Connected New World
By Josh Brown | Photos by Rob Felt | Illustration by Monet Fort, Harriss Callahan, and Erica Endicott | Published April 16, 2018
From his office five stories above Fifth Street, Gee-Kung Chang looked out over the ever-growing collection of office buildings that comprise Georgia Tech’s Technology Square in Midtown Atlanta.
Every lobby, office, and hallway in the area could someday host numerous internet-connected sensors, cameras, or control systems as businesses begin to roll out more and more internet of things devices and systems.
“In Tech Square alone, you could have hundreds of thousands of sensors, measuring the temperature of each room, turning on and off lights and cameras, locking and unlocking doors,” said Chang, a professor in the School of Electrical and Computer Engineering.
During the next five years, internet of things products will grow in number to account for more than half of the world’s 27.1 billion internet-connected devices, according to a recent forecast from Cisco. In fact, at some point, it may be easier to count the objects not connected to the internet than the ones that are, said Alain Louchez, managing director of Georgia Tech’s Center for the Development and Application of Internet of Things Technologies (CDAIT).
“This is what I mean when I say that the internet of things will give rise to a pulsating world — devices all over constantly sending and receiving data,” he said.
As that internet of things wave approaches, Georgia Tech researchers are exploring the implications of a connected world — from finding ways to keep hackers at bay to developing the next-generation of wireless and cellular networks capable of supporting so many new devices.
Monitoring Internet of Things Security
In the early morning hours of October 21, 2016, a virtual army of hijacked webcams, digital video recorders, and other devices let loose a massive cyberattack.
Visitors across North America and Europe were unable to access some of the internet’s most popular websites during an onslaught from an estimated 100,000 internet of things devices working together to overload web servers.
The attack, carried out by a malware called Mirai, was a wakeup call about how, unbeknownst to most home users, internet of things devices with little — if any — layers of security can become pawns for internet actors up to no good.
“For a manufacturer of an IoT device like a lightbulb, there’s a lot of pressure to keep the price very low to encourage consumers to buy more of them,” said Manos Antonakakis, an assistant professor in the School of Electrical and Computer Engineering. “The biggest problem is that after you buy the lightbulb and plug it in, who is going to worry about security? That has yet to be defined.”
While not every consumer will lose sleep over their lightbulbs getting hacked, those unsecured devices can be a major problem, not only for websites that are attacked by botnets such as Mirai, but also for internet service providers whose networks can also be impacted during such attacks.
Researchers at Georgia Tech have partnered with Comcast on a project to compile critical information about consumer internet of things devices. The information could be used to identify threats on the horizon and potentially thwart such attacks.
“Tracking of IoT devices is extremely important so you can know what you’re up against,” said Antonakakis, who is leading the project. “When you know there’s a vulnerability against those devices, how can you figure out quickly how many of those devices are on your network? And you want to figure that out as soon as possible because if you know you have those devices, you can assess the level of problem with respect to your network. Are you going to be contributing to such an attack, or are you not affected?”
The researchers plan to establish an internet of things device laboratory and monitor security trends for consumer-oriented devices. They will be cataloging data on what security measures are in place for the devices and how to recognize their network traffic patterns. Meanwhile, the researchers will investigate ways to track the number of those devices deployed throughout the world.
“Given recent events, we’re also concerned for the safety and security of our Xfinity Internet customers, in cases where insecure customer-owned IoT devices become compromised and then part of attacks or other malicious activity,” said Jason Livingood, vice president for technology policy and standards at Comcast. “If we can help encourage the IoT industry to solve that, then we think there is a lot of exciting potential for IoT, whether it is part of a service or product we offer or devices that customers add to their network and manage on their own.”
The IoT-powered attack is known as distributed denial of service (DDoS), an old technique that amounts to using a group of computers to simultaneously send floods of requests to a server connected to the internet. If the server is unable to process so many requests at once, the site could temporarily go dark. The growth of the internet of things coupled with increasing internet speeds worldwide has amplified the potential power of such an attack in the event a hacker is able to take over those devices.
