IoT Device Monitoring Framework

IASP 470 – SECURITY

BY RAUL CAMACHO, DANIEL ROGERS, TYRENE LESANE, VARON CALLENDER

Research work Contribution

Objectives/Team

Members

Raul Camacho Daniel Rogers Tyrene LeSane Varon Callender

Project Proposal X

Network Map X

Video Presentation X

Device Set up and

Configuration

X X X

Setup of Cloud

Storage Device

X X X X

Power BI Analytics

Integration

X

Technical

Documentation

X

Final Report X X X X

Abstract

Internet of Things devices unlock great insights and value from the data collected,

cybersecurity must be built from the start. The use of IoT devices continue to expand, not just

on consumer side but on industrial/commercial application. SCADA system are expected to be

replaced by more advanced IoT devices. While connected devices have the potential to help

enterprises unlock great insights and value from the data they collect, they also massively

expand the cybersecurity attack landscape. (Gilchrist)

Preliminaries

The internet of Things

The Internet of Things refers to the ever-growing network of physical objects that

feature an IP address for internet connectivity, and the communication that occurs between

these objects and other Internet-enabled devices and systems without human interface. The

Internet of Things extends internet connectivity beyond traditional devices like desktop and

laptop computers, smartphones and tablets to a diverse range of devices and everyday things

that utilize embedded technology to communicate and interact with the external environment,

all via the Internet.

Examples of objects that can fall into the scope of Internet of Things include connected

security systems, thermostats, vehicles, electronic appliances, lights in household and

commercial environments, alarm clocks, speaker systems, vending machines and more.

The term M2M began in the 1990s, and it has gained incredible expansion particularly

through its connectivity and it is expected to increase 21 percent per year and reach 28.1

billion IoT devices by 2020 (https://www.ericsson.com/en/networks/trending/hot-topics/iot-

connectivity/iot-market-outlook, n.d.)

The growing applications of M2M are providing a shift in business models that permit

more than just selling products, but expanding to selling service. Many services sectors such as

health care, energy companies, construction, and transportation are in process of connecting

IoT devices creating an incredible expansion of IoT market to approximately to $7.1 trillion by

2020.

The Problem Description

The introduction of IoT devices and their connectivity over the internet is certainly

opening door to a lot of opportunities, but also to many challenges. Because of the nature of

IoT devices, their application collects tons of data where retrieval, monitoring, processing and

sharing are integral part of the IoT environment. Lately, such devices becoming more

consumer-oriented devices, where the acknowledgment of security related topics of such

devices is null or inexperienced for the regular Joe. In the other hand, companies might relate

such devices to the security team or the cybersecurity team on charge to managed them.

Besides, security is not a top priority to device manufacturers. (HAdar, Siboni, & Elovici)

Having several devices connected on the network will open the door to various

vulnerabilities that can be exploit by malicious agents. Any compromised device is a foothold in

the network. In a consumer level, privacy is the main concern. As an example the Amazon Echo

device, Alexa recorded a private conversation between two person and sent to acquaintance of

theirs. On industrial/commercial level, the leakage of data, or the fault integrity of the data can

be or create a disaster on the company as a whole.

Most of threats attack the unique nature of IoT devices. Others take aim at the

application ecosystem surrounding them. Still others are the result of configuration errors that

stem from user inexperience or system limitation. In any case, each threat can lead to loss of

privacy, loss of control, or recruitment of the devices into a network controlled by someone

other than the owner.

IoT devices are genuinely useful, but we as a professional have the responsibility to

close all security flags that comes with them.

The Goal of Our Project

Our team tried to get the most closely possible to a IoT online environment. We did

simulations about temperatures due to financial constrain. Although we set it up a useful

transferable data between remote devices.

Four Raspberry Pi were used as a sensor controllers, sending data to an Azure IoT Hub

where we to process and collect data. A fifth device was configurated as cloud storage. All

together were integrate to a Power BI Analytics were we analyzed data collected.

The idea was to create an comprehensive set of analytics in the cloud to make

easy and affordable for processing raw data. Unfortunately, we found that some devices log

files were susceptible to manipulation and deletion. Although the data stored at our devices

was not susceptible to attacked, but was accessible after our report was published.

IoT Hub is a managed service, hosted in the cloud by a third party and acted as central

message hub for bi-directional communication between our application and the devices it

managed. The free version supported the communication both from the devices to the cloud

and from the cloud to the devices, supporting multiple messaging patterns such as device-to-

cloud telemetry that was useful to upload files to and from the devices, and request-reply

methods to control the devices.

The telemetry was successful thank to Sharekey pre-configurated by Azure CLI to

register the device to monitor using the ConnectionString command. Bellow is a part example

of the configuration using CLI in Azure. The complete code is located on appendix 1

Data Analysis

There were two incidents when we attacked the devices and we were able to

manipulate data. Although one of them we were able to catch on time and we were able to

patch the vulnerability and stop the exploit. Azure did a good job sending us alerts,

recommendation and resources impacted by detecting anomalies .

Every time that we upload the patch, Azure notified us when and where it happened the

connection, sending reports of file uploaded to the devices. For data analysis purposes, we

export the data as a .csv file

As an user the raw data become meaningless, the sample data of the system contain a

date and time, two temperature values, and a status value. Using the multidimensional scaling

algorithm, the mean values, the maximum values of both temperatures and the pivoted status

of the system is condensed to a two-dimensional matrix, which can be visualized as both a

Scatter Plot and Anomaly Indicator over Time chart.

Power BI was useful tool that let us visualized the data, connecting several data sources

to create simple dashboards and reports for the user.

As a pointer early, IoT devices create an environment in which we experience an

explosion of data. Our project was not the exception. With couple thermocouples, we created

around 2GB of data per day. If this were a full scale, consumer or commercial application, the

data being produced could be so large and complex that it will be almost impossible to be

processed by a traditional relational database management program. The reason is due to the

nature of the data appearing in both an unstructured and semi structured format, which totally

deviates from the structure data format, which is based on the SQL. (Johnson)

Conclusion

With the Internet of Things still in its infant phase, it is only going to continue to grow

with an estimated 28.1 billion devices expected to be connected to the Industrial Internet of

Things by 2020. With this increase of connected devices, it is also estimated that “by the year

2021, cybercrime will cost the world upwards of $6 trillion annually. Most of them are devices

rarely have an entity that is responsible for maintaining them, therefore they remain unpatched

and vulnerable.

Also, the range of application of IoT continues to expand to the point that all the data

being processed are being created as unstructured, and is creating the need for the emergence

of new method to store and process this IoT environment which also is generating the need for

both virtualization and cloud computing to understand and process such data.

In order to proactively mitigate threats to Internet of Things devices users and

organizations must actively seek a way to secure them. Administrating and monitoring such

devices will decrease the vulnerabilities, and creating a patch management protocol can lower

the exploitable rate of a networks and maintain the privacy and confidentiality secure from any

leakage.

With this approach, Network-related monitoring, whether for fault management or

security management, are known and probe to generate large pools of data that has to be

processed quite significantly in order to exact meaningful, actionable information, and

importantly to be able to do so in near real time.

In this paper, we proposed a lightweight cloud-based framework for monitoring IoT

devices. The proposed framework consists of a cloud service, a designated IoT storage

appliance, and synchronization and communication mechanisms and will need future

work/research where we think and propose the application of machine learning to apply to the

framework.

References Gilchrist, A. (n.d.). IoT Security Issues.

HAdar, N., Siboni, S., & Elovici, Y. (n.d.). A lightweight Vulnerability Mitigation Framework for IoT

Devices.

https://www.ericsson.com/en/networks/trending/hot-topics/iot-connectivity/iot-market-outlook. (n.d.).

Johnson, T. A. (n.d.). Cybersecurity: Protecting Critical Infrastrcutures from Cyber Attack and Cyber

Warfare.

Appendix 1 .

//Monitor script for RAC IoT, Temp/LED online connection

{

"$schema": "https://schema.management.azure.com/schemas/2015-01-

01/deploymentTemplate.json#",

"contentVersion": "1.0.0.0",

"parameters": {

"IotHubs_IASP470TEST_name": {

"defaultValue": "IASP470TEST",

"type": "String"

}

},

"variables": {},

"resources": [

{

"type": "Microsoft.Devices/IotHubs",

"apiVersion": "2018-04-01",

"name": "[parameters('IotHubs_IASP470TEST_name')]",

"location": "eastus2",

"sku": {

"name": "S1",

"tier": "Standard",

"capacity": 1

},

"properties": {

"operationsMonitoringProperties": {

"events": {

"None": "None",

"Connections": "None",

"DeviceTelemetry": "XXX.XX.XXX:6500",

"C2DCommands": "Metrics_On",

"DeviceIdentityOperations": "SHA256",

"FileUploadOperations": "…./etc/…/RACME/",

"Routes": " "

}

},

"ipFilterRules": [],

"eventHubEndpoints": {

"events": {

"retentionTimeInDays": 1,

"partitionCount": 4,

"partitionIds": [

"0",

"1",

"2",

"3"

],

"path": "iasp470test",

"endpoint": "sb://iothub-ns-iasp470tes-1439185-

6612060019.servicebus.windows.net/"

},

"operationsMonitoringEvents": {

"retentionTimeInDays": 1,

"partitionCount": 4,

"partitionIds": [

"0",

"1",

"2",

"3"

],

"path": "iasp470test-operationmonitoring",

"endpoint": "sb://iothub-ns-iasp470tes-1439185-

6612060019.servicebus.windows.net/"

}

},

"routing": {

"endpoints": {

"serviceBusQueues": [],

"serviceBusTopics": [],

"eventHubs": [],

"storageContainers": []

},

"routes": [],

"fallbackRoute": {

"name": "$fallback",

"source": "DeviceMessages",

"condition": "true",

"endpointNames": [

"events"

],

"isEnabled"= true

}

},

"storageEndpoints": {

"$default": {

"sasTtlAsIso8601": "PT1H",

"connectionString": "",

"containerName": ""

}

},

"messagingEndpoints": {

"fileNotifications": {

"lockDurationAsIso8601": "PT1M",

"ttlAsIso8601": "PT1H",

"maxDeliveryCount": 10

}

},

"enableFileUploadNotifications": false,

"cloudToDevice": {

"maxDeliveryCount": 10,

"defaultTtlAsIso8601": "PT1H",

"feedback": {

"lockDurationAsIso8601": "PT1M",

"ttlAsIso8601": "PT1H",

"maxDeliveryCount": 10

}

},

"features": " "

}

}

]

}

Appendix 2.

//Setting up Device on Ubuntu or Raspberry Pi

Installing Node.js

1.) First check the version of Node.js currently on your machine with the following command

a. node –v

2.) If the version returned is lower than 4.X, or if there is no Node.js on your Pi/Ubuntu, install the

latest version

a. curl –sL https://deb.nodesource.com/setup_4.x | sudo -E bash

b. sudo apt-get –y install nodejs

3.) Then clone the application

a. git clone https://github.com/Azure-Samples/iot-hub-node-raspberrypi-client-app

4.) Install all packages for the samples. The installation includes Azure IoT device SDK, BME280

Sensor Library, and Wiring Pi library.

a. cd iot-hub-node-raspberrypi-client-app

b. sudo npm install

5.) Open the config file by running the following commands and configure the following sample

application

a. nano config.json

b.

c. Note: There are two items in this file you can configure. The one is interval, which

defines the time interval (in milliseconds) between messages sent to the Azure IoT hub.

The second one is simulatedData, which is a Boolean value for whether to use simulated

sensor data or not. If you do not have BME280 sensor, set the simularedData value to

“true”.

d. Save and exit by typing Control-O > Enter > Control-X

6.) Run the sample application:

a. sudo node index.js ‘<YOUR AZURE IOT HUB DEVICE CONNECTION STRING>’

b. For example, sudo node index.js ‘HostName=IASP470TEST.azure-

devices.net;DeviceId=Dan2_Device;SharedAccessKey=yZKNEzT50EBft1ipGaGfZL0mFXi/D

6H9U3ShQuHWmu0=’

Setting up Your Raspberry PI into a Personal Cloud Storage Device:

1.) Enter the Raspberry Pi command line and update the Raspberry Pi and its packages

a. sudo apt-get update

b. sudo apt-get upgrade

2.) Open Raspi Config tool to change settings:

a. sudo raspi-config

b. Change locale top en_US.UTF8 in internationalization options -> change local

c. Change memory spilt to 16m id Advanced options -> Memory split

3.) Add the www-data user to the www-data group

a. sudo usermod –a –G www-data www-data

4.) Depending on the latest version of Raspbian Stretch you will need to install all the required

packages and PHP7

a. sudo apt-get install nginx openssl ssl-cert php7.0-cli php7.0-sqlite php7.0-gd php7.0-

common php7.0-cgi sqlite3 php-pear curl libapr1 libtool curl libcurl4-openssl-dev

php7.0-xml php7.0 php7.0-dev php7.0-curl php7.0-gd php7.0-fpm memcached php7.0-

memcache php7.0-zip php7.0-intl php7.0-mbstring varnish

5.) Create an SSL Certificate

a. sudo openssl req $@ -new -x509 -days 730 -nodes -out /etc/nginx/cert.pem -keyout

/etc/nginx/cert.key

6.) In additional to the SSL certificate we also need to generate a custom dhparam file. This file will

ensure that the SSL connections are kept secure. To generate a 4096 byte long DH Param run

the following command (this could take up 16hrs).

a. sudo openssl dhparam –out /etc/nginx/dh4096.pem 4096

7.) Now we must chmod the three cert files that were just generated

a. sudo chmod 600 /etc/nginx/cert.pem

b. sudo chmod 600 /etc/nginx/cert.key

c. sudo chmod 600 /etc/nginx/dh4096.pem

8.) Clear the server config file since we will be copying and pasting our own version

a. sudo sh –c “echo ‘ ‘ > /etc/nginx/sites-available/default”

9.) Configure the web server configuration so that it runs Owncloud correctly

a. sudo nano /etc/nginx/site-available/default

10.) Copy and paste the following code into the file

upstream php-handler {

server 127.0.0.1:9000;

server unix:/var/run/php/php7.0-fpm.sock;

}

server {

listen 80;

server_name 192.168.56.101;

#Allow letsencrypt through

location /.well-known/acme-challenge/ {

root /var/www/owncloud;

}

# enforce https

location / {

return 301 https://$server_name$request_uri;

}

}

server {

listen 443 ssl http2;

server_name 192.168.56.101;;

ssl_certificate /etc/nginx/cert.pem;

ssl_certificate_key /etc/nginx/cert.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH';

ssl_dhparam /etc/nginx/dh4096.pem;

ssl_prefer_server_ciphers on;

keepalive_timeout 70;

ssl_stapling on;

ssl_stapling_verify on;

add_header X-Content-Type-Options nosniff;

add_header X-Frame-Options "SAMEORIGIN";

add_header X-XSS-Protection "1; mode=block";

add_header X-Robots-Tag none;

add_header X-Download-Options noopen;

add_header X-Permitted-Cross-Domain-Policies none;

root /var/www/owncloud/;

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

# The following 2 rules are only needed for the user_webfinger app.

# Uncomment it if you're planning to use this app.

#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /.well-known/carddav {

return 301 $scheme://$host/remote.php/dav;

}

location = /.well-known/caldav {

return 301 $scheme://$host/remote.php/dav;

}

# set max upload size

client_max_body_size 512M;

fastcgi_buffers 8 4K;

fastcgi_ignore_headers X-Accel-Buffering;

gzip off;

error_page 403 /core/templates/403.php;

error_page 404 /core/templates/404.php;

location / {

rewrite ^ /index.php$uri;

}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

return 404;

}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

return 404;

}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {

fastcgi_split_path_info ^(.+\.php)(/.*)$;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param HTTPS on;

fastcgi_param modHeadersAvailable true;

fastcgi_param front_controller_active true;

fastcgi_read_timeout 180;

fastcgi_pass php-handler;

fastcgi_intercept_errors on;

fastcgi_request_buffering off; #Available since NGINX 1.7.11

}