Tag: IoT

Report available! A novel graph analytics theory model to mitigate IoT botnets attacks for big data

The project led by Raihana Syahirah Abdullah, from the Faculty of Information Technology and Communication at the Universiti Teknikal Malaysia Melaka (UTeM) finalized their project and submitted their technical report.

The research focused on getting the parameter from raw infection codes using a reverse engineering approach as well as addressing the behaviours of IoT botnets. The main objective of the research was to develop a new model in detecting IoT botnets using graph analytics theory model with analysing the selection of influence feature factor. The output of this research is a scheme that is able to remove and quarantine the suspicious codes as well as able to detect the behaviour changes in the IoT devices. The model also can be used as a security tool to discover the real behaviors of IoT botnets from the raw infection codes that exists in particular IoT devices and machines.

The report is publicly available.

Report available! NextGen Girls – Internet Security Ambassadors Project

The NextGen Girls initiative included creating an IoT and Security Curriculum including Internet governance, Privacy, IPV6, IoT, Networking, Information Security and open web technologies and training 40 female University students to become Internet Security Educators. They in turn, trained 160 of their peers, and make awareness to 800 high school girls in IoT safety. The training was delivered through 8 workshops at 4 universities, 24 live online training sessions, 2 meetups and an IoT hackathon among girls.

The main outcome of the NextGen Girls project is the development of a sustainable network of women specializing in IoT and security, advocating IoT safety and enable support for victims while increasing women participation in IoT and Security field. In the long term, the NextGen Girls community will support women to show leadership in the emerging IoT industry, increase safety and advancement of women.

Shilpa Sayura partners, AlgoHack community, Google education, Computer Society and ISOC Sri Lanka worked together to implement NextGen Girls initiative.

NextGen Girls aims to scale up the project “Respect Girls on Internet” which was awarded the ISOC 25 Under 25 Award and received an ISOC Beyond The Net Community Grant. The project developed a network of university and high school girls studying ICT. The goal of the project is to support young women professional development to pursue emerging IoT security careers, that in turn will help build safer and secure IoT environment at homes, workplaces and communities.


The emergence of pocket-sized computing devices, capable of electronic switching, sensing, controlling equipment, video, and audio has created a new paradigm shift in home automation, business, agriculture, transport, environmental technologies. IoT systems use internet to interconnect. Unsecure home uses of IoT can endanger safety and breach privacy of individuals and families. Women are particularly vulnerable as IoT misuse has facilitated revenge porn incidents, harassment, data breach, as well as scams. Online safety activitists recommend that women seek suppor from other women in the event of IoT breach, as seeking support from a male technician can pose additional risks. The project proposed approach is to develop IoT and security skills among women to safeguard their homes, workplaces, and community from IoT breaches. Women becoming IoT security experts immensely contributes to gender equality, diversity, and growth in female participation in the IoT economy.

The report is publicly available.

Report available! RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors

Dr. Di Ma from the Internet DNS Beijing Engineering Research Center (ZDNS) has completed the report for one of the grants that was allocated in 2018 for implementation in 2019, titled “RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors”.

This project implements an RPKI security mechanism that detects and counters adverse actions in the RPKI, which helps mitigate risks to global routing system. The mechanism is implemented by two components: the monitor, which detects erroneous or malicious RPKI changes, and the visualizer, which displays graphically the validation process passed to it by the validator and the alert information issued by the monitor.

The project achieved the following objectives:

  • Develop an RPKI Monitor to detect RPKI problems due to mistakes by or attacks against CAs and repositories, and generate alerts to the affected parties to remedy the problems. It also provides suggestions to guide RPs in deciding whether to accept or defer accepting those changes.
  • Develop an RPKI Visualizer to display graphically the validation process and involved RPKI data passed to it by the validator and the alert information issued by the Monitor.

The report is publicly available.

Report available! Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection

Prof. Winston Seah from the School of Engineering and Computer Science at the Victoria University of Wellington has completed the report for one of the grants that was allocated in 2017 for implementation in 2018, titled “Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection”.

The project focused on accurate traffic classification in the Internet of Things (IoT). The IoT comprises large numbers of heterogeneous simple devices running single applications, often with little to no security features making them easily compromised and used as tools in cyberattacks. As we become more connected and reliant on the Internet, any form of disruption in connectivity due network anomalies can result in adverse consequences, ranging from loss of productivity and revenue, to destruction of critical infrastructure and loss of life. In the last decade, cyberattacks have increased at an alarming rate, even just based on the reported incidents. We need to be able to classify new traffic types coming from IoT devices accurately and promptly, so that anomalous traffic can be identified and dealt with quickly.

Payload-based (PB) techniques although can reach high accuracy, but suffers from several limitations. The limitations of PB classification are expected to be addressed by statistical-based (SB) techniques. SB approaches are based on flow features and the traffic is classified using Machine Learning algorithms (MLAs). SB classification assumes that specific flow-level features such as flow duration, inter-arrival time, transmitted bytes, packet length and packet size can distinguish different types of traffic flows. We studied how unsupervised machine learning can be applied to network anomaly detection in the dynamic IoT environment where previously unencountered traffic types and patterns are regularly emerging and need to be identified and classified. This project involves the study and selection of appropriate MLAs (to be implemented as a proof-of-concept prototype) and identification of those flow features which have the highest impact on the traffic classification accuracy. This project contributes to making safer cyber-physical systems that are an integral component of the IoT.

