IoT Security Challenges: A bunch of problems, no solutions… · More IoT Security Challenges New...
Transcript of IoT Security Challenges: A bunch of problems, no solutions… · More IoT Security Challenges New...
IoT Security Challenges:A bunch of problems, no
solutions…
Wade Trappe
WINLAB
WHAT DO YOU THINK OF WHEN YOU HEAR “INTERNET OF THINGS”?
WINLAB
Fitbit
WINLAB
Zeo – sleep manager
WINLAB
Smart home – Nest, WallyHome, Dropcam, Ivee, Rachio
WINLAB
UAV
WINLAB
Smartphone, laptop, tablet
WINLAB
Low-end devices: RFID tags, small sensors …
WINLAB
Smart vehicle & Self-driving cars
WINLAB
The IoT is really about “DATA”
SMART is about the DATA and closing the loop!!!
+
Needs…
We need security
to protect the loop!
WINLAB
IoT Architecture
IoT Middleware
Application Plane
Network Plane
Physical Plane
Devices Apps
Future Internet Infrastructure
Context Search
Aggregator
World Model
Computational Plane
Solver
Edge Router/
Gateway Info.
Context-ware Middleware
WINLAB
IoT Architecture
Four-plane Context
– Physical (Device) Plane
Context determined by devices physical attribute such as:
Device Name, Device Type, Device Value, Device Location, etc.
– Networking Plane
Context determined by the network attribute such as:
Network Service Type (Stream, Linked-data), Bandwidth,
Connectivity, etc.
– Computational/Middleware Plane
Filtering, processing, grouping, presentation, etc.
Lives to serve the Application Plane
– Application Plane
Context determined by attributes mentioned above and application requirement such as : “Find the nearest cap”, “Find all the WINLAB rooms with temperature above 25 ° C”’
WINLAB
BEING EVIL IS GOODLET US LOOK AT SECURITY
WINLAB
It is important to examine the security problem according to the information flows and potential adversarial points of control
Internet Smart Homes
Publishing
Subscribing
Sensors
Routers
IoT
Server
IoT Applications IoT
Gateway
Publishing
Smart Grid
Sensors
IoT
Gateway Smart Healthcare
Sensors
IoT
Gateway
API
API
API
Publishing
Adversary alters
a sensor to report
false readings
Adversary attacks
communication conduit
between server and
applications
Adversary acts as a false
application attempting
to access information
not intended for it
Adversary creates a spoofing
sensor to the system
Adversary monitors sensor
readings to track customer usage
WINLAB
Can’t we just call TLS and go home?
Unfortunately no…
– Many devices won’t have the resources needed to support cryptographic
mechanisms (I’m sorry, you want an X.509 what?)
We’re not too worried about securing your well-resourced Tablet, etc!
– Many communication flows will be one-directional (how can you complete
TLS Handshake without a hand to shake?)
– Many of the attacks exist “outside” the network (Here is an encrypted
10000 degree Kelvin reading…)
Perhaps you can use IPSEC/TLS between the gateway and the server, but what
about the sensor to the gateway?
TCP
IP/IPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSL/TLS
TCP
IP
S/MIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network Level
At the Transport Level At the Application Level
WINLAB
More IoT Security Challenges
New security challenges brought by IoT
– Extending the virtual network to the real world brings many legal and
security/privacy issues.
Ubiquitous devices monitor everything causing privacy concerns.
Data is everywhere, acting upon that data is dangerous since you don’t know its source!
– Highly distributed nature:
It is difficult to manage the large number of distributed devices.
Sensors and devices may be distributed in public areas unprotected, thus are vulnerable to physical attacks.
– Limited-function embedded devices
Constraints: power, computation capability, storage etc.
Most of the communications are wireless, which makes attacks (e.g. eavesdropping, jamming) simple.
Some types of devices (e.g. passive RFID tags) are unable to provide authentication or data integrity.
[21]
WINLAB
There is a low-end to the IoT… it will be hard to secure!
Let’s compare a Samsung S5
– 2.5GHz quadcore processor
– 2 GB of RAM
– 128GB SD card
– 38kJ battery that is recharged
daily
– Can run 10 hours of web
browsing before being
recharged
With a low-end IoT Tag
– 16-bit processor
– Running at 6MHz
– 512 bytes storage
– 16KB flash for program
– Must run for about 10000
hours on a coin cell battery
with less than 1/15th the
energy of the phone
Take-away: Don’t worry about (some aspects) the high-end of the IoT…
WINLAB
But I don’t believe you, what about the Green Whatever movement… pg 1.
Let’s take a minute and talk energy, technology advancement
and the green movement…
– Our devices have limitations…
– Much better batteries are not coming
(Aka, bond energy is not a Moore’s Law phenomena!)
– Energy harvesting is being touted as a solution to our energy problems…
but how much can they really harvest?
– Lightweight crypto is either questionable or not light enough…
Next few slides, I’ll attempt to make the case…
Take-away: Please don’t believe the hype…
WINLAB
There’s plenty of energy and computing available… not true!
