Skip to main content

Advertisement

SpringerLink
Log in

IIoT-SIDefender: Detecting and defense against the sensitive information leakage in industry IoT

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

With Industry 4.0 and Internet of Things (IoT) era coming, remote passwords and control-flow vulnerabilities play a key role to detect attackers in Industry IoT (IIoT), who can easily complete remote session and control-flow hijacking on leverage of these types of Sensitive Information (SI). However, how to measure security degree of Sensitive Information is an open issue. To our best knowledge, no effective method can detect secret trace of SI thieves in Advanced Persistent Threat (APT), especially for backdoors and vulnerabilities in software or firmware. To deal with these problems, we propose a new design, called, IIoT-SIDefender (IIoT-SID), we measure security degree of Sensitive Information via Analytic Hierarchy Process (AHP) and Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS), based on selected taint tracking and real-time memory modification, attack-defense and fix-distribution approaches are proposed. Until now, it is the first defined SI guard method to detect SI-leakage scenarios and reject SI-leverage attack. To verify our proposal, experimental tests are verified in a large number of IIoT applications and devices, including IP cameras, smart meters, PLCs and smart routers. Test results have demonstrated that we can capture security level for Sensitive Information as expected, detect potential leakage points in data lifetime (including unknown backdoors and vulnerabilities), describe fine-grained semantics of accidental leakage and secret leverage points, and generate relative hot fix to prevent further attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Figure 1
Figure 2
Figure 3
Figure 4
Figure 6
Figure 5
Figure 7

Similar content being viewed by others

References

  1. Apa, L., Penagos, C.M.: Compromising industrial facilities from 40 miles away. BlackHat (2013)

  2. Ariu, D., Tronci, R., Giacinto, G.: HMMPayl : an intrusion detection system based on hidden Markov models. Computers & Security. 30(4), 221–241 (2011)

    Article  Google Scholar 

  3. BBC: (2016) Siemens' flaw' claim sparks US power plant security probe [EB/OL]. http://www.bbc.com/news/technology-19343131

  4. Binwalk: [EB/OL]. http://binwalk.org/

  5. Cai Z, He Z, Guan X, et al. Collective Data-Sanitization for Preventing Sensitive Information Inference Attacks in Social Networks. 2016, PP(99):1–1.

  6. Chen, D.D., Manuel, E., Maverick, W., David, B.: Towards automated dynamic analysis for Linux-based embedded firmware[C]// network and distributed system security Symposium (2016)

  7. Chinaunix.net: PowerPC feature [EB/OL]. http://blog.chinaunix.net/uid=20663797-id-35772.html

  8. Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection[J]. IEEE Trans. Softw. Eng. 28(8), 735–746 (2002)

    Article  Google Scholar 

  9. Costin, A., Zaddach, J.: Embedded devices security and firmware reverse engineering. BlackHat (2013)

  10. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Proceedings of the 23rd USENIX Security Symposium. USENIX, pp. 95–110 (2014)

  11. Costin, A., Zarras, A., Francillon, A., et al.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces[C]// ACM on Asia Conference on computer and communications security. ACM (2016)

  12. David, Z., Jaeyeon, J., Dawn, S., et al.: TaintEraser: Protecting sensitive data leaks using application-level taint tracking. ACM SIGOPS operation systems Review. ACM: New York. 45(1), 142–154 (2011)

    Google Scholar 

  13. Davis, A.: Broadcasting your attack: security Testing DAB Radio in Cars. BlackHat (2015)

  14. Dong, M., Ota, K., Yang, L.T., et al.: LSCD: a low-storage clone detection protocol for cyber-physical systems. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. 35(5), 712–723 (2016)

    Article  Google Scholar 

  15. Garfinkel T, Pfaff B, Chow J, et al. Data life time is a systems problem. Proc of the 11th workshop on ACM SIGOPS european workshop. ACM: N. Y., 64–75 (2004)

  16. Github: obfuscator-llvm/obfuscator [EB/OL]. https://github.com/obfuscator-llvm/obfuscator/wiki

  17. HackDig: TP-Link http/ftp backdoor [EB/OL]. http://www.hackdig.com/?03/hack-2171.htm

  18. Hu, Y., Dong, M., Ota, K., et al.: Mobile target detection in Wireless sensor Networks with adjustable sensing frequency. IEEE Syst. J. 10(25), 3641–3642 (2014)

    Google Scholar 

  19. Jim, C., Ben, P., Tal, G., et al.: Shredding your garbage: reducing data lifetime through secure deallocation. Proc of the 14th USENIX security Symp. ACM. N. Y. 104–118 (2005)

  20. Lin, Y., Lee, P.-C., Tapeng, C., et al.: Multi-attribute group decISIon making model under the condition of uncertain information. Automation in Construction. Elsevier:Amsterdam. 17(1), 792–797 (2008)

  21. Maskiewicz, J., Ellis, B., Mouradian, J., Shacham, H.: Mouse trap: exploiting firmware updates in USB peripherals. In: Proceedings of the 8th USENIX Workshop on Offensive Technologies. USENIX, pp. 1–10 (2014)

  22. Matt, W., Sudhir, A., Michael, C., et al.: Testing metrics for password creation policies by attacking large sets of revealed passwords. Proc of the 17th ACM Conf on computer and communications security. ACM: New York. 162–175 (2010)

  23. Neisse, R., Steri, G., Fovino, I.N., et al.: SecKit: a model-based security toolkit for the Internet of Things. Comput. Secur. 58, 78–87 (2015)

    Google Scholar 

  24. Ooi, S.T., Lorber, B.: Avatar: a framework to support dynamic security analysis of embedded systems’ Firmwares[C]// network and distributed system security Symposium (2014)

