iot device monitoring framework -...
TRANSCRIPT
![Page 1: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/1.jpg)
IoT Device Monitoring Framework
IASP 470 – SECURITY
BY RAUL CAMACHO, DANIEL ROGERS, TYRENE LESANE, VARON CALLENDER
![Page 2: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/2.jpg)
Research work Contribution
Objectives/Team
Members
Raul Camacho Daniel Rogers Tyrene LeSane Varon Callender
Project Proposal X
Network Map X
Video Presentation X
Device Set up and
Configuration
X X X
Setup of Cloud
Storage Device
X X X X
Power BI Analytics
Integration
X
Technical
Documentation
X
Final Report X X X X
Abstract
Internet of Things devices unlock great insights and value from the data collected,
cybersecurity must be built from the start. The use of IoT devices continue to expand, not just
on consumer side but on industrial/commercial application. SCADA system are expected to be
replaced by more advanced IoT devices. While connected devices have the potential to help
enterprises unlock great insights and value from the data they collect, they also massively
expand the cybersecurity attack landscape. (Gilchrist)
![Page 3: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/3.jpg)
Preliminaries
The internet of Things
The Internet of Things refers to the ever-growing network of physical objects that
feature an IP address for internet connectivity, and the communication that occurs between
these objects and other Internet-enabled devices and systems without human interface. The
Internet of Things extends internet connectivity beyond traditional devices like desktop and
laptop computers, smartphones and tablets to a diverse range of devices and everyday things
that utilize embedded technology to communicate and interact with the external environment,
all via the Internet.
Examples of objects that can fall into the scope of Internet of Things include connected
security systems, thermostats, vehicles, electronic appliances, lights in household and
commercial environments, alarm clocks, speaker systems, vending machines and more.
The term M2M began in the 1990s, and it has gained incredible expansion particularly
through its connectivity and it is expected to increase 21 percent per year and reach 28.1
billion IoT devices by 2020 (https://www.ericsson.com/en/networks/trending/hot-topics/iot-
connectivity/iot-market-outlook, n.d.)
The growing applications of M2M are providing a shift in business models that permit
more than just selling products, but expanding to selling service. Many services sectors such as
health care, energy companies, construction, and transportation are in process of connecting
IoT devices creating an incredible expansion of IoT market to approximately to $7.1 trillion by
2020.
The Problem Description
The introduction of IoT devices and their connectivity over the internet is certainly
opening door to a lot of opportunities, but also to many challenges. Because of the nature of
IoT devices, their application collects tons of data where retrieval, monitoring, processing and
![Page 4: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/4.jpg)
sharing are integral part of the IoT environment. Lately, such devices becoming more
consumer-oriented devices, where the acknowledgment of security related topics of such
devices is null or inexperienced for the regular Joe. In the other hand, companies might relate
such devices to the security team or the cybersecurity team on charge to managed them.
Besides, security is not a top priority to device manufacturers. (HAdar, Siboni, & Elovici)
Having several devices connected on the network will open the door to various
vulnerabilities that can be exploit by malicious agents. Any compromised device is a foothold in
the network. In a consumer level, privacy is the main concern. As an example the Amazon Echo
device, Alexa recorded a private conversation between two person and sent to acquaintance of
theirs. On industrial/commercial level, the leakage of data, or the fault integrity of the data can
be or create a disaster on the company as a whole.
Most of threats attack the unique nature of IoT devices. Others take aim at the
application ecosystem surrounding them. Still others are the result of configuration errors that
stem from user inexperience or system limitation. In any case, each threat can lead to loss of
privacy, loss of control, or recruitment of the devices into a network controlled by someone
other than the owner.
IoT devices are genuinely useful, but we as a professional have the responsibility to
close all security flags that comes with them.
The Goal of Our Project
Our team tried to get the most closely possible to a IoT online environment. We did
simulations about temperatures due to financial constrain. Although we set it up a useful
transferable data between remote devices.
