CIS14: Handling Identity in AllJoyn 14.06

of 23 /23
Iden%ty & Security In AllJoyn 14.06 Tim Kellogg Saturday, July 19 2014

description

Tim Kellogg, 2lemetry How to use the consumer-facing Internet of Things framework and open-source project called AllJoyn, which takes care of many aspects surrounding heterogeneous ecosystems of devices, with an understanding of security and identity features and implications.

Transcript of CIS14: Handling Identity in AllJoyn 14.06

Page 1: CIS14: Handling Identity in AllJoyn 14.06

Iden%ty  &  Security  In  AllJoyn  14.06  

Tim  Kellogg  Saturday,  July  19  2014  

Page 2: CIS14: Handling Identity in AllJoyn 14.06

hAps://github.com/tkellogg/alljoyn-­‐examples    hAps://github.com/tkellogg/alljoyn-­‐core/tree/master/alljoyn_core/src    hAp://www.slideshare.net/kellogh/security-­‐iden%ty-­‐in-­‐alljoyn-­‐1406    

Page 3: CIS14: Handling Identity in AllJoyn 14.06

Embedded  Security  

Page 4: CIS14: Handling Identity in AllJoyn 14.06

Mitsubishi  EMI  Incident  (2003)  •  Brakes  disabled  when  given  1000-­‐10000x  legal  levels  of  EMI  radia%on  

•  Car  thinks  brakes  are  locked,  so  it  releases  •  All  within  limits  required  by  law  

Page 5: CIS14: Handling Identity in AllJoyn 14.06

Slammer  Worm  (2003)  •  Nuclear  plant  safety  monitoring  disabled  for  5  hours  

•  “The  business  value  of  access  to  the  data  within  the  control  center  worth  the  risk  of  open  connec%ons  between  the  control  center  and  the  corporate  network”  

•  Unpatched  MSSQL  Server  

Page 6: CIS14: Handling Identity in AllJoyn 14.06

Hello,  my  name  is  Bruce  Schneier  and  I  think  routers  are  super  duper  easy  to  hack,  mostly  because  you  nerds  never  

patch  the  so`ware  

hAps://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html  

Page 7: CIS14: Handling Identity in AllJoyn 14.06

University  of  Washington  Study  (2010)  “We  demonstrate  that  an  aAacker  who  is  able  to  infiltrate  virtually  any  Electronic  Control  Unit  (ECU)  can  leverage  this  ability  to  completely  circumvent  a  broad  array  of  safety-­‐cri%cal  

systems”  hAp://www.autosec.org/pubs/cars-­‐

oakland2010.pdf    

Page 8: CIS14: Handling Identity in AllJoyn 14.06

Hey,  check  it  out!  I  made  my  own  

encryp%on  algorithm  

Page 9: CIS14: Handling Identity in AllJoyn 14.06
Page 10: CIS14: Handling Identity in AllJoyn 14.06

Embedded  Needs  “Rails”  •  So`ware  Updates  •  Security  &  Iden%ty  •  Communica%on  •  Media  Streaming  •  User  Interfaces  

Page 11: CIS14: Handling Identity in AllJoyn 14.06

Distributed  Bus  

Page 12: CIS14: Handling Identity in AllJoyn 14.06

Distributed  Bus  

Page 13: CIS14: Handling Identity in AllJoyn 14.06

Security  

Page 14: CIS14: Handling Identity in AllJoyn 14.06

Auth  Listeners  •  ALLJOYN_RSA_KEYX  –  X.509  cer%ficates  •  ALLJOYN_SRP_KEYX  –  Show  Random  PIN  •  ALLJOYN_SRP_LOGON  –  preset  U/P  table  •  ALLJOYN_ECDHE_NULL  •  ALLJOYN_ECDHE_PSK    •  ALLJOYN_ECDHE_ECDSA  –  DSA  

Page 15: CIS14: Handling Identity in AllJoyn 14.06

ALLJOYN_RSA_KEYX  •  RSA  =  Asymmetric  key  encryp%on  •  X.509  cer%ficates  – Trusted  Cer%ficate  Authority  

Page 16: CIS14: Handling Identity in AllJoyn 14.06

SRP_KEYX  &  SRP_LOGON  •  Threshold  Cryptography  •  No  trust  required  to  establish  a  secure  connec%on  

•  LOGON  =  Username  &  Password  •  KEYX  =  A  PIN  is  displayed  

Page 17: CIS14: Handling Identity in AllJoyn 14.06

ALLJOYN_SRP_KEYX  

Page 18: CIS14: Handling Identity in AllJoyn 14.06

ECDHE  •  Ellip%c  Curve  (EC)  Cryptography  •  DHE  =  Diffie-­‐Hellman  key  Exchange  – Symmetric  key  encryp%on  

Page 19: CIS14: Handling Identity in AllJoyn 14.06

ALLJOYN_ECDHE_NULL  •  Ellip%c  Curve  Encryp%on  •  No  verifica%on  of  iden%ty  

Page 20: CIS14: Handling Identity in AllJoyn 14.06

ALLJOYN_ECDHE_PSK  •  PSK  =  Pre-­‐Shared  Key  •  Service  already  has  the  client’s  public  key  •  A  password  may  also  be  used  

Page 21: CIS14: Handling Identity in AllJoyn 14.06

ALLJOYN_ECDHE_ECDSA  •  ECDSA  –  Ellip%c  Curve  Digital  Signature  Algorithm  

•  Cer%ficate  shows  iden%ty  

Page 22: CIS14: Handling Identity in AllJoyn 14.06
Page 23: CIS14: Handling Identity in AllJoyn 14.06

Ques%ons?    @kellogh      

Prac%cal  Internet  of  Things