Cyber security of smart building ecosystems

Abstract. Building automation systems are used to create energy-efficient and customisable commercial and residential buildings. During the last two decades, these systems have become more and more interconnected to reduce expenses and expand their capabilities by allowing vendors to perform maintenance and by letting building users to control the machines remotely. This interconnectivity has brought new opportunities on how building data can be collected and put to use, but it has also increased the attack surface of smart buildings by introducing security challenges that need to be addressed. Traditional building automation systems with their proprietary communication protocols and interfaces are giving way to interoperable systems utilising open technologies. This interoperability is an important aspect in streamlining the data collection process by ensuring that different components of the environment are able to exchange information and operate in a coordinated manner. Turning these opportunities into actual products and platforms requires multi-sector collaboration and joint research projects, so that the buildings of tomorrow can become reality with as few compromises as possible. This work examines one of these experimental project platforms, KEKO ecosystem, with the focus on assessing the cyber security challenges faced by the platform by using the well-recognised MITRE ATT&CK knowledge base of adversary tactics and techniques. The assessment provides a detailed categorisation of identified challenges and recommendations on how they should be addressed. This work also presents one possible solution for improving the detection of offensive techniques targeting building automation by implementing a monitoring pipeline within the experimental platform, and a security event API that can be integrated to a remote SIEM system to increase visibility on the platform’s data processing operations

Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases

[Abstract] Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.This work has been funded by the Xunta de Galicia (ED431G2019/01), the Agencia Estatal de Investigación of Spain (TEC2016-75067-C4-1-R, RED2018-102668-T, PID2019-104958RB-C42) and ERDF funds of the EU (AEI/FEDER, UE)Xunta de Galicia; ED431G2019/0

Securing ZigBee Commercial Communications Using Constellation Based Distinct Native Attribute Fingerprinting

This work provides development of Constellation Based DNA (CB-DNA) Fingerprinting for use in systems employing quadrature modulations and includes network protection demonstrations for ZigBee offset quadrature phase shift keying modulation. Results are based on 120 unique networks comprised of seven authorized ZigBee RZSUBSTICK devices, with three additional like-model devices serving as unauthorized rogue devices. Authorized network device fingerprints are used to train a Multiple Discriminant Analysis (MDA) classifier and Rogue Rejection Rate (RRR) estimated for 2520 attacks involving rogue devices presenting themselves as authorized devices. With MDA training thresholds set to achieve a True Verification Rate (TVR) of TVR = 95% for authorized network devices, the collective rogue device detection results for SNR ≥ 12 dB include average burst-by-burst RRR ≈ 94% across all 2520 attack scenarios with individual rogue device attack performance spanning 83.32% \u3c RRR \u3c 99.81%

Radio Identity Verification-based IoT Security Using RF-DNA Fingerprints and SVM

It is estimated that the number of Internet of Things (IoT) devices will reach 75 billion in the next five years. Most of those currently and soon-to-be deployed devices lack sufficient security to protect themselves and their networks from attacks by malicious IoT devices masquerading as authorized devices in order to circumvent digital authentication approaches. This work presents a Physical (PHY) layer IoT authentication approach capable of addressing this critical security need through the use of feature-reduced, Radio Frequency-Distinct Native Attributes (RF-DNA) fingerprints and Support Vector Machines (SVM). This work successfully demonstrates (i) authorized Identity (ID) verification across three trials of six randomly chosen radios at signal-to-noise ratios greater than or equal to 6 dB and (ii) rejection of all rogue radio ID spoofing attacks at signal-to-noise ratios greater than or equal to 3 dB using RF-DNA fingerprints whose features are selected using the Relief-F algorithm

A taxonomy of cyber-physical threats and impact in the smart home

In the past, home automation was a small market for technology enthusiasts. Interconnectivity between devices was down to the owner’s technical skills and creativity, while security was non-existent or primitive, because cyber threats were also largely non-existent or primitive. This is not the case any more. The adoption of Internet of Things technologies, cloud computing, artificial intelligence and an increasingly wide range of sensing and actuation capabilities has led to smart homes that are more practical, but also genuinely attractive targets for cyber attacks. Here, we classify applicable cyber threats according to a novel taxonomy, focusing not only on the attack vectors that can be used, but also the potential impact on the systems and ultimately on the occupants and their domestic life. Utilising the taxonomy, we classify twenty five different smart home attacks, providing further examples of legitimate, yet vulnerable smart home configurations which can lead to second-order attack vectors. We then review existing smart home defence mechanisms and discuss open research problems