The researchers plan to make public much of the data about popular internet of things devices and even assign scores based on the security measures in place for each device. Ultimately, the goals are to promote more research into internet of things security and encourage industrywide efforts to better protect the devices.
“There are going to be a huge number of IoT devices added to the internet in the coming years, which provides a large and tempting pool of potential attacks that malicious parties have been and will continue to try to leverage,” Livingood said. “It is critical to try to encourage IoT device makers to take a more secure approach and look to other steps to be able to prevent and mitigate IoT-based attacks, detect issues, and notify customers of potential infection similar to traditional malware.”
Side Channel Protection
It’s been nearly a decade since a computer virus designed to attack industrial control systems gained worldwide notoriety for its role in infecting computers tied to Iran’s nuclear fuel processing effort.
The Stuxnet attack highlighted how susceptible industrial computers were not just to hacking but also to malware attacks, even if the devices had only an occasional connection to the internet. A team of researchers at Georgia Tech is developing a security solution aimed at detecting attacks on these industrial systems.
“All of these factories have machines with simple processors doing particular tasks over and over again,” said Alenka Zajic, the project’s principal investigator and an associate professor in the School of Electrical and Computer Engineering. “They have zero protection because they were never designed to be exposed to the internet, but now the internet is being used to update the software and monitor what’s happening on the factory floor, so suddenly they are exposing these systems to intrusion.”
The problem, Zajic said, is that factory operators are loath to complicate their industrial systems by adding software to their machines that would prevent such intrusions.
“These industrial controllers don’t have enough processing and memory power to execute their tasks plus protect against viruses or malware,” Zajic said. “The other problem is factory operators don’t want other devices attached to those machines because of concerns that might change how the machines behave and affect reliability.”
So the researchers are approaching the problem from a different angle, or more specifically, a side channel.
Practically since the dawn of the telecommunications age, electromagnetic noise emitted by electronics and cables has contained information that provided clues about what was being transmitted. As early as World War I, spies were reported to be using those “side channels” to listen in on conversations taking place along telephone lines, and techniques were discovered to read the noises emitted from communication devices to piece together the content of encrypted messages.
And still today, despite their increasing complexity, computers give off comparable information.
“You have a lot of transistors that are driving the currents through the circuits,” Zajic said. “And they are switching between zero and one, which causes the signal to go high and low. That current fluctuation creates a magnetic field, and we can listen to that magnetic field and try to make sense of it. We can figure out, for example, that a particular pattern in the analog trace is the software performing a particular task.”
For decades, much attention has been focused on exploiting side channels to steal information, but the researchers wondered if that paradigm could be reversed, using that information to protect the machines emitting the signals.
“It occurred to us that these signals in many ways are not only telling us information about the data being processed, but they’re also telling us whether the machine is doing what it’s supposed to be doing,” said Milos Prvulovic, another researcher working on the project and a professor in the School of Computer Science.
The research team, which includes Alessandro Orso, also a professor in the School of Computer Science, received a $9.4 million grant from the Defense Advanced Research Projects Agency (DARPA) and will spend four years exploring ways to build a device that could monitor side channels in an industrial setting. The project is called Computational Activity Monitoring by Externally Leveraging Involuntary Analog Signals (CAMELIA).
“A device that monitors side channels of a factory system doesn’t impact how that system performs its task,” Zajic said. “So from the perspective of a manufacturer, it’s a much better solution to adding security.”
While in theory a factory could place a side channel security device adjacent to each internet of things-connected system that needed to be protected, ultimately, the team wants to build a device with enough listening power to monitor a group of internet of things industrial systems simultaneously. They also want to be able to detect more than just large aberrations in the analog signal but also pull out key information about what kind of attack is happening.
“The big research question is how small of a difference can you detect,” Zajic said. “Detecting whether a computer is running one browser versus another — that’s easy. Our goal is to pick up when the changes are extremely subtle.”
Deceiving Hackers with a “HoneyBot”
Last spring, a video made the internet rounds showing a team of academic and cybersecurity researchers demonstrating how they had hacked into an industrial robot arm and discreetly modified its processes.
