Keynote “Trends on Data Graphs & Security for the Internet of Things” (Extended Version) #WF-IoT World Forum Internet of Things Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS #Security #Toolbox #Attacks and #Countermeasures #STAC #Security #KnowledgeGraphs #Ontologies Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)

1. Web site: https://sites.google.com/view/iot-cps-2019/program?authuser=0

2. Trends on Data Graphs & Security
for the Internet of Things
Speaker:
Dr. Ghislain Atemezing
Research & Development Director, MONDECA, Paris, France
Credits:
Dr. Amelie Gyrard
Kno.e.sis, Wright State University, Ohio, USA

3. Agenda
● Motivation
● Background: Knowledge Graphs (KG), Semantic Web, Ontologies, etc.
● KGs for IoT
● Semantic Web approaches to security
○ Security Knowledge Graph with
STAC (Security Toolbox: Attacks & Countermeasures)
○ Ontology catalog for IoT Security
○ Helping IoT developers secure their applications
○ STAC demo
○ STAC evaluation
● Ontology Quality with Perfecto applied for security
● Take away message

4. Motivation

5. Why do we Need to Secure IoT/CPS Applications?
We can control
people’s life otherwise!

6. https://www.ahajournals.org/doi/full/10.1161/CIRCULATIONAHA.118.037331
Why do we Need to Secure IoT/CPS Applications?

7. Classification of Cybersecurity from Europol
● Class of incident
● Type of incident for
each class
● Description of the
incident

8. OWASP - Top 10 IoT Vulnerabilities
● I1 Weak Guessable, or Hardcoded Passwords
● I2 Insecure Network Services
● I3 Insecure Ecosystem Interfaces
● I4 Lack of Secure Update Mechanism
● I5 Use of Insecure or Outdated Components
● I6 Insufficient Privacy Protection
● I7 Insecure Data Transfer and Storage
● I8 Lack of Device Management
● I9 Insecure Default Settings
● I10 Lack of Physical Hardening
https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf

9. Access Control Models in IoT/WoT Environment (1)
● ACS authenticates the user and
grants her the appropriate access
token, allowing her to access the
Thing’s resources for a certain period
of time or permanently depending on
the deployed policy,
● Better scalability and privacy in the
system.
● Complicated to implement in
constrained environment since the
Things themselves needs to check the
received access token
De-centralized Architecture

10. Access Control Models in IoT/ WoT Environment (2)
● User’s requests go through an access
control server that authorizes and
relays them to the right destination.
● This model is interesting in the WoT
since all the complexity can be carried
out by the server.
● Single point of failure, impersonation
and privacy problems since all the
requests and eventually responses
are monitored by the server
Centralized Architecture

11. Quizz Slide
Have you already heard about
Knowledge Graph (KG)?
What is a KG?

12. “A graph of data with the intention
to encode knowledge”
“Link things that were never connected before using
graph paradigm to transform business.”
“Knowledge that is represented in machine
readable format for data interoperability and
discovery”

13. Google’s Knowledge Graph (2012)
Video (2 mins 44): https://youtu.be/mmQl6VGvX-c
Blog: https://googleblog.blogspot.com/2012/05/introducing-knowledge-graph-things-not.html
Directed labeled graph

14. We are Using those Technologies Everyday
Technologies used in the
search engine back-end

15. Quizz Slide
Who already heard about:

16. Knowledge Graphs for
Internet of Things (IoT)

17. Graph of Things - Le-Phuoc et al.
Video (10 mins 33): https://www.youtube.com/watch?v=kNm6PlrBTi4
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]

18. Graph of Things
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]
● Temperature
● Wind
● Traffic Camera
● Airport
● Flight
● Ship
● Harbour
● Travel Camera
● Twitter
● Bike Station
Water Level
● Metro Station

19. Graph of Things
Demo: http://graphofthings.org/
Paper: The Graph of Things: A step towards the Live Knowledge Graph of connected things [Le-Phuoc et al. 2016]
Real-time -> temporal
and spatial aspects
Big Data Challenges:
Big volume, fast
real-time update and
messy data sources

20. IBM IoT KG
Video: https://www.youtube.com/watch?v=ebBTdH62yLg

21. Schema.org: Structured data on the Web by Google

22. iot.schema.org - Ongoing Extension
Ongoing
Extension
http://iotschema.org/

23. iot.schema.org
http://iotschema.org/Capability
Extension for IoT
domain. How to align
with other existing
ontologies?

24. iot.schema.org - Ongoing Extension
How to decide
which concepts to
include?
http://iotschema.org/AirConditionerhttp://iotschema.org/Capability

25. iot.schema.org - Ongoing Extension
How to decide
which concepts to
include?
http://iotschema.org/TemperatureSensinghttp://iotschema.org/Capability

26. Modeling the Security Domain
with Knowledge Graphs
STAC
(Security Toolbox:
Attack & Countermeasure)

27. ● Creating a Knowledge Graph for
better interoperability and reuse
● Based on existing works in the
field
● Collecting data from papers from
2005 to 2013
● Initial version during Gyrard’s
PhD thesis in 2013
The STAC Security Knowledge Graph

28. STAC: The First Security Knowledge Graph
Referenced by LOV

29. STAC referenced on LOV
April 2019

30. STAC Ontology and Dataset
STAC Ontology: http://securitytoolbox.appspot.com/stac#
STAC Dataset: http://securitytoolbox.appspot.com/stac-dataset

31. Technology Concept and Sub-Classes

32. Web Attacks Sub-Classes and Axioms

33. Obviously the ontology
to describe the security
domain must evolved!
Security Mechanisms Sub-Classes

34. Classification of Attacks and Security Mechanisms
Specific to Sensor Networks
According to the OSI Model

35. Security Properties for
Sensor Security Mechanisms

36. Describing LLSP Security Mechanism in RDF/XML

37. An ontology catalog for
(IoT)-Security

38. LOV4IoT: An ontology Catalog for IoT
Demo: http://lov4iot.appspot.com/?p=ontologies
33 ontologies for
security referenced

39. LOV4IoT-Security
Demo: http://lov4iot.appspot.com/?p=lov4iot-security

40. A Potential Solution to Help
Developers
Secure IoT Applications

41. Motivation for IoT Developers
● How to secure IoT architectures and applications?
○ Communications
○ Data
○ Technologies employed
○ Security properties satisfied
● Time-consuming to be familiar with:
○ Attacks
○ Security Mechanisms
● “Security by design”
=> Reuse the Machine-to-Machine Framework for another purpose: the security
context
=> A tool to help choose the best security mechanism fitting our needs

42. Assisting Developers
in Securing IoT Apps with STAC

43. S4AC / Fine-Grained Access Control Policies
● Lightweight vocabulary to create fine-grained access control policies for
Linked Data.
● Share security information specifying the access control conditions under
which the data is accessible.
S4AC: http://ns.inria.fr/s4ac/v1/s4ac_v1.html

44. Shi3ld: Context-Aware Authorization for Graph Stores
● Works on Named Graphs
● Step 0. The user defines the
Access Policy
● Step 1. Query Contextualization
● Step 2. Access Policy
Evaluation
● Step 3. Query Execution
http://wimmics.inria.fr/projects/shi3ld/

45. STAC Demo Online: Assisting
Developers in Securing IoT Apps

46. Demo: http://securitytoolbox.appspot.com/
STAC Application

47. STAC Application (Video)
STAC Demo: https://www.youtube.com/watch?v=vXYYbwM0xvY

48. Demo: http://securitytoolbox.appspot.com/?p=stac
Selecting a Technology
Numerous
technologies and
security
mechanisms to use
in IoT

49. Searching Attacks and Countermeasures
for a Specific Technology
Demo: http://securitytoolbox.appspot.com/?p=stac

50. Cryptography
Demo: http://securitytoolbox.appspot.com/?p=cryptography
Tooltip to
provide more
explanations

51. Security Properties
Demo: http://securitytoolbox.appspot.com/?p=security_property
All security mechanisms
addressing the
authentication security
property

52. Security Properties
Demo: http://securitytoolbox.appspot.com/?p=security_property

53. Security for GSM/ 2G
Demo: http://securitytoolbox.appspot.com/?p=cellular

54. Security for GPRS/ 2.5G & UMTS/ 3G
Demo: http://securitytoolbox.appspot.com/?p=cellular

55. Demo: http://securitytoolbox.appspot.com/?p=attack
Attacks & Countermeasures

56. STAC Application Template: GUI

57. Example: An health application needs to be secured!
STAC Application Template:
Data Graph (Back-end)

58. STAC Evaluation

59. ● Methodologies:
○ Ontology Development 101: A guide to creating your
first ontology [Noy et al. 2001]
● Semantic Web tools:
○ Oops, TripleChecker, RDF Validators, Vapour
○ Linked Open Vocabularies (LOV)
○ Linked Open Data (LOD)
● 24 security ontologies
○ More than 14 ontologies are online
● Evaluation user form:
○ 24 responses
=> STAC improved with new security domains
Evaluation: STAC Ontology on LOV

60. Evaluation: STAC dataset on DataHub
https://old.datahub.io/dataset/stac

61. STAC Evaluation

62. STAC Evaluation

63. STAC Evaluation
STAC evaluation form:
https://docs.google.com/forms/d/e/1FAIpQLScEoyupQi69NjNWygb1
I7lfJ6ClSQ6JrVY3YjeFo0h31j7K5g/viewform?usp=sf_link
STAC evaluation results:
https://docs.google.com/spreadsheets/d/1G21C2-uv47jeulGZnVdUq
n0M2MR9gyejw8QpWsc4JHE/edit?usp=sharing

64. Ontology/
Knowledge Graph Quality
with PerfectO

65. Security Ontology Quality
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT
Selecting the
security domain!
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT

66. Security Ontology Quality
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT
Selecting one specific
ontology!

67. Security Ontology Quality
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT
Automatic integration with
ontology quality tools

68. Security Ontology Quality
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT
Automatic ontology
visualization

69. Automatic Integration with
Ontology Visualization

70. Security Ontology Quality
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidationLOV4IoT
Automatic ontology
syntax validator

71. Is your Security Ontology
not Referenced yet on LOV4IoT?
Writing your ontology
URL here!
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation

72. Evaluating your Security Ontology
Automatic integration with
ontology quality tools
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation

73. Improving your Security Ontology
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation

74. Improving your Security Ontology
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation

75. Improving your Security Ontology
Demo: http://perfectsemanticweb.appspot.com/?p=ontologyValidation

76. Take Away Message

77. ● We can’t stop the IoT/WoT revolution.
● Users are worried about their personal data that they will share
with the smart objects and more importantly who can access
them.
● Need to implement strong security mechanisms to protect their
data inside and outside the infrastructure.
● Semantic technologies offer standards (ontologies, rules, RDF
models) to leverage existing security issues in IoT for better
interoperability mostly in identification, or to data
control/access.
Take Away Message!

78. Challenges
● Semantic Web technologies to support both data
producers and consumers in understanding, combining
and interpreting policies in a meaningful and valuable
way.
● Semantic Web technologies address issues such as
appropriation, distortion, or challenges associated with
invasion.

79. Bibliography
● An ontology-based approach for helping to secure the ETSI Machine-to-Machine Architecture.
IEEE International Conference on Internet of Things 2014 (iThings), 2014
PDF, Paper via IEEE, Slides
● The STAC (Security Toolbox: Attacks & Countermeasures) ontology
WWW 2013, 22nd International World Wide Web Conference, Poster, Brazil
Paper, Poster
● Chapter 5 Security Toolbox: Attacks & Countermeasures (STAC)
PhD: Designing Cross-Domain Semantic Web of Things Applications (2015)
Thesis's defense, Eurecom, Sophia Antipolis, 24 April 2015
PhD thesis (has been selected as one of the 10 nominees for Best PhD Thesis Price - Telecom
ParisTech 2015 - France)
Slides, Demo

80. Bibliography
● Semantic Web Methodologies, Best Practices and Ontology Engineering Applied to Internet of
Things
IEEE World Forum on Internet of Things (WF-IoT), 2015
PDF, Paper via IEEE, Slides
● A survey and analysis of ontology-based software tools for semantic interoperability in IoT and
WoT landscapes.
IEEE World Forum on Internet of Things (WF-IoT), 2018
PDF
● Privacy, Security and Policies: A review of Problems and Solutions with Semantic Web
Technologies,
SWJ (2018)
● Social Semantic Web Access Control.
International Workshop Social Data on the Web (SDoW), 2011.
● An Access Control Model for Linked Data
International IFIP Workshop on Semantic Web & Web Semantics (SWWS), 2011