The Internet of Secure Things (IoSTings)
Our team IoSTings designed a new methodology that safeguards IoT devices from malicious attacks.
Our solution does not require modifying a device’s hardware or software. Instead, our non-invasive side-channel technique allows us to monitor, detect and react to malware by using:
- Power Consumption
- Network Traffic
By correlating power consumption and network traffic, we can build a device profile to detect anomalous behavior.
For our capstone project, we built a fully operational proof of concept that delivers:
- Custom hardened hardware for data acquisition
- Backend software and control plane
- Rest-API for compatible alerting system
Why it Matters
By 2025, the number of internet-connected devices used globally is predicted to grow to 55.9 billion. However, currently, no government security baselines regulate or certify the security of Internet of Things (IoT) devices. As a result, IoT manufactures are not required to build security capabilities in their devices to counter threats.
In 2016, the Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm when it overwhelmed several high-profile targets with massive, distributed denial-of-service (DDoS) attacks. For example, the targeted website, The KrebsOnSecurity, sustained a DDoS attack for nearly 77 hours. The cost of the attack is estimated to be $323,973.75.
However, in the most recent ransomware attacks, threat actors have taken down major gas pipelines, affected thousands of companies, and even gained access to government and military systems. The SolarWinds attack, the Colonial Pipeline attack, and the most recent Kaseya ransomware attack are believed to be some of the most damaging attacks the Cybersecurity industry has ever seen.
Did you know...
- 69% of organizations do not believe the threats they are seeing can be blocked by their anti-virus software. (Ponemon Institute’s Cost of Data Breach Study)
- The average cost savings from containing a breach in under 200 days is $1.0M. (IBM)
- The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)
- IoT devices experience an average of 5,200 attacks per month. (Symantec)
This gives us a great opportunity in this growing market. We recognize these are problems our solution can solve - IoSTings will bring our customers value by using power consumption and network telemetry to detect Zero-Day attacks.
For our capstone project, we built a fully operational proof-of-concept that delivers:
- Several IoT devices (custom and commercial) which use power and network
- Custom-hardened hardware to monitor power and network telemetry
- An integration layer to aggregate data from an enormous number of devices
- Backend software to create baseline normal behavior profiles and detect abnormal behavior
- HTML5/Grafana frontend for analyst visibility
- JSON/REST-API to alert administrators and to potentially trigger automated incident-response systems
IoSTings offers to build a more cyber resilient enterprise through unique and non-obvious indicators to provide total visibility.
A very special thanks to
Matthew Garrett, Philip Reiner, Ryan Liu, Sekhar Sarukkai, Atefeh Namvaryshad, David Ng, Kumud Kalia, Marco Hewston, Bradford Hegrat, Hyeong Gang, Karlton Ellies, Shelby Arnold, Andrew Jacobberger, Bruce Schneier, and The Center for Long Term Security (CLTC).
We also want to thank all of our professors, our classmates, and our families.