Scuola Politecnica e delle Scienze di Base Innovare la... · WISS: WIRELESS IOT IDS WITH SIEM...
Transcript of Scuola Politecnica e delle Scienze di Base Innovare la... · WISS: WIRELESS IOT IDS WITH SIEM...
Scuola Politecnica e delle Scienze di Base
1
WISSWIRELESS IOT IDS WITH SIEM INTEGRATION
Tesi di Laurea Magistrale in Network Security
Pantaleone
Nespoli
Current Affiliation
Ph.D. Student – 1st year
RELATORE
Prof. Simon Pietro Romano
UNIVERSITY OF NAPLES
CORRELATORE
Dr. Félix Gómez Mármol
UNIVERSITY OF MURCIA
Scuola Politecnica e delle Scienze di Base
2
THESISAFFILIATION
This Thesis is the result of an Erasmus Internship
experience at NEC Laboratories Europe
(NLE), Heidelberg, Germany
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
3
BACKGROUND
Cybersecurity has became a topic of global interest
Increasingly complex and disruptive cyber-attacks
Central role of the network infrastructures
Not constrained to cyberspace physical system
Cyberdefense is defined as “organized capabilities to protect against,
mitigate from and rapidly recover from the effect of cyber attacks” [1]
[1] J.B. Godwin III et al., “Critical Terminology Foundations 2.” Russia-U.S. Bilateral on Cybersecurity, 2014
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
INTERNET OF THINGSPARADIGM
Everything
connected
together
Remote control
of everyday-life
objects
Environmental
MonitoringSmart Home
Smart City
4PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION5
IOT SECURITYCHALLENGES
Many devices
High heterogeneity
High mobility and distribution
In a wireless scenario, attacker
models become wider:
➢ Router Attacks
➢ Jamming
➢ Evil twins
➢ MITM (Man In The Middle)
➢ Flooding
Scuola Politecnica e delle Scienze di Base
6
GOALS
Portability
The device must be portable, in order to let human actors carry it
in every environment effortlessly
Usability
End-users have only to turn on the device to protect the monitored
area
Configurability
Network administrators can decide to enable/disable features for
performance reasons
Versatility
The device must be used everywhere, even in a densely
populated place
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
7
CONTRIBUTION
Wireless
monitoring sensor
Alerts and
Statistics remotely
sent to a Server
Events visualized on
a Client machine
P&P-Pi:
Plug&Protect
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
8
WISS ARCHITECTURE
Rsyslog
802.11 Layer 2 IDS
802.11 Layer 3 and
above IDS
Debian OS for
Raspberry Pi
Via TCP/UDP
Open Source SIEM OSSIM
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
9
WISS DEMO
UDP
Attacker
Victim
Access Point
Ossim Server
2. TCP Portscan
3. SSH BruteforceAlerts via
Rsyslog
Event visualized
on client
machine
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
10
PERFORMANCE EVALUATION (1/2)
Different combinations of Rule
Sets and Detection Engines tested
CPU, RAM and total number of
packets were registered
CPU graphs show utilization <5%
CPU0 (Kismet) more stressed
Low CPU1 (Snort) usage
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION
Scuola Politecnica e delle Scienze di Base
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION11
PERFORMANCE EVALUATION (2/2)
RAM usage shows a trend with
periodical spikes
➢ Snort detection process on the
attacker frames
Linear increasing trend reveals a
memory leakage
➢ Kismet tracking mechanism
Scuola Politecnica e delle Scienze di Base
12
FUTURE WORKS
Further Wireless Protocols
Testing in Open Environments
Shopping malls, stadiums
Scalability tests
Design of Reaction Capabilities in the SIEM
Design of Collaborative Scenarios
➢ An extract of this thesis has been accepted for publication at
IEEE WCNC ‘18
PANTALEONE NESPOLI
WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION