Cybersecurity for autonomous vehicles against malware attacks in smart-cities

Smart Autonomous Vehicles (AVSs) are networks of Cyber-Physical Systems (CPSs) in which they wirelessly communicate with other CPSs sub-systems (e.g., smart -vehicles and smart-devices) to efficiently and securely plan safe travel. Due to unreliable wireless communication among them, such vehicles are an easy target of malware attacks that may compromise vehicles’ autonomy, increase inter-vehicle communication latency, and drain vehicles’ power. Such compromises may result in traffic congestion, threaten the safety of passengers, and can result in financial loss. Therefore, real-time detection of such attacks is key to the safe smart transportation and Intelligent Transport Systems (ITSs). Current approaches either employ static analysis or dynamic analysis techniques to detect such attacks. However, these approaches may not detect malware in real-time because of zero-day attacks and huge computational resources. Therefore, we introduce a hybrid approach that combines the strength of both analyses to efficiently detect malware for the privacy of smart-cities

Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms

Our smartphones, homes, hospitals, and automobiles are being enhanced with software that provide an unprecedentedly rich set of functionalities, which has created an enormous market for the development of software that run on almost every personal computing devices in a person's daily life, including security- and safety-critical ones. However, the software development support provided by the emerging platforms also raises security risks by allowing untrusted third-party code, which can potentially be buggy, vulnerable or even malicious to control user's device. Moreover, as the Internet-of-Things (IoT) technology is gaining vast adoptions by a wide range of industries, and is penetrating every aspects of people's life, safety risks brought by the open software development support of the emerging IoT platform (e.g., smart home) could bring more severe threat to the well-being of customers than what security vulnerabilities in mobile apps have done to a cell phone user. To address this challenge posed on the software security in emerging domains, my dissertation focuses on the flaws, vulnerabilities and malice in the software developed for platforms in these domains. Specifically, we demonstrate that systematic program analyses of software (1) Lead to an understanding of design and implementation flaws across different platforms that can be leveraged in miscellaneous attacks or causing safety problems; (2) Lead to the development of security mechanisms that limit the potential for these threats.We contribute static and dynamic program analysis techniques for three modern platforms in emerging domains -- smartphone, smart home, and autonomous vehicle. Our app analysis reveals various different vulnerabilities and design flaws on these platforms, and we propose (1) static analysis tool OPAnalyzer to automates the discovery of problems by searching for vulnerable code patterns; (2) dynamic testing tool AutoFuzzer to efficiently produce and capture domain specific issues that are previously undefined; and (3) propose new access control mechanism ContexIoT to strengthen the platform's immunity to the vulnerability and malice in third-party software. Concretely, we first study a vulnerability family caused by the open ports on mobile devices, which allows remote exploitation due to insufficient protection. We devise a tool called OPAnalyzer to perform the first systematic study of open port usage and their security implications on mobile platform, which effectively identify and characterize vulnerable open port usage at scale in popular Android apps. We further identify the lack of context-based access control as a main enabler for such attacks, and begin to seek for defense solution to strengthen the system security. We study the popular smart home platform, and find the existing access control mechanisms to be coarse-grand, insufficient, and undemanding. Taking lessons from previous permission systems, we propose the ContexIoT approach, a context-based permission system for IoT platform that supports third-party app development, which protects the user from vulnerability and malice in these apps through fine-grained identification of context. Finally, we design dynamic fuzzing tool, AutoFuzzer for the testing of self-driving functionalities, which demand very high code quality using improved testing practice combining the state-of-the-art fuzzing techniques with vehicular domain knowledge, and discover problems that lead to crashes in safety-critical software on emerging autonomous vehicle platform.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/145845/1/jackjia_1.pd

Software Protection and Secure Authentication for Autonomous Vehicular Cloud Computing