The result was that the 216-pound arm performed its task slightly differently than it had been programmed to. While, in that case, the change was small, such a deviation has the potential to cause a major disruption to products on assembly lines where similar robots are used in industries ranging from food processing to aerospace.
The video highlighted an emerging vulnerability of the modern factory as more and more industrial systems join the internet of things to make it easier for factory managers to monitor and program the machines.
“Robots do more now than they ever have, and some companies are moving forward with, not just the assembly line robots, but freestanding robots that can actually drive around factory floors,” said Raheem Beyah, the Motorola Foundation Professor and interim Steve W. Chaddick School Chair in Georgia Tech’s School of Electrical and Computer Engineering. “So, in that type of setting, you can imagine how dangerous this could be if a hacker gains access to those machines. At a minimum, they could cause harm to whatever products are being produced. If it’s a large enough robot, it could destroy parts or the assembly line. In a worst-case scenario, it could injure or cause death to the humans in the vicinity.”
That realization has spurred computer security professionals to explore ways to prevent such attacks, and researchers at Georgia Tech have developed their own device to fight back.
It’s a robot small enough to fit in a shoe box. They have named it HoneyBot.
Internet security professionals long have employed decoy computer systems as a way to throw cyberattackers off the trail. Once hackers gain access to the decoy, they leave behind valuable information that can help companies further secure their networks. The decoys are known in the industry as “honeypots.”
“A lot of cyberattacks go unanswered or unpunished because there’s this level of anonymity afforded to malicious actors on the internet, and it’s hard for companies to say who is responsible,” said Celine Irvene, a Georgia Tech graduate student who worked with Beyah to devise the new robot. “Honeypots give security professionals the ability to study the attackers, determine what methods they are using, and figure out where they are or potentially even who they are.”
The research team applied the same concept to the HoneyBot. The gadget can be monitored and controlled through the internet. But unlike other remote-controlled robots, the HoneyBot’s special ability is tricking those operating it remotely into thinking it is performing one task, when, in reality, it is doing something completely different.
In a factory setting, such a robot could sit motionless in a corner, springing to life when a hacker gains access — a visual indicator to factory workers that a malicious actor is targeting the facility.
Rather than allow the hacker to then run amok in the physical world, the robot could be designed to follow certain commands deemed harmless — such as meandering slowly about or picking up objects — but stopping short of actually doing anything dangerous.
“The idea behind a honeypot is that you don’t want the attackers to know they’re in a honeypot,” Beyah said. “They’re always looking for indications that they’re in a virtual environment. So, we’d simulate any command that we’d know will be disruptive.”
For example, if the attackers instruct the robot to pick up something off a conveyor belt and throw it on the floor, instead the robot would simply turn and place the object back on the belt. To the hacker, however, the robot would send back data indicating it had thrown the object as instructed.
“If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed,” Beyah said. “That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that the appropriate acceleration occurred from point A to point B. Further, several sensors may present the same type of information so we ensure that they are correlated.”
The researchers call the HoneyBot, which is partially funded with a grant from the National Science Foundation, a hybrid honeypot system — partially a real device responding in real life to commands, partially simulating those commands.
“The problem with a 100 percent simulated systems is that it makes it easier for a sophisticated hacker to determine that it’s not real,” Irvene said. “Let’s say the hacker tells the robot to perform a process that should take a few seconds or a minute to complete, such as opening a relay. In a simulated environment, the system would respond immediately that the relay is now open. And that might tip off the hacker.”
Having a real robot also gives the researchers a physical system to model for their simulations rather than just plucking numbers from the air.
To put the HoneyBot through its paces and test the concept, Beyah and Irvene devised an experiment to give volunteers the ability to control the robot across the internet and to navigate through a maze in their lab. The volunteers would be paid a small amount to complete the maze and would earn a little more money for finishing it quickly.
Like playing a video game, the volunteers would use a virtual interface to control the robot and would not be able to see what was happening in real life. To entice the volunteers to break the rules, at specific spots within the maze, the volunteers would see a forbidden “shortcut” that would allow them to finish the maze faster.
