SlideShare une entreprise Scribd logo

IoT Mobility Forensics

Sabidur Rahman
Sabidur Rahman

The Internet of Things (IoT) comes with great possibilities as well as major security and privacy issues. Although digital forensics has long been studied in both academia and industry, mobility forensics is relatively new and unexplored. Mobility forensics deals with tools and techniques that work towards forensically sound recovery of data and evidence from mobile devices [1]. In this paper, we explore mobility forensics in the context of IoT. This paper discusses the data collection and classification process from IoT smart home devices in details. It also contains attack scenario based analysis of collected data and a proposed mobility forensics model that fits into such scenarios. Cite: K. M. S. Rahman, M. Bishop, and A. Holt, “Internet of Things Mobility Forensics,” INSuRE Conference, 2016.

Technologie
1  sur  19
Télécharger pour lire hors ligne
INTERNET OF THINGS MOBILITY FORENSICS K M Sabidur Rahman, Matt Bishop and Al Holt Speaker: K M Sabidur Rahman (krahman@ucdavis.edu) INSuRECon16 9/23/20161
Agenda • Motivation and literature review • About the device: Sen.se Mother • Collection of data • Classification of data • Attack scenarios • Forensic model • Limitations and future work 9/23/20162
IoT is here • Smart city • Smart grid • Smart home • Smart car (V2V) • Mobile-to-mobile (M2M) 9/23/20163 But, are we ready? “Mobility Forensics addresses technology’s movement toward mobile devices (smart phones, tablets, small computers) and the specialized tools and techniques needed to successfully recover data and evidence from those devices” http://mobility-forensics.com/
Literature review, device information and data collection 9/23/20164
Related papers (1) Bogdan Copos, Karl Levitt, Matt Bishop and Jeff Rowe, “Is Anybody Home? Inferring Activity From Smart Home Network Traffic”, MoST, 2016 • Collected network data • Used dumpcap, a network traffic collection tool • Used the collected data to predict if anyone is home or not E. Oriwoh, D. Jazani, G. Epiphaniou and P. Sant, “Internet of Things Forensics: Challenges and Approaches”, CollaborateCom, 2013 •Worked on IoT Forensics by going about scenario based approach •Introduced hypothetical attack/crime scenarios and discussed how IoT devices changes the investigation
Related papers (2) Orlando Arias, Jacob Wurm, Khoa Hoang, and Yier Jin, “Privacy and Security in Internet of Things and Wearable Devices”, IEEE Tran. On Multi-scale Computing Systems, 2015 • Worked on Google Nest Thermostat and the Nike+ Fuelband • Looked under the hood of the device in details • Details about the device hardware, operating system, booting/remote installation and communication system • Discussed on the security measures built in the device
Sen.se Mother
Properties of the cookies 1.Motion Cookies can save up to ten days of events. As soon as they are reconnected to a Sense Mother, they upload all the contents of their memory 2.1 CR2016 replaceable button cell with one year of life 3.Radio: 915 MHz (North America), 868 MHz (Europe) 4.Every movement has its signature. Place a Motion Cookie on an object or person. It will capture and analyze its movements. It will recognize the specific actions you want to monitor and transmit them to your chosen Application 5.Motion Cookies also contain a thermometer. They regularly send the ambient temperature to Mother, as well as sudden abnormal changes 6.Signaling presence or absence https://sen.se/store/cookie/
Properties of the Hub https://sen.se/store/mother/ 1.Wired connection to the router 2.Radio connectivity with the cookies 3.Connects to cloud to store data for the apps
Deployed sensors Deployed the sensors for testing purpose: 1.At bedroom door: security notification 2.One inside room for room temperature detection: thermostat 3.One in the bagpack: physical exercise sensing 4.The last one also in my pocket: to sense when am I home or not. This can essentially detect if your child/pet is inside home or not.
Results and findings 9/23/2016 11
