A systematic design approach to IOT security for legacy production machinery

The Internet of Things (IoT) is an emerging topic of rapidly growing technical importance for the industry. The aim is to connect objects with unique identifiers and combine them with internet connectivity for data transfer. This advanced connectivity has significant potential in the workshop-level upgrade of existing legacy equipment to unlock new features and economic benefits especially for monitoring and control applications However, the introduction of the Industrial Internet of Things (IIoT) brings new additional security and integrity risks for the industrial environment in the form of network, communication, software and hardware security risks. This thesis addresses such fundamental new risks at their root by introducing a novel approach for IoT-enabled monitoring of legacy production machinery, which consist of five stages, incorporating security by design features. The first two phases of this novel approach aim to analyse current monitoring practices and security and vulnerability issues related to the application domain. The proposed approach applies three more stages which make the domain-relevant analysis to become application specific. These include a detailed model of the application context on legacy production machinery monitoring, together with its interfaces and functionality, implementing threat mitigations combined with a new modular IoT DAQ unit mechanism, validated by functional tests against Denial of Service (DoS) and clone attacks. Thus, to be effective, the design approach is further developed with application-specific functionality. This research demonstrates an instance of this innovative riskaverse design thinking through introducing an IoT device design which is applicable to a wide set of industrial scenarios. A practical showcase example of a specific implementation of the generic IoT design is given through a concrete industrial application that upgrades existing legacy machine tool equipment. The reported work establishes a novel viewpoint for the understanding of IoT security risks and their consequent mitigation, opening a new space of riskaverse designs that can bring significant confidence in data, safety, and security of IoT-enabled industry.Manufacturin

Profiling IoT botnet activity

Undoubtedly, Internet of Things (IoT) devices have evolved into a necessity within our modern lifestyles. Nonetheless, IoT devices have proved to pose significant security risks due to their vulnerabilities and susceptibility to malware. Evidently, vulnerable IoT devices are enlisted by attackers to participate into Internet-wide botnets in order to instrument large-scale cyber-attacks and disrupt critical Internet services. Tracking these botnets is challenging due to their varying structural characteristics, and also due to the fact that malicious actors continuously adopt new evasion and propagation strategies. This thesis develops BotPro framework, a novel data-driven approach for profiling IoT botnet behaviour. BotPro provides a comprehensive approach for capturing and highlighting the behavioural properties of IoT botnets with respect to their structural and propagation properties across the global Internet. We implement the proposed framework using real-world data obtained from the measurement infrastructure that was designed in this thesis. Our measurement infrastructure gathers data from various sources, including globally distributed honeypots, regional Internet registries, global IP blacklists and routing topology. This diverse dataset forms a strong foundation for profiling IoT botnet activity, ensuring that our analysis accurately reflects behavioural patterns of botnets in real-world scenarios. BotPto encompasses diverse methods to profile IoT botnets, including information theory, statistical analysis, natural language processing, machine learning and graph theory. The framework’s results provide insights related to the structural properties as well as the evolving scanning and propagation strategies of IoT botnets. It also provides evidence on concentrated botnet activities and determines the effectiveness of widely used IP blacklists on capturing their evolving behaviour. In addition, the insights reveal the strategy adopted by IoT botnets in expanding their network and increasing their level of resilience. The results provide a compilation of the most important autonomous system(AS) attributes that frequently embrace IoT botnet activity as well as provide a novel macroscopic view on the influence of AS-level relationships with respect to IoT botnet propagation. Furthermore, It provides insights into the structural properties of botnet loaders with respect to the distribution of malware binaries of various strains. The insights generated by BotPro are essential to equip next generation automated cyber threat intelligence, intrusion detection systems and anomaly detection mechanisms with enriched information regarding evolving scanning, establishment and propagation strategies of new botnet variants. Industry will be equipped with even more improved ways to defend against emerging threats in the domains of cyber warfare, cyber tourism and cybercrime. The BotPro framework provides a comprehensive platform for stakeholders, including cybersecurity researchers, security analysts and network administrators to gain deep and meaningful insights into the sophisticated activities and behaviour exhibited by IoT botnets