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC. In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our vision of a layer-based approach to thoroughly study state-of-the-art literature in the realm of AVs. Particularly, we examined some cyber-attacks and compared their promising mitigation strategies from our perspective. Then, we focused on two security issues involving AVCC: software protection and authentication. For the first problem, our concern is protecting client’s programs executed on remote AVCC resources. Such a usage scenario is susceptible to information leakage and reverse-engineering. Hence, we proposed compiler-based obfuscation techniques. What distinguishes our techniques, is that they are generic and software-based and utilize the intermediate representation, hence, they are platform agnostic, hardware independent and support different high level programming languages. Our results demonstrate that the control-flow of obfuscated code versions are more complicated making it unintelligible for timing side-channels. For the second problem, we focus on protecting AVCC from unauthorized access or intrusions, which may cause misuse or service disruptions. Therefore, we propose a strong privacy-aware authentication technique for users accessing AVCC services or vehicle sharing their resources with the AVCC. Our technique modifies robust function encryption, which protects stakeholder’s confidentiality and withstands linkability and “known-ciphertexts” attacks. Thus, we utilize an authentication server to search and match encrypted data by performing dot product operations. Additionally, we developed another lightweight technique, based on KNN algorithm, to authenticate vehicles at computationally limited charging stations using its owner’s encrypted iris data. Our security and privacy analysis proved that our schemes achieved privacy-preservation goals. Our experimental results showed that our schemes have reasonable computation and communications overheads and efficiently scalable

A Survey of Using Machine Learning in IoT Security and the Challenges Faced by Researchers

The Internet of Things (IoT) has become more popular in the last 15 years as it has significantly improved and gained control in multiple fields. We are nowadays surrounded by billions of IoT devices that directly integrate with our lives, some of them are at the center of our homes, and others control sensitive data such as military fields, healthcare, and datacenters, among others. This popularity makes factories and companies compete to produce and develop many types of those devices without caring about how secure they are. On the other hand, IoT is considered a good insecure environment for cyber thefts. Machine Learning (ML) and Deep Learning (DL) also gained more importance in the last 15 years; they achieved success in the networking security field too. IoT has some similar security requirements such as traditional networks, but with some differences according to its characteristics, some specific security features, and environmental limitations, some differences are made such as low energy resources, limited computational capability, and small memory. These limitations inspire some researchers to search for the perfect and lightweight security ways which strike a balance between performance and security. This survey provides a comprehensive discussion about using machine learning and deep learning in IoT devices within the last five years. It also lists the challenges faced by each model and algorithm. In addition, this survey shows some of the current solutions and other future directions and suggestions. It also focuses on the research that took the IoT environment limitations into consideration

Role of Artificial Intelligence in the Internet of Things (IoT) Cybersecurity

In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these three topics with the purpose of comprehensively presenting and summarizing relevant literature in these fields

Establishing trusted Machine-to-Machine communications in the Internet of Things through the use of behavioural tests

Today, the Internet of Things (IoT) is one of the most important emerging technologies. Applicable to several fields, it has the potential to strongly influence people’s lives. “Things” are mostly embedded machines, and Machine-to-Machine (M2M) communications are used to exchange information. The main aspect of this type of communication is that a “thing” needs a mechanism to uniquely identify other “things” without human intervention. For this purpose, trust plays a key role. Trust can be incorporated in the smartness of “things” by using mobile “agents”. From the study of the IoT ecosystem, a new threat against M2M communications has been identified. This relates to the opportunity for an attacker to employ several forged IoT-embedded machines that can be used to launch attacks. Two “things-aware” detection mechanisms have been proposed and evaluated in this work for incorporation into IoT mobile trust agents. These new mechanisms are based on observing specific thing-related behaviour obtained by using a characterisation algorithm. The first mechanism uses a range of behaviours obtained from real embedded machines, such as threshold values, to detect whether a target machine is forged. This detection mechanism is called machine emulation detection algorithm (MEDA). MEDA takes around 3 minutes to achieve a detection accuracy of 79.21%, with 44.55% of real embedded machines labelled as belonging to forged embedded machines. These results indicated a need to develop a more accurate and faster detection method. Therefore, a second mechanism was created and evaluated. A dataset composed of behaviours from real, virtual and emulated embedded systems that can be part of the IoT was created. This was used for both training and testing classification methods. The results identified Random Forest (RF) as the most efficient method, recognising forged embedded machines in only 5 seconds with a detection rate of around 99.5%. It follows that this solution can be applied in real IoT scenarios with critical conditions. In the final part of this thesis, an attack against these new mechanisms has been proposed. This consists of using a modified kernel of a powerful machine to mimic the behaviour of a real IoT-embedded machine, referred to as a fake timing attack (FTA). Two metrics, mode and median from ping response time, have been found to effectively detect this attack. The final detection method involves combining RF and k-Nearest Neighbour to successfully detect forged embedded machines and FTA in only 40 seconds, with an overall detection performance (ODP) of 99.9% and 93.70% respectively. This method also was evaluated using behaviours from embedded machines that were not present in the training set. The results from that evaluation demonstrate that the proposed solution can detect embedded machines unknown to the method, both real and virtual, with an ODP of 99.96% and 99.92% respectively. In summary, a new algorithm able to detect forged embedded machines easily, quickly and with very high accuracy has been developed. The proposed method addresses the challenge of securing present and future M2M-embedded machines with power-constrained resources and can be applied to real IoT scenarios

