Florida International University FIU Digital Commons FIU Electronic Theses and Dissertations University Graduate School 3-23-2020 On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-up Approach Leonardo Babun Florida International University, [email protected] Follow this and additional works at: https://digitalcommons.fiu.edu/etd Part of the Electrical and Computer Engineering Commons Recommended Citation Babun, Leonardo, "On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-up Approach" (2020). FIU Electronic Theses and Dissertations. 4431. https://digitalcommons.fiu.edu/etd/4431 This work is brought to you for free and open access by the University Graduate School at FIU Digital Commons. It has been accepted for inclusion in FIU Electronic Theses and Dissertations by an authorized administrator of FIU Digital Commons. For more information, please contact [email protected]. FLORIDA INTERNATIONAL UNIVERSITY Miami, Florida ON-DEVICE SECURITY AND PRIVACY MECHANISMS FOR RESOURCE-LIMITED DEVICES: A BOTTOM-UP APPROACH A dissertation submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY in ELECTRICAL AND COMPUTER ENGINEERING by Leonardo Babun 2020 To: Dean John Volakis College of Engineering and Computing This dissertation, written by Leonardo Babun, and entitled On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-Up Approach, having been approved in respect to style and intellectual content, is referred to you for judgment. We have read this dissertation and recommend that it be approved. Kemal Akkaya Alexander Perez-Pons Leonardo Bobadilla A. Selcuk Uluagac, Major Professor Date of Defense: March 23, 2020 The dissertation of Leonardo Babun is approved. Dean John Volakis College of Engineering and Computing Andres G. Gil Vice-President for Research and Economic Development and Dean of University of Graduate School Florida International University, 2020 ii c Copyright 2020 by Leonardo Babun All rights reserved. iii DEDICATION To my family. iv ACKNOWLEDGMENTS I would like to express my gratitude to the members of my dissertation committee for their insightful comments, encouragement, and generous support. In addition, I would like to express my deepest gratitude to my major professor, Prof. A. Selcuk Uluagac, for his priceless guidance, mentorship, motivation, patience, and immense support while completing this research and during all my doctoral graduate studies. His insights and words of encouragement have often inspired me and encouraged me to overcome all difficulties. I am deeply indebted to him for his tireless support. Also, I would like to thank my colleagues from the Cyber-Physical Systems Security Lab (CSL) for their encouragement, accompaniment, and collaboration through all these years. Finally, I would also like to acknowledge the support provided by the U.S. Department of Energy, U.S. National Science Foundation, the University Graduate School, and the Department of Electrical and Computer Engineering at Florida In- ternational University. This dissertation is mostly based upon the work supported by the U.S. Department of Energy under Award Number DE-OE0000779 and the U.S. National Science Foundation under Award Number NSF-1663051. v ABSTRACT OF THE DISSERTATION ON-DEVICE SECURITY AND PRIVACY MECHANISMS FOR RESOURCE-LIMITED DEVICES: A BOTTOM-UP APPROACH by Leonardo Babun Florida International University, 2020 Miami, Florida Professor A. Selcuk Uluagac, Major Professor This doctoral dissertation introduces novel mechanisms to provide on-device security and privacy for resource-limited smart devices and their applications. These mech- anisms aim to cover five fundamental contributions in the emerging Cyber-Physical Systems (CPS), Internet of Things (IoT), and Industrial IoT (IIoT) fields. First, we present a host-based fingerprinting solution for device identification that is com- plementary to other security services like device authentication and access control. Then, we design a kernel- and user-level detection framework that aims to discover compromised resource-limited devices based on behavioral analysis. Further we ap- ply dynamic analysis of smart devices applications to uncover security and privacy risks in real-time. Then, we describe a solution to enable digital forensics analysis on data extracted from interconnected resource-limited devices that form a smart environment. Finally, we offer to researchers from industry and academia a collection of benchmark solutions for the evaluation of the discussed security mechanisms on different smart domains. For each contribution, this dissertation comprises specific novel tools and techniques that can be applied either independently or combined to enable a broader security services for the CPS, IoT, and IIoT domains. vi TABLE OF CONTENTS CHAPTER PAGE 1. INTRODUCTION . 1 1.1 Research Purposes . .9 1.2 Research Problem . .9 1.3 Significance of the Study . 12 1.4 Organization of the Dissertation . 13 2. PRELIMINARIES . 14 2.1 Overview of Cyber-Physical Systems . 14 2.2 CPS Device-class Identification . 15 2.3 System-level Smart Grid Substation Architecture . 16 2.3.1 Behavioral Analysis of Smart Grid Devices . 18 2.3.2 Genuine Smart Grid Devices . 19 2.3.3 Compromised Smart Grid Devices . 20 2.3.4 Behavioral Analysis of Smart Grid Devices . 22 2.3.5 Classes of Smart Grid Devices . 23 2.3.6 Open-source Design Approach . 24 2.3.7 Extracting Operations from Smart Grid Devices . 25 2.4 Resource-limited App Taint Sources and Sinks . 26 2.4.1 Sources of Sensitive Information in IoT Apps . 26 2.4.2 Functions to Leak Information in IoT Apps . 26 2.5 IoT Application Context . 27 2.6 Generic Smart Environment Architecture . 28 2.7 Smart App Structure . 29 3. LITERATURE REVIEW . 32 3.1 Identification of Resource-limited Devices . 32 3.1.1 Device-class Fingerprinting . 32 3.1.2 Device-host Fingerprinting . 33 3.1.3 Behavioral-based Device Fingerprinting . 33 3.2 Detecting Compromised Resource-limited Devices in CPS . 34 3.2.1 Security Challenges of Cyber-physical Systems . 34 3.2.2 Detection of Compromised Resource-limited Devices . 35 3.2.3 Call Tracing Techniques for Security Applications . 36 3.3 Resource-limited Device Application Analysis . 37 3.3.1 Static Analysis of IoT Applications . 37 3.3.2 Dynamic Analysis of IoT Applications . 39 3.4 Digital Forensics on Resource-limited Device Data . 40 3.4.1 Forensic Data Collection from the Smart Environment . 40 3.4.2 Smart Data Logging . 41 vii 4. HOST-BASED RESOURCE-LIMITED DEVICE CLASS IDENTIFICATION 42 4.1 Introduction . 42 4.1.1 Differences from Existing Works. 43 4.2 Threat Model and Use Case . 44 4.2.1 Problem Scope . 45 4.3 Overview of S&F ............................... 46 4.4 Device Feature Acquisition . 47 4.4.1 Challenge-Response Approach . 47 4.4.2 Parametric Call List (PCL) . 48 4.4.3 Device Performance Index (DPI) . 48 4.5 Device Signature Generation . 50 4.6 Ground Truth Devices - Learning Phase . 51 4.7 Signature Correlation and Decision - Prediction Phase . 54 4.8 Performance Evaluation . 56 4.8.1 Testbed Implementation . 56 4.8.2 Performance Metrics . 60 4.9 Performance of S&F during the Learning Phase . 61 4.10 Performance of S&F during the Prediction Phase . 62 4.11 Overhead Introduced by S&F ........................ 66 4.12 Summary and Benefits . 68 4.13 Conclusion . 69 5. DETECTION OF COMPROMISED RESOURCE-LIMITED DEVICES . 70 5.1 Introduction . 70 5.1.1 Differences from Existing Works . 72 5.2 Adversary Model . 73 5.3 Overview of the Detection Framework . 75 5.3.1 Probability of Detecting a Compromised Device . 77 5.3.2 Learning Process . 79 5.3.3 Detection Process . 81 5.3.4 Decision Process . 84 5.4 Performance Analysis and Discussion . 85 5.4.1 Evaluation with a Realistic Smart Grid Testbed . 85 5.4.2 Detection Performance . 86 5.4.3 Performance Metrics . 90 5.4.4 System Overhead . 94 5.4.5 Benefits and Features . 95 5.5 Conclusion . 96 6. SECURITY AND PRIVACY ANALYSIS OF RESOURCE-LIMITED DE- VICE APPLICATIONS . 98 6.1 Introduction . 98 6.1.1 Differences from Existing Works . 100 6.2 IoT Privacy Survey . 100 viii 6.2.1 Survey Results . 102 6.2.2 Summary of Findings . 104 6.2.3 Example IoT Privacy Survey Questions . 105 6.3 Problem Statement and Threat Model . 107 6.4 Approach Overview . 109 6.4.1 Understanding Leakage in IoT Apps . 110 6.4.2 Terminology Used . 112 6.5 IoTWatcH .................................. 113 6.5.1 Code Instrumentor . 114 6.5.2 IoTWatcH Analyzer . 120 6.5.3 Response to App Data Leaks . 126 6.5.4 IoTWatcH API.............................. 128 6.6 IoTWatcH's Implementation Details ................. 129 6.7 Performance Evaluation . 132 6.7.1 Evaluation Metrics . 134 6.7.2 Assigning Privacy Labels . 135 6.7.3 Performance of IoT String Classification . 136 6.7.4 Analysis of Data Leaks in IoT Apps . 140 6.7.5 Overhead Analysis . 142 6.8 Discussion . 143 6.9 Conclusion . 144 7. FORENSICS ANALYSIS OF RESOURCE-LIMITED DEVICE DATA . 146 7.1 Introduction . 146 7.1.1 Differences from Existing Works . 147 7.2 Problem and Threat Model . 149 7.2.1 Problem Definition . 149 7.2.2 Assumptions and Definitions . 151 7.2.3 Threat Model . 152 7.3 IoTDots ................................... 155 7.3.1 Forensically-valuable features in.