Modeling and Design of Secure Internet of Things E-Book

IEEE Press445 Hoes LanePiscataway, NJ 08854

IEEE Press Editorial BoardEkram Hossain, Editor in Chief

Jón Atli Benediktsson

David Alan Grier

Elya B. Joffe

Xiaoou Li

Peter Lian

Andreas Molisch

Saeid Nahavandi

Jeffrey Reed

Diomidis Spinellis

Sarah Spurgeon

Ahmet Murat Tekalp

Modeling and Design of Secure Internet of Things

Edited by

Copyright © 2020 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication data applied for

ISBN: 9781119593362

Set in 9.5/12.5pt STIXTwoText by SPi Global, Pondicherry, India

Cover Design: WileyCover Image: © Photographer is my life./Getty Images

About the Editors

Charles A. Kamhoua is a Senior Electronics Engineer at the Network Security Branch of the US Army Research Laboratory (ARL) in Adelphi, MD, where he is responsible for conducting and directing basic research in the area of game theory applied to cyber security. Prior to joining the Army Research Laboratory, he was a researcher at the US Air Force Research Laboratory (AFRL), Rome, New York, for 6 years and an educator in different academic institutions for more than 10 years. He has held visiting research positions at the University of Oxford and Harvard University. He has coauthored more than 200 peer‐reviewed journal and conference papers that include 5 best paper awards. He is a coinventor of 3 patents and 4 patent applications. He has been at the forefront of several new technologies, coediting three books at Wiley‐IEEE Press entitled Assured Cloud Computing, Blockchain for Distributed System Security, and Modeling and Design of Secure Internet of Things. He has presented over 60 invited keynote and distinguished speeches and has co‐organized over 10 conferences and workshops. He has mentored more than 60 young scholars, including students, postdocs, and Summer Faculty Fellow. He has been recognized for his scholarship and leadership with numerous prestigious awards, including the 2019 US Army Civilian Service Commendation Medal, the 2019 Federal 100‐FCW annual awards for individuals that have had an exceptional impact on federal IT, the 2019 IEEE ComSoc Technical Committee on Big Data (TCBD) Best Journal Paper Award, the 2018 ARL Achievement Award for leadership and outstanding contribution to the ARL Cyber Camo (cyber deception) project, the 2018 Fulbright Senior Specialist Fellowship, the 2017 AFRL Information Directorate Basic Research Award “For Outstanding Achievements in Basic Research,” the 2017 Fred I. Diamond Award for the best paper published at AFRL’s Information Directorate, 40 Air Force Notable Achievement Awards, the 2016 FIU Charles E. Perry Young Alumni Visionary Award, the 2015 Black Engineer of the Year Award (BEYA), the 2015 NSBE Golden Torch Award – Pioneer of the Year, and selection to the 2015 Heidelberg Laureate Forum, to name a few. He has been congratulated by the White House, the US Congress, and the Pentagon for those achievements. He received a B.S. in electronics from the University of Douala (ENSET), Cameroon, in 1999, an MS in Telecommunication and Networking from Florida International University (FIU) in 2008, and a PhD in Electrical Engineering from FIU in 2011. He is currently an advisor for the National Research Council postdoc program, a member of the FIU alumni association and Sigma Xi, and a senior member of ACM and IEEE.

Laurent L. Njilla joined the Cyber Assurance Branch of the US Air Force Research Laboratory (AFRL), Rome, NY, as a Research Electronics Engineer in 2015. As a researcher, he is responsible for conducting and directing basic research in the area of cyber defense, cyber physical system, cyber resiliency, hardware security, and the application of game theory, category theory, and Blockchain technology. He is the Program Manager of the Center of Excellence (CoE) in Cyber Security for the Historically Black Colleges and Universities & Minorities Institutions (HBCU/MI), and the Program Manager of the Disruptive Information Technology Program at AFRL/RI. He has coauthored over 70 peer‐reviewed journal and conference papers with a best paper award. He is a coinventor of 2 patents and 3 patent applications. Coediting of two books at Wiley‐IEEE Press entitled Blockchain for Distributed System Security and Modeling and Design of Secure Internet of Things. His mentorship of young students and scholars is recognized with multiple awards including Air Force Notable Achievement awards, FIU Distinguished Alumni in Government Service award, and the 2015 FIU World Ahead Graduate award. Prior to joining the AFRL, he was a Senior Systems Analyst in the industry sector for more than 10 years. He is a reviewer of multiple journals and serves on the technical program committees of several international conferences. He received his BS in Computer Science from the University of Yaoundé‐1 in Yaoundé, Cameroon, an MS in Computer Engineering from the University of Central Florida (UCF) in 2005, and a PhD in Electrical Engineering from Florida International University (FIU) in 2015. He is a member of the National Society of Black Engineer (NSBE).

