Ik (t) + BIk (t) = 1, ∀t ≥ 0, it results in: d ˜Bk (t) dt = µk − (µk + kσ1) ˜Bk (t), (4) dBIk (t) dt = kσ2 − (µk + β + kσ2)BIk (t) − kσ2 ˜Bk (t). (5) Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

53. 22/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Malware & Information Evolution Analysis of Equilibrium States Therefore, the equilibrium population of degree k un-compromised devices, ˜B∗ k and of informed bot devices, BI∗ k can be expressed as follows: ˜B∗ k (µk) = µk µk + kσ1(θ∗ ˜B ) , (6) BI∗ k (µk) = k2σ1(θ∗ ˜B )σ2(θ∗ BI ) (µk + kσ1(θ∗ ˜B ))(β + µk + kσ2(θ∗ BI )) , (7) θ ˜B = k k P(k ) E[K] ˜Bk (t), (8) θBI = k k P(k ) E[K] BIk (t). (9) Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

54. 23/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Malware & Information Evolution Analysis of Equilibrium States Lemma In a PPP distributed wireless network with D2D communication, the probability of a particular link of a degree k device pointing to an un-compromised and to an informed bot device respectively at equilibrium can be approximately expressed as follows: θ∗ ˜B ≈ min µk ργbpE[K] , 1 , (10) θ∗ BI ≈ max 1 − µkγc + ργb(β + µk) E[K]ρpγbγc , 0 . (11) Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

55. 24/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Key Results Fundamental Limits Corollary For a PPP deployed wireless IoT network being inﬁltrated by a botnet with malware spreading at a rate γb and control commands propagating at a rate γc, the upper bound on the required patching rate for a device to have an impact on the equilibrium populations is given by µk ≤ ργbpE[K], ∀k ≥ 1, (12) Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

56. 25/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Malware & Information Evolution Analysis of Equilibrium States Theorem At equilibrium, the proportion of degree k devices in the network that are un-compromised, i.e., ˜B∗ k and those that are bots and informed by control commands, i.e., BI∗ k can be approximately expressed as ˜B ∗ k (µk ) ≈ µk µk + kργbp  1 + 1 η ln  e−η + e −η µk ργbpE[K]     , (13) BI ∗ k (µk ) ≈ k2 ρ2 γbγc p  1 + 1 η ln  e−η + e −η µk ργbpE[K]      µk + kργbp  1 + 1 η ln  e−η + e −η µk ργbpE[K]       × 1 η ln  1 + e η 1− µk γc +ργb(β+µk ) E[K]ρpγbγc    β + µk + kργc + 1 η ln  1 + e η 1− µk γc +ργb(β+µk ) E[K]ρpγbγc     . (14) Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

57. 26/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Network Defense Problem The cost incurred on the operation of a network device due to patching activity is assumed to be a smooth, convex, and increasing function of the patching rate µk, represented by φk : R+ → R+, ∀k ≥ 1. The network defender’s problem can then be formulated as follows: minimize µk ,k≥1 ∞ k=1 φk(µk)πk, (15) subject to ∞ k=1 ˜B∗ k (µk)πk ≥ τ ˜B, (16) ∞ k=1 BI∗ k (µk)πk ≤ τBI . (17) Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

58. 27/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Results Analyzing Optimal Patching Policies 0 5 10 15 20 25 0 0.001 0.002 0.003 0.004 0.005 0.006 0.007 0.008 0.009 0.01 0 0.02 0.04 0.06 0.08 0.1 0.12 0.14 BI = 0.2, b = 0.001, c = 0.01 0 5 10 15 20 25 0 0.001 0.002 0.003 0.004 0.005 0.006 0.007 0.008 0.009 0.01 0 0.02 0.04 0.06 0.08 0.1 0.12 0.14 BI = 0.01, 0.05, 0.1, 0.2 Figure 7: Impact of varying un-compromised bot proportion threshold τ˜B and informed bot proportion threshold τBI . The dotted line shows the theoretical upper bound. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

