Security of resource-constrained edge devices, such as Internet of Thing (IoT) devices, is one of the primary challenges facing the successful deployment of this potentially transformative technology. Due to their resource limitations, often developers have to make a choice between security and functionality/performance, leaving many devices partially or completely unprotected. To illustrate the implications of this situation, I consider a scenario where IoTs (or generally, edge computing devices) are being connected to the Internet and participate in Internet scale protocols such as the Domain Naming System (DNS), Transport Layer Security (TLS), and others. Security solutions for these protocols rely on expensive cryptographic operations that challenge the capabilities of the resource-limited IoT devices. In such a scenario, we are faced with one of three options: (1) Extend security to the edge/IoT devices, therefore sacrificing performance and energy; (2) Sacrifice security, leaving the last link to reach the edge devices insecure; or (3) develop new specialized security protocols, which unfortunately is limited by development type and the need for compatibility with these existing protocols, placing large burdens on developers and operators.
Against this backdrop, I demonstrate a new attack on DNS targeting the last hop, demonstrating that leaving last hop devices poorly protected can lead to their compromise. In the second direction, I propose a new lightweight cryptographic based defense that can promote end-to-end security for IoT and edge computing environments. In the third direction, to understand the nature of operation of IoT devices, I analyze the cryptographic overhead occur on resource-constrained devices when conventional cryptographic algorithms are used: I study the performance of on Arduino MKR WiFi 1010---a single-board microcontroller and compare the results with my lightweight cryptographic algorithm. Lastly, in a different direction, the last contribution is a systematic longitudinal study on Internet filtering in the Kingdom of Saudi Arabia, a traditionally conservative country that has embarked on economic and societal changes in many aspects of its daily operations and public policies with the stated objectives of modernization and openness. These directions are described next.
In the first direction, I identify and characterize a new class of attack targets the DNS service. Specifically, unlike previously reported attacks where the main target is the DNS resolver, the attack targets the client-side DNS cache. The attack allows an off-path attacker to collaborate with a piece of an unprivileged malware to poison the OS-wide DNS cache on a client machine. IoT environments are best fit for this attack since typically network communications between the two last hops (i.e., the default gateway and IoT devices) are unencrypted. The results demonstrate the effectiveness of the attack on three different platforms: Microsoft Windows, Apple macOS, and Linux Ubuntu. The results show that we can reliably inject malicious DNS mappings within short times that vary with the specifics of the Operating System implementation. In addition, I present a new analytical model of the attack and compare its prediction with the empirical measurements. The results show that the model correlates with the observed experimental results. I also propose an ad hoc defense which requires only changes to the client DNS cache software, making it practical to deploy immediately through an OS patch. The results show that the defense completely closes this class of attack. For instance, after running the attack for 24 hours, the defense mitigates attacks with no observed successes for the full period. On the other hand, we recorded 1705, 152, and 18 successful attacks on Windows, Ubuntu Linux, and Mac OS, respectively, when the defense is not deployed.
In the second contribution of the dissertation, I propose a more principled approach that can be generalized to provide backward-compatible, low-complexity, end-to-end security for different applications and services enabling the extension of security coverage to resource-constrained environments. More precisely, I introduce a new cryptographic primitive which is called Ciphertext and Signature Propagation (CSProp) in order to deliver security to the weak end-devices. I further provide the instantiation of CSProp based on the RSA cryptosystem and the proof of security. I demonstrate CSProp by using it for DNS SECurity (DNSSEC) validation and TLS. The results demonstrate that CSProp provides efficient security support at low additional complexity for IoT environments. I show that the propagated signature verification in DNSSEC (vs. traditional DNSSEC validation) reduces latency by 91x and energy consumption by 53x on the Raspberry Pi Zero W. For TLS handshake, the advantage to latency and energy by an average of 8x and 8x, respectively. For completeness, CSProp is compared with Elliptic Curve Cryptography (ECC) cipher suite and found that CSProp outperforms ECC by 2.7x. On an Arduino MKR WiFi 1010, CSProp achieves significant reduction in latency and power consumption comparing to conventional cryptographic primitives.
The third contribution of the dissertation demonstrates that the first option (i.e., sacrifice performance to retain security using traditional cryptographic algorithms) is not desirable in resource-constrained environments. Specifically, I present a measurement based study to characterize IoT devices with two components: (1) profiling existing devices to understand the cryptographic demands on IoTs; and (2) evaluating their performance on the new proposed primitive, CSProp, and compare the results with a widely used conventional cryptographic primitive which is RSA. For (1), I analyze the cryptographic overhead that occur when an IoT device is used in a home-based environment: the IoT device is a Wyze Cam V2 IoT camera. The results show that the camera uses cryptographic operations intensively. For (2), I conduct a study on a well-known IoT device called Arduino MKR WiFi 1010 which is a single-board microcontroller. I also implement a prototype of the proposed lightweight scheme, CSProp. The results confirm the findings in research direction three that CSProp always outperforms traditional RSA public-key operations in both latency and power consumption. For instance, the execution time for CSProp-encryption and CSProp-verification is 57 and 61 times faster, respectively, compared to traditional RSA encryption for all key sizes. For energy consumption, CSProp provides efficient reductions by 36x and 42x for encryption and verification, respectively.
The last contribution of the dissertation is a systematic, comprehensive and longitudinal study on the Internet filtering in the Kingdom of Saudi Arabia. Specifically, I investigate the impact of the Saudi Vision 2030 (announced in April 2016) on the Internet over a period of three years. The investigation shows evidences that Saudi Arabia is cautiously yet decisively opening its digital borders. For instance, I conduct measurements to evaluate Internet behavior by probing Alexa’s top 500 websites in 18 different categories and find that the web is becoming more open and accessible. In addition, we find evidence that the emphasis on modernization is leading to relaxing regulations on filtering (67% and 93% of the blocked mobile apps over the period 2013-2017 were accessible in 2018 and 2019, respectively, and all tested apps were accessible in 2020, except WeChat which is still debatable). The investigation also studies the impact of geopolitical events on the filtering in Saudi Arabia. The results show that the filtering policies are reflected in this context. For instance, the results show that ISIS-friendly website are blocked, as ISIS supports terrorism and destabilization to the region. We also find that some news sites from the countries of Qatar, Iran, and Turkey got blocked, amid rising diplomatic tensions between the kingdom and these countries.
For future work, I hope that the lessons learned from these directions help me to build (or at least critically understand) the best framework for IoT and edge computing devices. More precisely, I need to understand the required security primitives that overcome all the three aforementioned challenges.