Dr. Alexander Kott serves as the ARL’s Chief Scientist. In this role, he provides leadership in development of ARL technical strategy, maintaining technical quality of ARL research, and representing ARL to external technical community.

Between 2009 and 2016, he was the Chief, Network Science Division, Computational and Information Sciences Directorate, US Army Research Laboratory headquartered in Adelphi, MD.

He was responsible for a diverse portfolio of fundamental research and applied development in network science and science for cyber defense.

In particular, he played a key role in initiating the Network Science Collaborative Technology Alliance, among the world‐largest efforts to study interactions between networks of different types. His efforts helped start Cyber Security Collaborative Research Alliance, a unique program of creating basic science of cyber warfare.

In 2013, Dr. Kott served as the Acting Associate Director for Science and Technology of the ARL’s Computational and Information Sciences Directorate; in 2015, he also served as the Acting Director of the Computational and Information Sciences Directorate.

Beginning his Government career, between 2003 and 2008, Dr. Kott served as a Defense Advanced Research Programs Agency (DARPA) Program Manager responsible for a number of large‐scale advanced technology research programs. Technologies developed in programs under his management ranged from adversarial reasoning, to prediction of social and security phenomena, to command and control of robotic forces.

His earlier positions included Director of R&D at Carnegie Group, Pittsburgh, PA, and Information Technology Research Department Manager at AlliedSignal, Inc., Morristown, NJ. There, his work focused on novel information technology approaches, such as Artificial Intelligence, to complex problems in engineering design, and planning and control in manufacturing, telecommunications, and aviation industries.

Dr. Kott received the Secretary of Defense Exceptional Public Service Award and accompanying Exceptional Public Service Medal, in October 2008.

He earned his PhD from the University of Pittsburgh, Pittsburgh, PA in 1989, where his research proposed AI approaches to innovative design of complex systems.

He has published over 80 technical papers and served as the initiator, coauthor, and primary editor of over 10 books, including Advanced Technology Concepts for Command and Control, 2004; Information Warfare and Organizational Decision Process, 2006; Adversarial Reasoning: Computational Approaches to Reading the Opponent's Mind, 2006; The Battle of Cognition: The Future Information‐Rich Warfare and the Mind of the Commander, 2007; Estimating Impact: A Handbook of Computational Methods and Models for Anticipating Economic, Social, Political and Security Effects in International Interventions, 2010; Cyber Defense and Situational Awareness, 2015; Cyber Security of SCADA and other Industrial Control Systems, 2016; and Cyber Resilience (2019).

Sachin Shetty is an Associate Director in the Virginia Modeling, Analysis and Simulation Center at Old Dominion University. He holds a joint appointment as an Associate Professor with the Department of Computational, Modeling and Simulation Engineering. Sachin Shetty received his PhD in Modeling and Simulation from the Old Dominion University in 2007. Prior to joining Old Dominion University, he was an Associate Professor with the Electrical and Computer Engineering Department at Tennessee State University. He was also the associate director of the Tennessee Interdisciplinary Graduate Engineering Research Institute and directed the Cyber Security laboratory at Tennessee State University. He also holds a dual appointment as an Engineer at the Naval Surface Warfare Center, Crane, IN. His research interests lie at the intersection of computer networking, network security, and machine learning. He has published over 200 research articles in journals and conference proceedings. He has also edited four books in the areas of blockchain, Internet of Things, moving target defense, and dynamic spectrum access. Two of his research papers have been selected at the top 50 Blockchain academic papers in 2018. His laboratory conducts cloud and mobile security research and has received over $12 million in funding from National Science Foundation, Air Office of Scientific Research, Air Force Research Lab, Office of Naval Research, Department of Homeland Security, and Boeing. He is the site lead on the DoD Cyber Security Center of Excellence, the Department of Homeland Security National Center of Excellence, the Critical Infrastructure Resilience Institute (CIRI), and Department of Energy, Cyber Resilient Energy Delivery Consortium (CREDC). He is the recipient of Fulbright Specialist award, EPRI Cybersecurity Research Challenge award, DHS Scientific Leadership Award, and has been inducted in Tennessee State University’s million dollar club. He has served on the technical program committee for ACM CCS, IEEE INFOCOM, IEEE ICDCN, and IEEE ICCCN. He is a Senior Member of IEEE.

