D6.1 State-of-the-art on profiling, detectionRef. Ares(2019)1478463 and mitigation - 05/03/2019 Advanced Cyber-Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Grant Agreement: 786698 D6.1 State-of-the-art on profiling, detection and mitigation Work Package 6: Title of Work package Document Dissemination Level P Public ☒ CΟ Confidential, only for members of the Consortium (including the Commission Services) ☐ Document Due Date: 28/02/2019 Document Submission Date: 05/03/2019 Co-funded by the Horizon 2020 Framework Programme of the European Union Copyright Cyber-Trust Consortium. All rights reserved. 1 D6.1 State-of-the-art on profiling, detection and mitigation Document Information Deliverable number: D6.1 Deliverable title: State-of-the-art on profiling, detection and mitigation Deliverable version: 1.0 Work Package number: WP6 Work Package title: State-of-the-Art on profiling, detection and mitigation (M10) Due Date of delivery: 28/02/2019 Actual date of delivery: 28/02/2019 Dissemination level: PU Editor(s): Stavros Shiaeles (CSCAN) Contributor(s): Stavros Shiaeles, Keltoum Bendiab, Julian Ludlow, Salam Ketab, Muhammad Ali, Abdulrahman Alruban (CSCAN) Liza Charalambous, George Boulougaris, Michael Skitsas (ADITESS) Dimitrios Kavallieros, Vasiliki-Georgia Bilali, George Kokkinis (KEMEA) Nicholas Kolokotronis, Costas Vassilakis, Spiros Skiadopoulos, Christos Tryfonopoulos, Konstantinos Limniotis, Christos-Minas Mathas, Sotirios Brotsis (UOP) Reviewer(s): Dimitris Kavalieros (KEMEA) Gohar Sargsyan (CGI) Project name: Advanced Cyber-Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Project Acronym Cyber-Trust Project starting date: 1/5/2018 Project duration: 36 months Rights: Cyber-Trust Consortium Version History Version Date Beneficiary Description 0.05 22/12/2018 CSCAN Tentative ToC proposed 0.10 28/12/2018 CSCAN Deliverable’s ToC finalised 0.20 15/02/2019 CSCAN Sections added 0.30 20/02/2019 ADITESS Sections added 0.40 21/02/2019 UOP Sections added 0.50 22/02/2019 KEMEA Sections Added 0.60 23/02/2019 CSCAN Formatting of the document and send to review 0.70 27/02/2019 CSCAN Review received and applying changes 1.00 05/03/2019 CSCAN Final Submission Copyright Cyber-Trust Consortium. All rights reserved. 2 D6.1 State-of-the-art on profiling, detection and mitigation Acronyms ACRONYM EXPLANATION ACL Access Control List AES Advanced Encryption Standard API Application Programming Interface ARP Address Resolution Protocol ASCII American Standard Code for Information Interchange AV Antivirus BGP Border Gateway Protocol BLE Bluetooth Low Energy BS Base Stations BSN Base Station Network C&C Command and Control CAM Content Addressable Memory CII Critical Information Infrustructure CoAP Constrained Application Protocol COM Communication Port CPU Central Processing Unit CSP Communication Service Provider DDoS Distributed Denial of Service DHCP Dynamic Host Configuration Protocol DM Data Mining DNS Domain Name System DOS Denial of Service DPI Deep Packet Inspection EC-GSM-IoT Extended Coverage-GSM-IoT ED End Device EGP Exterior Gateway Protocol eMTC enhanced Machine Type Communication ETL Extract Transform Load FHE Fully Homomorphic Encryption FTP File Transfer Protocol FWSM Firewall Services Module GDPR General Data Protection Regulation GHZ Gigahertz GSM Global System for Mobile communications HTML Hypertext Markup Language HTTP HyperText Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICMP Internet Control Message Protocol IDS Intrusion Detection System IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGS Integration Gateway Services IoT Internet of Things IP Internet Protocol IPS Intrusion Prevention System IPsec Internet Protocol Security IPv6 Internet Protocol version 6 Copyright Cyber-Trust Consortium. All rights reserved. 3 D6.1 State-of-the-art on profiling, detection and mitigation IRC Internet Relay Chat ISM Industrial, Scientific, and Medical Radio Band ISP Internet Service Provider ITS Intelligent Transportation System JPG / JPEG Joint Photographic Experts Group KNN K-nearest neighbour Li-Fi Light Fidelity LoRa Long Range PHY and WAN LPWA Low Power Wide Area LPWAN Low Power Wide Area Network LTE Long-Term Evolution LTE-MTC LTE-Machine Type Communication M2M Machine to Machine MAC Media Access Control MCU Microcontroller Unit MDM Mobile Device Management MDMP Mobile Device Managers Plus MDU Multi-dwelling Units MS Microsoft NAT Network Address Translation NB-IoT Narrow-Band IoT NIC Network Driver Interface NIDS Network intrusion detection system OS Operational System P2P Peer-to-peer PCAP Packet Capture PMIC Power Management Integrated Circuit PPDM Privacy Preserving Data Mining PPT Polynomial Probabilistic Time PS Profiling Service QID Quater in die RAM Random-access memory RF Radio Frequency RFC Request for Comments RFIC Radio Frequency Integrated Circuit RIP Routing Information Protocol RSA Rivest, Shamir, and Adelman cryptosystem RTOS Real-Time Operating System SAVE Static Analyser for Vicious Executables SDA Smart Device Agents SDK Software Development Kit SDN Software-Defined Networking SGA Smart Gateway Agents SLAAC Stateless Address Auto Configuration SMB Server Message Block SMC Secure Multiparty Computation SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SOM Self-Organizing Maps SSH Secure Shell Copyright Cyber-Trust Consortium. All rights reserved. 