An official website of the United States government
Internet of Things (IoT) devices have increased drastically in complexity and prevalence within the last decade. Alongside the proliferation of IoT devices and applications, attacks targeting them have gained popularity. Recent large-scale attacks such as Mirai and VPNFilter highlight the lack of comprehensive defenses for IoT devices. Existing security solutions are inadequate against skilled adversaries with sophisticated and stealthy attacks against IoT devices. Powerful provenance-based intrusion detection systems have been successfully deployed in resource-rich servers and desktops to identify advanced stealthy attacks. However, IoT devices lack the memory, storage, and computing resources to directly apply these provenance analysis techniques on the device. This paper presents ProvIoT, a novel federated edge-cloud security framework that enables on-device syscall-level behavioral anomaly detection in IoT devices. ProvIoT applies federated learning techniques to overcome data and privacy limitations while minimizing network overhead. Infrequent on-device training of the local model requires less than 10% CPU overhead; syncing with the global models requires sending and receiving 2MB over the network. During normal offline operation, ProvIoT periodically incurs less than 10% CPU overhead and less than 65MB memory usage for data summarization and anomaly detection. Our evaluation shows that ProvIoT detects fileless malware and stealthy APT attacks with an average F1 score of 0.97 in heterogeneous real-world IoT applications. ProvIoT is a step towards extending provenance analysis to resource-constrained IoT devices, beginning with well-resourced IoT devices such as the RaspberryPi, Jetson Nano, and Google TPU.
more »
« less
This content will become publicly available on January 1, 2026
Leveraging Heterogeneous Programmable Data Planes for Security and Privacy of Cellular Networks, 5G & Beyond
Cellular networks have become a critical part of our networking infrastructure, enabling ubiquitous communication. However, they are likely to be under threat, and can also be the vehicle through which cellular-connected end-systems can be subject to attacks. This paper introduces our efforts to leverage data plane devices such as programmable network interface cards, switches, and end-hosts to efficiently detect attacks and ensure user privacy at terabit per second speeds. Specifically, our project designs a heterogeneous data plane framework that cohesively combines multiple data plane devices, and designs two security solutions on the framework: security monitoring and privacy protection. This paper briefly introduces the goals and initial results for the two solutions.
more »
« less
- PAR ID:
- 10632370
- Publisher / Repository:
- J-STAGE
- Date Published:
- Journal Name:
- IEICE Transactions on Information and Systems
- Volume:
- E108.D
- Issue:
- 6
- ISSN:
- 0916-8532
- Page Range / eLocation ID:
- 485 to 493
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The Internet of Things (IoT) offers immense benefits by enabling devices to leverage networked resources thereby making intelligent decisions. The numerous heterogeneous connected devices that exist throughout the IoT system creates new security and privacy concerns. Some of these concerns can be overcome through trust, transparency, and integrity, which can be achieved with data provenance. Data provenance, also known as data lineage, provides a history of transformations that occurs on a data object from the time it was created to its current state. Data provenance has been explored in the areas of scientific computing, business, forensic analysis, and intrusion detection. Data provenance can help in detecting and mitigating malicious cyber attacks. In this paper, we explore the integration of provenance within the IoT. We introduce Provenance Aware Internet of Things System (PAIoTS), a provenance collection framework for IoT devices. We evaluate the effectiveness of our framework by developing a prototype system for proof of concept.more » « less
-
As network services progress and mobile and IoT environments expand, numerous security concerns have surfaced for spectrum access systems (SASs). The omnipresent risk of Denial-of-Service (DoS) attacks and raising concerns about user privacy (e.g., location privacy, anonymity) are among such cyber threats. These security and privacy risks increase due to the threat of quantum computers that can compromise longterm security by circumventing conventional cryptosystems and increasing the cost of countermeasures. While some defense mechanisms exist against these threats in isolation, there is a significant gap in the state of the art on a holistic solution against DoS attacks with privacy and anonymity for spectrum management systems, especially when post-quantum (PQ) security is in mind. In this paper, we propose a new cybersecurity framework, PACDoSQ, which is the first to offer location privacy and anonymity for spectrum management with counter DoS and PQ security simultaneously. Our solution introduces the private spectrum bastion concept to exploit existing architectural features of SASs and then synergizes them with multi-server private information retrieval and PQ-secure Tor to guarantee a location-private and anonymous acquisition of spectrum information, together with hash-based client-server puzzles for counter DoS. We prove that PACDoSQ achieves its security objectives and show its feasibility via a comprehensive performance evaluation.more » « less
-
With advances in sensing, networking, and computing, smart medical devices have been widely deployed in various clinical settings. However, cyber attacks on hospital networks and critical medical devices are serious threats to patient safety, security, and privacy. This paper studies the cyber-security attacks that target hospital networks and other interconnected clinical environments. Our goal is to characterize threat models in such environments by studying the public data from vulnerability databases on medical devices and reports on real attacks targeted at hospital networks. We use a keyword-based approach to identify security reports on medical devices. We summarize our observations from the analysis of the vulnerability reports and provide insights into the types and impacts of vulnerabilities.more » « less
-
Near-field communication (NFC) is one of the essential technologies in the Internet of Things (IoT) that has facilitated mobile payment across different services. The technology has become increasingly popular, as cryptocurrencies like Bitcoin have revolutionized how payment systems can be designed. However, this technology is subject to security problems, such as man-in-the-middle attacks, double-spending, and replay attacks, raising the need to incorporate other solutions such as blockchain technology. Concerns about the security and privacy of payments using NFC technology raise the need to adopt blockchain-based cryptocurrency payment. For instance, NFC payment has been criticized for a lack of measures to counter potential attacks, such as brute force or double-spending. Thus, incorporating blockchain technology is expected to improve the security features of the NFC mobile payment protocol and improve user experience. Blockchain technology has been praised for enabling fair payment, as it permits direct transactions without engaging a third party. Therefore, integrating blockchain cryptocurrency in IoT devices will revolutionize the NFC payment method and provide value transfer using IoT devices. Combining NFC with blockchain technology and cryptocurrencies is necessary to address security and privacy problems. The purpose of this paper is to explore the potential behind incorporating blockchain technology and cryptocurrencies like Bitcoin in the NFC payment protocol.more » « less
