Research brings new effective tools to IoT security

Early detection of a cyber-attack on Internet of Things (IoT) networks can literally save you from unforeseeable consequences, be they an invasion of your privacy or disruption of the energy grid. Autonomous devices cannot be protected by antivirus programs, so another solution is needed. Researchers from the Faculty of Information Technology at Brno University of Technology teamed up with experts from Flowmon Networks and partners from South Korea to develop tools that enable IoT monitoring and diagnostics.

Autonomous devices that communicate with each other within the Internet of Things (IoT) can be infected with malware or come under the control of attackers much like personal computers or servers. Unlike conventional systems, however, they cannot be protected by an antivirus software. After three years of work, Czech researchers have developed a set of tools that allow IoT network to be monitored and diagnosed. The Ironstone project, which received over CZK 10.5 million in support from the Technology Agency of the Czech Republic, was implemented by Flowmon Networks in cooperation with the Faculty of Information Technology (FIT) of Brno University of Technology (BUT). The company also collaborated with partners from South Korea, namely Hallym University and Handcom GMD.

"We participated in the development of a probe for monitoring IoT communications and for security monitoring of industrial critical infrastructure communications - for example, power grids and industrial plants," said Petr Matoušek from the Department of Information Systems, who led the five-member research team at FIT.

The Flowmon IoT Monitoring and Diagnostic Toolset, a software tool that the researchers developed with Flowmon, monitors this communication to detect operational problems and identify security incidents early. "The second tool, the Hancom GMD IoT Forensic Toolset, is designed for forensic analysis of data collected from IoT traffic and devices," explained Pavel Minařík, one of the project's developers and CTO of Flowmon Networks.

The technical solution allows to increase the visibility of communication data and to detect a whole range of attacks, such as unauthorised devices connecting to the network, password transmission in unencrypted form, unauthorised data transmission, attacks on network services, malware, viruses and dozens of other signs that IoT devices or the entire IoT environment could have been compromised.

While competing solutions are highly specialised, Flowmon Networks provides a single system allowing one to analyse both ordinary IT communications on enterprise networks and IoT device communications. This puts it in a unique position as a manufacturer of solutions for monitoring enterprise and industrial control system networks. The results of the Ironstone project integrated into the Flowmon solution are mainly deployed in the systems of large industrial and energy companies.

The project also identified and validated methods for collecting and analysing data from IoT communications. Their use as software tools for traffic monitoring and forensic IoT analysis in industrial application environments will help to expand IoT systems.

"The Internet of Things is becoming more widely used today and will become even more widespread in the future. It is used not only in industrial production but is slowly becoming a normal part of our households. In addition to undeniable advantages, this brings new challenges, particularly in the area of security. Therefore, the Ironstone project naturally received our support," said Petr Konvalinka, Chairman of the Technology Agency of the Czech Republic.

Flowmon Networks is building on Ironstone with a number of other projects related to IoT security. Research on critical infrastructure security is also further pursued by FIT researchers within the Bonnet project focusing on the application of machine learning methods for effective anomaly detection in monitoring tools.