45 research outputs found
Single-board Device Individual Authentication based on Hardware Performance and Autoencoder Transformer Models
The proliferation of the Internet of Things (IoT) has led to the emergence of
crowdsensing applications, where a multitude of interconnected devices
collaboratively collect and analyze data. Ensuring the authenticity and
integrity of the data collected by these devices is crucial for reliable
decision-making and maintaining trust in the system. Traditional authentication
methods are often vulnerable to attacks or can be easily duplicated, posing
challenges to securing crowdsensing applications. Besides, current solutions
leveraging device behavior are mostly focused on device identification, which
is a simpler task than authentication. To address these issues, an individual
IoT device authentication framework based on hardware behavior fingerprinting
and Transformer autoencoders is proposed in this work. This solution leverages
the inherent imperfections and variations in IoT device hardware to
differentiate between devices with identical specifications. By monitoring and
analyzing the behavior of key hardware components, such as the CPU, GPU, RAM,
and Storage on devices, unique fingerprints for each device are created. The
performance samples are considered as time series data and used to train
outlier detection transformer models, one per device and aiming to model its
normal data distribution. Then, the framework is validated within a spectrum
crowdsensing system leveraging Raspberry Pi devices. After a pool of
experiments, the model from each device is able to individually authenticate it
between the 45 devices employed for validation. An average True Positive Rate
(TPR) of 0.74+-0.13 and an average maximum False Positive Rate (FPR) of
0.06+-0.09 demonstrate the effectiveness of this approach in enhancing
authentication, security, and trust in crowdsensing applications
MTFS: a Moving Target Defense-Enabled File System for Malware Mitigation
Ransomware has remained one of the most notorious threats in the
cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel
paradigm for proactive defense. Although various approaches leverage MTD, few
of them rely on the operating system and, specifically, the file system,
thereby making them dependent on other computing devices. Furthermore, existing
ransomware defense techniques merely replicate or detect attacks, without
preventing them. Thus, this paper introduces the MTFS overlay file system and
the design and implementation of three novel MTD techniques implemented on top
of it. One delaying attackers, one trapping recursive directory traversal, and
another one hiding file types. The effectiveness of the techniques are shown in
two experiments. First, it is shown that the techniques can delay and mitigate
ransomware on real IoT devices. Secondly, in a broader scope, the solution was
confronted with 14 ransomware samples, highlighting that it can save 97% of the
files
CyberSpec: Intelligent Behavioral Fingerprinting to Detect Attacks on Crowdsensing Spectrum Sensors
Integrated sensing and communication (ISAC) is a novel paradigm using
crowdsensing spectrum sensors to help with the management of spectrum scarcity.
However, well-known vulnerabilities of resource-constrained spectrum sensors
and the possibility of being manipulated by users with physical access
complicate their protection against spectrum sensing data falsification (SSDF)
attacks. Most recent literature suggests using behavioral fingerprinting and
Machine/Deep Learning (ML/DL) for improving similar cybersecurity issues.
Nevertheless, the applicability of these techniques in resource-constrained
devices, the impact of attacks affecting spectrum data integrity, and the
performance and scalability of models suitable for heterogeneous sensors types
are still open challenges. To improve limitations, this work presents seven
SSDF attacks affecting spectrum sensors and introduces CyberSpec, an
ML/DL-oriented framework using device behavioral fingerprinting to detect
anomalies produced by SSDF attacks affecting resource-constrained spectrum
sensors. CyberSpec has been implemented and validated in ElectroSense, a real
crowdsensing RF monitoring platform where several configurations of the
proposed SSDF attacks have been executed in different sensors. A pool of
experiments with different unsupervised ML/DL-based models has demonstrated the
suitability of CyberSpec detecting the previous attacks within an acceptable
timeframe
GuardFS: a File System for Integrated Detection and Mitigation of Linux-based Ransomware
Although ransomware has received broad attention in media and research, this
evolving threat vector still poses a systematic threat. Related literature has
explored their detection using various approaches leveraging Machine and Deep
Learning. While these approaches are effective in detecting malware, they do
not answer how to use this intelligence to protect against threats, raising
concerns about their applicability in a hostile environment. Solutions that
focus on mitigation rarely explore how to prevent and not just alert or halt
its execution, especially when considering Linux-based samples. This paper
presents GuardFS, a file system-based approach to investigate the integration
of detection and mitigation of ransomware. Using a bespoke overlay file system,
data is extracted before files are accessed. Models trained on this data are
used by three novel defense configurations that obfuscate, delay, or track
access to the file system. The experiments on GuardFS test the configurations
in a reactive setting. The results demonstrate that although data loss cannot
be completely prevented, it can be significantly reduced. Usability and
performance analysis demonstrate that the defense effectiveness of the
configurations relates to their impact on resource consumption and usability
A Supervised ML Biometric Continuous Authentication System for Industry 4.0
