The upcoming Internet of things (IoT) is foreseen to encompass massive
numbers of connected devices, smart objects, and cyber-physical systems. Due to
the large-scale and massive deployment of devices, it is deemed infeasible to
safeguard 100% of the devices with state-of-the-art security countermeasures.
Hence, large-scale IoT has inevitable loopholes for network intrusion and
malware infiltration. Even worse, exploiting the high density of devices and
direct wireless connectivity, malware infection can stealthily propagate
through susceptible (i.e., unsecured) devices and form an epidemic outbreak
without being noticed to security administration. A malware outbreak enables
adversaries to compromise large population of devices, which can be exploited
to launch versatile cyber and physical malicious attacks. In this context, we
utilize spatial firewalls, to safeguard the IoT from malware outbreak. In
particular, spatial firewalls are computationally capable devices equipped with
state-of-the-art security and anti-malware programs that are spatially deployed
across the network to filter the wireless traffic in order to detect and thwart
malware propagation. Using tools from percolation theory, we prove that there
exists a critical density of spatial firewalls beyond which malware outbreak is
impossible. This, in turns, safeguards the IoT from malware epidemics
regardless of the infection/treatment rates. To this end, a tractable upper
bound for the critical density of spatial firewalls is obtained. Furthermore,
we characterize the relative communications ranges of the spatial firewalls and
IoT devices to ensure secure network connectivity. The percentage of devices
secured by the firewalls is also characterized.

By admin