  25. Plcscan: Security analysis for Mitsubishi [EB/OL]. http://plcscan.org/blog/2014/08/mitsubishi-electric-melsec-q-series-plc-analysis-report/

  26. Reversemode.com: fix_function [EB/OL]. http://www.reversemode.com/images/stories/schneider/files/fix_function.idc

  27. Reversemode.com: sysmbol_table [EB/OL]. http://www.reversemode.com/images/stories/schneider/files/sysmbol_table.idc

  28. Rezvani, M., Ignjatovic, A., Bertino, E., et al.: Secure data aggregation Technique for Wireless sensor Networks in the presence of collusion attacks. Dependable & Secure Computing IEEE Transactions on. 12(1), 98–110 (2015)

    Article  Google Scholar 

  29. Saied, Y.B., Olivereau, A., Zeghlache, D., et al.: Trust management system design for the Internet of Things: a context-aware and multi-service approach. Comput. Secur. 39(39), 351–365 (2013)

    Article  Google Scholar 

  30. Santamarta, R.: SI labs: here be backdoors: a journey into the secrets of industrial firmware. BlackHat. (2012)

  31. Schneier: Schneier on Security [EB/OL]. https://www.schneier.com/blog/archives/2010/07/security_vulner.html

  32. Schwartke, H., Brüggemann, M.: PLC-blaster: a worm living solely in the PLC. BlackHat (2016)

  33. Shih, H.-S., Shyur, H.-J., Lee, E.-S.: An extension of TOPSIS for group decISIon making. Mathematical and Computer Modelling, Elsevier:Amsterdam. 45(7), 801–813 (2007)

    Article  MATH  Google Scholar 

  34. Shu, X., Zhang, J., Yao, D.D., et al.: Fast detection of transformed data leaks. IEEE Transactions on Information Forensics & Security. 11(3), 528–542 (2016)

    Article  Google Scholar 

  35. Thomas, O.: Advanced IC reverse engineering techniques: in depth analysis of a modern smart card. BlackHat (2015)

  36. Tone K, Manabe R. The casebook of AHP. JUSE Publishing Company: Tokyo, (1990)

  37. Trendmicro: havex-targets-industrial-control-systems [EB/OL] havex-targets-industrial-control-systems

  38. vmpsoft.com: vmprotect [EB/OL]. http://vmpsoft.com/products/vmprotect/

  39. Wang, T., Wei, T., Lin, Z., Zou, W.: IntScope: automatically detecting integer overflow vulnerability in X86 binary using symbolic execution. In: Proceedings of the 16th Annual Networkand Distributed System Security Symposium (NDSS’09) (2009)

  40. Weinmann, R.-P.; Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. In: Proceedings of the 6th USENIX Workshop on Offensive Technologies. USENIX, pp. 1–10, (2012)

  41. Wikimedia: BlackEnergy [EB/OL]. http://itlaw.wikia.com/wiki/BlackEnergy

  42. Wikimedia: Information Sensitivity [EB/OL]. https://en.wikipedia.org/wiki/Sensitive_information

  43. Wikimedia: Stuxnet [EB/OL]. https://en.wikipedia.org/wiki/Stuxnet

  44. Wu, Y., Fahmy, S., Shroff, N.B: On the Construction of a Maximum-Lifetime Data Gathering Tree in Sensor Networks: NP-Completeness and Approximation Algorithm[C]// INFOCOM 2008. The Conference on Computer Communications. IEEE. IEEE, pp. 356–360 (2008)

  45. Wu, J., Dong, M., Ota, K., et al.: Securing distributed storage for social Internet of Things using regenerating code and Blom key agreement. Peer-to-Peer Networking and Applications. 8(6), 1133–1142 (2014)

    Article  Google Scholar 

  46. Yinqiang, Z Fabian M, Michael K, et al. The security of modern password expiration: an algorithmic framework and empirical analysis. Proc of the 17th ACM Conf on computer and communications security. ACM: N. Y., 2010; 176–186

  47. Zhang, C., Wag, T., Wei, T., Zou, W.: IntPatch: Automatically Fix Integer Overflow to Buffer Overflow Vulnerability at Compile Time. European Symposium on Research in Computer Security (ESORICS’10) (2010)

  48. Zhao, Q., Cao, T.: Collecting sensitive information from windows physical memory. Journal of Computers January, ACM: New York. 4(1), 3–10 (2009)

    Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for their constructive and helpful feedbacks and suggestions. This work was supported in the National Science Foundation of China under grants (No.61373137), Major Program of Jiangsu Higher Education Institutions under grant No.14KJA520002.

Author information

Authors and Affiliations

  1. College of Computer, Nanjing University of Posts and Telecommunications, Nanjing, Jiangsu, China

    Letian Sha, Fu Xiao & Wei Chen

  2. Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing, Jiangsu, China

    Letian Sha, Fu Xiao & Wei Chen

  3. Nanjing Telecommunication Technology Institute, Nanjing, 210007, China

    Jing Sun

Authors
  1. Letian Sha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fu Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jing Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fu Xiao.

Additional information

This article belongs to the Topical Collection: Special Issue on Security and Privacy of IoT

Guest Editors: Tarik Taleb, Zonghua Zhang, and Hua Wang

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sha, L., Xiao, F., Chen, W. et al. IIoT-SIDefender: Detecting and defense against the sensitive information leakage in industry IoT. World Wide Web 21, 59–88 (2018). https://doi.org/10.1007/s11280-017-0459-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-017-0459-8

Keywords

Search

Navigation