Continuous authentication (CA) is a promising approach to authenticate workers and avoid security breaches in the industry, especially in Industry 4.0, where most interaction between workers and devices takes place. However, introducing CA in industries raises the following unsolved questions regarding machine learning (ML) models: its precision and performance; its robustness; and the issue about if or when to retrain the models. To answer these questions, this article explores these issues with a proposed supervised versus nonsupervised ML-based CA system that uses sensors, applications statistics, or speaker data collected by the operator’s devices. Experiments show supervised models with equal error rates of 7.28% using sensors data, 9.29% with statistics, and 0.31% with voice, a significant improvement of 71.97, 62.14, and 97.08%, respectively, over unsupervised models. Voice is the most robust dimension when adding new workers, with less than 2% of false acceptance rate even if workforce size is doubled
Trust-as-a-Service: A reputation-enabled trust framework for 5G network resource provisioning
Trust, security, and privacy are three of the major pillars to assemble the fifth-generation network and beyond. Despite such pillars are principally interconnected, a multitude of challenges arise that need to be addressed separately. 5G networks ought to offer flexible and pervasive computing capabilities across multiple domains according to user demands and assure trustworthy network providers. To this end, distributed marketplaces expect to boost the trading of heterogeneous resources so as to enable the establishment of pervasive service chains between cross-domains. Yet, the need for selecting reliable parties as “marketplace operators” plays a pivotal role in achieving a trustworthy ecosystem. Two of the principal blockages in managing foreseeable networks are the need to consider trust as a property in the resource provisioning process and adapt previous trust models to accomplish the new network and business requirements. In this regard, this article is centered on the trust management of 5G multi-party network resource provisioning. As a result, a reputation-based trust framework is proposed as a Trust-as-a-Service (TaaS) solution for a distributed multi-stakeholder environment where requirements such as zero trust and zero-touch principles should be met. Besides, a literature review is also conducted to recognize the network and business requirements currently envisaged. Finally, the validation of the proposed trust framework was performed in a real research environment, the 5GBarcelona testbed, leveraging 12% of a 2.1 GHz CPU with 20 cores and 2% of the 30 GiB memory. These outcomes reveal the TaaS solution’s feasibility and conservative approach in the context of determining reliable network operators
LwHBench: A low-level hardware component benchmark and dataset for Single Board Computers
In today's computing environment, where Artificial Intelligence (AI) and data
processing are moving toward the Internet of Things (IoT) and the Edge
computing paradigm, benchmarking resource-constrained devices is a critical
task to evaluate their suitability and performance. The literature has
extensively explored the performance of IoT devices when running high-level
benchmarks specialized in particular application scenarios, such as AI or
medical applications. However, lower-level benchmarking applications and
datasets that analyze the hardware components of each device are needed. This
low-level device understanding enables new AI solutions for network, system and
service management based on device performance, such as individual device
identification, so it is an area worth exploring more in detail. In this paper,
we present LwHBench, a low-level hardware benchmarking application for
Single-Board Computers that measures the performance of CPU, GPU, Memory and
Storage taking into account the component constraints in these types of
devices. LwHBench has been implemented for Raspberry Pi devices and run for 100
days on a set of 45 devices to generate an extensive dataset that allows the
usage of AI techniques in different application scenarios. Finally, to
demonstrate the inter-scenario capability of the created dataset, a series of
AI-enabled use cases about device identification and context impact on
performance are presented as examples and exploration of the published data
Can Evil IoT Twins Be Identified? Now Yes, a Hardware Behavioral Fingerprinting Methodology
The connectivity and resource-constrained nature of IoT, and in particular
single-board devices, opens up to cybersecurity concerns affecting the
Industrial Internet of Things (IIoT). One of the most important is the presence
of evil IoT twins. Evil IoT twins are malicious devices, with identical
hardware and software configurations to authorized ones, that can provoke
sensitive information leakages, data poisoning, or privilege escalation in
industrial scenarios. Combining behavioral fingerprinting and Machine/Deep
Learning (ML/DL) techniques is a promising solution to identify evil IoT twins
by detecting minor performance differences generated by imperfections in
manufacturing. However, existing solutions are not suitable for single-board
devices because they do not consider their hardware and software limitations,
underestimate critical aspects during the identification performance
evaluation, and do not explore the potential of ML/DL techniques. Moreover,
there is a dramatic lack of work explaining essential aspects to considering
during the identification of identical devices. This work proposes an
ML/DL-oriented methodology that uses behavioral fingerprinting to identify
identical single-board devices. The methodology leverages the different
built-in components of the system, comparing their internal behavior with each
other to detect variations that occurred in manufacturing processes. The
validation has been performed in a real environment composed of identical
Raspberry Pi 4 Model B devices, achieving the identification for all devices by
setting a 50% threshold in the evaluation process. Finally, a discussion
compares the proposed solution with related work and provides important lessons
learned and limitations