We’re very pleased that cybersecurity students at the University of Twente gave our course Security Services for the IoT (SSI) eight out of ten in an on-line survey that we concluded last week. The goal of SSI was to help students understand the security challenges of the Internet of Things (IoT) and analyse the network behaviour of IoT devices from that perspective.
Helping the next generation
SIDN on campusOur main reason for developing Security Services for the IoT (SSI) was to help the next generation of internet engineers understand the security threats associated with the Internet of Things (IoT) and discuss mechanisms for detecting and mitigating them. We consider SSI a long-term investment in the security and stability of the internet because it helps students design more secure IoT systems (now and after their studies), which reduces the risk of IoT-powered DDoS attacks such as the ones enabled by the Mirai botnet.
SSI is a spin-off of the SPIN project (no pun intended :-)), which aims to develop an open in-home cybersecurity platform to protect the internet as well as end-users against insecure IoT devices by temporarily blocking such devices individually. The course is part of the 4TU Cybersecurity Master’s Programme and we organised it in collaboration with Aiko Pras, Professor of Internet Security at the University of Twente and Head of Design and Analysis of Communication Systems (DACS).
Lab assignment
A major component of SSI was a lab assignment in which the eighteen students that took the course measured and analysed the network behaviour of off-the-shelf IoT devices, such as light bulbs, a power plug, cameras and a smart TV. They carried out the work in pairs and captured the network traffic of the devices in PCAP files, using tools such as Wireshark and our SPIN software.
The students’ lab reports confirm the results of an earlier study by Princeton University, which found that many IoT devices rely on cloud services to provide their functions and use the Domain Name System (DNS) to locate those services. That illustrates that off-line interactions in people’s physical environments increasingly depend on the security and resilience of internet connectivity, cloud services and the DNS. Our students similarly found that their IoT devices used various cloud operators, such as Google and Amazon as well as cloud operators in China and the UK.
The lab teams also specified the network behaviour of the devices in a so-called Manufacturer Usage Description (MUD), which is a form of specification currently being developed in the IETF. As part of their lab assignment, the students proposed several ways of extending the MUD specification, such as adding a maximum packet rate for outbound connections (IoT device to internet) and using regular expressions to allow/disallow a set of domain names in one go (such as “*.exampe.nl” to (dis)allow all subdomains of example.nl).
We’re an active MUD contributor in the IETF and we’re aiming to bring these suggestions into the Operations and Management Area Working Group, which is where the MUD standardisation work is taking place.
Other deliverables
The other deliverables for each of the students were an oral exam on a total of ten scientific papers and IETF documents that the students studied and a presentation they gave to their peers on one of the papers. We used those outputs together with the lab report to assess the extent to which the students had attained the learning goals of SSI, such as an understanding of IoT concepts and applications, security threats and technical solutions. They all passed the exam, with grades varying between 6 and 9.
Student feedback
Near the end of the course, we put up a short on-line survey to ask the SSI students for their feedback. The response rate was 78 per cent (fourteen out of eighteen, thanks!) and the students gave us an eight overall, a score we interpreted as a thumbs up and that we were very pleased with.
The survey’s individual questions for instance showed that we achieved SSI’s learning goals (4.1 average out of a maximum of 5), that the content was interesting (4.5), and that the lab assignment was useful and sufficiently challenging (4.3 and 4.0 average, respectively). The students also valued the extra lecture on DNS operations by Marco Davids (4.5) as well as the introductory lecture with a tutorial by Jair Santanna on DDoS attacks (4.1).
Opinion differed about the merit of students presenting papers to each other (3.9 average) and about students’ initial expectation of SSI (3.8), so we’ll be looking at the possibility of improving our course in those areas next year.
SSI 2019
We’ll be running SSI again in the fourth quartile of 2019 and we thank all of the 2018 students for their enthusiasm and feedback.
Have a great summer!