Data classification 9/23/2016 12 Information Source Location Daily routine Severity Forensics implication Door movement-time Door activity sensor No Yes Medium What time someone entered/left the room or tried to open the door? Door movement- location Door activity sensor Yes No Medium Someone entering/leaving the room or trying to open the door Temperature Temperature sensor No Yes (partially) Low If the temperature is not comfortable, there may be something wrong with the room Presence at home Presence/absence sensor Yes Yes High If the subject was present at home at the time of attack, can he/she provide vital information on the crime? Steps taken Walk sensor No No Low How long will the subject be out of home? Distance walked Walk sensor No No Low How long will the subject be out of home and how far will he/she go? Time spent in walk Walk sensor No Yes Medium How long will the subject be out of home? Calories burnt Walk sensor No Yes Medium Physical condition/activity trail of subject
Forensic scenarios Event 1: Burglary Identification: Door sensor data indicates the time when the owner left home. Data indicates that there has been an activity at 11:40 am, even though the owner was not home at that time. The burglary happened on the same day. Interpretation: Does the data suggest that the burglar knew the owner’s daily schedule? This would help us investigate the incident. For example, would looking into CCTV camera footage from across the street that was collected at 11:40 am be useful? Preservation: Data collected by the sensor was stored in the cloud at near real-time. Analysis and presentation: Data presented on graphs is easy to understand and present to court, so graph correlating events with burglaries would be helpful.
IoT mobility forensics model 9/23/2016 14
Data manipulation and counter measures 9/23/2016 15 •How much can we trust the data extracted from IoT devices? •How will the attacker changing the data before or after collection affect the forensics analysis? •Can we prevent or detect such manipulations? False positives and negatives •The user of IoT data and solution providers should be aware of the existence of false positives and false negatives •Proper steps should be taken to detect and minimize false results
More Questions! 9/23/2016 16 •Can the attacker “get into” the sensors? Kasinathan et al. [19] suggests that attackers can gain access to sensors under the right conditions. •Can the attacker “get into” the Hub? The Hub is directly connected to the Internet and interacts with the web portal. Work on IoT intrusion detection [23] suggests such attacks on hubs are feasible. •What is the communication medium? In addition to traditional wireless networks, IoT devices are connected through cellular networks, radio, Bluetooth and other low power communication media. This diversity makes the communication more vulnerable than otherwise, and makes using generic protections against attacks harder. •Can we knock down the sensors with a classic flooding attack? Although we did not try this on our devices, Kassinathan et al. [19] suggest that DoS and flooding attacks may disable IoT devices. •Can data be manipulated deliberately to obstruct or mislead justice in a court of law? We have discussed this issue in the previous section; it needs more attention from the security community. •Is it possible to sniff the hub and sensors? In our experimental set-up, we were able to derive device identity (specifically, the MAC address of the Hub) by observing network packets. Copos et al. [12] provide an example of how sniffing can lead to a major security breach.
Limitations 9/23/2016 17 •Data is collected only from smart home devices •The forensic model proposed here has not been implemented, deployed, and tested •We assume implementation of the model will be scalable for the fast growing number of devices, which may not be true •Our findings depend on data collected from one type of device. Perhaps different kinds of devices would produce more consistent results.
Future work 9/23/2016 18 • More generic scenario with multiple types of IoT devices and their data • In-depth analysis and discussion of the data collected •Working towards more robust and mature model for IoT Mobility Forensics •Privacy of the data •The reverse question, “given a digital forensics scenario and a forensic model, what useful data can IoT devices collect for us?” • Focus on one specific question discussed in this paper.
9/23/201619 Questions? krahman@ucdavis.edu

Recommandé

Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics Deepak Kumar (D3)
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
IoT Testing by Robins Abraham
IoT Testing by Robins AbrahamIoT Testing by Robins Abraham
IoT Testing by Robins Abrahammomoahmedabad
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 

Recommandé

Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics Deepak Kumar (D3)
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
IoT Testing by Robins Abraham
IoT Testing by Robins AbrahamIoT Testing by Robins Abraham
IoT Testing by Robins Abrahammomoahmedabad
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
 
Mobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyMobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyPriyanka Aash
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkEC-Council
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
An Insight on Testing the IoT Applications
An Insight on Testing the IoT ApplicationsAn Insight on Testing the IoT Applications
An Insight on Testing the IoT ApplicationsTestingXperts
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
SnW: Internet of Things and enabling technologies
SnW: Internet of Things and enabling technologiesSnW: Internet of Things and enabling technologies
SnW: Internet of Things and enabling technologiesNECST Lab @ Politecnico di Milano
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
 
iotarchitecture-190506052723.pdf
iotarchitecture-190506052723.pdfiotarchitecture-190506052723.pdf
iotarchitecture-190506052723.pdfrinabiswas456788oooo
 

Contenu connexe

Tendances

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
 
Mobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyMobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyPriyanka Aash
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkEC-Council
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
An Insight on Testing the IoT Applications
An Insight on Testing the IoT ApplicationsAn Insight on Testing the IoT Applications
An Insight on Testing the IoT ApplicationsTestingXperts
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 

Tendances (20)

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of Things
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
 
Mobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyMobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the ugly
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris Sistrunk
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
 
An Insight on Testing the IoT Applications
An Insight on Testing the IoT ApplicationsAn Insight on Testing the IoT Applications
An Insight on Testing the IoT Applications
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
SnW: Internet of Things and enabling technologies
SnW: Internet of Things and enabling technologiesSnW: Internet of Things and enabling technologies
SnW: Internet of Things and enabling technologies
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 

Similaire à IoT Mobility Forensics

ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
 
Iot architecture
Iot architectureIot architecture
Iot architectureAnam Iqbal
 
Complex Event Processing Using IOT Devices Based on Arduino
Complex Event Processing Using IOT Devices Based on ArduinoComplex Event Processing Using IOT Devices Based on Arduino
Complex Event Processing Using IOT Devices Based on Arduinoneirew J
 
COMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINO
COMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINOCOMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINO
COMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINOijccsa
 
Introduction to Internet of things
Introduction to Internet of thingsIntroduction to Internet of things
Introduction to Internet of thingsRehmat Ullah
 
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning TechniquesIJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniquesijwmn
 
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESMALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESijwmn
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensicsijtsrd
 
Csec 650 individual assignment i
Csec 650 individual assignment iCsec 650 individual assignment i
Csec 650 individual assignment iDominique Briscoe
 
On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014Opher Etzion
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)GOPAL BASAK
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 
IRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT Devices
IRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT DevicesIRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT Devices
IRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT DevicesIRJET Journal
 
Io t research_arpanpal_iem
Io t research_arpanpal_iemIo t research_arpanpal_iem
Io t research_arpanpal_iemArpan Pal
 
Internet of Things - The Tip of the Iceberg or The Tipping Point
Internet of Things - The Tip of the Iceberg or The Tipping PointInternet of Things - The Tip of the Iceberg or The Tipping Point
Internet of Things - The Tip of the Iceberg or The Tipping PointDr. Mazlan Abbas
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsMphasis
 
I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfamitkhanna2070
 
DESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLE
DESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLEDESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLE
DESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLEijdpsjournal
 

Similaire à IoT Mobility Forensics (20)

ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
 
iotarchitecture-190506052723.pdf
iotarchitecture-190506052723.pdfiotarchitecture-190506052723.pdf
iotarchitecture-190506052723.pdf
 
Iot architecture
Iot architectureIot architecture
Iot architecture
 
Complex Event Processing Using IOT Devices Based on Arduino
Complex Event Processing Using IOT Devices Based on ArduinoComplex Event Processing Using IOT Devices Based on Arduino
Complex Event Processing Using IOT Devices Based on Arduino
 
COMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINO
COMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINOCOMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINO
COMPLEX EVENT PROCESSING USING IOT DEVICES BASED ON ARDUINO
 
Introduction to Internet of things
Introduction to Internet of thingsIntroduction to Internet of things
Introduction to Internet of things
 
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning TechniquesIJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
 
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESMALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensics
 
ambient-computing
ambient-computingambient-computing
ambient-computing
 
Csec 650 individual assignment i
Csec 650 individual assignment iCsec 650 individual assignment i
Csec 650 individual assignment i
 
On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)
 
Fog computing
Fog computingFog computing
Fog computing
 
IRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT Devices
IRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT DevicesIRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT Devices
IRJET- A Novel Mechanism for Clone Attack Detection in Hybrid IoT Devices
 
Io t research_arpanpal_iem
Io t research_arpanpal_iemIo t research_arpanpal_iem
Io t research_arpanpal_iem
 
Internet of Things - The Tip of the Iceberg or The Tipping Point
Internet of Things - The Tip of the Iceberg or The Tipping PointInternet of Things - The Tip of the Iceberg or The Tipping Point
Internet of Things - The Tip of the Iceberg or The Tipping Point
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdf
 
DESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLE
DESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLEDESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLE
DESIGN AND ANALYSIS OF SECURE SMART HOME FOR ELDERLY PEOPLE
 

