1 / 31

Deployment Optimization of IoT Devices through Attack Graph Analysis

This research investigates the security implications of different IoT deployments and develops an algorithm to find the optimal deployment with minimum security risk through attack graph analysis.

gregs
Download Presentation

Deployment Optimization of IoT Devices through Attack Graph Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deployment Optimization of IoT Devices through Attack Graph Analysis Noga Agmon Supervisors: Dr. Rami Puzis, Dr. Asaf Shabtai Dept. of Software and Information Systems Engineering, Ben-Gurion University of the Negev, Israel

  2. Example

  3. Example

  4. Example

  5. Example

  6. Research Goals • Investigate the security implications of different IoT deployments. • Develop an algorithm to find the deployment with the minimum security risk (optimal deployment).

  7. Example

  8. Example Attack Path Attack Graph

  9. Attack Graph – Background • Model of a computer network that encompasses computer connectivity, vulnerabilities, assets, and exploits. • Used to represent collections of complex multi-step attack scenarios. • Security analyst can assess the risks of potential intrusions and devise effective protective strategies by analyzing the attack graph. • Three main stages: (1) network and vulnerabilities scanning, (2) attack graph modeling, and (3) attack graph analysis.

  10. Vul1 Attacker in Vul2 Attack Graph - Structure Exp Exp 1 3 2 AttackerControl AttackerControl 4 5 Vul3 6 7 8 Exp Exp 10 9 Vul4 AttackerControl 12 11 13 Exp 14 AttackerControl

  11. Vul1 Attacker in Vul2 Attack Graph - Structure Exp Exp 1 3 2 AttackerControl AttackerControl 4 5 Vul3 6 7 8 Exp Exp 10 9 Vul4 AttackerControl 12 11 13 Attack Path Exp 14 AttackerControl

  12. IoT Attack Graphs • IoT devices introduce additional challenges to attack graphs: • Diverse physical locations, • Variety of short-range communication protocols, • Cyber-physical capabilities of the devices, • Mobility, • etc.

  13. IoT Attack Graphs • Short-range communication protocols – The number of protocols in the device can influence the security. • An hacker can take advantage of a compromised device and use the other protocols as entry points to the network. • Physical location – The location of an IoT device can bridge between networks through short-range communication protocols.

  14. IoT Attack Graphs • We augmented the attack graph to model short-range communication protocols. • We define possible connectivity between devices based on their locations and supported protocols.  • The connection range of IoT device deployed in a location can be estimated based on the radio specification of the device.

  15. Risk Score • A way to quantify the security of a network. • There are many methods to measure the security risk using an attack graph. • For example, likelihood of attack, number of exploits needed, etc.

  16. Our Risk Score • The risk increases as the possible attack paths become shorter and as more of the shortest attack paths are added. • We choose to calculate the shortest attack paths, taking their length and quantity into consideration. • Our method for calculating risk score is sensitive to small changes in different deployments.

  17. Problem Definition • We solved two optimization problems. • Full Deployment with Minimal Risk (FDMR): all required IoT devices should be deployed with minimal security implications. • Maximal Utility without Risk Deterioration (MURD): the maximal number of IoT devices that can be deployed without increasing the security risk of the network.

  18. Heuristic Search Empty Deployment Full Deployment 1 Full Deployment n Full Deployment 2 Remainder FDMR: Full Deployment with Minimal Risk. MURD: Maximal Utility without Risk Deterioration.

  19. Heuristic Search • We used depth-first branch and bound (DFBnB). • DFBnB prunes subtrees of the search space where there is no point to expand. • In order to perform pruning more frequently and thus accelerate the search process, DFBnB uses a heuristic function.

  20. Heuristic Function • In an informed way, heuristics help the algorithm guess which child out of all of the node's children will lead to the goal. • A heuristic is an estimation of the cost of the path from node to a goal node.

  21. Our Heuristic Function • Table of risk scores containing the risk scores for each IoT device in each possible location. • For each deployment, we update the table, removing the IoT device that was deployed or not allowed to be deployed.

  22. Our Heuristic Function • FDMR: Chooses the cell with the highest risk score in the table. • MURD: Counts the number of IoT devices with the same risk score as the root state. Remainder FDMR: Full Deployment with Minimal Risk. MURD: Maximal Utility without Risk Deterioration.

  23. Experimental Setup • We solved the two problems as optimization problems. • Organization Network – We took a real network organization consisting of 24 hosts. • Simulations – We simulated the IoT devices and the physical locations of the hosts.

  24. Experimental Setup • Number of Executions – We executed the experiments forty times, simulating different physical locations each time. All results are the average results of all executions. • Random Deployment – For comparison, we also ran both problems randomly as a baseline. • FDMR – Randomly deployed all required IoT devices. • MURD – Added a device randomly and computed the risk score. We started with no IoT devices deployed and continued until full deployment. • This random baseline was executed the same number of times as our algorithm (forty times). Remainder FDMR: Full Deployment with Minimal Risk. MURD: Maximal Utility without Risk Deterioration.

  25. Results • The risk score of the initial state (with no IoT devices) is Remainder FDMR: Full Deployment with Minimal Risk. MURD: Maximal Utility without Risk Deterioration.

  26. Results • The risk score of the initial state (with no IoT devices) is • FDMR problem - an increase of compared to initial state. In the random deployment the increase was . Remainder FDMR: Full Deployment with Minimal Risk. MURD: Maximal Utility without Risk Deterioration.

  27. Results • The risk score of the initial state (with no IoT devices) is • FDMR problem - an increase of compared to initial state. In the random deployment the increase was . • MURD problem - on average, four to five devices can be deployed without any change in the risk score. When deploying four devices randomly the risk score is (increase of ). Remainder FDMR: Full Deployment with Minimal Risk. MURD: Maximal Utility without Risk Deterioration.

  28. Additional Results • Trade-off between the allowed risk of the IoT deployment and the maximal number of IoT devices that can be deployed.

  29. Conclusion • Planning the deployment of IoT devices is important. • Randomly deploying devices can greatly affect the security of the organization's network. • Novel method for suggesting the optimal deployment (in terms of the security risk) of a set of IoT devices within an organization.

  30. Future Work • Develop heuristic functions for additional risk scores. • Add cyber-physical capabilities and unique functionalities to the IoT devices.

  31. Discussion / Questions Thank You

More Related