Four Raspberry Pi were used as a sensor controllers, sending data to an Azure IoT Hub
where we to process and collect data. A fifth device was configurated as cloud storage. All
together were integrate to a Power BI Analytics were we analyzed data collected.
![Page 5: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/5.jpg)
The idea was to create an comprehensive set of analytics in the cloud to make
easy and affordable for processing raw data. Unfortunately, we found that some devices log
files were susceptible to manipulation and deletion. Although the data stored at our devices
was not susceptible to attacked, but was accessible after our report was published.
IoT Hub is a managed service, hosted in the cloud by a third party and acted as central
message hub for bi-directional communication between our application and the devices it
managed. The free version supported the communication both from the devices to the cloud
and from the cloud to the devices, supporting multiple messaging patterns such as device-to-
cloud telemetry that was useful to upload files to and from the devices, and request-reply
methods to control the devices.
The telemetry was successful thank to Sharekey pre-configurated by Azure CLI to
register the device to monitor using the ConnectionString command. Bellow is a part example
of the configuration using CLI in Azure. The complete code is located on appendix 1
![Page 6: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/6.jpg)
Data Analysis
There were two incidents when we attacked the devices and we were able to
manipulate data. Although one of them we were able to catch on time and we were able to
patch the vulnerability and stop the exploit. Azure did a good job sending us alerts,
recommendation and resources impacted by detecting anomalies .
![Page 7: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/7.jpg)
Every time that we upload the patch, Azure notified us when and where it happened the
connection, sending reports of file uploaded to the devices. For data analysis purposes, we
export the data as a .csv file
As an user the raw data become meaningless, the sample data of the system contain a
date and time, two temperature values, and a status value. Using the multidimensional scaling
algorithm, the mean values, the maximum values of both temperatures and the pivoted status
![Page 8: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/8.jpg)
of the system is condensed to a two-dimensional matrix, which can be visualized as both a
Scatter Plot and Anomaly Indicator over Time chart.
Power BI was useful tool that let us visualized the data, connecting several data sources
to create simple dashboards and reports for the user.
As a pointer early, IoT devices create an environment in which we experience an
explosion of data. Our project was not the exception. With couple thermocouples, we created
around 2GB of data per day. If this were a full scale, consumer or commercial application, the
data being produced could be so large and complex that it will be almost impossible to be
processed by a traditional relational database management program. The reason is due to the
nature of the data appearing in both an unstructured and semi structured format, which totally
deviates from the structure data format, which is based on the SQL. (Johnson)
![Page 9: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/9.jpg)
Conclusion
With the Internet of Things still in its infant phase, it is only going to continue to grow
with an estimated 28.1 billion devices expected to be connected to the Industrial Internet of
Things by 2020. With this increase of connected devices, it is also estimated that “by the year
2021, cybercrime will cost the world upwards of $6 trillion annually. Most of them are devices
rarely have an entity that is responsible for maintaining them, therefore they remain unpatched
and vulnerable.
Also, the range of application of IoT continues to expand to the point that all the data
being processed are being created as unstructured, and is creating the need for the emergence
of new method to store and process this IoT environment which also is generating the need for
both virtualization and cloud computing to understand and process such data.
In order to proactively mitigate threats to Internet of Things devices users and
organizations must actively seek a way to secure them. Administrating and monitoring such
devices will decrease the vulnerabilities, and creating a patch management protocol can lower
the exploitable rate of a networks and maintain the privacy and confidentiality secure from any
leakage.
With this approach, Network-related monitoring, whether for fault management or
security management, are known and probe to generate large pools of data that has to be
processed quite significantly in order to exact meaningful, actionable information, and
importantly to be able to do so in near real time.
In this paper, we proposed a lightweight cloud-based framework for monitoring IoT
devices. The proposed framework consists of a cloud service, a designated IoT storage
appliance, and synchronization and communication mechanisms and will need future
work/research where we think and propose the application of machine learning to apply to the
framework.