Lifecycle of a typical IoT device
– Sense and read data from memory
– Frame data into a packet
– Move packet from processor to radio
– Power up radio
– Stabilize and calibrate radio to meet
frequency regulations
– Transmit!
TI MSP430 16-bit microcontroller, CC1150
Radio
– The MSP430 requires 1mA to operate
– The radio requires 23mA to broadcast at
6dBm
– Example: 14byte packet at 250kbps requires
448 msec, requires 32.3 mJ
– Coin cell battery has about 2-3 kJ of stored
energy
– Allows only about 20000 operations to
perform non-essential (security) operationsLightweight TLS needs 16M operations
WINLAB
Batteries are a mature technology with centuries of engineering behind them.
Over past several decades, improvement at about 7% per year
There are only a limited number of elements in the periodic table and their
potentials have long been known
We are already using some of the highest energy density materials available
Green Batteries? Not going to happen… this ain’t your typical Moore’s Law phenomena, pg 3.
WINLAB
Harvest energy from the environment– manmade or natural
RF energy harvesting (e.g. passive RFID)
– Tag collects the energy, converts it to DC to power microprocessor and RF
– Fundamental constraint: radio energy decreases in density by
– Example: 4Watts of power emitted by a basestation can support distances of
3meters for an IoT tag in a environment
100W gives 10 meters… far in excess of safe and legal exposure!
Photovoltaics
– At high noon on a clear (summer) day, 100 mW/cm2 provided by the sun
– Photovoltaic cells have an efficiency of (roughly) 1% to 25%
– Practical limitations: shadows, clouds, nighttime, dust accumulation, etc…
– Example: NYC average solar energy in winter is 12 mW/cm2 for a cell
aimed at sun
– Reality check: IoT devices will experience shadows, will not be kept clean,
will have rechargeable battery leakage, etc…
Green Harvesting? Maybe in an ideal world, but the world is not ideal!, pg 4.
2
1
r3/1 r
WINLAB
OK, no Green Panacea… so where can we secure the IoT? Three Plane Approach
Things IoT Middleware
Future Internet
Applications
Device-level
Security
IoT Middleware
Security
Network Security
We can introduce security here… and here… and here…
WINLAB
Three Planes for Security
Device-level:
– To prevent data modification (while it is stored in the device), memory is protected in most RFID
tags, such as EPCglobal Class-1 Generation-2 and ISO/IEC 18000–3 tags
– Lightweight cryptography between devices and the aggregator:
CLEFIA (ISO/IEC 29192) is a 128-bit blockcipher or SIMON/SPECK: NSA recent recommendation for
lightweight crypto
Caveat Emptor!!!
– Reuse functionality and other information for security (anomaly detection) purposes: Physical
layer, traffic statistics, etc.
Network:
– Between gateways and servers, utilize conventional network security protocols (TLS!)
– Future Internet semantic/content-centric networking can provide privacy
– In-network caching can ride out DoS.
Middleware, or “the data computation layer”:
– Analyze the data you get, look for outliers and suspicious data, send warnings!
For the sake of the discussion, I won’t worry about where you put these modes…
some will be at device to gateway, some will be in the backend cloud
New forms of security can exist outside of the crypto!!! This is Forensics!
WINLAB
So lets put it together in a story/case-study
Call it the “Indiana Jones Attack!”
NETWORK`
TAGGED ASSETS
BASE-STATION
BACK-END
Hard problem, case study: Thwarting an Indiana Jones Attack… still research to be done!
WINLAB
0.00
1.00
2.00
3.00
4.00
5.00
6.00
7.00
8.00
0 20 40 60 80 100 120 140 160
Mo
bili
ty S
core
Seconds
Tag 8e Mobile
Tag 77 Stationary
Tag 3B Mobile
Threshold
Thwarting an Indiana Jones Attack: Mobility Detection Using Active IOT Tags
Localization turned out to be hard, but detecting
movement was not!
WINLAB
Putting it all together case study: Thwarting an Indiana Jones Attack, it doesn’t quite work (yet!!!)
Let’s return to the Indiana Jones
Attack…
– Even if item is immobile, a quick
imposter can replicate its radio signals
Problem:
– Replacement events (“Indiana Jones”
attacks) cause variations in signal
strength that are similar to those seen
from immobile transmitters when people
are moving close by.
– Replacement events would only rarely
be detected as mobility events.
We need better “forensics” tools!
WINLAB
Placing security in the middleware: study the actual data to find anomalous activity
We have (lots of) data and physical
phenomena on our side…
– Data analytics can allow us to look for
and use correlations to validate the
Process of Measurement (POM):
Identify anomalous data
Tag data with quality assessments using historical or physical phenomena
– Temporal Consistency Checking
– Multimodal Consistency Checking
Use physics and correlations
Data analytics needed for forensics and
analysis can get fancy (and fun!) very
fast!
1: nnn XXX
WINLAB
Will Allow…
Wrapping it up… Securing the IoT will involve a lot of data analysis– at different locations within the system
Standard security protects only some aspects
Data analysis and forensics will flag anomalous events and
protect the applications being built upon IoT
DATA
Forensics
Algorithms