Plus de Sabidur Rahman

Smart city- services and technologies
Smart city- services and technologiesSmart city- services and technologies
Smart city- services and technologiesSabidur Rahman
 
Blockchain technology and its’ usecases in computer networks
Blockchain technology and its’ usecases in computer networksBlockchain technology and its’ usecases in computer networks
Blockchain technology and its’ usecases in computer networksSabidur Rahman
 
T-SDN Controllers for Transport Network
T-SDN Controllers for Transport NetworkT-SDN Controllers for Transport Network
T-SDN Controllers for Transport NetworkSabidur Rahman
 
5 g and beyond! IEEE ICC 2018 keynotes reviewed
5 g and beyond! IEEE ICC 2018 keynotes reviewed5 g and beyond! IEEE ICC 2018 keynotes reviewed
5 g and beyond! IEEE ICC 2018 keynotes reviewedSabidur Rahman
 
Meeting the requirements to deploy cloud RAN over optical networks - elastic ...
Meeting the requirements to deploy cloud RAN over optical networks - elastic ...Meeting the requirements to deploy cloud RAN over optical networks - elastic ...
Meeting the requirements to deploy cloud RAN over optical networks - elastic ...Sabidur Rahman
 
Akamai Edge 2017 reviewed
Akamai Edge 2017 reviewedAkamai Edge 2017 reviewed
Akamai Edge 2017 reviewedSabidur Rahman
 
Understanding mobile service usage and user behavior pattern for mec resource...
Understanding mobile service usage and user behavior pattern for mec resource...Understanding mobile service usage and user behavior pattern for mec resource...
Understanding mobile service usage and user behavior pattern for mec resource...Sabidur Rahman
 
Innovations in Edge Computing and MEC
Innovations in Edge Computing and MECInnovations in Edge Computing and MEC
Innovations in Edge Computing and MECSabidur Rahman
 
Dynamic workload migration over optical backbone network to minimize data cen...
Dynamic workload migration over optical backbone network to minimize data cen...Dynamic workload migration over optical backbone network to minimize data cen...
Dynamic workload migration over optical backbone network to minimize data cen...Sabidur Rahman
 
Migration of groups of virtual machines in distributed data centers to reduce...
Migration of groups of virtual machines in distributed data centers to reduce...Migration of groups of virtual machines in distributed data centers to reduce...
Migration of groups of virtual machines in distributed data centers to reduce...Sabidur Rahman
 
Big data and machine learning for network research problems
Big data and machine learning for network research problemsBig data and machine learning for network research problems
Big data and machine learning for network research problemsSabidur Rahman
 
Cost savings from auto-scaling of network resources using machine learning
Cost savings from auto-scaling of network resources using machine learningCost savings from auto-scaling of network resources using machine learning
Cost savings from auto-scaling of network resources using machine learningSabidur Rahman
 
Network tomography to enhance the performance of software defined network mon...
Network tomography to enhance the performance of software defined network mon...Network tomography to enhance the performance of software defined network mon...
Network tomography to enhance the performance of software defined network mon...Sabidur Rahman
 
Approximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithmsApproximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithmsSabidur Rahman
 
Computer Security: Worms
Computer Security: WormsComputer Security: Worms
Computer Security: WormsSabidur Rahman
 

Plus de Sabidur Rahman (15)

Smart city- services and technologies
Smart city- services and technologiesSmart city- services and technologies
Smart city- services and technologies
 
Blockchain technology and its’ usecases in computer networks
Blockchain technology and its’ usecases in computer networksBlockchain technology and its’ usecases in computer networks
Blockchain technology and its’ usecases in computer networks
 
T-SDN Controllers for Transport Network
T-SDN Controllers for Transport NetworkT-SDN Controllers for Transport Network
T-SDN Controllers for Transport Network
 
5 g and beyond! IEEE ICC 2018 keynotes reviewed
5 g and beyond! IEEE ICC 2018 keynotes reviewed5 g and beyond! IEEE ICC 2018 keynotes reviewed
5 g and beyond! IEEE ICC 2018 keynotes reviewed
 
Meeting the requirements to deploy cloud RAN over optical networks - elastic ...
Meeting the requirements to deploy cloud RAN over optical networks - elastic ...Meeting the requirements to deploy cloud RAN over optical networks - elastic ...
Meeting the requirements to deploy cloud RAN over optical networks - elastic ...
 
