3A.3 CA proctype
4.1 Introduction
Cyberphysical systems (CPSs) integrate computing and physical processes;
embedded computers monitor and control the physical process. The system con- sists of a set of nodes with various communication capabilities, including sen- sors, actuators, a processor or a control unit, and a communication device. The nodes constitute a network and communicate with each person to support every- day life in a smart way, which is known as the Internet of Things (IoT). The
“smartness” in IoT applications, such as smart home, smart factory, smart grid, and smart transportation, implies that nodes could automatically sense the envi- ronment, collect data, communicate with each other, and perform corresponding actions with minimal human involvement [44]. Some interesting features of the IoT are listed as follows:
Numerous objects: The IoT evolves into a large number of objects that collectively move toward a state of pervasiveness.
Autonomous functioning: With minimal human intervention, objects in the IoT will perform data collection, processing, collaborating with each other, and decision-making in an autonomous fashion [44].
Heterogeneous communication and computation capabilities: Objects in the IoT might support different wireless communication technolo- gies (such as Bluetooth low energy [BLE], Global System for Mobile Communications [GSM], near field communication [NFC], Wi-Fi, and
Cellular BS
Cellular BS
Infrastructure-based Communications
WLAN AP WLAN AP
WLAN AP
WLAN AP IoT platform
Proximity-based Communications Wi-Fi
Direct Wi-Fi
Direct
BLE BLE
BLE BLE
BLE
NFC
Figure 4.1: IoT platform with infrastructure-based and proximity-based communi- cations.
Zigbee) and computing power. As a result, objects might play different roles in different IoT scenarios [36].
Interdependency between the cyber and the physical world: For example, in one well-known IoT, the smart grid, the physical world cooperates with the cyber network [12].
Complex network structure: With various radio interfaces, objects can communicate with each other in more complicated ways, forming a com- plex [53]. For example, an object may communicate with another object via a GSM interface over cellular networks, while also communicating with a different object in the geographic vicinity via proximity-based communication technologies using BLE or Wi-Fi Direct.
Figure 4.1 shows the network architecture of an IoT platform. The security issue in the IoT has received much attention [23]. Obviously, the growing popu- larity of objects with rich wireless communication capabilities has made the IoT attractive to digital viruses and malicious content. Moreover, the mobility and novel proximity-based communication technologies increase the possibility of spreading malware [14, 16, 17]. In the following, we summarize vulnerabilities to malware due to the unique features in IoT.
Weakness of objects with limited computing power: Due to the nature of the limitations of computing capability and energy, the algorithm and mechanism applied to the object are relatively simple. Moreover, conven- tional security mechanisms such as real-time antivirus scanning cannot be
used for the IoT platform due to the unaffordable overhead. As a result, attackers can spend much less resource to break in, and thus, the object becomes a target of malicious users. Another good example is the limited logging, which makes the identification of intrusion harder.
Identity hinding in a complex environment: The great number of objects with various, heterogeneous actions and behaviors facilitates the fabri- cation of identity. Moreover, an intelligent adversary will start infect- ing some crucial nodes first, instead of launching attacks on the entire network simultaneously, to efficiently disrupt the network and reduce the risks of being detected, thereby posing severe threats to the network robustness.
Various infecting patterns under rich wireless communication capabil- ities: Being capable of infrastructure-based and proximity-based com- munication technologies, the malware propagates more rapidly, therefore causing more severe results [36].
Typically, after the nodes are infected by the malware, the adversary can con- trol those nodes to launch other attacks. We summarize the impacts of infected nodes on IoT platforms below.
Availability of precious network resource: When a large number of infected nodes access the wireless resource simultaneously, the service might be disrupted. Moreover, disruption attacks aim to paralyze IoT operations by launching denial-of-service attacks to jam the entire sys- tem. Such destructive consequences for the entire network have a nega- tive impact on the public acceptance and adoption of the IoT, and thus might forestall the widespread deployment of the IoT platform.
Safety of human lives and environment: An attack might be launched from the physical world or a cyber network and might impact both domains. In the case of a smart grid, the consequences of cyberattacks could have a severe impact on human lives and the environment [12].
U.S. Executive Order 13636 [1] and Presidential Policy Directive 21 [2]
state that proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure and include interdependent functions and systems in both the physical space and cyberspace.
Due to the above vulnerabilities and negative feedback, modeling the behav- ior of malware propagation in the current world, with its explosive growth in adoption of IoT objects, is an interesting issue that is receiving lots of atten- tion [40]. This chapter aims to provide a theoretic framework for evaluating malware propagation dynamics and to establish a parametric plug-in model for malware propagation control in an IoT network. In particular, we will investigate
malware propagation from the viewpoint of both whole networks and individual objects. Understanding the propagation characteristics of malware in both macro- scopic and microscopic fashion could aid in estimation of the damage caused by the malware and the development of detection processes.