IoT Security Challenges: A bunch of problems, no solutions… Wade Trappe
WHAT DO YOU THINK OF WHEN YOU HEAR “ INTERNET OF THINGS ” ? WINLAB
Fitbit WINLAB
Zeo – sleep manager WINLAB
Smart home – Nest, WallyHome, Dropcam, Ivee, Rachio WINLAB
UAV WINLAB
Smartphone, laptop, tablet WINLAB
Low- end devices: RFID tags, small sensors … WINLAB
Smart vehicle & Self-driving cars WINLAB
The IoT is really about “ DATA ” SMART is about the DATA and closing the loop!!! Needs… + We need security to protect the loop! WINLAB
IoT Architecture Context-ware Middleware IoT Middleware Context World Search Model Application Plane Solver Computational Plane Devices Apps Aggregator Edge Router/ Network Plane Gateway Physical Plane Info. Future Internet Infrastructure WINLAB
IoT Architecture Four-plane Context – Physical (Device) Plane Context determined by devices physical attribute such as: Device Name, Device Type, Device Value, Device Location , etc. – Networking Plane Context determined by the network attribute such as: Network Service Type (Stream, Linked-data), Bandwidth, Connectivity, etc. – Computational/Middleware Plane Filtering, processing, grouping, presentation, etc. Lives to serve the Application Plane – Application Plane Context determined by attributes mentioned above and application requirement such as : “Find the nearest cap”, “Find all the WINLAB rooms with temperature above 25 ° C”’ WINLAB
BEING EVIL IS GOOD LET US LOOK AT SECURITY WINLAB
It is important to examine the security problem according to the information flows and potential adversarial points of control Adversary acts as a false Adversary attacks application attempting communication conduit to access information between server and not intended for it applications Subscribing Publishing IoT Server Publishing IoT IoT Applications Publishing Gateway Internet API IoT Smart Homes Routers Gateway API IoT Smart Healthcare Sensors Gateway API Smart Grid Sensors Adversary alters Sensors a sensor to report Adversary creates a spoofing false readings sensor to the system Adversary monitors sensor readings to track customer usage WINLAB
Can ’ t we just call TLS and go home? HTTP FTP SMTP S/MIME PGP SET HTTP FTP SMTP SSL/TLS Kerberos SMTP HTTP TCP TCP UDP TCP IP/IPSEC IP IP At the Network Level At the Transport Level At the Application Level Unfortunately no… – Many devices won ’ t have the resources needed to support cryptographic mechanisms (I ’ m sorry, you want an X.509 what?) We ’ re not too worried about securing your well-resourced Tablet, etc! – Many communication flows will be one-directional (how can you complete TLS Handshake without a hand to shake?) – Many of the attacks exist “ outside ” the network (Here is an encrypted 10000 degree Kelvin reading…) Perhaps you can use IPSEC/TLS between the gateway and the server, but what about the sensor to the gateway? WINLAB
More IoT Security Challenges New security challenges brought by IoT – Extending the virtual network to the real world brings many legal and security/privacy issues. Ubiquitous devices monitor everything causing privacy concerns. Data is everywhere, acting upon that data is dangerous since you don’t know its source! – Highly distributed nature: It is difficult to manage the large number of distributed devices. Sensors and devices may be distributed in public areas unprotected, thus are vulnerable to physical attacks. – Limited-function embedded devices Constraints: power, computation capability, storage etc. Most of the communications are wireless, which makes attacks (e.g. eavesdropping, jamming) simple. Some types of devices (e.g. passive RFID tags) are unable to provide authentication or data integrity. WINLAB [21]
There is a low- end to the IoT… it will be hard to secure! Let’s compare a Samsung S5 With a low-end IoT Tag – 2.5GHz quadcore processor – 16-bit processor – 2 GB of RAM – Running at 6MHz – 128GB SD card – 512 bytes storage – 38kJ battery that is recharged – 16KB flash for program daily – Must run for about 10000 – Can run 10 hours of web hours on a coin cell battery with less than 1/15 th the browsing before being recharged energy of the phone Take-away: Don ’ t worry about (some aspects) the high- end of the IoT… WINLAB