![Page 10: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/10.jpg)
References Gilchrist, A. (n.d.). IoT Security Issues.
HAdar, N., Siboni, S., & Elovici, Y. (n.d.). A lightweight Vulnerability Mitigation Framework for IoT
Devices.
https://www.ericsson.com/en/networks/trending/hot-topics/iot-connectivity/iot-market-outlook. (n.d.).
Johnson, T. A. (n.d.). Cybersecurity: Protecting Critical Infrastrcutures from Cyber Attack and Cyber
Warfare.
![Page 11: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/11.jpg)
Appendix 1 .
//Monitor script for RAC IoT, Temp/LED online connection
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"IotHubs_IASP470TEST_name": {
"defaultValue": "IASP470TEST",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Devices/IotHubs",
"apiVersion": "2018-04-01",
"name": "[parameters('IotHubs_IASP470TEST_name')]",
"location": "eastus2",
"sku": {
"name": "S1",
"tier": "Standard",
"capacity": 1
},
"properties": {
"operationsMonitoringProperties": {
"events": {
"None": "None",
"Connections": "None",
"DeviceTelemetry": "XXX.XX.XXX:6500",
"C2DCommands": "Metrics_On",
"DeviceIdentityOperations": "SHA256",
"FileUploadOperations": "…./etc/…/RACME/",
"Routes": " "
}
},
"ipFilterRules": [],
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": 1,
"partitionCount": 4,
"partitionIds": [
![Page 12: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/12.jpg)
"0",
"1",
"2",
"3"
],
"path": "iasp470test",
"endpoint": "sb://iothub-ns-iasp470tes-1439185-
6612060019.servicebus.windows.net/"
},
"operationsMonitoringEvents": {
"retentionTimeInDays": 1,
"partitionCount": 4,
"partitionIds": [
"0",
"1",
"2",
"3"
],
"path": "iasp470test-operationmonitoring",
"endpoint": "sb://iothub-ns-iasp470tes-1439185-
6612060019.servicebus.windows.net/"
}
},
"routing": {
"endpoints": {
"serviceBusQueues": [],
"serviceBusTopics": [],
"eventHubs": [],
"storageContainers": []
},
"routes": [],
"fallbackRoute": {
"name": "$fallback",
"source": "DeviceMessages",
"condition": "true",
"endpointNames": [
"events"
],
"isEnabled"= true
}
},
"storageEndpoints": {
"$default": {
"sasTtlAsIso8601": "PT1H",
"connectionString": "",
![Page 13: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/13.jpg)
"containerName": ""
}
},
"messagingEndpoints": {
"fileNotifications": {
"lockDurationAsIso8601": "PT1M",
"ttlAsIso8601": "PT1H",
"maxDeliveryCount": 10
}
},
"enableFileUploadNotifications": false,
"cloudToDevice": {
"maxDeliveryCount": 10,
"defaultTtlAsIso8601": "PT1H",
"feedback": {
"lockDurationAsIso8601": "PT1M",
"ttlAsIso8601": "PT1H",
"maxDeliveryCount": 10
}
},
"features": " "
}
}
]
}
![Page 14: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/14.jpg)
Appendix 2.
//Setting up Device on Ubuntu or Raspberry Pi
Installing Node.js
1.) First check the version of Node.js currently on your machine with the following command
a. node –v
2.) If the version returned is lower than 4.X, or if there is no Node.js on your Pi/Ubuntu, install the
latest version
a. curl –sL https://deb.nodesource.com/setup_4.x | sudo -E bash
b. sudo apt-get –y install nodejs
3.) Then clone the application
a. git clone https://github.com/Azure-Samples/iot-hub-node-raspberrypi-client-app
4.) Install all packages for the samples. The installation includes Azure IoT device SDK, BME280
Sensor Library, and Wiring Pi library.
a. cd iot-hub-node-raspberrypi-client-app
b. sudo npm install
5.) Open the config file by running the following commands and configure the following sample
application
a. nano config.json
b.
