Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
2. Trends on Data Graphs & Security
for the Internet of Things
Speaker:
Dr. Ghislain Atemezing
Research & Development Director, MONDECA, Paris, France
Credits:
Dr. Amelie Gyrard
Kno.e.sis, Wright State University, Ohio, USA
3. Agenda
● Motivation
● Background: Knowledge Graphs (KG), Semantic Web, Ontologies, etc.
● KGs for IoT
● Semantic Web approaches to security
○ Security Knowledge Graph with
STAC (Security Toolbox: Attacks & Countermeasures)
○ Ontology catalog for IoT Security
○ Helping IoT developers secure their applications
○ STAC demo
○ STAC evaluation
● Ontology Quality with Perfecto applied for security
● Take away message
7. Classification of Cybersecurity from Europol
● Class of incident
● Type of incident for
each class
● Description of the
incident
8. OWASP - Top 10 IoT Vulnerabilities
● I1 Weak Guessable, or Hardcoded Passwords
● I2 Insecure Network Services
● I3 Insecure Ecosystem Interfaces
● I4 Lack of Secure Update Mechanism
● I5 Use of Insecure or Outdated Components
● I6 Insufficient Privacy Protection
● I7 Insecure Data Transfer and Storage
● I8 Lack of Device Management
● I9 Insecure Default Settings
● I10 Lack of Physical Hardening
https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf
9. Access Control Models in IoT/WoT Environment (1)
● ACS authenticates the user and
grants her the appropriate access
token, allowing her to access the
Thing’s resources for a certain period
of time or permanently depending on
the deployed policy,
● Better scalability and privacy in the
system.
● Complicated to implement in
constrained environment since the
Things themselves needs to check the
received access token
De-centralized Architecture
10. Access Control Models in IoT/ WoT Environment (2)
● User’s requests go through an access
control server that authorizes and
relays them to the right destination.
● This model is interesting in the WoT
since all the complexity can be carried
out by the server.
● Single point of failure, impersonation
and privacy problems since all the
requests and eventually responses
are monitored by the server
Centralized Architecture
12. “A graph of data with the intention
to encode knowledge”
“Link things that were never connected before using
graph paradigm to transform business.”
“Knowledge that is represented in machine
readable format for data interoperability and
discovery”
13. Google’s Knowledge Graph (2012)
Video (2 mins 44): https://youtu.be/mmQl6VGvX-c
Blog: https://googleblog.blogspot.com/2012/05/introducing-knowledge-graph-things-not.html
Directed labeled graph
14. We are Using those Technologies Everyday
Technologies used in the
search engine back-end
17. Graph of Things - Le-Phuoc et al.
Video (10 mins 33): https://www.youtube.com/watch?v=kNm6PlrBTi4
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]
18. Graph of Things
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]
● Temperature
● Wind
● Traffic Camera
● Airport
● Flight
● Ship
● Harbour
● Travel Camera
● Twitter
● Bike Station
Water Level
● Metro Station
19. Graph of Things
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]
Real-time -> temporal
and spatial aspects
Big Data Challenges:
Big volume, fast
real-time update and
messy data sources
24. iot.schema.org - Ongoing Extension
How to decide
which concepts to
include?
http://iotschema.org/AirConditionerhttp://iotschema.org/Capability
25. iot.schema.org - Ongoing Extension
How to decide
which concepts to
include?
http://iotschema.org/TemperatureSensinghttp://iotschema.org/Capability
26. Modeling the Security Domain
with Knowledge Graphs
STAC
(Security Toolbox:
Attack & Countermeasure)
27. ● Creating a Knowledge Graph for
better interoperability and reuse
● Based on existing works in the
field
● Collecting data from papers from
2005 to 2013
● Initial version during Gyrard’s
PhD thesis in 2013
The STAC Security Knowledge Graph
41. Motivation for IoT Developers
● How to secure IoT architectures and applications?