Akamai Edge 2017 reviewed
Akamai Edge 2017 reviewedAkamai Edge 2017 reviewed
Akamai Edge 2017 reviewed
 
Understanding mobile service usage and user behavior pattern for mec resource...
Understanding mobile service usage and user behavior pattern for mec resource...Understanding mobile service usage and user behavior pattern for mec resource...
Understanding mobile service usage and user behavior pattern for mec resource...
 
Innovations in Edge Computing and MEC
Innovations in Edge Computing and MECInnovations in Edge Computing and MEC
Innovations in Edge Computing and MEC
 
Dynamic workload migration over optical backbone network to minimize data cen...
Dynamic workload migration over optical backbone network to minimize data cen...Dynamic workload migration over optical backbone network to minimize data cen...
Dynamic workload migration over optical backbone network to minimize data cen...
 
Migration of groups of virtual machines in distributed data centers to reduce...
Migration of groups of virtual machines in distributed data centers to reduce...Migration of groups of virtual machines in distributed data centers to reduce...
Migration of groups of virtual machines in distributed data centers to reduce...
 
Big data and machine learning for network research problems
Big data and machine learning for network research problemsBig data and machine learning for network research problems
Big data and machine learning for network research problems
 
Cost savings from auto-scaling of network resources using machine learning
Cost savings from auto-scaling of network resources using machine learningCost savings from auto-scaling of network resources using machine learning
Cost savings from auto-scaling of network resources using machine learning
 
Network tomography to enhance the performance of software defined network mon...
Network tomography to enhance the performance of software defined network mon...Network tomography to enhance the performance of software defined network mon...
Network tomography to enhance the performance of software defined network mon...
 
Approximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithmsApproximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithms
 
Computer Security: Worms
Computer Security: WormsComputer Security: Worms
Computer Security: Worms
 