DNA Feature Selection for Discriminating WirelessHART IIoT Devices

This paper summarizes demonstration activity aimed at applying Distinct Native Attribute (DNA) feature selection methods to improve the computational efficiency of time domain fingerprinting methods used to discriminate Wireless Highway Addressable Remote Transducer (WirelessHART) devices being used in Industrial (IIoT) applications. Efficiency is achieved through Dimensional Reduction Analysis (DRA) performed here using both pre-classification analytic (WRS and ReliefF) and post-classification relevance (RndF and GRLVQI) feature selection methods. Comparative assessments are based on statistical fingerprint features extracted from experimentally collected WirelessHART signals, with Multiple Discrimination Analysis, Maximum Likelihood (MDA/ML) estimation showing that pre-classification methods are collectively superior to post-classification methods. Specific DRA results show that an average cross-class percent correct classification differential of 8% ≤ %CD ≤ 1% can be maintained using DRA selected feature sets containing as few as 24 (10%) of the 243 full-dimensional features. Reducing fingerprint dimensionality reduces computational efficiency and improves the potential for operational implementation

Dimensional Reduction Analysis for Constellation-Based DNA Fingerprinting to Improve Industrial IoT Wireless Security

The Industrial Internet of Things (IIoT) market is skyrocketing towards 100 billion deployed devices and cybersecurity remains a top priority. This includes security of ZigBee communication devices that are widely used in industrial control system applications. IIoT device security is addressed using Constellation-Based Distinct Native Attribute (CB-DNA) Fingerprinting to augment conventional bit-level security mechanisms. This work expands upon recent CB-DNA “discovery” activity by identifying reduced dimensional fingerprints that increase the computational efficiency and effectiveness of device discrimination methods. The methods considered include Multiple Discriminant Analysis (MDA) and Random Forest (RndF) classification. RndF deficiencies in classification and post-classification feature selection are highlighted and addressed using a pre-classification feature selection method based on a Wilcoxon Rank Sum (WRS) test. Feature down-selection based on WRS testing proves to very reliable, with reduced feature subsets yielding cross-device discrimination performance consistent with full-dimensional feature sets, while being more computationally efficient

Extending Critical Infrastructure Element Longevity using Constellation-based ID Verification

This work supports a technical cradle-to-grave protection strategy aimed at extending the useful lifespan of Critical Infrastructure (CI) elements. This is done by improving mid-life operational protection measures through integration of reliable physical (PHY) layer security mechanisms. The goal is to improve existing protection that is heavily reliant on higher-layer mechanisms that are commonly targeted by cyberattack. Relative to prior device ID discrimination works, results herein reinforce the exploitability of constellation-based PHY layer features and the ability for those features to be practically implemented to enhance CI security. Prior work is extended by formalizing a device ID verification process that enables rogue device detection demonstration under physical access attack conditions that include unauthorized devices mimicking bit-level credentials of authorized network devices. The work transitions from distance-based to probability-based measures of similarity derived from empirical Multivariate Normal Probability Density Function (MVNPDF) statistics of multiple discriminant analysis radio frequency fingerprint projections. Demonstration results for Constellation-Based Distinct Native Attribute (CB-DNA) fingerprinting of WirelessHART adapters from two manufacturers includes 1) average cross-class percent correct classification of %C \u3e 90% across 28 different networks comprised of six authorized devices, and 2) average rogue rejection rate of 83.4% ≤ RRR ≤ 99.9% based on two held-out devices serving as attacking rogue devices for each network (a total of 120 individual rogue attacks). Using the MVNPDF measure proved most effective and yielded nearly 12% RRR improvement over a Euclidean distance measure

Security Analysis of Internet of Things Devices: Hands-on lab

International audienc