A cyber security analyst in a data centre

How can we protect our Internet of Things (IoT) devices from attack?

Introduction

The use of IoT devices has already grown rapidly and the trend is expected to continue, if not rise exponentially, in everything from domestic (eg fridges, baby monitors, etc) to industrial (eg smart city, smart manufacturing) applications.

Society is increasingly reliant on IoT devices. After a major attack in 2016 was linked to the vulnerability of this Internet of Things, the UK Department for Culture, Media and Sport (DCMS) conducted a select committee inquiry and announced the publication of its Security by Design report containing a proposed Code of Practice for Consumer IoT products in 2018. DCMS recommended that IoT products should be "Secure-by-Design", with strong security built into them from the start. 

DCMS collaborated with Innovate UK, part of UK Research and Innovation, on a cybersecurity academic startup accelerator programme (CyberASAP) where it invested in innovative cybersecurity projects designed by academics.

Jonathan Loo and his team answered the call for ideas with the Cybersecurity Monitoring and Defence (CyMonD) project, designed to stop hackers in their tracks.

Connectivity equals vulnerability

Any device that is connected to the internet is vulnerable to attack.

The rise of the IoT has added to cybersecurity concerns as billions of devices become connected across the globe. Smart Cities utilise a range of IoT devices and sensors to radically transform operations and their popularity has been growing over the last 10 years – a trend that is set to continue and is likely to increase exponentially. Such applications simply increase the potential of cyber-attacks.

In 2016, the vulnerabilities of IoT-enabled devices were thrown into the spotlight after a major attack that affected some of the world’s major web services was found to be linked to numerous IoT devices that had been infected by malware.

Mitigating risk

Jonathan Loo and his team designed CyMonD to protect IoT-enabled devices with funding from Innovate UK and the Department for Culture, Media and Sport.

The Cybersecurity Monitoring and Defense (CyMonD) project looks to plug a gap in the market for securing Linux based units, which represent approximately 70% of IoT devices. The project aimed to increase security on individual devices and provide the ability to effectively monitor them for malicious activity using anomaly detection.

A phone that has the letters IOT displayed at the screen is shown alongside a fridge and an oven. There are dotted lines between all of the devices to show that they are connected.

CyMonD depends on security modules being present, activated and configured within the Linux operating system onboard the devices being secured. Signals (logs) from the modules are used to define “normal” behaviours after being sent to Machine Learning (ML) algorithms executed on remote servers.

Alerts generated by the ML system can be grouped and further processed to trigger defensive actions and controls (policies,) which can instruct the security system within the devices to take additional protective measures. A Graphical User Interface (GUI) would display the status of monitored devices.

Cyber security

The software developed by the team monitors the behaviour of devices, watching for unusual actions such as connecting to an unknown server and alerts the device's own servers when it detects a problem. These alerts can trigger defensive actions and controls which can instruct the security system with the device to take additional protective measures. The alerts are then displayed using a GUI.

The device is the first of its kind to monitor the internal activity of devices, rather than relying on other forms of data external to the device itself. This means that it can provide highly reliable monitoring of individual units.

It is designed in a way that means users do not need to configure or setup defense mechanisms. Using CyMonD technology, devices are protected prior to being shipping, upgraded or redeployed.

Bridging the gap between academic and enterprise

An electric car is plugging into a charging port.

Thanks to his funding from Innovate UK, Professor Loo was able to create a proof of concept used to demonstrate the capabilities of his software to potential partners in industry.

The team are currently working with a small company who designs charging ports for electric cars and boats. The company noticed that their charging ports were being duplicated and have predicted that these duplications could be the first move in attack that involves diverting revenue from the company to a malicious agent.

CyMonD will monitor for these duplications help to avoid any potential loss of income.

The research team

  • Professor Jonathan Loo - Chair Professor of Computing and Communication Engineering
  • Dr Junaid Arshad - Associate Professor in the School of Computing and Digital Technology, Birmingham City University

Find out more

Find out more

  • Research Centres

    Find out about our multi-disciplinary areas of expertise, research, and teaching.

    An analyst looking at a digital display

  • Research impact

    Learn how our research has helped communities locally, nationally and internationally.

    Two students sitting and standing in front of a computer screen with protective glasses on.

  • Research degrees

    Find out more about PhD and Professional Doctorate opportunities and how we will support you within our active and interdisciplinary research community.

    student in goggles in the lab