Design and Security Analysis of a Fragment of Internet of Things Telecommunication System

This paper comprises the development and implementation of systems using the concept of Internet of Things. Due to the active development of industries using the concept of the Internet of Things, the information security problem is getting more and more important. To create a protected module of information-telecommunication system which implements the Internet of Things concept, it is important to take into account all its aspects. To determine relevant threats, it is necessary to use the detailed risk analysis according to existing standards. Then choosing protection measures, one must rely on identified relevant threats. Actual threats and necessary protective actions are determined in this paper for implementation of Smart House computer appliance module, in order to develop a protected part of Smart House, which is necessary for realization of room access control. We solved the following tasks in the work, namely, description of the Smart Home system; description of steps and security evaluation of Smart Home; implementation of hardware assembly and writing a code for the selected fragment of the system; safety evaluation of the selected fragment of Smart House and identification of actual threats; making recommendations to counter threats; software implementation of one of the most important threats and software implementation of protective measures for the selected threat. The key peculiarity of the work is an integrated approach to the design by the use of specific intruder models, analysis of the system’s assets and evaluation of their security.


INTRODUCTION
The paper comprises the development and implementation of systems using the concept of the Internet of things. The concept of the Internet of Things comprises systems of specialized hardware devices which electronic modules are integrated in to control such devices and organize external communications. The number of connected devices is growing every year. So, according to Cisco estimates the predicted increase in the number of embedded devices is closed to linear and causes significance of information security issues of the Internet of things [1]. Many devices of the Internet of things can be seen in the consumer sphere -consumer electronics devices, physical and information security control devices, gaming devices, implantable medical devices and others. Such devices, being interconnected to each other, greatly simplify their use and expand the issued functionality. In general, the concept of the Internet of things, implemented at the enterprise, allows more efficient use of its resources by increasing the speed of response to any changes. The interconnection and analysis of sensors and enterprise objects occurs with minimal or no human involvement. It also improves productivity and reduces the impact of the human factor.
The purpose of the work is to develop and analyze a protected fragment of the Smart Home system, which is a typical example of the Internet of Things system. The following tasks were solved: description of the Smart Home system, description of the stages and security assessment of the Smart Home system; implementation of hardware assembly and writing of program code for the selected fragment of the system; security assessment of the selected fragment of the Smart Home and identification of current threats; development of recommendations to counter the current threats; software implementation of one of the actual threats and software implementation of protective measures for the selected threat. A key peculiar-ity of the work lies in an integrated approach to design by using specific intruder models, analyzing system assets and assessing their security.
1. METHODOLOGY OF SECURE SMART HOME SYSTEM DESIGN Currently, the concept of Smart Home is gaining increasing coverage: in systems of interconnected software and hardware devices and sensors used to increase automation, physical and information security, energy efficiency and improve target functionality. At the same time, using the concept of the Internet of Things allows getting such advantages as system modularity, system scalability, enhanced functionality and system flexibility.
The main disadvantages of systems implementing the concept of the Internet of Things include: (1) the susceptibility of system devices to many different cyber-physical attacks, including a pure combination of program-information influences and attacks using the physical characteristics of devices and sensors of the system, that determines the need to take into account increased requirements to security; (2) the heterogeneity of devices, their components, protocols and technologies used, which increases the complexity of integrating a system of individual components; (3) the high dependence of the implemented protection on the business functions and features of the system, which complicates the development of universal tools and techniques for designing protection mechanisms for such systems.
In accordance with GOST R ISO/IEC TO 13335-3-2007 [2], a detailed risk analysis is used to ensure security and select protective measures for a fragment of the Smart Home system. A detailed risk analysis includes identification of assets, assessment of the potential threats which the assets are exposed to, and assessment of their vulnerability. Based on the results of these operations, a risk assessment and subsequent determination of reasonable protective measures [3] are performed. The results of the risk analysis allow identifying system objects or stages in the organization and use with a high level of risk and choose security measures. The application of selected security enhancement measures reduces the level of identified risk to a some acceptable one.

IMPLEMENTATION AND EVALUATION OF A FRAGMENT
OF SECURE SMART HOME SYSTEM A fragment of the Smart Home system has been developed, aimed at checking the presence of physical movement in it. In particular, the probability of being in a controlled room is analyzed by using a security policy, assuming a subsequent notification in case of an illegal entry. The system includes the following objects: (1) a central control device based on a single-board computer; (2) motion sensor; (3) visual alert (LED).
As the motion sensor, an infrared motion sensor DFRobot is used. A Raspberry Pi microcontroller (RPi) is used as the central control unit of the system. The small size of RPi determines the wide possibilities for its integration into the information/technical environment, while the hardware capabilities of RPi allow managing the business functions of the Smart Home system with the ability to connect various sensors to standard GPIO pins [4]. The presence of the Linux operating system allows programming the Smart Home system in high-level programming languages supported by this operating system. An RPi has a server module written in Python 2.7 that receives data from a motion sensor every 10 ms. In case of detecting movement in the room, the controller checks the exact time and date of the event with the security policy, which is stored in a special file. This file sets the time and day of the week which the user is allowed to legally be in the room in.
If the action was detected at a time prohibited in accordance with the security policy, then RPi (1) turns on the warning LED; (2) writes information about the event to the log-file (indicating the date and time); (3) sends an alarm message to all clients connected to the server. Communication with the client occurs by using sockets over TCP/IP. Connection can be carried out both in a local network, and through the Internet. The client side is also written in Python 2.7 [5].
The client connects to the server. After passing the authentication, by entering the login/password pair, one can get information from the motion sensor. The user can view the current security policy. It is also possible to modify the security policy file through the client application. In the case of both legal and illegal penetration, the client receives an alert from the server.
The selected fragment of the Smart Home includes the following assets that are subject to the consideration: (1) a central control device based on a single-board computer; (2) motion sensor; (3) softwarea client-server application, applications for performing business system functions and security functions; (4) Smart home security policy file; (5) a log file that stores information about changes in the system data about changes to the security policy file, connected clients, and received data from the sensor.
The fragment of the Smart Home is accessible to authorized users who are employees of the organization. There is also an administrator who has the ability to add users and must control the correct operation of the system. It is assumed that the system is used in the office of the organization within one floor. The system is designed to control the perimeter of the room and alert in case of intrusions. All further steps are carried out within the established boundaries.
After receiving the list of assets, an assessment of the value of each of them is made. The value of an asset is determined by its importance for the functionality of the Smart Home system. The results of the valuation of assets are shown in Table 1.
For the identified assets, a list of threats and their classification are used taking into account the known typical types of threats [3]. The classified threats are then compared with the minimum intruder level necessary to implement the threat in accordance with the Abraham model [6,7]. Based on this, the probability of occurrence of a threat is determined and is expressed by the assessment: "low," "medium" or "high." For threats not caused by intentional activity, the main factor in the assessment will be data on the frequency of occurrence of the threat.
Based on Table 1, we will compile a list of vulnerabilities for the studied hardware-software system. Through the compiling the list, we will use examples of common vulnerabilities [3]. The list of vulnerabilities is presented in Table 2. The list of vulnerabilities will be incomplete, but sufficient for all stages of the risk analysis. To assess the probability of implementation, we show what threats can be implemented by using this vulnerability.
As a part of the identification of existing protective measures, it is assumed that a fragment of the Smart Home system will be embedded in an organization with an existing security system. This software/hardware system is designed for deployment in the organizations room, and it is assumed that physical access to the control center of the Smart Home will be limited, and also that a secure network already exists. The personnel of the enterprise working with the objects of the Smart Home system should be familiarized with the rules for working with these objects. It is assumed that the company has a qualified employee who will administer the Smart Home system.
To assess risks, we will make up a table of ranking threats by risk measures. To do this, we define the impact assessment as the assessment of the asset that the threat is directed to (if there are several assets, then the value of the most valuable asset is taken). We obtain information about the asset from Table 1, where a high rating corresponds to rank 1, medium-2, low-3. We obtain the probability of a threat and a list of identified threats from Table 2. The high probability of a threat corresponds to rank 1, medium-2, low-3. In Table 3, we rank the threats. Number 1 indicates the threat with the lowest rank, i.e. the threat with the smallest exposure and lowest probability of occurrence.
In Table 3 each identified threat corresponds to its rank, depending on the risk metric. Threats with a rank of two or one are considered as ones with an acceptable risk. It is also necessary to take into account existing protective measures that can reduce the threat rank.
Based on the identified protective measures, it can be considered that the risks from the threat of theft, damage to communication lines and illegal penetration of an attacker can be considered permissible, since it is assumed that there is a special security service being assigned monitor security of physical objects at the organization.
Protective measures are selected on the base of the list of threats whose risk level is considered unacceptable. Protective measures can be divided into organizational and technical. In protective measures for the technical part, it is necessary to include a periodic check of the operability of all elements of the system. This is necessary to reduce the likelihood of hardware failures. Based on the existing protective measures, a secure corporate network should be organized at the enterprise. This will reduce the likelihood of traffic congestion, violations of confidentiality, integrity, accessibility of information transmitted or pro- cessed in the hardware/software system. Also, in order to avoid violation of integrity of the information transmitted between the client and the server, it is necessary to use encryption and hashing. To reduce the likelihood of unauthorized users using the software, it is necessary to transfer and store a login/password pair in the form of a result of a hash function.

IMPLEMENTATION
As a part of the Smart Home software/hardware system, we will consider in more detail the threat of information interception to obtain a login/password pair sent during authentication of a client-server interaction. Attack simulation method: Network snapshots are usually used to sniff networks. Assume that the attacker has access to the network which the Smart Home system client application operates in. To intercept the network interaction process between two hosts A and B, we will replace the IP addresses of the interacting hosts with our IP address by sending fake ARP messages to network hosts A and B by means of using the Debian Linux distribution aa well as Ettercap and Wireshark utilities. These tools are used to scan the network, set the target of the attack, send ARP messages and analyze traffic between the attacked computer and the router. As a result of the attack, a pair of username/password and user data was obtained (Fig. 1). These ones determine the rules for access to the Smart House, depending on the time of day and the role of the user.
To select protective measures, it is necessary to trace through which vulnerabilities the selected threat can be realized. Using Table 2, it can be determined that the threat of data interception can be implemented through the exploitation of the vulnerabilities such as the presence of insecure communication lines and the transfer of valuable information without the use of encryption.
There are several ways to address these vulnerabilities. The main condition for carrying out such an attack is finding the intruder in the network which the attacked computer is running in. Therefore, if the network is protected and the attacker cannot connect to it, then the one will not be able to conduct an attack. Note that when implementing Smart Home in an enterprise, as a rule, there is no possibility of such monitoring of the network status, therefore this method is not suitable. It is possible to use routers that support protection and filtering of ARP packets. One can also use VPNs or VLANs. But all of the above methods require additional settings of the network or computers, that makes the Smart Home system less flexible. In the framework of the implemented prototype, the encryption of the transmitted information between the client and server is used to protect against the Man-in-the-Middle attack. In this case, even if the communication lines are not protected, it will not be possible to obtain information from intercepted packets from an attacker. The SSL protocol used is based on asymmetric cryptography for authentication of exchange keys. Symmetric encryption is also used to ensure confidentiality, message authentication codes for message integrity.
To realize the SSL protocol, we use the Python ssl library. Using the openSSL program, we create a self-signed certificate for the server, which it will provide to clients. In openSSL, we generate a private key with a size of 1024 bits. Next, using this key, we generate a self-signed certificate. So having this certificate the server can confirm the validity of clients. Then, using the ssl library and a self-signed certificate, we create a secure connection between the client and server. Now all information transmitted between the client and serverl is getting encrypted. After the implementation of security measures, i.e. the SSL protocol, it is necessary to check its operability. To do this, we simulate such an attack on a computer by using a client application. After sending fake ARP messages, we receive packets transmitted between the client and server. However, now the messages are encrypted and the attacker can no longer get a username/password pair from these packets without using cryptographic analysis. Now acting in this way an attacker also fails to obtain schedule data from a security policy. Moreover, it can be stated that the Smart Home system is protected from the threat of interception of information, and in particular the "Man in the Middle" attack.

CONCLUSIONS
A fragment of the secure Smart Home system, which is a typical example of the Internet of things system, has been developed and analyzed. The practical result of the work is the developed fragment of the secure system of the Smart House in terms of the functions of cyber-physical access control. In accordance with GOST R ISO/IEC 13335-1-2006 [3] and GOST R ISO/IEC TO 13335-3-2007 [2], the main steps to ensure security of the constructed system are carried out and described in detail: setting the boundaries of consideration; asset identification; threat assessment; vulnerability assessment; identification of existing security measures; risk assessment; selection of protective measures.
For the given fragment of the system, security assessment was conducted and current threats were identified. Also, for identified actual threats, protective measures have been developed to counter the actual threats. One of the actual threats, threat of interception of critical system information has been implemented. Implementation was performed by modeling a "Man in the middle" attack. Further, software protection measures were implemented to counter the established threat. By repeated attempts to implement the threat, it was stated that the Smart Home system is protected from it. FUNDING This research was financially supported by grants of RFBR (project nos. 16-37-50035, 14-07-00697, 14-07-00417, 19-07-00953, 16-29-09482ofi_m, and 16-37-50035).