Contract type : Public service fixed-term contract
Renewable contract : Oui
Level of qualifications required : PhD or equivalent
Fonction : Post-Doctoral Research Visit
This postdoctoral activity will be achieved in the context of the Inria Project SCUBA that aims at developing a full framework for automated assessment and security of IoT. It is also linked to the activities of the group in the project H2020 SecureIoT (https://secureiot.eu/) and with the PhD project of a student focusing on fingerprinting technique for IoT. The postdoc will thus have the opportunity to be part of a whole team working on IoT security (mainly 2 researchers, 2 engineers, 2 PhD students) and to use our dedicated Iot platform including numerous devices from different brands and using different protocols for validation purposes.
Supervision and contact: Jérôme François (email@example.com), Abdelkader Lahmadi (firstname.lastname@example.org)
Additional links: RESIST team website (https://team.inria.fr/resist/), J. François’s homepage (http://jeromefra.free.fr)
In last years, Internet-of-Things became a reality with numerous protocols, platforms and devices  being developed and used to support the growing deployment of smart* services: smart-home, -transport, -health, -city... and even the rather usual rigid systems with industry 4.0. Providing new services have required first the development of new functionalities with as underlining goals to have more power- and compute- efficient devices which can embed various sensors. Obviously, IoT also supposes a full infrastructure to guarantee the efficiency of communications and processing of information. The embedded devices are thus completed by access points, routers, servers, etc. At the higher levels services are developed and provided to the users. This ecosystem is very rich and cannot be controlled by a unique entity, e.g. services are often developed by third parties, manufacturer of embed devices are different to those providing connectivity... As a result, such a complex system is naturally a source of potential threats and real cases recently demonstrates that IoT can be affected by naïve weaknesses [1,6]. At Inria, we even demonstrated how simple and cheap can it be take over the control of a Z-Wave home installation in a silent manner .
Therefore, security is paramount of importance. In last decade, many IoT architectures have been proposed, such as the reference model IoT-A , including security modules. However, as highlighted before, security cannot be guaranteed without failure or by-design and this is all the more true with evolving ecosystems such as IoT, with now the emerging trend of using fog-based architecture rather than well-established cloud models. Therefore, vulnerabilites related to IoT are now documented  and can be exploited. Looking at the last years, major attacks including the Mirai botnet, Cold in Finland, Brickerbot and the botnet barrage  are proofs of the real security concerns that are brought.
There is thus a clear need to automate the security of IoT that can adapt in real-time to the evolving IoT ecosystem (devices appearing, disappearing, configuration changes, updates…). All changes may introduce new threats. Actually, evaluting the security of single device is vital but most of all, considering a set of deivces interacting together in their IoT environment is paramount of importance as complex interactions open the way to complex and stealthy attacks. Due to the large number of possible device types, different deployment scenarios and vulnerabilites, manual inspection is impracticable. There is a need for discovering automatically intrusion chains in IoT environments and automatically break those chains to guarantee the security.
The goal of this work is to automatically prevent the intrusions by first identifying the potential intrusion chains. We can thus summarize the global process as follows: (1) identification of the IoT deployment through topology discovery and fingerprinting, (2) mapping vulnerability to atomic elements of the IoT deployment based on public documentations (3) building intrusion chains (4) break intrusion chains in an optimized manner to limit the impact on the end-users.
While there is room for improvement in step (1), we will mainly rely on state-of-the-art technique around topology discovery and fingerprinting. There exist dedicated techniques for IoT . The postdoc will thus focus on the three other steps that can be grouped into two main tasks:
- Consolidation of public vulnerability descriptions with information retrieved in step (1). Actually, most of Cyber-Threat Intelligence databases such as those provided by MITRE (CAPEC, CVE, CWE, ATT&CK...) are far from being complete, in particular in the context of IoT that is emerging. Also, many vulnerabilities are similar but documented in a different manners, as for example regarding their implication in the realization of an exploit. There is a lack of a comprehensive integration of all these documents into a unique database. Our proposal is to build a graph-based knowledge base that rely on identified similarities and correlations among all public documents that are human-written. To realize this objective, the postodoc will mainly rely on NLP (Natural, we will rely on NLP (Natural Language Processing) techniques and existing annotation tools, such as Brat  or Prodigy  to build the recognition models. They will allow to classify and group descriptions, that will extend existing (document) relationships.
- Intrusion chain analysis. The objective here is to derive and map the previously built database onto a real deployment of IoT and then derive the intrusion chains. To identify intrusion chains, we propose to model every threat in terms of predicate including pre and post-condition. Logic inference can be thus used. However, as the knowledge graph and its mapping are based on uncertain assumptions (such as similarities), we will also leverage Probabilistic Logic Network  (PLN). It allows to model causal relations with some uncertainty. Indeed, having a perfect knowledge about dependency among the pre- and postcondition is impossible in our case. Therefore, different solutions could be used for modeling uncertainty. Each event could be quantified as a single probability within a Bayesian models but it is impracticable for precise inference. A more advanced technique is to use a probability distribution but this assumes to know it, which may not be always the case, at least with a high confidence level. PLN comes into the game by being a kind of intermediary solution between single probability- and probability distribution-based models. Once intrusion chains are identified and actually weighted thatnks to the previous techniques, all of them can be merged into a single graph that can be mined to precisely identify the best places to cut links to break all single itnrusion chains while limiting the number of cut. Rather than focusing on a fixed snaphot at a fixed time, predicting future evolution of the graph (or most probable areas that can be extended) will be considered to break the graph at a point that may also automatically break future intrusion chains “under-construction” (preventive security).
