Creating a "Botnet" of Good IoT Devices


Although not by design, in reality IoT devices are not as secure as they could be. At any point in time, at least a small fraction of devices are under the control of threat actors and malicious software. Hackers’ resources are stronger than the defenses that can be implemented on the individual edge device being attacked - a completely lopsided battle.

A solution does exist, however – distributed computing.

The concept is far from new. SETI@home (Search for Extraterrestrial Intelligence) has been using a global distributed computing network since 1999 (although the program is shutting down at the end of March). In traditional distributed computing, the laptops, desktop devices, or even servers, have large bandwidths with multiple channels of communications to join together to create a whole greater than the sum of its parts.

In theory, it should be very easy to create a similar distributed computing network on IoT devices – they are in constant communication with each other and the centralized server. Furthermore, the sheer volume of devices means almost infinite scalability for an IoT-based distributed network.

However, the IoT devices also have limited memory, computing power, and interconnection capabilities and generally have no operating system or communication protocol standards.

Being in almost constant two-way communications limits their bandwidth, meaning the resources for the distributed computing component may be squeezed out. Also, adding an additional communications burden increases the costs of operations – someone needs to pay for the increased data going out on the cellular lines.

Challenges of Creating a Distributed IoT Security Network
Any onboard agent that takes care of security operations needs to be carefully crafted to use the IoT devices’ limited resources. The device itself also needs to be taught to “shut up” to increase the bandwidth. For example, a thermostat on a refrigerator holding critical medicines at a certain temperature doesn’t need to report second by second that the temperature is between 1oC and 2oC; it should only report anomalies when the temperature is falling outside the normal range. As a side note, this lowers cost, as data isn’t constantly being sent along the mobile network.

Furthermore, the algorithm should allow for self-learning – it must understand “normal” interactions and look for the anomalies indicating malware.

Now, that is on the individual device.

However, these millions of edge devices need to interact among themselves or send information or collaborate on joint decisions, which is very costly and slow. Taking into account the memory and processing issues, it just isn’t possible to implement more sophisticated algorithms.

Linking Individuals to Create a Strong Network
The IoT devices, the edge units living in the “wild” are already being used as distributed networks for malicious purposes. The Mirai botnet took advantage of the weaknesses and strengths of IoT devices – their low levels of security and their volume – to execute DDoS attacks.

Now, it’s time to join the benign devices into a distributed network, using algorithms to build their collaborative power to prevent the bad guys from capturing more devices and conquering our homes, offices, and factories.

The best approach to create a distributed network of IoT devices is to link them like an ant colony, where the sum of the strength of its members is stronger than one individual. Instead of constantly communicating with their centralized command and control service to inform them of non-anomalous data, the devices should be in constant contact with each other, “inspecting” the behavior of their peers and informing the network when there are behavioral anomalies. After the anomalies are reported to the security operations center, an AI system must analyze the data to further strengthen the network from attack.

The infrastructure itself must be able to distribute and broadcast the information and maintain the necessary cryptography to support “good” devices, ensuring the “bad” command and control networks cannot interfere with their operations. Furthermore, the infrastructure needs to be scalable to levels that are orders of magnitude beyond the traditional distributed system and do all of this efficiently without overhead and expensive operations that would defeat the entire solution.

This distributed network must become a large entity unto itself, performing self-inspections and operations not restricted by the power of a single server, monitoring and mitigating the influence of bad nodes before they can attack at the individual device level.

Furthermore, the solution should comprehensively protect all the applications and data within the devices to maximize IoT security and minimize the impact on the organization, factory, and consumer. A fully embedded, distributed, and multilayered approach should be used to deliver a comprehensive, multilayered IoT cybersecurity and analytics platform. Ideally, it would have an on-the-edge dynamic firewall and antivirus; use a distributed communications protocol; provide lightweight, secure and generic frameworks for data processing and analytic operations; and ensure end-to-end encryption. Communications with the security operations center is critical, with operational monitoring, and alerting for faster response. This type of solution would almost completely eliminate consumers’ responsibility for security in enterprise and industrial settings and ensure service continuity in large-scale IoT deployments.

As an added value, this type of solution would collect data across the entire operation, creating a critical mass of data, versus data from a single device. Instead of a set of millions of single devices, the connected infrastructure can be analyzed in real time as a unified whole. This allows the activities of the devices themselves to be analyzed in the aggregate to increase the efficiency of the devices and network itself.

Cybercriminals are already creating distributed networks to implement their nefarious activities. We can use similar paradigms to fight back.

About the author: Assaf Schuster, Research & Senior Consultant at Essence SigmaDots, is also faculty member of the Computer Science Department at the Technion University Israel. He is a researcher who has published more than 250 papers in the areas of Machine Learning, AI, Cybersecurity, Parallel and Distributed Computing, Scalability, Big data, Complex Event Streams, and others. He is a Fellow of the ACM and the IEEE.

Edited by Ken Briodagh

Related Articles

Honeywell Unveils Solution for Connectivity and Visibility into Cloud Systems for Fire Safety

By: Ken Briodagh    10/21/2020

Honeywell recently launched the first tools from its new suite of Connected Life Safety Services (CLSS), which is the company's first all-in-one cloud…

Read More

IoT and Digital Tools Change Company Operations during COVID-19

By: Special Guest    10/14/2020

It comes as no surprise that COVID-19 is changing the way that companies operate. What is surprising, though, is that the pandemic has increased the s…

Read More

New IoT E-Commerce Site Launches

By: Ken Briodagh    10/12/2020

Cal-Chip Connected Devices (CCCD) recently launched its Internet of Things (IoT) e-commerce site, according to an announcement.

Read More

IoT Time Podcast S.5 Ep.37 Cradlepoint

By: Ken Briodagh    10/8/2020

In this episode of IoT Time Podcast, Ken Briodagh sits down with Todd Krautkremer of Cradlepoint, to talk about how the world and the IoT industry are…

Read More

Ordr IoT Discovery Spotlight Program to Uncover Shadow IoT

By: Ken Briodagh    10/7/2020

Enterprise IoT security company Ordr offers new core software with cloud-managed zero-touch provisioning sensor for simplified deployments

Read More