PatrIoT Security
MICS Capstone Project Summer 2023

PatrIoT Security

Problem Statement

Internet of Things (IoT) devices have surged in popularity over the last few years due to their unprecedented ability to bridge the physical and digital worlds and simplify the lives of those who use them at extremely low price points. However, more often than not these products are designed insecurely resulting in their compromise by malicious actors. In fact, more than half of the Distributed Denial of Service (DDoS) attacks seen by Netscout in the first half of 2021 were a result of IoT botnets.

Compromised IoT devices can pose extreme risks to everyone in cyberspace - for example being on the receiving end of a distributed attack, loss of productivity resulting from inoperable devices, or the reputational risk of having an attack originate from one’s own network. Thus, it is critical to be able to detect when a device has been compromised and react before further damage occurs.


Project Description

Security should be ubiquitous and transparent, not complex, costly or burdensome. This is the core principle that we at PatrIoT Security believe in and let guide us in what we do. We have developed a machine learning based IoT threat detection solution which focuses on the user with simplicity and privacy in mind.

Passwordless Authentication

Our commitment to a simple user experience starts with how users authenticate to access their device dashboard. We opted to do away with passwords entirely and have embraced the modern WebAuthn passwordless authentication standard.

Traditionally, users would be responsible for picking a unique password for every account they created, and if they reused passwords across accounts then any resulting compromise was solely their responsibility. By utilizing WebAuthn, we have shifted the burden off the user at no cost to security or privacy. The registration and authentication process is now greatly simplified, and by default enforces multi-factor authentication without requiring any extra steps on the user’s part.

From a technical security perspective, this also makes the backend database a much less attractive target for attackers. Where traditional authentication models would require storing hashed passwords - which could subsequently be cracked and reused on other websites, we only store authenticator public keys which are of no use to attackers.

User Interface

Our user interface itself - and particularly the device dashboard showing users the health of their devices - was designed with simplicity at its core. Rather than provide our users with complex documentation detailing how to use our product, we have designed the interface to clearly and concisely guide the user in plain language. There are no complex statistics or values that would cause a user to wonder what they mean - just a straightforward indicator of the health of their device. And should one of their devices be detected as compromised, we present helpful advice and instructions to guide them through the remediation process.

Machine Learning

The machine learning backed analysis of network traffic to identify malicious traffic is a core component of our product. However, even though this process is entirely transparent to the user, we still developed it keeping the user in mind. The core focus was to maintain user data privacy without compromising on identification accuracy. As a result, our algorithm does not rely on the actual data being transmitted within the network packets. Instead, we utilize various pieces of metadata - or information about the traffic itself - in order to identify potential malicious activity.


Acknowledgements

The PatrIoT Security team would like to acknowledge the following individuals for their guidance and advice throughout the project:

  • Clarence Chio
  • Richard Cziva
  • Ryan Liu
  • Dr. Sekhar Sarukkai

 We would also like to cite the following datasets used in the development of our machine learning model:

Last updated: August 4, 2023