Bsides Cymru 2024

Pocket-Sized Powerhouses: Exploring IDSs on Microcontrollers
04-27, 16:30–16:45 (Europe/London), Sophia Room - Track 2

Security remains a paramount concern in the rapidly evolving Internet of Things landscape. Traditional Intrusion Detection Systems often fall short in the face of unique challenges posed by IoT networks, such as resource constraints and device heterogeneity. By creating an IDS which lives on the microcontroller it allows it to have autonomy over its security without relying on external devices. We have a look at the challenges of implementing this solution on the device and how it performs compared to traditional solutions.

The ESPRESSIF family of devices, particularly the ESP32, is among the most popular microcontrollers used in the Internet of Things (IoT) domain. The ESP32 is a dual-core system, that can run tasks independently of each other. This dual-core architecture is leveraged to enhance the efficiency of IDSs implemented on these devices.

In a typical scenario, one core is dedicated to identifying potential threats or malicious activities, while the other core is responsible for sending telemetry data or alerts about these threats to a central system. This division of labour between the two cores ensures a seamless transition from threat detection to alert generation, enhancing the overall responsiveness and effectiveness of the IDS.

To further enhance the functionality of the device while ensuring it operates as intended, techniques like protothreading are employed. This means that the device can perform multiple tasks simultaneously, such as monitoring network traffic, analysing data for potential threats, and sending alerts, without any significant impact on performance.
However, implementing such a sophisticated IDS on a microcontroller does come with certain trade-offs, the most notable of which is increased power consumption. The additional processing required for threat detection and telemetry transmission can lead to higher energy usage, which can be a concern for battery-operated devices.

I am currently in the third year of my PhD program at Cardiff University, specialising in Cybersecurity. My research focuses on Machine Learning threat detection for resource-constrained devices, aiming to secure the rapidly expanding Internet of Things (IoT) landscape.

In addition to my academic pursuits, I am an active ham radio operator with the callsign 5B4ANU. This hobby allows me to connect with a global community of enthusiasts and reflects my passion for technology and communication.

I am also deeply committed to the open-source community. I have contributed to various projects, not only through code but also by translating project documentation. This has allowed me to help break down language barriers and make these projects accessible to a wider audience.