Covert data exfiltration from Internet-of-Things devices

Abstract

Project Abstract: Covert data exfiltration from Internet-of-Things devicesInternet-of-Things (IoT) devices are physical devices that have embedded electronics and software, and can interconnect and exchange data allowing enhanced dynamic automation and control actions. These devices are becoming ubiquitous, with several billion devices already deployed and several more billions projected to be deployed in the near future. A significantconcern regarding IoT devices is their usually poor security posture, stemming from quick time-to-market requirements and lack of appropriate regulations. As IoT devices are being increasingly deployed in diverse environments, they introduce additional security threats to these environments.The Embedded Security Challenge 2018 competition considers the expansion of the threat landscape caused by IoT devices, and invites contestants to develop covert attacks that (mis)use IoT devices - smart bulbs in particular - to exfiltrate data through side-channels from air-gapped networks.In this project, we propose to organize a red-team/blue-team Embedded Security Challenge (ESC) aiming to engage engineering students on basic and advanced concepts of IoT cybersecurity research. ESC consists of three phases:Phase 1 - Qualification: In this phase, participating teams are invited to compile a proposal that characterizes different approaches and techniques that the teams aim to implement for (mis)using smart light bulbs to covertly exfiltrate data through side-channels.Phase 2 ??? Final competition: In the final competition phase, teams must instantiate and demonstrate at least one covert side-channel data exfiltration attack on a smart light bulb provided by the organizers. The teams should also describe, and where applicable develop, a receiver that receives and decodes the leaked data.Phase 3 - Results Dissemination: The top-3 teams will be invited to a special session in a top-tier conference to disseminate their findings.PI???s strengths: The PI has been leading ESC as of 2015, when he organized a security challenge in the US focusing on electronic voting security. In 2016, the PI organized ESC at a global scale (US, Middle East, India) focusing on hardware mitigations for memory corruption and control flow integrity attacks. Besides organizing ESC, the PI has expertise in ICS testbed design (e.g., development of a testbed for the smart grid), and his research in critical infrastructure security has been sponsored by DARPA, ONR, and Consolidated Edison, Inc.

Document Details

Document Type

DoD Grant Award

Publication Date

Oct 17, 2018

Source ID

N000141812886

Entities

Tags