In the real maze back in the lab, no shortcut will exist, and if the volunteers opt to go through it, the robot instead will remain still. Meanwhile, the volunteers — who have now unwittingly become hackers for the purposes of the experiment — will see sensor data indicating they passed through the shortcut and continued along the maze.
“We want to make sure they feel that this robot was doing this real thing, and at the end we’re going to ask them if they knew that they were deceived at that ‘shortcut,’” Beyah said. “That will allow us to see if we’re on the right track.”
The Big Picture: Police Merge Internet of Things Data to Increase Safety
The growth of internet-connected things has enabled businesses and other organizations to collect data in ways that were out of reach just a few years ago.
But all of that data streaming in real time, often from disparate sources, can have an unintended consequence: How does an organization keep track of it all?
The Georgia Tech Police Department (GTPD) faced that problem a few years ago. With hundreds of cameras and other sensors placed throughout campus, the department needed a way to make it easier for officers to quickly access information, even when out on the beat.
Enter COP, or Common Operating Picture, a new data visualization interface developed in partnership with the Georgia Tech Research Institute (GTRI).
The new digital interface starts with a map of campus. Icons hover over the map showing the locations of cameras and squad cars. If an officer clicks on a building icon, a picture of the building appears with options to view camera feeds within the building and layouts of each floor.
The goal of the new interface is to better use the video feeds and sensor data during ongoing situations, said GTPD Chief Rob Connolly.
“If we have something like an active robbery, we want to catch them before they get off campus,” he said. “The way we used to use cameras was more forensic. This new tool will make it easier to access the camera feeds we need, when we need to them, to improve situational awareness and help us with our plan of action.”
As the number of cameras placed on campus grew through the years, dispatchers were tasked with juggling multiple computer programs to keep track of all the feeds. In a bid to simplify that, the department invested a few years ago in a third-party computer program that could incorporate multiple types of information in a single screen.
The new GTRI-made visualization tool builds on that, giving the department a custom-tailored program that can be expanded over time, said Leigh McCook, a Georgia Tech Research Institute (GTRI) principal research associate.
“We wanted a situational awareness product that we could own, and could use to build in capabilities we needed without relying on a third party,” said Jeff Hunnicutt, physical security specialist with the police department.
The team of researchers at GTRI, which in addition to McCook included Evan Stuart, Kristin Morgan, Trevor Goodyear, and Winston Messer, built an underlying system for the interface that also allows physical control of cameras, such as pan, tilt, and zoom functions.
One big improvement over the previous system is the ability to use the COP on mobile devices, giving officers in the field much more information at their fingertips. McCook said the COP platform could be adapted for other police forces and public safety agencies.
CDAIT: Collaborating to Improve the Internet of Things
As companies across the planet respond to market demand and move forward with developing their own internet of things technologies and devices, Georgia Tech is also looking for ways to tie those companies together with researchers to help shape the industry.
“No company can have the complete knowledge base,” said Alain Louchez, managing director of Georgia Tech’s Center for the Development and Application of Internet of Things Technologies (CDAIT). “So, in some cases competitors become partners to help us tackle some of these really difficult issues.”
CDAIT (pronounced “sedate”) was launched in a bid to help bridge companies with Georgia Tech researchers at the forefront of answering those questions. Since 2014, more than 20 market-leading companies have joined the initiative and, through their active involvement on the board and in working groups, are helping to shape the center’s research activities. In addition, CDAIT has developed collaborative agreements around the world with nonprofit organizations dedicated to the advancement of the internet of things.
With such internet of things growth, it makes sense for companies to work together to address both technical questions — such as interoperability, device discovery, and security — as well as management and societal issues, including how the internet of things impacts business models, privacy, trust, ethics, regulation, and policy, Louchez explained.
Beyond helping companies refine their internet of things strategies, CDAIT also aims to answer fundamental questions about the internet of things, such as, “What defines an internet of things technology?”