 Manos Antonakakis et. al , Understanding the Mirai Botnet, USENIX Security, 2017
 L. Rouch et. Al, A Universal Controller to Take Over a Z-Wave Network, Black Hat Europe, 2017
 Alessandro Bassi, Martin Bauer, Martin Fiedler, Thorsten Kramp, Rob van Kranenburg, Sebastian Lange, Stefan Meissner (eds), “Enabling Things to Talk”, Designing IoT solutions with the IoT Architectural Reference Model, Springer, 2013
 J. François et. al, PTF: Passive Temporal Fingerprinting, IFIP/IEEE International Symposium on Integrated Network Management (IM), 2011
 BF Van Dongen et. al, The prom framework: A new era in process mining tool support, ICATPN 2005
 C. Kolias, G. Kambourakis, A. Stavrou and J. Voas, "DDoS in the IoT: Mirai and Other Botnets," in Computer, vol. 50, no. 7, pp. 80-84, 2017.
 Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, Sasu Tarkoma: IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. ICDCS 2017:
 A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," in IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347-2376, Fourthquarter 2015.
 IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, 2017
 P. Stenetorp, S. Pyysalo, G. TopiÂ ́c, T. Ohta, S. Ananiadou, and J. Tsujii, BRAT : a web-based tool for NLP-assisted text annotation in Demonstrations, 13th Conf. of the European Chapter of the Association for Computational Linguistics. Association for Computational Linguistics, 2012.
 https://prodi.gy/, Radically efficient machine teaching. An annotation tool powered by active learning.
 B. Goertzel, M. Ikl, I. F. Goertzel, and A. Heljakka, Probabilistic Logic Networks: A Comprehen-
sive Framework for Uncertain Inference. Springer, 2008.
 J. Wallen. “Five nightmarish attacks that show the risks of IoT security”. ZDNet June 2017. Available at: http://www.zdnet.com/article/5-nightmarish-attacks-that-show-the-risks-of-iot-security/
Required qualifications :
- Required qualification: PhD diploma in computer science
- Good expertise in networking, security, machine learning, logic and stochastic modeling
- Knowledge in NLP methods will be appreciated
- Computer skills: familiar with Linux, Scala/Python programming
- Subsidized meals
- Partial reimbursement of public transport costs
- Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
- Possibility of teleworking (after 6 months of employment) and flexible organization of working hours
- Professional equipment available (videoconferencing, loan of computer equipment, etc.)
- Social, cultural and sports events and activities
- Access to vocational training
- Social security coverage
Salary: 2653€ gross/month
- Theme/Domain :
Networks and Telecommunications
System & Networks (BAP E)
- Town/city : Villers-lès-Nancy
- Inria Center : CRI Nancy - Grand Est
- Starting date : 2019-10-01
- Duration of contract : 1 year, 4 months
- Deadline to apply : 2019-06-05
The keys to success
June 6th, 2018 (Midnight Paris time)
How to apply
Upload your file on jobs.inria.fr in a single pdf or zip file, and send it as well by email to email@example.com. Your file should contain the following documents:
• CV including a description of your research activities (2 pages max) and a short description of what you consider to be your best contributions and why (1 page max and 3 contributions max); the contributions could be theoretical or practical. Web links to the contributions should be provided. Include also a brief description of your scientific and career projects, and your scientific positioning regarding the proposed subject.
• The report(s) from your PhD external reviewer(s), if applicable.
• If you haven't defended yet, the list of expected members of your PhD committee (if known) and the expected date of defense (the defense, not the manuscript submission).
In addition, at least one recommendation letter from your PhD advisor should be sent directly by their author(s) to firstname.lastname@example.org.
Applications are to be sent as soon as possible.
Inria, the French national research institute for the digital sciences, promotes scientific excellence and technology transfer to maximise its impact. It employs 2,400 people. Its 200 agile project teams, generally with academic partners, involve more than 3,000 scientists in meeting the challenges of computer science and mathematics, often at the interface of other disciplines. Inria works with many companies and has assisted in the creation of over 160 startups. It strives to meet the challenges of the digital transformation of science, society and the economy.
Instruction to apply
Defence Security :
This position is likely to be situated in a restricted area (ZRR), as defined in Decree No. 2011-1425 relating to the protection of national scientific and technical potential (PPST).Authorisation to enter an area is granted by the director of the unit, following a favourable Ministerial decision, as defined in the decree of 3 July 2012 relating to the PPST. An unfavourable Ministerial decision in respect of a position situated in a ZRR would result in the cancellation of the appointment.
Recruitment Policy :
As part of its diversity policy, all Inria positions are accessible to people with disabilities.
Warning : you must enter your e-mail address in order to save your application to Inria. Applications must be submitted online on the Inria website. Processing of applications sent from other channels is not guaranteed.