The report is publicly available.

Report available! Software Defined Networks based Security Architecture for IoT Infrastructures

Prof. Vijay Varadharajan from the Faculty of Engineering and Built Environment at The University of Newcastle has completed the report for one of the grants that was allocated for implementation in 2018, titled “Software Defined Networks based Security Architecture for IoT Infrastructures”.

The project developed fine granular security policies and a lightweight security protocol to authenticate IoT devices and authorise them to access services in network infrastructure in a secure manner. The project involved three stages:

  • In the first stage, the project team conducted a detailed study of security attacks on IoT infrastructures and the different security solutions that currently exist to counteract the various types of attacks. Then, analysed the pros and cons of the existing solutions, and developed security requirements that need to be addressed in designing security architecture for IoT Applications.
  • As part of second stage, the team developed a lightweight authentication protocol based on a novel public key encryption scheme. The proposed protocol achieved a balance between the efficiency and communication cost without sacrificing security.
  • In the third stage, the team proposed a SDN based security architecture for IoT systems. Their security architecture allowed specification of fine granular access policy constraints on communications between end users, devices and services in a distributed environment. A novel feature of the proposed architecture is its ability to specify path based security policies, which is a distinct advantage in SDNs.

The report is publicly available here:

https://isif.asia/software-defined-networks-based-security-architecture-for-iot-infrastructures/

IoT solutions to help reduce human-elephant conflict in Sri Lanka

The APNIC blog published yesterday an article written by Asanka Sayakkara, Assistant Lecturer at University of Colombo School of Computing (UCSC), about Internet of Things (IoT) solutions to deal with the problems that emerge from the interaction between humans-elephants.

From ISIF Asia, is really great to see how one of the organizations that received one of our first grants, continues to work on innovative solutions that use Internet technologies to address development problems. Kasun de Zoysa from UCSC worked back in 2010, on a Virtual IPv6 application test bed.

Asanka’s article as published at the APNIC blog is below and information about Kasun’s work is linked there. Hope you enjoy!

ISIF Secretariat

 

IoT solutions to help reduce human-elephant conflict in Sri Lanka

IoT for elephants-human conflict

Human-elephant conflict is a very serious and destructive problem in rural Sri Lanka.

Each year, around 70 people are killed by elephants who wander into villages and farms in search of food; and nearly four times as many elephants are killed as a result.  Elephants wandering into farmland also damage crops.

Presenting at the Internet of Things (IoT) tutorial at the recent APNIC 42 conference held in Colombo Sri Lanka, Dr Kasun de Zoysa from the University of Colombo’s School of Computing, shared with attendees examples of how his team, in collaboration with Sweden’s Uppsala University, are employing simple IoT solutions to protect crops and both human and elephant lives.

“Different people have approached this problem in different ways: biologists and animal conservationists are trying their best to protect local habitats, and the government and villagers have built kilometres of electric fencing around their villages and farms,” says Kasun.

“Our approach seeks to complement these efforts by incorporating sensing and data processing technology.”

Such technologies include making electric fences smarter and improving elephant warning systems.

Smarter electric fences

Electric fencing is a common solution used to protect villagers from elephants, particularly farmlands bordering the jungle.

However, Kasun says elephants have learnt how to avoid electric fences and discovered ways to break them, making the practice less reliable.

Once broken, it takes a significant human effort to find the location of the breakage by walking along the fence wire several kilometers long under the threat of nearby wild elephants.

To overcome this, Kasun’s team have developed a cost-effective electric fence, with small IoT nodes placed along the wire that can communicate with each other using the same wire as the communication medium.

“Their packets are encoded into the high-voltage electric pulses in a way that enables us to identify which node is disconnected from the network,” says Kasun. “When a node is disconnected from the network (part of the fence is broken) we can send alerts to maintenance crews with the exact location of the breakage.”

Infrasonic elephant localization system

Kasun says that although this new system will help with alerting villagers to potential elephant intrusions, it is not by itself a sustainable solution to protect people’s lives.

“This is where our second approach comes in,” says Kasun. “We have been testing an infrasonic localization system to locate elephants.”

Elephants emit infrasonic (low frequency sounds) which travel further compared to audible frequencies. The system we are working on can accurately locate elephants in the area and alert people via various means including SMS alerts and social media.”

Kasun says that both the infrasonic elephant localization system and the smart electric fence are still in experimental stages; however, they plan to launch a pilot program in the coming months to evaluate their effectiveness.

“Success of this pilot deployment will provide us with the valuable information we need to complete this work and produce a cost-effective, open-source product that anybody can build.”

Read more about Kasun’s team’s preliminary work with infrasonic elephant localization systems.