Internet of Things (IoT) systems play a critical role in bridging the digital and physical worlds and supporting mission-critical applications, such as healthcare, smart cities, and manufacturing. Despite being operational, these systems are vulnerable to security threats and unexpected failures. Ensuring cyber resilience while meeting the constraints of limited power and processing is a significant challenge for IoT systems.
In this talk, I will introduce a new class of low-overhead solutions that can empower IoT systems with cyber resilience. Specifically, I will present two solutions that work in concert to secure the 5G IoT data plane. The proactive protection approach takes a paradigm shift from the traditional packet-centric scheme. It identifies critical meta-info that facilitates data transmission and protects it with cross-domain techniques. Meanwhile, the reactive detection approach applies network verification to spot run-time misbehavior, and simply monitoring a subset of signaling messages suffices to detect a broad category of attacks. Both solutions offer lightweight alternatives to data-plane security, incurring overhead that is 1-2 orders of magnitude lower than the state of the art. To validate the solutions, I will also discuss the efforts made in building software-defined platforms and tools. Finally, I will conclude my talk by highlighting research opportunities for next-generation, federated IoT systems.
Internet of Things (IoT) systems play a critical role in bridging the digital and physical worlds and supporting mission-critical applications, such as healthcare, smart cities, and manufacturing. Despite being operational, these systems are vulnerable to security threats and unexpected failures. Ensuring cyber resilience while meeting the constraints of limited power and processing is a significant challenge for IoT systems.
In this talk, I will introduce a new class of low-overhead solutions that can empower IoT systems with cyber resilience. Specifically, I will present two solutions that work in concert to secure the 5G IoT data plane. The proactive protection approach takes a paradigm shift from the traditional packet-centric scheme. It identifies critical meta-info that facilitates data transmission and protects it with cross-domain techniques. Meanwhile, the reactive detection approach applies network verification to spot run-time misbehavior, and simply monitoring a subset of signaling messages suffices to detect a broad category of attacks. Both solutions offer lightweight alternatives to data-plane security, incurring overhead that is 1-2 orders of magnitude lower than the state of the art. To validate the solutions, I will also discuss the efforts made in building software-defined platforms and tools. Finally, I will conclude my talk by highlighting research opportunities for next-generation, federated IoT systems.