Dernier

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

IoT Mobility Forensics

  • 1. INTERNET OF THINGS MOBILITY FORENSICS K M Sabidur Rahman, Matt Bishop and Al Holt Speaker: K M Sabidur Rahman (krahman@ucdavis.edu) INSuRECon16 9/23/20161
  • 2. Agenda • Motivation and literature review • About the device: Sen.se Mother • Collection of data • Classification of data • Attack scenarios • Forensic model • Limitations and future work 9/23/20162
  • 3. IoT is here • Smart city • Smart grid • Smart home • Smart car (V2V) • Mobile-to-mobile (M2M) 9/23/20163 But, are we ready? “Mobility Forensics addresses technology’s movement toward mobile devices (smart phones, tablets, small computers) and the specialized tools and techniques needed to successfully recover data and evidence from those devices” http://mobility-forensics.com/
  • 4. Literature review, device information and data collection 9/23/20164
  • 5. Related papers (1) Bogdan Copos, Karl Levitt, Matt Bishop and Jeff Rowe, “Is Anybody Home? Inferring Activity From Smart Home Network Traffic”, MoST, 2016 • Collected network data • Used dumpcap, a network traffic collection tool • Used the collected data to predict if anyone is home or not E. Oriwoh, D. Jazani, G. Epiphaniou and P. Sant, “Internet of Things Forensics: Challenges and Approaches”, CollaborateCom, 2013 •Worked on IoT Forensics by going about scenario based approach •Introduced hypothetical attack/crime scenarios and discussed how IoT devices changes the investigation
  • 6. Related papers (2) Orlando Arias, Jacob Wurm, Khoa Hoang, and Yier Jin, “Privacy and Security in Internet of Things and Wearable Devices”, IEEE Tran. On Multi-scale Computing Systems, 2015 • Worked on Google Nest Thermostat and the Nike+ Fuelband • Looked under the hood of the device in details • Details about the device hardware, operating system, booting/remote installation and communication system • Discussed on the security measures built in the device
  • 8. Properties of the cookies 1.Motion Cookies can save up to ten days of events. As soon as they are reconnected to a Sense Mother, they upload all the contents of their memory 2.1 CR2016 replaceable button cell with one year of life 3.Radio: 915 MHz (North America), 868 MHz (Europe) 4.Every movement has its signature. Place a Motion Cookie on an object or person. It will capture and analyze its movements. It will recognize the specific actions you want to monitor and transmit them to your chosen Application 5.Motion Cookies also contain a thermometer. They regularly send the ambient temperature to Mother, as well as sudden abnormal changes 6.Signaling presence or absence https://sen.se/store/cookie/
  • 9. Properties of the Hub https://sen.se/store/mother/ 1.Wired connection to the router 2.Radio connectivity with the cookies 3.Connects to cloud to store data for the apps
  • 10. Deployed sensors Deployed the sensors for testing purpose: 1.At bedroom door: security notification 2.One inside room for room temperature detection: thermostat 3.One in the bagpack: physical exercise sensing 4.The last one also in my pocket: to sense when am I home or not. This can essentially detect if your child/pet is inside home or not.
  • 12. Data classification 9/23/2016 12 Information Source Location Daily routine Severity Forensics implication Door movement-time Door activity sensor No Yes Medium What time someone entered/left the room or tried to open the door? Door movement- location Door activity sensor Yes No Medium Someone entering/leaving the room or trying to open the door Temperature Temperature sensor No Yes (partially) Low If the temperature is not comfortable, there may be something wrong with the room Presence at home Presence/absence sensor Yes Yes High If the subject was present at home at the time of attack, can he/she provide vital information on the crime? Steps taken Walk sensor No No Low How long will the subject be out of home? Distance walked Walk sensor No No Low How long will the subject be out of home and how far will he/she go? Time spent in walk Walk sensor No Yes Medium How long will the subject be out of home? Calories burnt Walk sensor No Yes Medium Physical condition/activity trail of subject
  • 13. Forensic scenarios Event 1: Burglary Identification: Door sensor data indicates the time when the owner left home. Data indicates that there has been an activity at 11:40 am, even though the owner was not home at that time. The burglary happened on the same day. Interpretation: Does the data suggest that the burglar knew the owner’s daily schedule? This would help us investigate the incident. For example, would looking into CCTV camera footage from across the street that was collected at 11:40 am be useful? Preservation: Data collected by the sensor was stored in the cloud at near real-time. Analysis and presentation: Data presented on graphs is easy to understand and present to court, so graph correlating events with burglaries would be helpful.
  • 14. IoT mobility forensics model 9/23/2016 14
  • 15. Data manipulation and counter measures 9/23/2016 15 •How much can we trust the data extracted from IoT devices? •How will the attacker changing the data before or after collection affect the forensics analysis? •Can we prevent or detect such manipulations? False positives and negatives •The user of IoT data and solution providers should be aware of the existence of false positives and false negatives •Proper steps should be taken to detect and minimize false results
  • 16. More Questions! 9/23/2016 16 •Can the attacker “get into” the sensors? Kasinathan et al. [19] suggests that attackers can gain access to sensors under the right conditions. •Can the attacker “get into” the Hub? The Hub is directly connected to the Internet and interacts with the web portal. Work on IoT intrusion detection [23] suggests such attacks on hubs are feasible. •What is the communication medium? In addition to traditional wireless networks, IoT devices are connected through cellular networks, radio, Bluetooth and other low power communication media. This diversity makes the communication more vulnerable than otherwise, and makes using generic protections against attacks harder. •Can we knock down the sensors with a classic flooding attack? Although we did not try this on our devices, Kassinathan et al. [19] suggest that DoS and flooding attacks may disable IoT devices. •Can data be manipulated deliberately to obstruct or mislead justice in a court of law? We have discussed this issue in the previous section; it needs more attention from the security community. •Is it possible to sniff the hub and sensors? In our experimental set-up, we were able to derive device identity (specifically, the MAC address of the Hub) by observing network packets. Copos et al. [12] provide an example of how sniffing can lead to a major security breach.
  • 17. Limitations 9/23/2016 17 •Data is collected only from smart home devices •The forensic model proposed here has not been implemented, deployed, and tested •We assume implementation of the model will be scalable for the fast growing number of devices, which may not be true •Our findings depend on data collected from one type of device. Perhaps different kinds of devices would produce more consistent results.
  • 18. Future work 9/23/2016 18 • More generic scenario with multiple types of IoT devices and their data • In-depth analysis and discussion of the data collected •Working towards more robust and mature model for IoT Mobility Forensics •Privacy of the data •The reverse question, “given a digital forensics scenario and a forensic model, what useful data can IoT devices collect for us?” • Focus on one specific question discussed in this paper.