But I don ’ t believe you, what about the Green Whatever movement… pg 1. Let’s take a minute and talk energy, technology advancement and the green movement… – Our devices have limitations… – Much better batteries are not coming (Aka, bond energy is not a Moore’s Law phenomena!) – Energy harvesting is being touted as a solution to our energy problems… but how much can they really harvest? – Lightweight crypto is either questionable or not light enough… Next few slides, I’ll attempt to make the case… Take-away: Please don ’ t believe the hype… WINLAB
There ’ s plenty of energy and computing available… not true! Lifecycle of a typical IoT device – Sense and read data from memory – Frame data into a packet – Move packet from processor to radio – Power up radio – Stabilize and calibrate radio to meet frequency regulations – Transmit! TI MSP430 16-bit microcontroller, CC1150 Radio – The MSP430 requires 1mA to operate – The radio requires 23mA to broadcast at 6dBm – Example: 14byte packet at 250kbps requires 448 m sec, requires 32.3 m J – Coin cell battery has about 2-3 kJ of stored energy – Lightweight TLS needs 16M operations Allows only about 20000 operations to perform non-essential (security) operations WINLAB
Green Batteries? Not going to happen… this ain ’ t your typical Moore ’ s Law phenomena, pg 3. Batteries are a mature technology with centuries of engineering behind them. Over past several decades, improvement at about 7% per year There are only a limited number of elements in the periodic table and their potentials have long been known We are already using some of the highest energy density materials available WINLAB
Green Harvesting? Maybe in an ideal world, but the world is not ideal!, pg 4. Harvest energy from the environment – manmade or natural RF energy harvesting (e.g. passive RFID) – Tag collects the energy, converts it to DC to power microprocessor and RF – Fundamental constraint: radio energy decreases in density by 1 – Example: 4Watts of power emitted by a basestation can support distances of 2 r 3 3meters for an IoT tag in a environment 1 r / 100W gives 10 meters… far in excess of safe and legal exposure! Photovoltaics – At high noon on a clear (summer) day, 100 mW/cm2 provided by the sun – Photovoltaic cells have an efficiency of (roughly) 1% to 25% – Practical limitations: shadows, clouds, nighttime, dust accumulation, etc… – Example: NYC average solar energy in winter is 12 mW/cm2 for a cell aimed at sun – Reality check: IoT devices will experience shadows, will not be kept clean, will have rechargeable battery leakage, etc… WINLAB
OK, no Green Panacea… so where can we secure the IoT? Three Plane Approach IoT Middleware Security Things IoT Middleware Applications Device-level Future Internet Security Network Security We can introduce security here… and here… and here… WINLAB
Three Planes for Security Device-level: – To prevent data modification (while it is stored in the device), memory is protected in most RFID tags, such as EPCglobal Class-1 Generation-2 and ISO/IEC 18000 – 3 tags – Lightweight cryptography between devices and the aggregator: CLEFIA (ISO/IEC 29192) is a 128-bit blockcipher or SIMON/SPECK: NSA recent recommendation for lightweight crypto Caveat Emptor!!! – Reuse functionality and other information for security (anomaly detection) purposes: Physical layer, traffic statistics, etc. Network: New forms of security can exist outside of the – Between gateways and servers, utilize conventional network security protocols (TLS!) crypto!!! This is Forensics! – Future Internet semantic/content-centric networking can provide privacy – In-network caching can ride out DoS. Middleware, or “the data computation layer”: – Analyze the data you get, look for outliers and suspicious data, send warnings! For the sake of the discussion, I won’t worry about where you put these modes… some will be at device to gateway, some will be in the backend cloud WINLAB
Hard problem, case study: Thwarting an Indiana Jones Attack… still research to be done! So lets put it together in a story/case-study Call it the “Indiana Jones Attack!” BACK-END NETWORK ` BASE-STATION TAGGED ASSETS WINLAB
Thwarting an Indiana Jones Attack: Mobility Detection Using Active IOT Tags Localization turned out to be hard, but detecting movement was not! 8.00 7.00 Tag 3B Mobile 6.00 Mobility Score 5.00 Tag 8e Mobile 4.00 3.00 Threshold 2.00 1.00 Tag 77 Stationary 0.00 0 20 40 60 80 100 120 140 160 Seconds WINLAB
Recommend
More recommend