scuola politecnica e delle scienze di base innovare la... · wiss: wireless iot ids with siem...

Scuola Politecnica e delle Scienze di Base

1

WISSWIRELESS IOT IDS WITH SIEM INTEGRATION

Tesi di Laurea Magistrale in Network Security

Pantaleone

Nespoli

Current Affiliation

Ph.D. Student – 1st year

RELATORE

Prof. Simon Pietro Romano

UNIVERSITY OF NAPLES

CORRELATORE

Dr. Félix Gómez Mármol

UNIVERSITY OF MURCIA


2

THESISAFFILIATION

This Thesis is the result of an Erasmus Internship

experience at NEC Laboratories Europe

(NLE), Heidelberg, Germany

PANTALEONE NESPOLI

WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION


3

BACKGROUND

Cybersecurity has became a topic of global interest

Increasingly complex and disruptive cyber-attacks

Central role of the network infrastructures

Not constrained to cyberspace physical system

Cyberdefense is defined as “organized capabilities to protect against,

mitigate from and rapidly recover from the effect of cyber attacks” [1]

[1] J.B. Godwin III et al., “Critical Terminology Foundations 2.” Russia-U.S. Bilateral on Cybersecurity, 2014

PANTALEONE NESPOLI



INTERNET OF THINGSPARADIGM

Everything

connected

together

Remote control

of everyday-life

objects

Environmental

MonitoringSmart Home

Smart City

4PANTALEONE NESPOLI



PANTALEONE NESPOLI

WISS: WIRELESS IOT IDS WITH SIEM INTEGRATION5

IOT SECURITYCHALLENGES

Many devices

High heterogeneity

High mobility and distribution

In a wireless scenario, attacker

models become wider:

➢ Router Attacks

➢ Jamming

➢ Evil twins

➢ MITM (Man In The Middle)

➢ Flooding


6

GOALS

Portability

The device must be portable, in order to let human actors carry it

in every environment effortlessly

Usability

End-users have only to turn on the device to protect the monitored

area

Configurability

Network administrators can decide to enable/disable features for

performance reasons

Versatility

The device must be used everywhere, even in a densely

populated place

PANTALEONE NESPOLI


PANTALEONE NESPOLI



7

CONTRIBUTION

Wireless

monitoring sensor

Alerts and

Statistics remotely

sent to a Server

Events visualized on

a Client machine

P&P-Pi:

Plug&Protect

PANTALEONE NESPOLI



8

WISS ARCHITECTURE

Rsyslog

802.11 Layer 2 IDS

802.11 Layer 3 and

above IDS

Debian OS for

Raspberry Pi

Via TCP/UDP

Open Source SIEM OSSIM

PANTALEONE NESPOLI



9

WISS DEMO

UDP

Attacker

Victim

Access Point

Ossim Server

2. TCP Portscan

3. SSH BruteforceAlerts via

Rsyslog

Event visualized

on client

machine

PANTALEONE NESPOLI



10

PERFORMANCE EVALUATION (1/2)

Different combinations of Rule

Sets and Detection Engines tested

CPU, RAM and total number of

packets were registered

CPU graphs show utilization <5%

CPU0 (Kismet) more stressed

Low CPU1 (Snort) usage

PANTALEONE NESPOLI



PANTALEONE NESPOLI


PERFORMANCE EVALUATION (2/2)

RAM usage shows a trend with

periodical spikes

➢ Snort detection process on the

attacker frames

Linear increasing trend reveals a

memory leakage

➢ Kismet tracking mechanism


12

FUTURE WORKS

Further Wireless Protocols

Testing in Open Environments

Shopping malls, stadiums

Scalability tests

Design of Reaction Capabilities in the SIEM

Design of Collaborative Scenarios

➢ An extract of this thesis has been accepted for publication at

IEEE WCNC ‘18

PANTALEONE NESPOLI



PANTALEONE NESPOLI


QUESTIONS?

THANKS FOR

YOUR ATTENTION!

scuola politecnica e delle scienze di base innovare la... · wiss: wireless iot ids with siem...

Documents