IoT Lab | Canadian Institute for Cybersecurity | UNB

Global Site Navigation (use tab and down arrow)

Canadian Institute for Cybersecurity
IoT Lab

Mastercard-CIC IoT Laboratory

The Internet of Things (IoT) connects billions of devices ranging from smart rings to large-scale industrial equipment. Currently, there are many landmark applications of IoT technology in diverse sectors such as smart homes, connected cars, smart cities, and e-health.

The future of IoT has the potential to be limitless. However, every endpoint that is connected to the Internet is exposed to increased cybersecurity risk and vulnerability. Several research studies have unraveled security vulnerabilities in IoT networks. Top among these cybersecurity issues include vulnerable devices and applications, data privacy, and lack of consensus on common standards.

Every connected IoT device is a data collector, they often store and transmit highly private and sensitive data such as health and financial transactions and thus require protection from cybercriminals. Recently, organizations are beginning to recognize the need for employee training and awareness as it relates to IoT threats.

Purpose

The CIC IoT Security Lab is a centre for research, training, and the automatic testing of IoT endpoints, networks, connectivity protocols, applications, and information security against a set of security requirements and operational conditions.

Researchers at CIC will replicate real-world smart IoT networks inside the lab to study security, privacy, and network performance. By hosting several devices, the IoT Security Lab provides a unique opportunity for students, researchers, and other users to experiment with new devices and applications, develop and test novel methods, generate specialized datasets, and apply artificial intelligence techniques to uncover new insights and valuable information for IoT privacy and security. The CIC IoT Security Lab will have a major role in the following areas.

Training: innovation and talent development in cybersecurity to prepare highly qualified personnel to meet both current and future needs. The lab will serve as a platform for the Master of Applied Cybersecurity (MACSec) and the Research Intensive Cyber Knowledge Studies (RICS) programs.

Research: support for conducting cutting-edge research in cybersecurity. Some of those who will benefit from these include internal and external graduate students of cybersecurity, industry project research, and multidisciplinary research. The CIC is a hub for public cybersecurity datasets used around the world by universities, private industry, and independent researchers. The lab will enable the development of many specialized datasets to support further research.

Collaboration: partnerships with other academic institutions, industries, and government agencies to develop transformative solutions to the growing cybersecurity threats and challenges. The lab will serve as a resource for current and future collaboration initiatives such as the CIC-NRC Cybersecurity Collaboration Consortium (CNCCC) geared towards discoveries and advances in cybersecurity including publications, patents, and the commercialization of technology solutions.

Testing: serve as a testbed for conducting rigorous, transparent, and replicable testing of the security and privacy status of existing and new IoT technologies. The testbed setup consists of a Faraday cage (shielded room) for testing the vulnerability of IoT devices and various systems architectures. The testbed currently supports various communication protocols such as Bluetooth, Wi-Fi, Z-Wave, and ZigBee and can serve the needs of many vendors.

Architecture

The CIC IoT Security Lab is designed to support experimental security and privacy research, training, and industry collaboration in consumer (wearable and smart home) and industrial IoT (smart grid) uses cases.

Wearable Security Lab

The CIC Wearable Security Lab serves as a:

  • hub for research and innovation in the domain of wearable IoT security and privacy. Some of the use case scenarios include vulnerability scans, identifying malicious attacks such as spoofing and attempts to generate communication on behalf of a wearable IoT device.
  • testbed for large corporations and start-ups involved in developing or deploying new wearable IoT devices and solutions

Smart Home Security Lab

The CIC Smart Home Security Lab serves as a hub for:

  • implementing different scenarios regarding the security of smart home IoT devices. Some of the security scenarios include user credentials, personal data, surveillance camera privacy leakage, and location estimation.
  • implementing different smart home risk assessments by utilizing different models and decision awareness that optimizes risk for decision support. These include measuring the possibility of inference through sensor data and giving users a chance to conduct different attacks such as eavesdropping, task, and location inference attacks.
  • simulating different smart home IoT environments for research and awareness training in identifying threats and vulnerabilities. These include identifying the device type, different motion and position sensors, and attack scenarios.

Smart Grid Security Lab

The CIC Smart Grid Security Lab serves as a:

  • hub for implementing different scenarios regarding the security of smart home IoT devices.
  • testbed of industrial IoT with a focus on substations and other energy sectors.

Infrastructure and devices

The current infrastructure and devices in the CIC IoT Security Lab support various network and data communication protocols including Wi‑Fi, Bluetooth, Z-Wave, Zigbee, and a variety of industrial communication protocols. These include:

Core infrastructure: these are hardware and software tools such as firewalls for preventing threats and safely enabling applications and portable power generators to support outdoor experiments. Other core infrastructure items include edge and Internet gateways configured to support the collection and aggregation of data from various devices and sensors as well as to provide compact and secure connectivity for IoT deployments in power-constrained, industrial, or harsh environments.

Faraday cage: this is used as a protective shield against electromagnetic radiation coming from the external environment or to prevent electromagnetic energy radiating from the internal components from escaping the cage. The cage is aimed to support research, development, and testing of devices and services that might cause cybersecurity threats or transmit signals that could interfere with broadcast, government, and military networks.

Data services and server networks: these are state-of-the-art servers configured to support data ingestion, fusion, storage, analytics, and a variety of services while delivering fast response times.

Laptops and desktop towers: to support student research and other computing needs in the lab.

Smartboards: connected to a streaming system for interactive teaching and research.

IoT development kits: these include several Raspberry Pi 4, BeagleBone, Arduino, and LED Smart Bulb developments kits.

Wearable IoT devices: these include Bluetooth speakers, Apple Watches, Smart Galaxy Watches, Fitness Trackers, Fitbit Ionics, Blood Pressure Monitors, Bluetooth Smart Scales, Item Trackers, CubiTag locators, Galaxy Buds, Oxygen Monitors, Galaxy Phones, iPhones, and VR Headsets.

Smart Home IoT devices: these include smart light switches, smoke detectors, speakers, coffee makers, microwaves, door locks, scales, and TVs; indoor face recognition and surveillance cameras and drones; sensors such as leak, motion (accelerometer, gravity, gyroscope), environment (light, temperature, proximity, audio, camera, barometer), and position (GPS and magnetic); and hubs such as Samsung SmartThings to connect a wide range of smart devices and make them work together wirelessly.

Industrial IoT devices: these include smart grid equipment such as overcurrent/feeder protection and TestStand Debug Deployment Environment to support the development and testing of secure industrial IoT systems.