IoTMap: a modelling system for heterogeneous IoT networks Jonathan Tournier François Lesueur, Frédéric Le-Mouël (CITI-INSA Lyon) Laurent Guyon, Hicham Ben-Hassine (Algosecure) first.last@insa-lyon.fr first.last@algosecure.fr � � : @AlgoSecure 30 june 2020 � : https://github.com/AlgoSecure/iotmap
Whoami CITI-INSA Lyon • Hosted at INSA Lyon • Academic lab • PhD student • Focus on connected objects • Thesis subject: IoT security • RedTeamer/security consultant at AlgoSecure AlgoSecure • Based in Lyon • CTF and appsec tools enthusiast • Human-size structure • Involved in innovation and research 2/10
What are heterogeneous IoT networks? IT LAN (HTTP/MQTT/CoAP) Z WIFI/Eth i g B e e ZigBee ZigBee ZigBee ZigBee 3/10
What are heterogeneous IoT networks? IT LAN (HTTP/MQTT/CoAP) Z WIFI/Eth i g B e e WIFI/Eth ZigBee ZigBee n 6 l a o p w w p o a l 6lowpan 6 n 6lowpan ZigBee 6 l o w 6lowpan ZigBee p a n 3/10
What are heterogeneous IoT networks? IT LAN (HTTP/MQTT/CoAP) Z WIFI/Eth i g B e e WIFI/Eth ZigBee ZigBee n 6 l a o p w w p o a l 6lowpan 6 n E L B 6lowpan ZigBee 6 l o w 6lowpan ZigBee p a n 3/10
What are heterogeneous IoT networks? IT LAN (HTTP/MQTT/CoAP) Z WIFI/Eth i g B e e WIFI/Eth ZigBee ZigBee n 6 l a o p w w p o a l 6lowpan 6 n E L B 6lowpan ZigBee BLE 6 l o w 6lowpan ZigBee p BLE a n 3/10
What about IoT security ? 4/10
How to improve IoT security Using penetration testing as a solution to evaluate and improve the security Penetration testing steps • Information gathering • Threat modelling • Vulnerabilities analysis • Exploitation • Post exploitation • Reporting 5/10
How to improve IoT security Using penetration testing as a solution to evaluate and improve the security Focus on Penetration testing steps • Information gathering Network modelling • Threat modelling • Vulnerabilities analysis • Exploitation • Post exploitation • Reporting 5/10
IoT network modelling | Existing tools • KillerBee, SecBee, Zmonitor for ZigBee • LiveNet for 802.15.4, WiFi • Gattacker, btlejuice, btlejack for BLE • EZ-force for ZWave • foren6 for 6lowpan → What about heterogeneous IoT networks ? 6/10
IoTMap killerbee Database and Visulisation PCAP Sniffing Unified format merging PCAP 1 unified file Graph PCAP Patterns Graph-based sensniff modelling detection Pattern Neo4j data btlejack 7/10
IoTMap | Modelling module 1 - Data link graph 2 - Network graph • Point to point communications • End to end communications • Unified format file as input • Use nwk-relative information 4 - Application graph 3 - Transport graph source source • Detected applications • Role of devices and data flow source source interact • Defined patterns • Defined patterns controller controller sink sink 8/10
Demonstration | Setup • 3 protocols: ZigBee, Ble, 6lowpan • 12 devices: IT LAN (HTTP/MQTT/CoAP) Z h i BLE: 2x Micro:Bit g t B E e / e I F I W WIFI/Eth ZB: Hub, outlet, 2x sensors (temp and motion) ZigBee ZigBee 6lowpan 6lowpan 6PAN: 4x TI sensortags cc2550 6lowpan BLE Multi: 2x RPi 6lowpan ZigBee • Several applications BLE 6lowpan 6lowpan ZigBee • Monitoring BLE • Actuator-Sensor • 1 hour of traffic interception 9/10
Demonstration
Conclusion Statement • IoT Security is mostly focused on monoprotocol • Heterogeneous networks will be more and more present • Legacy networks still remain the weak piece • Study the IoT security from a global vision Future works • Improve automatic tasks for information gathering • Encrypted traffic analysis • Add more patterns • Add more protocols • (a lot of bugfixes) 10/10
IoTMap: a modelling system for heterogeneous IoT networks Jonathan Tournier François Lesueur, Frédéric Le-Mouël (CITI-INSA Lyon) Laurent Guyon, Hicham Ben-Hassine (Algosecure) first.last@insa-lyon.fr first.last@algosecure.fr � � : @AlgoSecure 30 june 2020 � : https://github.com/AlgoSecure/iotmap
Recommend
More recommend
