IoTChecker: A data-driven framework for security analytics of Internet of Things configurations

The advent of the Internet of Things (IoT) has revolutionized networks by transforming legacy dumb devices into smart connected “things”; observing, interacting and impacting the environment with minimal human intervention. These features, while promising a variety of innovative solutions and business benefits, are vulnerable to a host of new threat vectors and security risks. A typical IoT network comprises thousands of IoT devices using heterogeneous protocols, having varying resources, complex interdependencies and diverse networking and security requirements. The configuration data of IoT systems is mostly unstructured, lacking machine interpretable semantics and thus, traditional analysis techniques cannot tackle the IoT-specific configuration challenges of scalability, interoperability and security. In this paper, we present IoTChecker, a novel data-driven framework to semantically model IoT configurations and then employ that model to automatically arrest security configuration anomalies and analyze IoT-specific threat vectors. The approach leverages a combination of newly constructed as well as extended and aligned versions of existing ontologies. Configuration analytics are performed automatically by describing the context of complex IoT interactions and dependencies through rules-supported reasoning and queries. The evaluation involves ontology-based security classification of 954 real-world IoT products and security analysis of their practically-deployed system configurations. Our automated approach has proven to be scalable, easily manageable, formally verifiable and free from errors induced by tedious manual configurations.