In their paper, Fingerprinting Edge and Cloud Services in IoT, Luddy School of Informatics, Computing, and Engineering researchers DongInn Kim, Vafa Andalibi, and Professor L. Jean Camp, propose to flip the current fingerprinting paradigm so that devices on the edge collaboratively fingerprint the remote services, identifying deviations from normal connections. They illustrate this approach by constructing a local agent, built on a raspberry pi and thus called Block-Pi.
Currently a single user error can cause exposure of an entire network. One phishing attack can be leveraged to obtain high levels of visibility and access to many accounts. The goal of Block Pi is to identify the unfamiliar and enable unusual connections only with the explicit permission of the user. By focusing on blocking specific functionality and limiting risk exposure, Block Pi offers the promise of limiting the scope and speed of cascading failures.
The local agent monitors all incoming and outgoing traffic, providing access to recognized Edge services and issues warnings for unfamiliar services. The objective is to see if the collective operations of an IoT device provide adequate information for fingerprinting requests to and from IoT devices in the home. Innovations of this proposal include:
- 1. The integration of devices into a single home threat model;
- 2. The use of multiple layers to implement a single trust measure for the connections made by those devices; and
- 3. The inclusion of out-of-band information such as the geography of various autonomous systems.
The researchers propose a packet analysis approach to determine the authenticity and integrity of the connection. Block-Pi requires identification of a new IoT device in the network, mitigating the threat of Sybil attacks. After instantiating the initial model, collecting the communication data of the device, performing the packet analysis from the collected data each installation will have a locally trained model. This diversity of defense in ML increases the cost of subverting the model through black box attacks, and sharing of suspicious data offers the potential for one model to detect an attack on another. More importantly Block-Pi provides user-centric security such that user privacy is protected while autonomy and security are improved. They have completed two experiments to show the feasibility of the proposed system.
This research was supported by Cisco Research Award funding and is based on work supported by the National Science Foundation (NSF) under Grant CNS 1814518 and CNS 1565375.