Ransomware Protection and Anomaly Detection in Networks of Severely Constrained Wireless Embedded Devices
Abstract
The threat and severe consequences (financial or otherwise) of ransomware in traditional desktop- and handheld-based computer systems have been well documented in the literature. The same cannot be said for systems comprising constrained, embedded IoT devices used in industrial applications: When it comes to ransomware, the landscape is still largely unexplored. In industrial settings, IoT devices have started being considered for the control of mission-critical systems. A simultaneous or almost-simultaneous ransomware attack on a very large number of devices could prove very disruptive, costly, or outright dangerous. An attack of this nature could for example disrupt the operation of IoT-enabled supply chains, compromise food production by targeting smart agriculture settings, cause unforeseeable consequences to the power grid through compromise of smart metering or electric car charging infrastructure, or even endanger lives by tampering with actuators in factories or transport systems. The CHARIOT EPSRC-funded project aims to devise, design, and prototype methods to prevent, detect, recover from and immunise against ransomware attacks in resource-constrained industrial IoT environments. In this talk I will present the project’s progress to date, as well as some prior work on anomaly detection that led to this research activity at Bristol.
George’s research focuses on energy-efficient networking and security for severely constrained wireless embedded devices and the IoT, with an emphasis on industrial applications.
His objective is to invent and prototype algorithms that are optimised for constrained/low-capability, battery-powered devices without sacrificing performance and reliability.
Over the last few years he has been focussing on IEEE 802.15.4 / .15.4g networks, doing work that covers the entire 6LoWPAN/RPL stack. More specifically, he has made contributions in the areas of multicast forwarding; MAC layers with time-synchronisation (such as TSCH); congestion control; routing; neighbour discovery; service discovery. Within the same IoT context, he is also interested in secure software writing techniques; digital forensics; and software defined networking.
A lot of his work has been released as open source software and is distributed as part of the Contiki-NG operating system for the Internet of Things, an open-source project of which he iis a co-founder and steering group member. Most of the work is also part of the original Contiki OS, for which he used to serve as maintainer.