IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead

SERENIoT : politiques de sécurité collaboratives pour maisons connectées

Le domaine de la maison connectée est en plein essor. L’internet des objets (IoT) apporte de nouveaux services dans l’habitat pour répondre aux évolutions énergétiques, numériques et de bien-être. Cependant ces objets connectés peuvent créer des failles de sécurité dans les environnements domestiques mettant en péril la sécurité des utilisateurs et des réseaux. Le contexte de l’environnement domestique impose un prix des équipements faible, une diversité de dispositifs très importante et des solutions de sécurité ne nécessitant pas d’action de l’utilisateur. L’ensemble de ces facteurs complique la mise en oeuvre de solutions de sécurité performantes et adaptées aux réseaux IoT domestiques. La recherche menée porte sur le développement d’un système permettant une gestion autonome des politiques de sécurité pour sécuriser les installations IoT domestiques. Elle montre que les politiques de sécurité à appliquer pour sécuriser les dispositifs IoT domestiques peuvent être générées en observant leurs comportements au sein de différentes installations. L’objectif s’articule autour de la conception d’un système permettant la création et la mise en application de politiques de sécurité grâce à un système de filtrage réseau au niveau IP.----------ABSTRACT: The recent development of the Internet of Things (IoT) brings new services to homes to improve energy efficiency and users’ well-being. However, these new smart devices can create security holes in home environments, placing the security of users and networks at risk. The design and deployment of effective security solutions tailored to home IoT networks is made difficult by the wide diversity of devices along with the constraints of equipment costs and impact on usability. This thesis focuses on the development of a system allowing autonomous management of security policies to secure home IoT installations. The system demonstrates that the security policies for consumer IoT devices can be generated by observing their behavior within different installations. The goal was to design an autonomous system capable of generating and enforcing security policies by monitoring the network at IP level

Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario