Cyber Physical Aquaponic System (CyPhA): a CPS Testbed

Aquaponics system promises a sustainable urban development and food production by combining vegetable and fish farming in a single water loop. However, traditional aquaponics suffers from a significant amount of manual intervention with regard to decision-making in the water circulation and water quality control. In this work, we design, build and deploy a laboratory-scale real aquaponics system by considering this system as a cyber physical system, and we call it as Cyber Physical Aquaponics (CyPhA) system. The design of our CyPhA system has five stages, Stage-1 contains a vertical vegetable farming unit, Stage-2 contains fish farming unit, Stage-3 contains natural nitrification system, Stage-4 contains bio-filtration system and Stage-5 contains water accumulation and release system. Water transfer from one stage to the next is done using water pumps, and oxygen mixing in the water in any stage is achieved using aeration pumps. CyPhA system uses sensors for pH, dissolved oxygen (DO), total dissolved solid (TDS), water temperature, air temperature and humidity. A critical level of any of the water parameters in any stage is indicated using a LED-based alert indicator. Sensor data and actuator control commands among the stagewise edge devices and the CyPhA Controller are exchanged over Message Queue Telemetry Transport (MQTT) protocol. Overall, CyPhA system is housed within an area of about 80 sq. ft. We have been successfully operating CyPhA system for the last 75 days and maintaining a good quality of water for both fish and vegetable farming units.Comment: 19 Pages, 10 figure

CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning

Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. As the firmware of the WLAN devices in the context of IoT, industrial systems, and medical devices is often not patched, detecting and preventing such attacks is challenging. In this paper, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. Our proposed system works without decrypting any traffic. It passively monitors multiple wireless channels in parallel in the neighborhood and uses a state machine model to characterize and detect the attacks. In particular, we develop a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the access point or the COTS devices, it only requires to be physically placed within the range of the access point and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning models, we show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using CheckShak

iTieProbe: Is Your IoT Setup Secure against (Modern) Evil Twin?

Evil twin attack on Wi-Fi network has been a challenging security problem and several solutions have been proposed to this problem. In general, evil twin attack aims to exfiltrate data, like Wi-Fi and service credentials, from the client devices and considered as a serious threat at MAC layer. IoT devices with its companion apps provides different pairing methods for provisioning. The "SmartConfig Mode", the one proposed by Texas Instrument (TI) and the "Access Point pairing mode (AP mode)" are the most common pairing modes provided by the application developer and vendor of the IoT devices. Especially, AP mode use Wi-Fi connectivity to setup IoT devices where a device activates an access point to which the mobile device running the corresponding mobile application is required to connect. In this paper, we have used evil twin attack as a weapon to test the security posture of IoT devices that use Wi-Fi network to set them up. We have designed, implemented and applied a system, called iTieProbe, that can be used in ethical hacking for discovering certain vulnerabilities during such setup. AP mode successfully completes when the mobile device is able to communicate with the IoT device via a home router over a Wi-Fi network. Our proposed system, iTieProbe, is capable of discovering several serious vulnerabilities in the commercial IoT devices that use AP mode or similar approach. We evaluated iTieProbe's efficacy on 9 IoT devices, like IoT cameras, smart plugs, Echo Dot and smart bulbs, and discovered that several of these IoT devices have certain serious threats, like leaking Wi-Fi credential of home router and creating fake IoT device, during the setup of the IoT devices.Comment: To do the responsible vulnerability disclosure of our finding

IoTScanner: Detecting and Classifying Privacy Threats in IoT Neighborhoods

In the context of the emerging Internet of Things (IoT), a proliferation of wireless connectivity can be expected. That ubiquitous wireless communication will be hard to centrally manage and control, and can be expected to be opaque to end users. As a result, owners and users of physical space are threatened to lose control over their digital environments. In this work, we propose the idea of an IoTScanner. The IoTScanner integrates a range of radios to allow local reconnaissance of existing wireless infrastructure and participating nodes. It enumerates such devices, identifies connection patterns, and provides valuable insights for technical support and home users alike. Using our IoTScanner, we attempt to classify actively streaming IP cameras from other non-camera devices using simple heuristics. We show that our classification approach achieves a high accuracy in an IoT setting consisting of a large number of IoT devices. While related work usually focuses on detecting either the infrastructure, or eavesdropping on traffic from a specific node, we focus on providing a general overview of operations in all observed networks. We do not assume prior knowledge of used SSIDs, preshared passwords, or similar.Comment: 12 page