Towards Cyber Threat Intelligence for the IoT

TL;DR

This paper proposes a specialized cyber threat intelligence architecture for IoT, including a lightweight data model and sharing platform to enhance security in resource-constrained environments.

Contribution

It introduces a new CTI architecture based on MISP and a tailored lightweight STIX standard optimized for low-power IoT devices.

Findings

Enhanced threat information sharing for IoT environments

A lightweight, secure CTI data model (tinySTIX)

Improved security in harsh IoT environments

Abstract

With the proliferation of digitization and its usage in critical sectors, it is necessary to include information about the occurrence and assessment of cyber threats in an organization's threat mitigation strategy. This Cyber Threat Intelligence (CTI) is becoming increasingly important, or rather necessary, for critical national and industrial infrastructures. Current CTI solutions are rather federated and unsuitable for sharing threat information from low-power IoT devices. This paper presents a taxonomy and analysis of the CTI frameworks and CTI exchange platforms available today. It proposes a new CTI architecture relying on the MISP Threat Intelligence Sharing Platform customized and focusing on IoT environment. The paper also introduces a tailored version of STIX (which we call tinySTIX), one of the most prominent standards adopted for CTI data modeling, optimized for low-power IoT devices using the new lightweight encoding and cryptography solutions. The proposed CTI architecture will be very beneficial for securing IoT networks, especially the ones working in harsh and adversarial environments.