The significant increase in interconnectivity and complexity in smart nation systems can make their security unsustainable—the attack surface grows drastically, so does the number of services and systems that each individual service relies on. To address these challenges, this proposal aims to develop:

  1. Novel mechanisms for reducing attack surface. We will devise methods and tools to reduce the ways an attacker can penetrate and move around the interconnected systems. Our proposed approach is based on the observation that services often only need a small set of the full functionalities provided by the underlying systems. Hence, a sensible way to reduce the attack surface is to start from the application-level requirements and trim down unused underlying functionalities / components accordingly. Specifically, one expected deliverable is a tool that can systematically and transparently reduce the attack surface of Internet of Things (IoT) platforms in a (semi-)automatic manner.
  2. Efficient mechanisms for achieving high resilience under attack. The increased connectivity and complexity in a smart nation platform introduces security risk, but also provides untapped opportunities to conduct cross-checking among systems to enhance resilience. Based on this observation, we will increase a service’s resilience by devising lightweight mechanisms that can detect and diagnosis individual system failures and compromises. An expected deliverable is a lightweight software module that can detect abnormal activity of individual systems. We will study information gathering mechanisms that can continue providing meaningful information even if some sensors are compromised. We aim to achieve high resilience while adding only simple APIs and low overhead, so that our solutions can be applied to embedded devices and they do not lead to much increase of the attack surface.

While we seek foundational and generic security-sustaining mechanisms, we will drive our research using concrete smart nation applications. Specifically, we will apply our solutions over the test setup shown below. Based on that, we will demonstrate the degree of attack surface reduction over both selected individual components (e.g., the home sensor gateway) and across the system. We will also quantify how our resilience mechanisms can sustain an acceptable level of service quality during the attack and enable a rapid response to attacks.

Pillars of CPS Security

Synergy and Collaborations

We work closely with our project partners, Silverline Mobile, MWR InfoSecurity, and the Institute for Infocomm Research. In addition, the project team collaborates with ADSC colleagues working on critical infrastructure and cyber-physical system security, particularly for the energy and transportation sectors.