![Page 15: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/15.jpg)
c. Note: There are two items in this file you can configure. The one is interval, which
defines the time interval (in milliseconds) between messages sent to the Azure IoT hub.
The second one is simulatedData, which is a Boolean value for whether to use simulated
sensor data or not. If you do not have BME280 sensor, set the simularedData value to
“true”.
d. Save and exit by typing Control-O > Enter > Control-X
6.) Run the sample application:
a. sudo node index.js ‘<YOUR AZURE IOT HUB DEVICE CONNECTION STRING>’
b. For example, sudo node index.js ‘HostName=IASP470TEST.azure-
devices.net;DeviceId=Dan2_Device;SharedAccessKey=yZKNEzT50EBft1ipGaGfZL0mFXi/D
6H9U3ShQuHWmu0=’
Setting up Your Raspberry PI into a Personal Cloud Storage Device:
1.) Enter the Raspberry Pi command line and update the Raspberry Pi and its packages
a. sudo apt-get update
b. sudo apt-get upgrade
2.) Open Raspi Config tool to change settings:
a. sudo raspi-config
b. Change locale top en_US.UTF8 in internationalization options -> change local
c. Change memory spilt to 16m id Advanced options -> Memory split
3.) Add the www-data user to the www-data group
a. sudo usermod –a –G www-data www-data
4.) Depending on the latest version of Raspbian Stretch you will need to install all the required
packages and PHP7
a. sudo apt-get install nginx openssl ssl-cert php7.0-cli php7.0-sqlite php7.0-gd php7.0-
common php7.0-cgi sqlite3 php-pear curl libapr1 libtool curl libcurl4-openssl-dev
php7.0-xml php7.0 php7.0-dev php7.0-curl php7.0-gd php7.0-fpm memcached php7.0-
memcache php7.0-zip php7.0-intl php7.0-mbstring varnish
5.) Create an SSL Certificate
a. sudo openssl req $@ -new -x509 -days 730 -nodes -out /etc/nginx/cert.pem -keyout
/etc/nginx/cert.key
6.) In additional to the SSL certificate we also need to generate a custom dhparam file. This file will
ensure that the SSL connections are kept secure. To generate a 4096 byte long DH Param run
the following command (this could take up 16hrs).
a. sudo openssl dhparam –out /etc/nginx/dh4096.pem 4096
![Page 16: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/16.jpg)
7.) Now we must chmod the three cert files that were just generated
a. sudo chmod 600 /etc/nginx/cert.pem
b. sudo chmod 600 /etc/nginx/cert.key
c. sudo chmod 600 /etc/nginx/dh4096.pem
8.) Clear the server config file since we will be copying and pasting our own version
a. sudo sh –c “echo ‘ ‘ > /etc/nginx/sites-available/default”
9.) Configure the web server configuration so that it runs Owncloud correctly
a. sudo nano /etc/nginx/site-available/default
10.) Copy and paste the following code into the file
upstream php-handler {
server 127.0.0.1:9000;
server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
server_name 192.168.56.101;
#Allow letsencrypt through
location /.well-known/acme-challenge/ {
root /var/www/owncloud;
}
# enforce https
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
server_name 192.168.56.101;;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;
![Page 17: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/17.jpg)
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/dh4096.pem;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/owncloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
![Page 18: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/18.jpg)
client_max_body_size 512M;
fastcgi_buffers 8 4K;
fastcgi_ignore_headers X-Accel-Buffering;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_read_timeout 180;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off; #Available since NGINX 1.7.11
}
![Page 19: IoT Device Monitoring Framework - cysecure.orgcysecure.org/470/19s/groupFinal/...IoTmonitoring.pdfcloud telemetry that was useful to upload files to and from the devices, and request-reply](https://reader033.vdocuments.us/reader033/viewer/2022042303/5ece20e0367a303cf4085b60/html5/thumbnails/19.jpg)