NeTS: Small: Network-centric IoT Security

NeTS：小型：以网络为中心的物联网安全

基本信息

批准号：
2326507
负责人：
Theophilus Benson
金额：
$ 50万
依托单位：
Carnegie-Mellon University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2023
资助国家：
美国
起止时间：
2023-01-01 至 2024-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2326507&HistoricalAwards=false
关键词：
NeTS Small Network centric IoT

项目摘要

The Internet is going through a new phase in which billions of new of devices which sense and interact with the physical world are getting connected in homes, industry, cities, farms, etc. These devices, collectively known as Internet of Things (IoT), bring unprecedented possibilities for improvements in automation, healthcare, transportation, water quality monitoring, agriculture, and disaster response, to name a few. However, this same technology poses serious risks to users' privacy and security. As examples, recent attacks on IoT infrastructure have created threats such as the 'baby camera search engine', and also some of the largest distributed denial of service (DDoS) attacks in history, which brought down the Internet for millions of users for many hours in 2016. In many cases, there are no external signs that IoT devices are being attacked or are operating in a malicious way. This, coupled with complex configurations, insecure default settings, and the difficulty of upgrading devices, makes depending on users or manufacturers to guarantee the security of IoT insufficient. This project aims to revisit the role of the network in protecting infrastructure, home networks and the Internet against these attacks on, and by, IoT devices. In particular, the project will investigate algorithms and designs to effectively detect and defend against these attacks. If successful, the proposed research can have significant impact in society at large by mitigating many of these risks, and enabling greater, safe, adoption of IoT technologies. The proposed research may also change the way home networks are managed, by using smart home routers that understand and mitigate threats, as well as to create new business models for cloud-based outsourcing of these capabilities.This proposal focuses on important security challenges brought on by IoT. The proposed research will advance our understanding of the traffic characteristics of different classes of IoT devices, and the threats they pose to their users and to the larger Internet infrastructure. The unique features of the IoT environment-- no expert administration, many unpatchable devices, and restricted traffic patterns--justify in-depth exploration of this space. If successful, this research will develop novel ways to detect and mitigate attacks involving home IoT infrastructures, including models, algorithms, and an architecture in which to deploy and test them. In particular, we propose to (i) characterize and identify traffic patterns of normal and compromised home IoT devices, (ii) devise new methods of detecting and mitigating attacks that both target and use IoT devices, leveraging the unique characteristics of IoT devices and their deployments, and (iii) create and deploy a prototype architecture based on home routers, both individually and in concert, to test these ideas. The architecture will run the distributed and centralized components of the models, detect attacks, and isolate compromised devices. The project will use the comprehensive characterization of (a variety of) IoT device behavior to derive effective and dynamic policies, and to design user-friendly mechanisms that directly manage a heterogeneous data plane and resolve policy conflicts in order to prevent these attacks from happening and from spreading. These efforts will be able to inform both manufacturers and users of best practices on how to configure, update, and use IoT devices, enabling a path in which we attain the potential benefits of IoT for society at large, without the current risks that threat to hinder its adoption.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网正在经历一个新阶段，数十亿能够感知物理世界并与物理世界交互的新设备正在家庭、工业、城市、农场等地相互连接。这些设备统称为物联网 (IoT)，为自动化、医疗保健、交通运输、水质监测、农业和灾害应对等领域的改进带来前所未有的可能性。然而，同样的技术给用户的隐私和安全带来了严重的风险。例如，最近针对物联网基础设施的攻击造成了“婴儿摄像头搜索引擎”等威胁，以及一些历史上最大的分布式拒绝服务 (DDoS) 攻击，导致数百万用户的互联网瘫痪数小时。 2016 年。在许多情况下，没有任何外部迹象表明物联网设备正在受到攻击或以恶意方式运行。再加上复杂的配置、不安全的默认设置以及设备升级的困难，使得依靠用户或制造商来保证物联网的安全性不足。该项目旨在重新审视网络在保护基础设施、家庭网络和互联网免受物联网设备攻击方面的作用。特别是，该项目将研究算法和设计，以有效检测和防御这些攻击。如果成功，拟议的研究可以通过减轻许多这些风险并促进物联网技术的更广泛、安全的采用，对整个社会产生重大影响。拟议的研究还可能通过使用理解和减轻威胁的智能家庭路由器来改变家庭网络的管理方式，以及为基于云的外包这些功能创建新的业务模型。该提案重点关注带来的重要安全挑战通过物联网。拟议的研究将加深我们对不同类别物联网设备的流量特征以及它们对其用户和更大的互联网基础设施构成的威胁的理解。物联网环境的独特特征——无需专家管理、许多不可修补的设备以及受限的流量模式——证明了对该领域进行深入探索的合理性。如果成功，这项研究将开发新的方法来检测和减轻涉及家庭物联网基础设施的攻击，包括模型、算法以及部署和测试它们的架构。特别是，我们建议（i）描述和识别正常和受损的家庭物联网设备的流量模式，（ii）利用物联网设备的独特特征及其特征，设计新的方法来检测和减轻针对和使用物联网设备的攻击。部署，以及（iii）单独或协同创建和部署基于家庭路由器的原型架构，以测试这些想法。该架构将运行模型的分布式和集中式组件、检测攻击并隔离受损设备。该项目将利用（各种）物联网设备行为的综合特征来得出有效和动态的策略，并设计用户友好的机制来直接管理异构数据平面并解决策略冲突，以防止这些攻击的发生和从传播。这些努力将能够向制造商和用户提供有关如何配置、更新和使用物联网设备的最佳实践，从而为我们为整个社会实现物联网的潜在利益开辟一条道路，而不会面临当前威胁的风险。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。