Date of Award

Spring 1-1-2018

Document Type

Thesis

Degree Name

Master of Science (MS)

First Advisor

Joe McManus

Second Advisor

Jose Santos

Third Advisor

Levi Perigo

Abstract

In the last few years Internet of things (IoT) has become much more prevalent in everyday consumer items. However, frequently these devices have weak, outdated or non-existent security which leaves them vulnerable to cyber-attacks. In the case of IoT devices which are used to control physical items, such as an internet-enabled thermostat controlling a furnace, there is the potential to cause serious harm to property and put people in danger if control of the device is compromised. This risk is similar to that found in Industrial Control Systems (ICS). In that context, one way of reducing the risk is by implementing redundant sensors and actuators which allow the system to continue to function normally even if an attacker gains partial control of the system. This paper proposes applying a similar concept to IoT controllers to increase user awareness of the state of the physical system being controlled by implementing an independent secondary sensor which can then indicate if there is a discrepancy between what the IoT controller is reporting and the actual state of the physical device. This system is implemented with the sensor on a separate subnet from the IoT controller within the network setup. A central computer is set up to query both the sensor and the controller to verify they are both reporting the same state of the physical device. If a discrepancy is detected then the user is alerted via text message. The setup was subjected to a number of tests to verify its resiliency and reliability and although the prototype has room for improvement it worked well overall. The paper also presents a cost analysis process for determining when the system is likely to be cost effective to implement and found that in many scenarios the required reduction in risk of physical harm being done by a rogue IoT controller is sufficiently reduced to justify implementing this solution.

Share

COinS