“That is important, because if we don’t know where you want to go, we cannot tell you how to get there,” Louchez said. “It’s crucial to recognize the complexity of IoT, and get a clear idea of the whole IoT value chain with its numerous moving parts. Once you grasp what the internet of things entails, you can figure out how to plan products and services, and the implications of what you’re creating.”
CDAIT has established six working groups composed of researchers and industry leaders, who all have begun with a key challenge or goal. They are tackling topics that encompass internet of things security and privacy, technological standards, workforce development, the entrepreneurial ecosystem, overall internet of things issues and future hurdles, and specific internet of things research projects.
Louchez’s vision also includes the next internet of things phase, which will deal with the automation of many processes that today require a human operator to initiate.
“Traditionally, all devices needed to be interacting with humans at some point,” Louchez said. “Now, the big change is that with the internet of things, devices with various degrees of intelligence will be communicating with each other.”
That will be true with consumer appliances and industrial systems, generating even more demand for sorting out the internet of things landscape and answering lingering questions about policies.
“I think we’ve shown that there is a need for a group that can bring together so many stakeholders to identify, understand, and help solve some of the pivotal challenges tied to the fast-emerging IoT space,” Louchez said. “The fact that we have a host of premier global companies joining us suggests we may be on to something.”
5G Networks Will Enable Internet of Things Devices
With so many new devices competing for network bandwidth and wireless connectivity in years ahead, researchers at Georgia Tech are looking beyond simply increasing network speeds. The internet infrastructure will need a complete reboot.
“There are a whole host of internet of things devices that won’t become reality until we can drastically improve the wireless technology that exists,” said Gee-Kung Chang, a professor in the School of Electrical and Computer Engineering.
That’s driving development of fifth generation mobile networks, or 5G. More than just faster speeds, research into the next generation of networks includes finding ways to restructure wired and wireless access networks to better leverage the available radio frequency spectrum, and to use super broadband fiber optics data transmission systems to seamlessly integrate new wireless cellular technologies.
Chang and other researchers at Georgia Tech are working on a range of projects in the National Science Foundation-sponsored Center for Fiber Wireless Integration and Networking that is laying the groundwork for new 5G mobile data communications.
“What you’ll see is a move away from expensive, big cell tower base stations that cover a large area into more cells that cover smaller areas but with higher speeds through aggressive reuse of the same frequency bands, more antennas, and use of new bands at higher radio frequencies,” said Mary Ann Weitnauer, a professor in the School of Electrical and Computer Engineering.
The problem with Wi-Fi isn’t the speed. It’s how it processes requests in a random fashion that could cause delays.
“Wi-Fi is a best-effort wireless system,” Chang said. “It’s first come, first served, and all devices are fighting for bandwidth and signal, which causes interference delays. If an internet of things device is operating something mission-critical, you need to get that message through immediately, and you can’t afford to deal with those delays. We need an ultra-reliable, low-latency network, not something that is subjected to being jammed or interfered with by random noise.”
Chang’s work includes researching ways to advance how radio access cells process information requests from mobile devices, such as improving how neighboring cells coordinate with each other to handle requests from devices to provide fast mobile edge computing and use adaptive data block design and new waveforms for mission-critical wireless transmission for applications such as driverless cars, factory automation, and telesurgery.
He envisions a wireless system that eventually will have coordinated radio access cells and Wi-Fi-based stations to improve speeds, RF spectrum sharing, reliability, and the capability to accommodate a greater number of devices.
Weitnauer’s team has been working on distributed array techniques to enhance the reliability of wireless communications, researching ways to exploit interference, rather than avoid it, and improve the utilization of wireless bandwidth. The researchers are also looking into designing new wireless network approaches that increase the range and reliability of low-power wireless transmitters consistent with sensors in some internet of things applications.
“Ultimately, all of these things have to come together to meet the needs of the next wave of internet of things devices and the tremendous demand for wireless access that we will see in the years ahead,” Weitnauer said.
Josh Brown is a senior science writer at Georgia Tech. A journalist by training, he’s spent the past decade writing about economic development, medical research, and scientific innovation.