List of Contributors

Fatemeh AfghahSchool of InformaticsComputing and Cyber SystemsNorthern Arizona UniversityFlagstaff, AZ, USA

Flagstaff, AZ, USAIoannis AgadakosSRI InternationalNew York, NY, USA

Kemal AkkayaDepartment of Electrical and Computer EngineeringFlorida International UniversityMiami, FL, USA

Hisham AlasmaryDepartment of Computer ScienceUniversity of Central FloridaOrlando, FL, USA

Abdullah AlshammariData Science and Cybersecurity Center (DSC2)Department of Electrical Engineering and Computer ScienceHoward UniversityWashington, DC, USA

Amany AlshawiNational Center for Cyber Security TechnologyKing Abdulaziz City for Science and TechnologyRiyadh, Saudi Arabia

Md Ali Reza Al AminComputational Modeling and Simulation EngineeringOld Dominion UniversityNorfolk, VAUSA

Prashant AnantharamanDepartment of Computer ScienceDartmouth CollegeHanover, NHUSA

Afsah AnwarDepartment of Computer ScienceUniversity of Central FloridaOrlando, FL, USA

Orlando AriasUniversity of Central FloridaOrlando, FL, USA

Abdullah AydegerDepartment of Electrical and Computer EngineeringFlorida International UniversityMiami, FL, USA

Ted BaptyInstitute for Software Integrated SystemsVanderbilt UniversityNashville, TN, USA

Erik BlaschUS Air Force Research LaboratoryRome, NY, USA

J. Peter BradyDepartment of Computer ScienceDartmouth CollegeHanover, NH, USA

Swastik BrahmaDepartment of Computer ScienceTennessee State UniversityNashville, TN, USA

Sergey BratusDepartment of Computer ScienceDartmouth CollegeHanover, NH, USA

Jay ChenAccenture Technology LabArlington, VAUSA

Yu ChenDepartment of Electrical and Computer EngineeringBinghamton UniversitySUNY, BinghamtonNY, USA

Jin-Hee ChoDepartment of Computer scienceVirginia TechFalls Church, VA, USA

Gabriela F. CiocarlieSRI InternationalNew York, NY, USA

Bogdan CoposGoogle Inc.Mountain View, CA, USA

George CybenkoDorothy and Walter Gramm Professor of EngineeringDartmouth CollegeHanover, NH, USA

Suhas DiggaviUniversity of CaliforniaLos Angeles, Los Angeles, CA, USA

Jaya DofeDepartment of Computer EngineeringCalifornia State UniversityFullerton, CA, USA

Abhishek DubeyInstitute for Software Integrated SystemsVanderbilt UniversityNashville, TN, USA

Michael EmmiAmazon Inc.New York, NY, USA

S. E. GalaitsiUS Army Engineer Research andDevelopment CenterVicksburg, MS, USA

Marco GamarraCollege of EngineeringOld Dominion UniversityNorfolk, VA, USA

Moses GarubaData Science and Cybersecurity Center (DSC2)Department of Electrical Engineering and Computer ScienceHoward UniversityWashington, DCUSA

Mengmeng GeSchool of Information TechnologyDeakin UniversityGeelong, Victoria, Australia

Oscar GonzalezCollege of EngineeringOld Dominion UniversityNorfolk, VA, USA

Garegin GrigoryanComputing and Information SciencesRochester Institute of TechnologyRochester, NY, USA

Salim HaririDepartment of Electrical andComputer EngineeringUniversity of ArizonaTucson, AZ, USA

Kamrul HasanVirginia Modeling Analysis andSimulation CenterOld Dominion UniversityNorfolk, VA, USA

Amin HassanzadehAccenture Technology LabArlington, VA, USA

Linan HuangDepartment of Electrical and Computer EngineeringTandon School of EngineeringNew York UniversityBrooklyn, NY, USA

Bilal IshfaqDepartment of Computer Science and Software EngineeringUniversity of CanterburyChristchurch, New Zealand

Ira Ray JenkinsDepartment of Computer ScienceDartmouth CollegeHanover, NH, USA

Yier JinUniversity of FloridaGainesville, FL, USA

Charles A. KamhouaUS Army Research LaboratoryAdelphi, MD, USA

Dong Seong KimSchool of Information Technology and Electrical EngineeringUniversity of QueenslandBrisbane, Queensland, Australia

Vijay H. KothariDepartment of Computer ScienceDartmouth CollegeHanover, NH, USA

Alexander KottUS Army Research LaboratoryAdelphi, MD, USA

Tancrède LepointGoogle Inc.New York, NY, USA

Ulf LindqvistSRI InternationalSan Luis Obispo, CA, USA

Igor LinkovUS Army Engineer Research and Development CenterVicksburg, MS, USA

Yaoqing LiuComputer ScienceFairleigh Dickinson UniversityTeaneck, NJ, USA

Michael LocastoSRI InternationalNew York, NY, USA

Michael C. MillianDepartment of Computer ScienceDartmouth CollegeHanover, NH, USA

Aziz MohaisenDepartment of Computer ScienceUniversity of Central FloridaOrlando, FL, USA

Satyaki NanDepartment of Computer ScienceTennessee State UniversityNashville, TN, USA

David M. NicolDepartment of Electrical and Computer EngineeringUniversity of Illinois at Urbana-ChampaignChampaign, IL, USA

Laurent L. NjillaCyber Assurance BranchUS Air Force Research LaboratoryRome, NY, USA

Kartik PalaniDartmouth CollegeHanover, NH, USA

Jeffrey PawlickDepartment of Electrical and Computer EngineeringTandon School of EngineeringNew York UniversityBrooklyn, NY, USA

Fahim RahmanUniversity of FloridaGainesville, FL, USA

Mohammad A. RahmanDepartment of Electrical and Computer EngineeringFlorida International UniversityMiami, FL, USA

Kirti V. RathoreDepartment of Electrical and Computer EngineeringUniversity of Illinois atUrbana-ChampaignChampaign, ILUSA

Danda B. RawatData Science and Cybersecurity Center (DSC2)Department of Electrical Engineering and Computer ScienceHoward UniversityWashington, DC, USA

Jason ReevesVMWare, Inc.Palo Alto, CA, USA

Malek Ben SalemAccenture Technology LabArlington, VA, USA

Nico SaputroDepartment of Electrical and Computer EngineeringFlorida International UniversityMiami, FL, USAandDepartment of Electrical EngineeringParahyangan Catholic UniversityBandung, Indonesia

Pratik SatamDepartment of Electrical and Computer EngineeringUniversity of ArizonaTucson, AZ, USA

Shalaka SatamDepartment of Electrical and Computer EngineeringUniversity of ArizonaTucson, AZ, USA

Shamik SenguptaDepartment of Computer Science and EngineeringUniversity of NevadaReno, Reno, NV, USA

Alireza ShamsoshoaraSchool of InformaticsComputing and Cyber SystemsNorthern Arizona UniversityFlagstaff, AZ, USA

Rebecca ShapiroChamplain CollegeBurlington, VT, USA

Sachin ShettyVirginia Modeling Analysis and Simulation CenterOld Dominion UniversityNorfolk, VA, USA

Raj Mani ShuklaDepartment of Computer Science and EngineeringUniversity of NevadaReno, Reno, NVUSA

Sean W. SmithDepartment of Computer ScienceDartmouth CollegeHanover, NHUSA

Liwei SongPrinceton UniversityPrinceton, NJ, USA

Janos SztipanovitsInstitute for Software Integrated SystemsVanderbilt UniversityNashville, TN, USA

Paulo TabuadaUniversity of CaliforniaLos Angeles, Los Angeles, CA, USA

Syed H. TanveerDepartment of Computer ScienceDartmouth CollegeHanover, NH, USA

Mark TehranipoorUniversity of FloridaGainesville, FL, USA

Samet TonyaliDepartment of Electrical and Computer EngineeringAbdullah Gul UniversityKayseri, Turkey

Deepak K. ToshDepartment of Computer ScienceUniversity of Texas at El PasoEl Paso, TX, USA

Benjamin D. TrumpUS Army Engineer Research and Development CenterVicksburg, MS, USA

Selcuk UluagacDepartment of Electrical and Computer EngineeringFlorida International UniversityMiami, FL, USA

Bowei XiDepartment of StatisticsPurdue UniversityWest Lafayette, IN, USA

Ronghua XuDepartment of Electrical and Computer EngineeringBinghamton UniversitySUNY, BinghamtonNY, USA

Zhiheng XuDepartment of Electrical and Computer EngineeringTandon School of EngineeringNew York UniversityBrooklyn, NY, USA

Qiaoyan YuDepartment of Electrical and Computer EngineeringUniversity of New HampshireDurham, NH, USA

Tao ZhangDepartment of Electrical and Computer EngineeringTandon School of EngineeringNew York UniversityBrooklyn, NY, USA

Zhiming ZhangDepartment of Electrical and Computer EngineeringUniversity of New HampshireDurham, NH, USA

Quanyan ZhuDepartment of Electrical and Computer EngineeringTandon School of EngineeringNew York UniversityBrooklyn, NY, USA

Foreword

I am pleased to offer this Foreword to Modeling and Design of Secure Internet of Things.

Cybersecurity theorists and practitioners alike face the challenge of securing a new, global information technology ecosystem. Already, over half the people alive today are connected to the Internet, making moot the question of whether cyberspace is, indeed, its own “domain.” 5G Internet, Internet Protocol Version 6 (IPv6), Artificial Intelligence (AI), and ubiquitous connectivity are converging to create new ways of managing infrastructures, businesses, government services, and other aspects of daily life. IPv6 is providing virtually unlimited (to be more precise, 2128 or approximately 3.4 × 1038) Internet Protocol addresses, which will allow the connectivity of any device to which an IP address can be assigned. 5G Internet offers high-speed, direct connectivity between and among “traditional” information technology devices and the Internet of Things (IoT) devices that will encompass our world. Indeed, the authors note that by 2020, perhaps 50 billion devices will be connected to the Internet and that, on average, each person will possess seven connected devices. Advanced, cloud-based analytics will provide us the means to find patterns and meaning in the behavior of the devices and networks that will comprise this new ecosystem; AI will allow us to direct the behavior of these devices, and the businesses and infrastructures they populate. Ubiquitous connectivity provided by today’s carriers and tomorrow’s low-earth orbit constellation-based carriers will provide the means by which people, networks, and devices will be connected constantly – everywhere, on land and sea, and in the air. The technologies needed to create “smart cities” will be combined, commoditized, productized, and taken to market as tech giants such as Google, Alibaba, and Amazon compete to build connected communities throughout the world. In fact, the convergence of these technologies is likely to create a new x-as-a-service environment one might call “6G,” in which business services, including analytics and AI are offered as-a-service within and through global networks.

Where will this new ecosystem-of-things make its mark? My answer: everywhere! Critical and business infrastructures will rely increasingly on data from connected devices to optimize performance, fromtransportation and energy infrastructures, to complex global chains, and to adjusting the behavior of implanted medical devices. Manufacturers will modulate production on the fly, even as manufacturing becomes more distributed and 3D manufacturing devices expand in their presence.

National security systems will also depend increasingly on this new IoT-enabled ecosystem. Weapons systems will be comprised of IP-enabled devices designed to optimize performance, maintenance, and integration into the battlefield. Weapons systems and sensor with IoT devices will be connected via 5G battlefield networks to each other, to warfighters, and to commanders as the battlefield of the (very near) future becomes, in the authors’ words, the “Internet of Battlefield Things.” Autonomous and semi-autonomous platforms will collect data and may, depending on the rules of combat, carry and deploy weapons of their own.

Securing this new ecosystem will be hard, and the authors of Modeling and Design of Secure Internet of Things are making a powerful contribution to those seeking to tackle this challenge. The cybersecurity of these new networks, comprised of ever-more-numerous IoT devices, connected via 5G technology, and mediated by AI, will depend on new ways of understanding how these networks behave, including how they should behave and how they really behave. Such networks are more complex; they change constantly and in complex ways and are, therefore, more dynamic than the networks to which we are accustomed. Modeling and Design of Secure Internet of Things describes the techniques by which we can gain the understanding we need to secure them. The book’s organization reflects a multimodal approach to securing IoT networks. “Game Theory and Deception” allows us to explore adversary behavior, efforts to deceive our adversaries, and ways adversaries might detect and counter that deception. In effect, “Game Theory and Deception” helps us understand the human threat to the security of our networks, and how human design can confront this threat.

“Modeling” takes us further, giving us the opportunity to study network behavior in the face of a broad range of attacks (e.g. stepping-stone attacks, polymorphic advanced persistent threats), and the effects of the defenses we might employ and manage. “Design” completes our exploration by applying what we have learned about effective cybersecurity technologies and architectures, overlaying them against the architectures of the advanced IoT networks we seek to defend. Overall, Modeling and Design of Secure Internet of Things is a comprehensive exploration of how best to secure the evolving IT ecosystems from which we intend to profit, and that our adversaries seek to exploit and attack.

The authors have assembled an impressive group of contributors to this volume, many of whom have worked at or with the Army Research Laboratory and with our NATO partners. Dr. Alexander Kott (ARL’s Chief Scientist), Dr. Charles A. Kamhoua (ARL electronics engineer and Fulbright Fellow), Dr. Laurent L. Njilla (a cybersecurity leader at the Air Force Research Laboratory), and Dr. Sachin Shetty (Associate Professor in the Virginia Modeling, Analysis, and Simulation Center at Old Dominion University) are an impressive quartet guiding this exploration of advanced cybersecurity for complex networks and the Internet of Things.

I am confident that cybersecurity theorists and practitioners alike will profit from the discussions offered in this volume, and the world will be made safer as they do.

Preface

The ubiquitous adoption of Internet of Things (IoT) technologies in commercial and military sectors has resulted in the widespread availability of various IoT solutions. However, the massive scale and distributed nature of such devices may introduce security and privacy challenges. IoT device manufacturers have not implemented security mechanisms, making IoT devices vulnerable when connected to the Internet. In addition, IoT devices and networks do not have resources typically available in traditional IT networks to host sophisticated security solutions; thus, it is challenging to port any of the existing security solutions to IoT domains. These challenges necessitate the need to comprehensively and accurately characterize the attack surface in IoT, conduct systematic modeling and analysis of the threats and potential solutions, and propose secure design solutions that balance the trade‐off between cost and security risk.

This book examines issues in modeling and designing secure IoT to provide a flexible, low‐cost infrastructure; reduce the risks of exploitable attack surfaces; and improve survivability of physical processes. The contributions address design issues in developing secure IoT, such as secure software‐defined network‐based network orchestration, networked device identity management, tactical battlefield settings, and smart cities. The book has encompassing themes that drive the individual contributions, including modeling techniques to secure IoT, game‐theoretic models, cyber deception models, moving target defense (MTD) models, adversarial machine learning models in military and commercial domains, and empirical validation of IoT platforms. It synthesizes a mix of earlier work (on topics including MTD and cyber agility) as well as newer, cutting‐edge research findings that promise to attract strong interest (on topics including Internet of Battlefield Things, advanced persistent threats, and cyber deception).

The editors would like to acknowledge the contributions of the following individuals (in alphabetical order): Fatemeh Afghah, Ioannis Agadakos, Kemal Akkaya, Hisham Alasmary, Ehab Al‐Shaer, Abdullah Alshammari, Amany Alshawi, Md Ali Reza Al Amin, Prashant Anantharaman, Afsah Anwar, Zahid Anwar, Orlando Arias, Abdullah Aydeger, Ted Bapty, Erik Blasch, J. Peter Brady, Swastik Brahma, Sergey Bratus, Gabriela F. Ciocarlie, Jay Chen, Yu Chen, Jin‐Hee Cho, Bogdan Copos, George Cybenko, Suhas Diggavi, Jaya Dofe, Qi Duan, Abhishek Dubey, Michael Emmi, S. E. Galaitsi, Marco Gamarra, Moses Garuba, Mengmeng Ge, Oscar Gonzalez, Garegin Grigoryan, Salim Hariri, Kamrul Hasan, Amin Hassanzadeh, Linan Huang, Bilal Ishfaq, Ira Ray Jenkins, Yier Jin, Dong Seong Kim, Vijay H. Kothari, Tancrède Lepoint, Ulf Lindqvist, Igor Linkov, Yaoqing Liu, Michael Locasto, Michael C. Millian, Aziz Mohaisen, Mujahid Mohsin, Satyaki Nan, David M. Nicol, Kartik Palani, Jeffrey Pawlick, Fahim Rahman, Mohammad A. Rahman, Kirti V. Rathore, Danda B. Rawat, Jason Reeves, Malek Ben Salem, Nico Saputro, Pratik Satam, Shalaka Satam, Shamik Sengupta, Alireza Shamsoshoara, Rebecca Shapiro, Raj Mani Shukla, Sean W. Smith, Liwei Song, Janos Sztipanovits, Paulo Tabuada, Syed H. Tanveer, Mark Tehranipoor, Samet Tonyali, Deepak K. Tosh, Benjamin D. Trump, Selcuk Uluagac, Bowei Xi, Ronghua Xu, Zhiheng Xu, Qiaoyan Yu, Tao Zhang, Zhiming Zhang, and Quanyan Zhu.

We would like to thank Michael De Lucia, Paul Ratazzi, Robert Reschly, Sidney Smith, and Michael Weisman for technical review support. We would also like to extend thanks and acknowledgment to the US Army Research Laboratory technical editors Amber Bennett, Sandra Fletcher, Mark A. Gatlin, Carol Johnson, Martin W. Kufus, Sandy Montoya, Jessica Schultheis, and Nancy J. Simini, who helped edit and collect the text into its final form, and to Victoria Bradshaw, Mary Hatcher, and Louis Vasanth Manoharan of Wiley for their kind assistance in guiding this book through the publication process.

1Introduction

Charles A. Kamhoua1, Laurent L. Njilla2, Alexander Kott1, and Sachin Shetty3

1 US Army Research Laboratory, Adelphi, MD, USA

2 Cyber Assurance Branch, Air Force Research Laboratory, Rome, NY, USA

3 Virginia Modeling Analysis and Simulation Center, Old Dominion University, Norfolk, VA, USA

1.1 Introduction

1.1.1 IoT Overview

Wireless technologies such as Wi‐Fi, Bluetooth, Mesh networks, Zigbee, and RFID are ubiquitous in supporting mobile devices and applications. According to the Cisco Visual Networking Index, the number of mobile‐connected devices exceeded the world population in 2014, with over half a billion devices introduced each year [1].

It is expected that there will be a steady transition to smarter mobile devices and an exponential increase in machine‐to‐machine connections. Global mobile data traffic may experience a sevenfold increase between 2016 and 2021. The explosion of mobile devices and traffic will lead to a more connected world, where by 2020 each person will own an average of seven connected devices, with over 93% of adults using smart phones for online services. It is anticipated that 2.7% of all things in the world (over 50 billion) will be connected. Also, the adoption of cloud computing and big data analytics paves the way for a smarter world, with smart energy, smart cities, smart health, smart transport, smart agriculture, smart industry, and smart living.

The Internet of Things (IoT) is the inter‐networking of physical devices, vehicles, buildings, and other items embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data [1].

Figure 1.1