Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems

With a growing number of embedded devices that create, transform and send data autonomously at its core, the Internet-of-Things (IoT) is a reality in different sectors such as manufacturing, healthcare or transportation. With this expansion, the IoT is becoming more present in critical environments, where security is paramount. Infamous attacks such as Mirai have shown the insecurity of the devices that power the IoT, as well as the potential of such large-scale attacks. Therefore, it is important to secure these embedded systems that form the backbone of the IoT. However, the particular nature of these devices and their resource constraints mean that the most cost-effective manner of securing these devices is to secure them before they are deployed, by minimizing the number of vulnerabilities they ship. To this end, fuzzing has proved itself as a valuable technique for automated vulnerability finding, where specially crafted inputs are fed to programs in order to trigger vulnerabilities and crash the system. In this survey, we link the world of embedded IoT devices and fuzzing. For this end, we list the particularities of the embedded world as far as security is concerned, we perform a literature review on fuzzing techniques and proposals, studying their applicability to embedded IoT devices and, finally, we present future research directions by pointing out the gaps identified in the review

Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends

Industrial Networks (INs) are widespread environments where heterogeneous devices collaborate to control and monitor physical processes. Some of the controlled processes belong to Critical Infrastructures (CIs), and, as such, IN protection is an active research field. Among different types of security solutions, IN Anomaly Detection Systems (ADSs) have received wide attention from the scientific community.While INs have grown in size and in complexity, requiring the development of novel, Big Data solutions for data processing, IN ADSs have not evolved at the same pace. In parallel, the development of BigData frameworks such asHadoop or Spark has led the way for applying Big Data Analytics to the field of cyber-security,mainly focusing on the Information Technology (IT) domain. However, due to the particularities of INs, it is not feasible to directly apply IT security mechanisms in INs, as IN ADSs face unique characteristics. In this work we introduce three main contributions. First, we survey the area of Big Data ADSs that could be applicable to INs and compare the surveyed works. Second, we develop a novel taxonomy to classify existing INbased ADSs. And, finally, we present a discussion of open problems in the field of Big Data ADSs for INs that can lead to further development

Null is Not Always Empty: Monitoring the Null Space for Field-Level Anomaly Detection in Industrial IoT Environments

Industrial environments have vastly changed sincethe conception of initial primitive and isolated networks. Thecurrent full interconnection paradigm, where connectivity be-tween different devices and the Internet has become a businessnecessity, has driven device interconnectivity towards buildingthe Industrial Internet of Things (IIoT), enabling added valueservices such as supply chain optimization or improved processcontrol. However, whereas interconnectivity has increased, IIoTsecurity practices has not evolved at the same pace, due partlyto inherited security practices from when industrial networkswhere not connected and the existence of basic hardware withno security functionalities. In this work, we present an AnomalyDetection System for industrial environments that monitorsphysical quantities to detect intrusions. It is based in the nullspace detection, which is at the same time, based on StochasticSubspace Identification (SSI). The approach is validated usingthe Tennessee-Eastman chemical process

Using a secure element to protect the users' profiles generated by web search engines

Web search engines (WSEs) are valuable tools that are widely used to find specific information in the World Wide Web. Recently, they have increased search result relevance by personalizing them according to the users' interests. Nevertheless, WSEs also pose an important privacy threat, as they profile users by storing and analyzing their previous search data. To address this privacy problem, current solutions propose new mechanisms that add a significant computation and communication overhead, and/or lack personalized search results. In this paper we present a server-side web search model that serves personalized search results while preserving the privacy of the users. In this model, a mechanism called the secure element (SE) acts as an intermediary between the web search engine and end users. The secure element forwards queries from the users to the WSE and later re-ranks search results according to the user's previous search behavior. All communication between the users and the secure element is encrypted to prevent eavesdropping. A privacy analysis shows that the scheme effectively protects users from being profiled by WSEs or external attackers.En este artículo se presenta un modelo de búsqueda en la web en el servidor que sirve resultados de búsqueda personalizados, preservando la privacidad de los usuarios. En este modelo, un mecanismo llamado el elemento de seguridad (SE) actúa como intermediario entre el motor de búsqueda en la web y los usuarios finales. El elemento reenvía consultas seguras de los usuarios a la WSE y re-clasifica los resultados de búsqueda posteriores de acuerdo con el comportamiento de búsqueda anterior del usuario. Todas las comunicaciones entre los usuarios y el elemento seguro son encriptadas para evitar escuchas.En aquest article es presenta un model de cerca a la web al servidor que serveix resultats de cerca personalitzats, preservant la privacitat dels usuaris. En aquest model, un mecanisme anomenat l'element de seguretat (ES) actua com a intermediari entre el motor de cerca a la web i els usuaris finals. L'element reenvia consultes segures dels usuaris a la WSE i re-classifica els resultats de cerca posteriors d'acord amb el comportament de cerca anterior de l'usuari. Totes les comunicacions entre els usuaris i l'element segur són encriptades per evitar escoltes