Security in IoT systems and applications

Abstract

Nowadays we are seeing an amazing grown up of IoT usage and its tremendous applications in the human life. IoT smart devices are spreading in all aspects of our society, including industry, smart health, smart city, smart home, smart transport, smart sport and many others.

In this scenario security becomes a crucial aspect and it is essential to protect both the devices used by these systems and the data they exchange.

Indeed, given the broad utilization of IoT devices, malicious manipulations could cause deep implications on the security and the strength of the entire Internet. The Cyber attack launched by the Mirai malware represents a clear example of the severity caused by instrumenting zombified IoT devices (bots) to launch a larger DDoS attack, and testifies the necessity of secure authentication mechanisms, together with proper traffic classification techniques.

Unfortunately the constrains existing in several IoT devices, such as low computation power, low memory and constrained power sources, make it troublesome to apply current solutions utilized in the standard Internet and solid cryptographic mechanisms.

For these reasons novel security measures ought to be outlined and be optimized taking into consideration the being special properties of the IoT environment.

One important aspect in the protection of an IoT system is the possibility of early detection of possible attack attempts. Therefore, the need for early detection of IoT malicious traffic is a current hot topic, but the methods currently available, even those based on artificial neural networks are not satisfying for different reasons: i) do not reach yet the maximum possible accuracy, ii) most of the time have been tuned based on local ad hoc traffic datasets from one single network scenario, and iii) sometimes do not consider actual IoT traffic at all.

In this research working a novel applicable and effective model based on neural network have been studied. These have been the main contribution on this aspect: i) an analysis of recent IoT datasets publicly available; ii) the creation of a large dataset of IoT traffic, encompassing different types of IoT attacks, and the computation of a large set of features, to foster new analyses and researches; iii) the design and implementation of a deep neural network classifier, capable to achieve very high accuracy, more than all similar contributions in the recent literature, over a dataset made of traffic from different networks.

From the application point of view, in order to study and use IoT specific protocols and systems, a smart agriculture and precision irrigation scenario has been considered. This scenario has been also the focus of the Emilia-Romagna funded project POSITIVE (Protocolli operativi scalabili per l'agricoltura di precisione).

Within this research activity we focused on networked IoT solutions based on the LoRaWAN technology.

LoRaWAN is a low-power radio access and system architecture for LoRa devices and it is an open network standard developed by a non-profit association called LoRa Alliance. It is based on LoRa, a proprietary physical layer developed by Semtech Corporation. It is a universal standard for LoRa communication technology and provides solid connectivity between devices and networks without the need for complex installation. As designed for IoT applications, LoRa complies with important technical requirements such as two-way communication, end-to-end security, mobility and localization services. LoRaWAN specifications directly face different relevant aspects like device battery life, network capacity, quality of service, security and the variety of applications provided by the network.

One of the practical advantages of LoRaWAN is that it provides a complete and light IoT architecture for connecting low-power devices, using the long range wireless technology. LoRaWAN devices can be seen as LoRa converters which convert sensor digital data (e.g. soil moisture) to LoRa messages and send them to an application-server through one or more LoRaWAN gateways and proper backend system. The success of LoRaWAN in the last years is demonstrated by the appearance of large number of LoRaWAN devices and systems.

In this application context, security aspects related to LoRaWAN systems have been studied, and an extensive experimentation activity have been carried out. Different hardware and software LoRaWAN systems have been tested, and an integrated testbed formed by different sensor devices, gateways and LoRaWAN open networks has been deployed.

When trying to integrate different IoT platforms in a larger IoT system, possibly formed by both LoRaWAN and non-LoRa devices, some complication may arise without any off-the-shelf solution for the user. For this reason we studied and proposed possible interworking solutions, covering the cases when: i) non-LoRa devices have to be connected to to a LoRaWAN system, ii) LoRaWAN devices have to be connected to an existing non-LoRaWAN IoT platform, iii) different LoRaWAN and non-LoRa networks have to be connected together creating a larger and heterogeneous IoT system.