○ Communications
○ Data
○ Technologies employed
○ Security properties satisfied
● Time-consuming to be familiar with:
○ Attacks
○ Security Mechanisms
● “Security by design”
=> Reuse the Machine-to-Machine Framework for another purpose: the security
context
=> A tool to help choose the best security mechanism fitting our needs
43. S4AC / Fine-Grained Access Control Policies
● Lightweight vocabulary to create fine-grained access control policies for
Linked Data.
● Share security information specifying the access control conditions under
which the data is accessible.
S4AC: http://ns.inria.fr/s4ac/v1/s4ac_v1.html
44. Shi3ld: Context-Aware Authorization for Graph Stores
● Works on Named Graphs
● Step 0. The user defines the
Access Policy
● Step 1. Query Contextualization
● Step 2. Access Policy
Evaluation
● Step 3. Query Execution
http://wimmics.inria.fr/projects/shi3ld/
59. ● Methodologies:
○ Ontology Development 101: A guide to creating your
first ontology [Noy et al. 2001]
● Semantic Web tools:
○ Oops, TripleChecker, RDF Validators, Vapour
○ Linked Open Vocabularies (LOV)
○ Linked Open Data (LOD)
● 24 security ontologies
○ More than 14 ontologies are online
● Evaluation user form:
○ 24 responses
=> STAC improved with new security domains
Evaluation: STAC Ontology on LOV
71. Is your Security Ontology
not Referenced yet on LOV4IoT?
Writing your ontology
URL here!
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation
72. Evaluating your Security Ontology
Automatic integration with
ontology quality tools
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation
73. Improving your Security Ontology
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation
74. Improving your Security Ontology
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation
75. Improving your Security Ontology
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation
77. ● We can’t stop the IoT/WoT revolution.
● Users are worried about their personal data that they will share
with the smart objects and more importantly who can access
them.
● Need to implement strong security mechanisms to protect their
data inside and outside the infrastructure.
● Semantic technologies offer standards (ontologies, rules, RDF
models) to leverage existing security issues in IoT for better
interoperability mostly in identification, or to data
control/access.
Take Away Message!
78. Challenges
● Semantic Web technologies to support both data
producers and consumers in understanding, combining
and interpreting policies in a meaningful and valuable
way.
● Semantic Web technologies address issues such as
appropriation, distortion, or challenges associated with
invasion.
79. Bibliography
● An ontology-based approach for helping to secure the ETSI Machine-to-Machine Architecture.
IEEE International Conference on Internet of Things 2014 (iThings), 2014
PDF, Paper via IEEE, Slides
● The STAC (Security Toolbox: Attacks & Countermeasures) ontology
WWW 2013, 22nd International World Wide Web Conference, Poster, Brazil
Paper, Poster
● Chapter 5 Security Toolbox: Attacks & Countermeasures (STAC)
PhD: Designing Cross-Domain Semantic Web of Things Applications (2015)
Thesis's defense, Eurecom, Sophia Antipolis, 24 April 2015
PhD thesis (has been selected as one of the 10 nominees for Best PhD Thesis Price - Telecom
ParisTech 2015 - France)
Slides, Demo
80. Bibliography
● Semantic Web Methodologies, Best Practices and Ontology Engineering Applied to Internet of
Things
IEEE World Forum on Internet of Things (WF-IoT), 2015
PDF, Paper via IEEE, Slides
● A survey and analysis of ontology-based software tools for semantic interoperability in IoT and
WoT landscapes.
IEEE World Forum on Internet of Things (WF-IoT), 2018
PDF
● Privacy, Security and Policies: A review of Problems and Solutions with Semantic Web
Technologies,
SWJ (2018)
● Social Semantic Web Access Control.
International Workshop Social Data on the Web (SDoW), 2011.
● An Access Control Model for Linked Data
International IFIP Workshop on Semantic Web & Web Semantics (SWWS), 2011