Even the most mundane devices have become smart enough to predict our needs and give us a chance to correct our mistakes. If only they were also smart enough to protect our data.
Thanks to the Internet of Things, you can buy a thermostat that learns your habits and warms the house before you come home. You can install light switches that turn themselves off when you’re not around. Internet-connected appliances can also help us make better choices about the energy we use.
But the convenience and energy-savings come at a cost.
The data collected by these types of devices is not typically secured. Home owners may not have the expertise to monitor their growing networks and the device manufacturers may not make the effort to ensure that all the data is encrypted and secure.
With a grant from the Siebel Energy Institute, two Princeton University professors are working to develop software that monitors IoT devices for suspicious activity that could signal a security breach. Nick Feamster, the lead researcher, is a computer science professor and the acting director of the Princeton University Center for Information Technology Policy. Samory Kpotufe is an assistant professor in the Department of Operations Research and Financial Engineering.
For a year, the two have been working on Detecting Abnormal Activity on the Internet of Things With Real-Time Outlier Detection. They have started to develop algorithms that will insert defenses in a home network to protect both the home owner and others from potential attacks. They plan to publish a paper on their work this summer.
Professor Feamster spoke with the Siebel Energy Institute about the project.
Can you tell me more about the scope of the problem you’re trying to solve?
People are connecting more and more devices to the network, everything from thermostats to light switches and light bulbs and televisions. There will be billions of these IoT-connected things within five years. And they are often running software that is insecure and might be vulnerable to intrusions and attacks.
A compromised thermostat or temperature sensor could cause an office building or machine room to overheat or the devices themselves may ultimately be conscripted to send traffic as part of a massive denial or service attack. These types of attacks, which ultimately make the network unavailable, require so much traffic that the sources often come from many places. If there are a number of unsecured devices, it gives attackers the opportunity to use them to drive traffic in this type of attack.
Another threat could be to the availability of critical infrastructure. Consumers may connect devices to their home networks that then the device may attack other parts of the network, including power systems and energy grids.
We need to create new types of defenses for these attacks because the consumer may be unaware, unable, and uninterested in securing their devices on their home network. And if that’s the case, the security better be automatic, so the security of our power system doesn’t rely on the consumer who may not be the victim of the attack.
How are you solving it?
We take this situation as a given where devices that we connect to networks may be inherently insecure. We put defenses in the network that protect our services and infrastructure from devices that may be misbehaving.
Instead of relying completely on the manufacturers to secure the devices they sell, we believe that analysis of the network traffic to detect abnormal behavior (called outlier detection) is an indispensable part of any approach to securing an IoT network.
In general, outlier detection consists of identifying normal patterns, often viewed as
regions of space where most of the data clusters, and rejecting any data which falls far from these clusters. The rejected data are the outliers, indicating abnormal behavior.
We put sensors in the network to see what these IoT devices are doing. Then, they can alert the user so the remedial action can be taken.
How did you decide to work on this?
I always worked on security and spent quite a few years looking at outlier detection problems in network traffic. I used to work in spam detection and in that case, you had to look at network traffic behavior because it was too easy for spammers to change the content.
I also worked on topics on home networking. To evaluate the performance of home networks, we were measuring access length and the speed of home networks. We had unique visibility into what people had connected in their homes.
This domain—security of IoT devices on a home network—seemed well suited for outlier detection. You almost have to give up on securing the devices themselves because there are too many of them running a huge diversity of software.
What role does Prof. Kpotufe’s expertise play in this work?
He is an expert in machine learning and stats. In looking at network traffic anomalies, his skillset is critical in detecting the outliers. He works on developing algorithms and my expertise is more specific to the network domain and understanding what features we can pull out of the network.
What are the challenges you’re finding on this project?
Given the rapid adoption of IoT technology, we expect to see an increase in the variety of traffic patterns to monitor. Machine learning algorithms already exist that perform outlier detection but the challenge with the Internet of Things is the large variety of potential devices and manufacturers. One challenge is knowing what’s normal in this environment.
The notion of normal will differ for individual devices and the notion of normal may change over time. It may be normal for your thermostat to talk to Nest but abnormal for it to be talking to an unknown server in Estonia.
We are trying to automatically identify those outliers and plug something in to determine what’s normal and if the device is misbehaving.
Do device makers play a role in securing the network?
Relying on manufacturers to secure devices (and holding them accountable for deploying insecure devices) is certainly one approach to improving security but this approach is likely to be incomplete. For one thing, many IoT devices run operating systems or firmware that is insecure and unsupported by the manufacturer—devices that are deployed and forgotten may remain insecure and unpatched, ripe for compromise and attack.
Additionally, there aren’t many ways to hold the manufacturer accountable. The manufacture faces potentially negative PR but currently, there are no other repercussions from shipping a device with insecure software. They may have a reputation to protect so for major manufacturers, negative PR would not be a good thing. But it doesn’t work for smaller companies.
There’s a long tail of other devices, things you buy off of ebay or an unknown manufacturer, and it’s tricky with devices like that where manufacture might not be accountable. Aside from the PR problem, there aren’t a lot of repercussions. We don’t have legal repercussions in this domain yet and hopefully, it won’t take an attack on our critical infrastructure for the legal system to catch up with the potential threat
How did the Siebel Energy Institute seed grant impact the project?
The project spans multiple intellectual disciplines. It’s networking and security meets statistics. The Siebel Energy Institute was a good catalyst because it gave us an opportunity to work across disciplines that wouldn’t have happened otherwise.
BY JODY BERGER