Data-driven malware detection for 6G networks: a survey from the perspective of continuous learning and explainability via visualisation

5G is inherently prone to security vulnerabilities. We witness that many today’s networks contain 5G security flaws due to their reliance on the existing 4G network core. A lack of security standards for 5G IoT devices means network breaches and malware threats might run uncontrolled. The future 6G network is predicted to be implemented with artificial intelligence- driven communication via machine learning, enhanced edge computing, post-quantum cryptography and so forth. With the activation of edge computing, the computing power available at supercomputing servers is to be integrated directly into the devices at the entry point of a network in a distributed manner (e.g., antennas, routers, IoT sensors, etc). This feature brings an equal quality of service everywhere including remote regions (a.k.a service everywhere) which will trigger an exponential growth of associated applications. In this intricate environment, malware attacks are becoming more challenging to detect. This paper thus reviews the theoretical and experimental data-driven malware detection literature, in the large-scale data-intensive field, relating to: (1) continuous learning, including new concepts in multi-domain to multi-target learning and the challenges associated with unseen/unknown data, imbalance data and data scarcity, and (2) new explainability via visualisation concepts with a multi-labelling approach which allows identifying malware by their recipes while improving the interpretability of its decision process

Exploring the use of conversational agents to improve cyber situational awareness in the Internet of Things (IoT).

The Internet of Things (IoT) is an emerging paradigm, which aims to extend the power of the Internet beyond computers and smartphones to a vast and growing range of "things" - devices, processes and environments. The result is an interconnected world where humans and devices interact with each other, establishing a smart environment for the continuous exchange of information and services. Billions of everyday devices such as home appliances, surveillance cameras, wearables and doorbells, enriched with computational and networking capabilities, have already been connected to the Internet. However, as the IoT has grown, the demand for low-cost, easy-to-deploy devices has also increased, leading to the production of millions of insecure Internet-connected smart devices. Many of these devices can be easily exploited and leveraged to perform large-scale attacks on the Internet, such as the recently witnessed botnet attacks. Since these attacks often target consumer-level products, which commonly lack a screen or user interface, it can be difficult for users to identify signs of infection and be aware of devices that have been compromised. This thesis presents four studies which collectively explored how user awareness of threats in consumer IoT networks could be improved. Maintaining situational awareness of what is happening within a home network is challenging, not least because malicious activity often occurs in devices which are not easily monitored. This thesis evaluated the effectiveness of conversational agents to improve Cyber Situational Awareness. In doing so, it presented the first study to investigate their ability to help users improve their perception of smart device activity, comprehend this in the context of their home environment, and project this knowledge to determine if a threat had occurred or may occur in the future. The research demonstrated how a BLSTMRNN with word embedding could be used to extract semantic meaning from packets to perform deep packet inspection and detect IoT botnet activity. Specifically, how the models use of contextual information from both the past and future enabled better predictions to be made about the current state (packet) due to the sequential nature of the network traffic. In addition, a cross-sectional study examined users' awareness and perception of threats and found that, although users value security and privacy, they found it difficult to identify threats and infected devices. Finally, novel cross-sectional and longitudinal studies evaluated the use of conversational agents, and demonstrated them to be an effective and efficient method of improving Cyber Situational Awareness. In particular, this was shown to be true when using a multi-modal approach and combining aural, verbal and visual modalities

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms