Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Networks

Immune response system, honeypot: System-level IoT defense

Posted: 15 Oct 2014     Print Version  Bookmark and Share

Keywords:pathogen  IoT  virus  deception  security 

We can follow a similar process in the IoT. First, we must start with an alarm: "I think I have been compromised" (this signal has no direct correspondence in cell biology—a reminder that analogies are useful for inspiration, but not for blueprints). This can be used both to request service in the field and to signal danger to neighbours. The compromised node can then attempt to isolate itself or power down. This intrinsic trigger is a form of biological altruism: "I may not be able to save myself, but at least I can minimise impact to the rest of the system through isolation." At the same time, neighbouring nodes, alerted by the alarm, can act to isolate the infected node, providing the equivalent to extrinsic triggering of cell death.

What happens subsequently at the infected node depends on safety and criticality considerations. For non-critical applications, a simple solution is to power down; in effect, to die, as would a compromised cell. This at least halts further replication and propagation of the pathogen from that site. A slightly less drastic solution might be still to let the principal function die, but to fail over to a non-programmable hardware option, something that will keep the base function ticking over but with no communication or adaptation support. This might be a better approach for medical implants. For example, a pacemaker might fail over to a hard-wired default pacing mode, which is not modifiable in software, while also alerting the wearer that they need to get to a hospital immediately.

More general solutions may require redundancy, which is the default solution in biology. We can have one kidney fail completely and still function normally because we have a second kidney. A similar principle could be applied in the IoT through hardware redundancy. Silicon is after all cheap, or so we are told. Thus, at edge nodes, one could have multiple copies of the complete function, or at least of those parts that could be compromised. (In fact, multiple copies of the complete function may be interesting from a service point of view. Remotely switching a failing node to a redundant copy may be significantly cheaper than a service call.)

In the security case, the compromised function dies but fails over to a redundant copy. Some care is needed here—you don't want to share memory with the compromised node, so the copy will need to cycle through a full start-up with no knowledge of prior state. There will be a glitch in support and log data will be lost, but otherwise there is promise that the edge node can restart in an uncompromised state.

Deception and active defence

An unfortunate reality for cyber defence is that methods of attack will continue to evolve, so effective security methods must find ways to defend against forms of attack not yet seen. We may be able to learn from one method pathogens use to overcome natural defences—deception. For example, the immune system looks for non-self actors; therefore, if a pathogen can appear to be a self, it will not be attacked. One of the most striking examples of this is the HIV virus, which wraps itself in an envelope of phospholipids and proteins taken from the host human cell, thereby looking about as much like self as possible. Perhaps we can turn this concept of deceit back at the pathogens. Even better, perhaps rather than waiting to defend against attacks, we can take the fight at least part way to the attackers.

Work in this area has not been based on biological analogy—examples we have seen draw more on analogies with deception in spy networks. In any event, the method appears useful in our overall concept of system defence. The goal is to present pathogens with attractive targets, commonly called "honeypots," which are actually traps to detect intrusion attempts (see "Changing the Game: The Art of Deception Against Sophisticated Attackers"). These might be dummy DNS targets, empty file or directory links, or dummy accounts with temptingly easy passwords. Any attempt to probe one of these targets is suspicious—multiple attempts trigger blocking on the probing IP address.


Since it is often not difficult to create more of these honeypot targets than real targets to be protected, and since an IP address can be blocked once identified, this approach can provide a defence with a high probability of success against probing attacks.


The size, exponential growth, distributed nature and economics of the Internet of Things present new, arguably paradigm-shifting challenges in security management. Conventional approaches to security, while absolutely necessary, may be far from sufficient to protect this new, fast-growing and exposed surface, or to adequately protect every component of the system against continually evolving attacks.

Biology-inspired and deceit-based strategies offer new ways to think about defence against pathogens at a system-level. Given the nature of these defences, they do not try to protect everything absolutely. Instead, they aim to protect the health of the total system, understanding that local sacrifice or temporarily reduced function may, at times, be a necessary tactic to defend the greater good. In fact, we already acknowledge that absolute protection using conventional techniques is a mirage given constantly evolving threats. While we strive to overcome these threats with evermore sophisticated methods, this article suggests that a system viewpoint can significantly raise the bar for attackers, both present and future.

 First Page Previous Page 1 • 2 • 3 • 4

Comment on "Immune response system, honeypot: Sy..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top