4 D6.1 State-of-the-art on profiling, detection and mitigation SSL Secure Sockets Layer SSO Single Sign-On STUN Session Traversal Utilities NAT TCP Transmission Control Protocol TV Television UDP User Datagram Protocol UI User Interface UNB Ultra Narrow Band USB Universal Serial Bus VM Virtual Machine VPN Virtual Private Network Wi-Fi Wireless Fidelity ZK Zero-Knowledge Copyright Cyber-Trust Consortium. All rights reserved. 5 D6.1 State-of-the-art on profiling, detection and mitigation Table of Contents Executive Summary .............................................................................................................................. 11 1. Introduction ................................................................................................................................. 12 1.1 Purpose of the document ................................................................................................................ 12 1.2 Relations with other activities in the project .................................................................................. 12 1.3 Structure of the document .............................................................................................................. 12 2. IoT Devices profiling methods ....................................................................................................... 14 2.1 Introduction ..................................................................................................................................... 14 2.2 Device Profiling ................................................................................................................................ 14 2.3 SDA with Cloud Services .................................................................................................................. 18 2.4 SDA operating on Linux-based distribution ..................................................................................... 19 2.5 SDA App ........................................................................................................................................... 20 2.6 Services ............................................................................................................................................ 21 2.6.1 Computer Services ..................................................................................................................... 21 2.6.2 Router Services .......................................................................................................................... 22 2.6.3 Camera Services ......................................................................................................................... 22 2.6.4 Smartphone Services & Tablet Services .................................................................................... 22 2.6.5 Gateway Services ....................................................................................................................... 23 2.6.6 Categories Services .................................................................................................................... 23 2.7 IoT Connections ............................................................................................................................... 24 2.7.1 Short-range wireless .................................................................................................................. 24 2.7.1.1 Bluetooth mesh networking and Bluetooth low energy ................................................... 24 2.7.1.2 ZigBee ................................................................................................................................ 24 2.7.1.3 Z-wave ............................................................................................................................... 24 2.7.1.4 Wireless (Wi-Fi) ................................................................................................................. 25 2.7.1.5 IPv6 Low-power wireless Personal Area Network (6LowPAN) ......................................... 25 2.7.1.6