59. 28/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Results Analyzing Patching Cost 1 2 3 4 5 6 7 8 9 10 10-3 0 0.002 0.004 0.006 0.008 0.01 0.012 0.014 0.016 0.018 c = 0.01 1 2 3 4 5 6 7 8 9 10 10-3 0.9 1 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 10 -4 b = 0.001 Figure 8: Expected total cost of patching against varying system parameters. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

60. 29/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Results -0.5 -0.4 -0.3 -0.2 -0.1 0 0.1 0.2 0.3 0.4 0.5 -0.5 -0.4 -0.3 -0.2 -0.1 0 0.1 0.2 0.3 0.4 0.5 τ ˜B = 0.7 State ˜B State B ˜I State BI -0.5 -0.4 -0.3 -0.2 -0.1 0 0.1 0.2 0.3 0.4 0.5 -0.5 -0.4 -0.3 -0.2 -0.1 0 0.1 0.2 0.3 0.4 0.5 τ ˜B = 0.8 State ˜B State B ˜I State BI -0.5 -0.4 -0.3 -0.2 -0.1 0 0.1 0.2 0.3 0.4 0.5 -0.5 -0.4 -0.3 -0.2 -0.1 0 0.1 0.2 0.3 0.4 0.5 τ ˜B = 0.9 State ˜B State B ˜I State BI Figure 9: Proportion of un-compromised devices in a PPP network. 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 time, t ×104 0 10 20 30 40 50 60 70 80 90 100 Proportionofun-compromiseddevices,˜B(t) τBI = 0.2, γb = 0.001, γc = 0.01 τ ˜B = 0.9 τ ˜B = 0.8 τ ˜B = 0.9 Figure 10: Time evolution of the proportion of un-compromised devices in Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

61. 30/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Results Analyzing equilibrium malware propagation for LinkNYC Figure 11: Snapshot of network states at equilibrium in the LinkNYC network. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

62. 31/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Results Analyzing time evolution of malware propagation for LinkNYC 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 time, t ×104 0 10 20 30 40 50 60 70 80 90 100 Proportionofun-compromiseddevices,˜B(t) τBI = 0.2, γb = 0.001, γc = 0.01 τ ˜B = 0.9 τ ˜B = 0.8 τ ˜B = 0.7 Figure 12: Time evolution of the proportion of un-compromised devices in the LinkNYC network. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

63. 32/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Conclusion Summary An overview of security challenges in IoT was provided Past attacks and emerging threats were discussed A theoretical standpoint on countering stealthy botnet propagation is presented Optimal patching policies are developed to minimize the threat of botnet formation Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

67. 33/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Conclusion Key Takeaways Security concerns are going to be further ampliﬁed as the IoT ecosystem grows Novel security mechanisms are required to tackle the known unknowns A holistic approach is needed to understand risks (By having a global view instead of local security of individual devices) Next Step: Cyber-Physical Resilience - Countering Unknown Unknowns Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

71. 34/34 Introduction Motivation Threat Landscape Theoretical Modeling Analysis Results Conclusion Thank You! Questions? Contact: Junaid Farooq (junaid.farooq@nyu.edu) 370 Jay Street, Brooklyn, NY 11201. NYU Center for Cyber Security. M. J. Farooq and Q. Zhu, ”Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks,” in IEEE Transactions on Information Forensics and Security, vol. 14, no. 9, pp. 2412-2426, Sept. 2019. M. J. Farooq and Q. Zhu, ”Secure and reconfigurable network design for critical information dissemination in the Internet of battlefield things (IoBT),” 2017 15th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt), Paris, 2017, pp. 1-8. M. J. Farooq and Q. Zhu, ”On the Secure and Reconfigurable Multi-Layer Network Design for Critical Information Dissemination in the Internet of Battlefield Things (IoBT),” in IEEE Transactions on Wireless Communications, vol. 17, no. 4, pp. 2618-2632, April 2018. Securing Wireless IoT Networks from Backdoor Stealthy Attacks Junaid Farooq

Securing Wireless IoT Networks from Backdoor Stealthy Attacks

More Related Content

What's hot (20)

Similar to Securing Wireless IoT Networks from Backdoor Stealthy Attacks (20)

Recently uploaded (20)

Securing Wireless IoT Networks from Backdoor Stealthy Attacks