Smart Attacks on the integrityof the Internet of Things

Avoiding detection by employing Game Theory

George Margelis Robert J. Piechocki, Theo Tryfonas, Paul Thomas

IEEE GLOBECOM - 7 December 2016

Presentation Outline

• Problem Statement• Model

• Assumptions and Definitions• Game Theory aspects

• Numerical Simulation results• Conclusions

The Internet of Things

Smart Metering

Home Automation

Smart Agriculture

Transportation

Infrastructure Monitoring

Smart Metering

e-Health

Industrial

Enterprise

ζ

V2x

The

Internet Of Things

The Internet of Things

• The IoT will connect different domains into one homogenous network

• Different domains →different requirements

• However all domains share one requirement:

RobustSecurity

Inherent Uncertainty

Cheap Nodes → Cheap Sensors → Limited Precision

Limited precision → Measurement Uncertainty

“Weird” behaviour: Is a node malicious? Or simply malfunctioning?

Are a group of nodes whose values deviate from the mean compromised?

Or simply they are the first to sense a change in the measured values?

Detecting Malicious NodesTraditional approach:

Outlier detection and intrusion detection schemes.

However, modern penetration techniques are smarter: Infecting but remaining in stealth, without changing node behaviour.

Also when the majority of the nodes have been infected, the outliers are the healthy ones.

Attackers are exploiting the characteristics of the IoT with smarter penetration strategies.

Detecting Malicious Nodes

Detecting Malicious Nodes

Detecting Malicious Nodes

Defining a Smart Attacker

• Can compromise healthy nodes

• Avoids changing node behaviour radically

• Exploits the inherent uncertainty in the measurements

Defining a Smart Attacker

Assumptions regarding the Attacker:

• The attacker can see the final extracted value.

• Every attack that the attacker attempts is successful, leading to a compromised node.

• The attacker attempts to change the reported value to something else, which we name ”Attacker’s Target”.

• The attacker controls the number of compromised nodes(A) and how much the value of the compromised nodes differs compared to the measured value (lj ).

Defining a Smart Attacker

Assumptions regarding the network:

• Similar to Low Throughtput Networks like LoRA or Sigfox.

• Nodes communicate a measured value (either in a scheduled or opportunistic manner).

• The mean of the distribution of the values of the network is the extracted value.

Attacker’s Dilemma

Distance metrics

Kullback – Leibler Divergence 𝐷𝐾𝐿(𝑃| 𝑄 =

𝑖

𝑃 𝑖 𝑙𝑜𝑔𝑃(𝑖)

𝑄(𝑖)

Euclidean Distance 𝐷 𝑃, 𝑄 =

𝑖=1

𝑛

(𝑄 𝑖 − 𝑃 𝑖 2

Hellinger’s Distance 𝐷 𝑃, 𝑄 = −𝑙𝑛 𝑃 𝑖 𝑄(𝑖)

Applying Game Theory

A game in it’s normal form is a tuple 𝐺 = 𝑁, 𝐴, 𝑢 , where:

• 𝑁 = {1,2,… , 𝑛𝑖}a set of n rational players. By rational in this context we mean that the player chooses the strategy that maximizes his payoff.

• 𝐴 = 𝐴1 ×⋯× 𝐴2, where 𝐴𝑖 the finite set of actions available to player 𝑖

• 𝑢 = 𝑢1, … , 𝑢𝑛 where 𝑢𝑖: 𝐴 → ℝ, a real-valued payoff function for player 𝑖

Applying Game Theory

Utility Function

ReportedValue

Attacker’sTarget

CompromisedNodes Cost of

Attack

Hellinger’s DistanceFrom model distribution

Hellinger’s DistanceDetection Threshold

Reward

𝐴𝑃 = 𝜇 ≥ 𝐴𝑇 ∙ 𝑅𝑊𝐷 − 𝐴 ∙ 𝐶𝑃𝐴 − 𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 ∙ 2 ∙ (𝑅𝑊𝐷)

Applying Game Theory

Utility Function

𝐴𝑃 = 𝜇 ≥ 𝐴𝑇 ∙ 𝑅𝑊𝐷 − 𝐴 ∙ 𝐶𝑃𝐴 − 𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 ∙ 2 ∙ (𝑅𝑊𝐷)

𝑖=1N−A𝑥𝑖 + 𝑗=1

A (𝑥𝑗+𝑙𝑗)

𝑖=1N 𝑥𝑖

𝜇 ≥ 𝐴𝑇 = 1, 𝑖𝑓 𝑖𝑛𝑒𝑞𝑢𝑎𝑙𝑖𝑡𝑦 ℎ𝑜𝑙𝑑𝑠

0, 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒

𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 = 1, 𝑖𝑓 𝑖𝑛𝑒𝑞𝑢𝑎𝑙𝑖𝑡𝑦 ℎ𝑜𝑙𝑑𝑠

0, 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒

Scenarios and resultsScenario 1: Cost of attack remains constant as number of attacks is increasedScenario 2: Cost of attack rises as number of attacks is increasedScenario 3: Cost of attack reduces as number of attacks is increased

Scenarios and results

Pay-out for the attacker for the first scenario when the

attacker aims to shift the mean of the distribution 1% higher

Scenarios and results

Pay-out for the attacker for the second scenario when the

attacker aims to shift the mean of the distribution 5% higher

Scenarios and results

Pay-out for the attacker for the third scenario when the

attacker aims to shift the mean of the distribution 1% higher

Scenarios and results

Scenarios and results

Percentage of Nodes needed to be compromised vs.

Threshold for the attacker to win the first scenario.

Scenarios and results

Percentage of Nodes needed to be compromised vs.

Threshold for the discounted game.

False positive Rate

𝐹𝑎𝑙𝑠𝑒 𝑃𝑜𝑠𝑖𝑡𝑖𝑣𝑒 𝑅𝑎𝑡𝑒 =𝐹𝑎𝑙𝑠𝑒 𝑃𝑜𝑠𝑖𝑡𝑖𝑣𝑒𝑠

𝑇𝑟𝑢𝑒 𝑁𝑒𝑔𝑎𝑡𝑖𝑣𝑒𝑠+𝐹𝑎𝑙𝑠𝑒 𝑃𝑜𝑠𝑖𝑡𝑖𝑣𝑒𝑠

Conclusions

• The uncertainty inherent in the measurements can be exploited by smart attackers.

• Outlier detection based IDS might not be enough in light of smart-deployment strategies of malware.

• Distribution comparison can provide insights for potential penetrations with low complexity costs.

• However the attackers can still compromise the integrity of the network if they set modest targets.

Thank you

Questions?