Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems

With a growing number of embedded devices that create, transform and send data autonomously at its core, the Internet-of-Things (IoT) is a reality in different sectors such as manufacturing, healthcare or transportation. With this expansion, the IoT is becoming more present in critical environments, where security is paramount. Infamous attacks such as Mirai have shown the insecurity of the devices that power the IoT, as well as the potential of such large-scale attacks. Therefore, it is important to secure these embedded systems that form the backbone of the IoT. However, the particular nature of these devices and their resource constraints mean that the most cost-effective manner of securing these devices is to secure them before they are deployed, by minimizing the number of vulnerabilities they ship. To this end, fuzzing has proved itself as a valuable technique for automated vulnerability finding, where specially crafted inputs are fed to programs in order to trigger vulnerabilities and crash the system. In this survey, we link the world of embedded IoT devices and fuzzing. For this end, we list the particularities of the embedded world as far as security is concerned, we perform a literature review on fuzzing techniques and proposals, studying their applicability to embedded IoT devices and, finally, we present future research directions by pointing out the gaps identified in the review

Data-Driven Anomaly Detection in Industrial Networks

Since the conception of the first Programmable Logic Controllers (PLCs) in the 1960s, Industrial Control Systems (ICSs) have evolved vastly. From the primitive isolated setups, ICSs have become increasingly interconnected, slowly forming the complex networked environments, collectively known as Industrial Networks (INs), that we know today. Since ICSs are responsible for a wide range of physical processes, including those belonging to Critical Infrastructures (CIs), securing INs is vital for the well-being of modern societies. Out of the many research advances on the field, Anomaly Detection Systems (ADSs) play a prominent role. These systems monitor IN and/or ICS behavior to detect abnormal events, known or unknown. However, as the complexity of INs has increased, monitoring them in the search of anomalous trends has effectively become a Big Data problem. In other words, IN data has become too complex to process it by traditional means, due to its large scale, diversity and generation speeds. Nevertheless, ADSs designed for INs have not evolved at the same pace, and recent proposals are not designed to handle this data complexity, as they do not scale well or do not leverage the majority of the data types created in INs. This thesis aims to fill that gap, by presenting two main contributions: (i) a visual flow monitoring system and (ii) a multivariate ADS that is able to tackle data heterogeneity and to scale efficiently. For the flow monitor, we propose a system that, based on current flow data, builds security visualizations depicting network behavior while highlighting anomalies. For the multivariate ADS, we analyze the performance of Multivariate Statistical Process Control (MSPC) for detecting and diagnosing anomalies, and later we present a Big Data, MSPCinspired ADS that monitors field and network data to detect anomalies. The approaches are experimentally validated by building INs in test environments and analyzing the data created by them. Based on this necessity for conducting IN security research in a rigorous and reproducible environment, we also propose the design of a testbed that serves this purpose

Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends

Industrial Networks (INs) are widespread environments where heterogeneous devices collaborate to control and monitor physical processes. Some of the controlled processes belong to Critical Infrastructures (CIs), and, as such, IN protection is an active research field. Among different types of security solutions, IN Anomaly Detection Systems (ADSs) have received wide attention from the scientific community.While INs have grown in size and in complexity, requiring the development of novel, Big Data solutions for data processing, IN ADSs have not evolved at the same pace. In parallel, the development of BigData frameworks such asHadoop or Spark has led the way for applying Big Data Analytics to the field of cyber-security,mainly focusing on the Information Technology (IT) domain. However, due to the particularities of INs, it is not feasible to directly apply IT security mechanisms in INs, as IN ADSs face unique characteristics. In this work we introduce three main contributions. First, we survey the area of Big Data ADSs that could be applicable to INs and compare the surveyed works. Second, we develop a novel taxonomy to classify existing INbased ADSs. And, finally, we present a discussion of open problems in the field of Big Data ADSs for INs that can lead to further development

Null is Not Always Empty: Monitoring the Null Space for Field-Level Anomaly Detection in Industrial IoT Environments

Industrial environments have vastly changed sincethe conception of initial primitive and isolated networks. Thecurrent full interconnection paradigm, where connectivity be-tween different devices and the Internet has become a businessnecessity, has driven device interconnectivity towards buildingthe Industrial Internet of Things (IIoT), enabling added valueservices such as supply chain optimization or improved processcontrol. However, whereas interconnectivity has increased, IIoTsecurity practices has not evolved at the same pace, due partlyto inherited security practices from when industrial networkswhere not connected and the existence of basic hardware withno security functionalities. In this work, we present an AnomalyDetection System for industrial environments that monitorsphysical quantities to detect intrusions. It is based in the nullspace detection, which is at the same time, based on StochasticSubspace Identification (SSI). The approach is validated usingthe Tennessee-Eastman chemical process

Using a secure element to protect the users' profiles generated by web search engines

Web search engines (WSEs) are valuable tools that are widely used to find specific information in the World Wide Web. Recently, they have increased search result relevance by personalizing them according to the users' interests. Nevertheless, WSEs also pose an important privacy threat, as they profile users by storing and analyzing their previous search data. To address this privacy problem, current solutions propose new mechanisms that add a significant computation and communication overhead, and/or lack personalized search results. In this paper we present a server-side web search model that serves personalized search results while preserving the privacy of the users. In this model, a mechanism called the secure element (SE) acts as an intermediary between the web search engine and end users. The secure element forwards queries from the users to the WSE and later re-ranks search results according to the user's previous search behavior. All communication between the users and the secure element is encrypted to prevent eavesdropping. A privacy analysis shows that the scheme effectively protects users from being profiled by WSEs or external attackers.En este artículo se presenta un modelo de búsqueda en la web en el servidor que sirve resultados de búsqueda personalizados, preservando la privacidad de los usuarios. En este modelo, un mecanismo llamado el elemento de seguridad (SE) actúa como intermediario entre el motor de búsqueda en la web y los usuarios finales. El elemento reenvía consultas seguras de los usuarios a la WSE y re-clasifica los resultados de búsqueda posteriores de acuerdo con el comportamiento de búsqueda anterior del usuario. Todas las comunicaciones entre los usuarios y el elemento seguro son encriptadas para evitar escuchas.En aquest article es presenta un model de cerca a la web al servidor que serveix resultats de cerca personalitzats, preservant la privacitat dels usuaris. En aquest model, un mecanisme anomenat l'element de seguretat (ES) actua com a intermediari entre el motor de cerca a la web i els usuaris finals. L'element reenvia consultes segures dels usuaris a la WSE i re-classifica els resultats de cerca posteriors d'acord amb el comportament de cerca anterior de l'usuari. Totes les comunicacions entre els usuaris i l'element segur són encriptades per evitar escoltes