NeTS: Small: Network-centric IoT Security

NeTS：小型：以网络为中心的物联网安全

基本信息

批准号：
2326507
负责人：
Theophilus Benson
金额：
$ 50万
依托单位：
Carnegie-Mellon University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2023
资助国家：
美国
起止时间：
2023-01-01 至 2024-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2326507&HistoricalAwards=false
关键词：
NeTS Small Network centric IoT

项目摘要

The Internet is going through a new phase in which billions of new of devices which sense and interact with the physical world are getting connected in homes, industry, cities, farms, etc. These devices, collectively known as Internet of Things (IoT), bring unprecedented possibilities for improvements in automation, healthcare, transportation, water quality monitoring, agriculture, and disaster response, to name a few. However, this same technology poses serious risks to users' privacy and security. As examples, recent attacks on IoT infrastructure have created threats such as the 'baby camera search engine', and also some of the largest distributed denial of service (DDoS) attacks in history, which brought down the Internet for millions of users for many hours in 2016. In many cases, there are no external signs that IoT devices are being attacked or are operating in a malicious way. This, coupled with complex configurations, insecure default settings, and the difficulty of upgrading devices, makes depending on users or manufacturers to guarantee the security of IoT insufficient. This project aims to revisit the role of the network in protecting infrastructure, home networks and the Internet against these attacks on, and by, IoT devices. In particular, the project will investigate algorithms and designs to effectively detect and defend against these attacks. If successful, the proposed research can have significant impact in society at large by mitigating many of these risks, and enabling greater, safe, adoption of IoT technologies. The proposed research may also change the way home networks are managed, by using smart home routers that understand and mitigate threats, as well as to create new business models for cloud-based outsourcing of these capabilities.This proposal focuses on important security challenges brought on by IoT. The proposed research will advance our understanding of the traffic characteristics of different classes of IoT devices, and the threats they pose to their users and to the larger Internet infrastructure. The unique features of the IoT environment-- no expert administration, many unpatchable devices, and restricted traffic patterns--justify in-depth exploration of this space. If successful, this research will develop novel ways to detect and mitigate attacks involving home IoT infrastructures, including models, algorithms, and an architecture in which to deploy and test them. In particular, we propose to (i) characterize and identify traffic patterns of normal and compromised home IoT devices, (ii) devise new methods of detecting and mitigating attacks that both target and use IoT devices, leveraging the unique characteristics of IoT devices and their deployments, and (iii) create and deploy a prototype architecture based on home routers, both individually and in concert, to test these ideas. The architecture will run the distributed and centralized components of the models, detect attacks, and isolate compromised devices. The project will use the comprehensive characterization of (a variety of) IoT device behavior to derive effective and dynamic policies, and to design user-friendly mechanisms that directly manage a heterogeneous data plane and resolve policy conflicts in order to prevent these attacks from happening and from spreading. These efforts will be able to inform both manufacturers and users of best practices on how to configure, update, and use IoT devices, enabling a path in which we attain the potential benefits of IoT for society at large, without the current risks that threat to hinder its adoption.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网正在经历一个新阶段，在这个新阶段中，有数十亿个新的设备感知和与物理世界互动正在建立在家庭，行业，城市，农场等中。这些设备（共同称为物联网（IoT））带来了前所未有的可能性，可以改善自动化，医疗保健，运输，水质监测，水质监测，农业，农业和灾难响应和几个名称，并将其命名为几个。但是，这项相同的技术对用户的隐私和安全构成了严重风险。举例来说，最近对IoT基础架构的攻击造成了诸如“婴儿摄像机搜索引擎”之类的威胁，以及历史上最大的分布式拒绝服务（DDOS）攻击，这使2016年的数百万用户在许多情况下为数百万用户带来了互联网。在许多情况下，在许多情况下，没有外部迹象表明IOT设备正在遭受攻击或以男性化的方式运行。加上复杂的配置，不安全的默认设置以及升级设备的困难，这取决于用户或制造商确保物联网不足的安全性。该项目旨在重新审视网络在保护基础架构，家庭网络和Internet的作用，以防止对这些攻击以及IoT设备的这些攻击。特别是，该项目将调查算法和设计，以有效地检测和防御这些攻击。如果成功的话，拟议的研究可以通过减轻许多这些风险，并实现更大，安全，采用物联网技术，从而对整个社会产生重大影响。拟议的研究还可以通过使用理解和减轻威胁的智能家居路由器，以及为这些功能的基于云外包而创建新的业务模型，从而改变了家庭网络的管理方式。该提案着重于物联网带来的重要安全挑战。拟议的研究将促进我们对不同类别设备的交通特征的理解，以及它们对用户和更大的互联网基础架构构成的威胁。物联网环境的独特功能 - 没有专家管理，许多不可拨动的设备和受限的交通模式 - 对此空间进行了深入的探索。如果成功，这项研究将开发出新的方法来检测和减轻涉及家庭IoT基础架构的攻击，包括模型，算法以及在其中进行部署和测试的体系结构。特别是，我们建议（i）表征和确定正常和受损害的家用IoT设备的流量模式，（ii）设计了针对和使用IoT设备的检测和减轻攻击的新方法，利用IOT设备的独特特征及其部署的独特特征及其部署及其（iii）基于遗产的建筑，并基于遗产的建筑，并在同一个构造中进行了构思，并在配置了这些构建机构，并创建了这些创造性的构造，并创建了这些创造性的创造性和设置。该体系结构将运行模型的分布式和集中式组件，检测攻击并隔离设备。该项目将使用（各种）物联网设备行为的全面表征来得出有效而动态的策略，并设计直接管理异质数据平面并解决策略冲突的用户友好机制，以防止这些攻击发生和传播。 These efforts will be able to inform both manufacturers and users of best practices on how to configure, update, and use IoT devices, enabling a path in which we attain the potential benefits of IoT for society at large, without the current risks that threat to hinder its adoption.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.