IoT Security Challenges:A bunch of problems, no

solutions…

Wade Trappe

WINLAB

WHAT DO YOU THINK OF WHEN YOU HEAR “INTERNET OF THINGS”?

WINLAB

Fitbit

WINLAB

Zeo – sleep manager

WINLAB

Smart home – Nest, WallyHome, Dropcam, Ivee, Rachio

WINLAB

UAV

WINLAB

Smartphone, laptop, tablet

WINLAB

Low-end devices: RFID tags, small sensors …

WINLAB

Smart vehicle & Self-driving cars

WINLAB

The IoT is really about “DATA”

SMART is about the DATA and closing the loop!!!

+

Needs…

We need security

to protect the loop!

WINLAB

IoT Architecture

IoT Middleware

Application Plane

Network Plane

Physical Plane

Devices Apps

Future Internet Infrastructure

Context Search

Aggregator

World Model

Computational Plane

Solver

Edge Router/

Gateway Info.

Context-ware Middleware

WINLAB

IoT Architecture

Four-plane Context

– Physical (Device) Plane

Context determined by devices physical attribute such as:

Device Name, Device Type, Device Value, Device Location, etc.

– Networking Plane

Context determined by the network attribute such as:

Network Service Type (Stream, Linked-data), Bandwidth,

Connectivity, etc.

– Computational/Middleware Plane

Filtering, processing, grouping, presentation, etc.

Lives to serve the Application Plane

– Application Plane

Context determined by attributes mentioned above and application requirement such as : “Find the nearest cap”, “Find all the WINLAB rooms with temperature above 25 ° C”’

WINLAB

BEING EVIL IS GOODLET US LOOK AT SECURITY

WINLAB

It is important to examine the security problem according to the information flows and potential adversarial points of control

Internet Smart Homes

Publishing

Subscribing

Sensors

Routers

IoT

Server

IoT Applications IoT

Gateway

Publishing

Smart Grid

Sensors

IoT

Gateway Smart Healthcare

Sensors

IoT

Gateway

API

API

API

Publishing

Adversary alters

a sensor to report

false readings

Adversary attacks

communication conduit

between server and

applications

Adversary acts as a false

application attempting

to access information

not intended for it

Adversary creates a spoofing

sensor to the system

Adversary monitors sensor

readings to track customer usage

WINLAB

Can’t we just call TLS and go home?

Unfortunately no…

– Many devices won’t have the resources needed to support cryptographic

mechanisms (I’m sorry, you want an X.509 what?)

We’re not too worried about securing your well-resourced Tablet, etc!

– Many communication flows will be one-directional (how can you complete

TLS Handshake without a hand to shake?)

– Many of the attacks exist “outside” the network (Here is an encrypted

10000 degree Kelvin reading…)

Perhaps you can use IPSEC/TLS between the gateway and the server, but what

about the sensor to the gateway?

TCP

IP/IPSEC

HTTP FTP SMTP

TCP

IP

HTTP FTP SMTP

SSL/TLS

TCP

IP

S/MIME PGP

UDP

Kerberos SMTP

SET

HTTP

At the Network Level

At the Transport Level At the Application Level

WINLAB

More IoT Security Challenges

New security challenges brought by IoT

– Extending the virtual network to the real world brings many legal and

security/privacy issues.

Ubiquitous devices monitor everything causing privacy concerns.

Data is everywhere, acting upon that data is dangerous since you don’t know its source!

– Highly distributed nature:

It is difficult to manage the large number of distributed devices.

Sensors and devices may be distributed in public areas unprotected, thus are vulnerable to physical attacks.

– Limited-function embedded devices

Constraints: power, computation capability, storage etc.

Most of the communications are wireless, which makes attacks (e.g. eavesdropping, jamming) simple.

Some types of devices (e.g. passive RFID tags) are unable to provide authentication or data integrity.

[21]

WINLAB

There is a low-end to the IoT… it will be hard to secure!

Let’s compare a Samsung S5

– 2.5GHz quadcore processor

– 2 GB of RAM

– 128GB SD card

– 38kJ battery that is recharged

daily

– Can run 10 hours of web

browsing before being

recharged

With a low-end IoT Tag

– 16-bit processor

– Running at 6MHz

– 512 bytes storage

– 16KB flash for program

– Must run for about 10000

hours on a coin cell battery

with less than 1/15th the

energy of the phone

Take-away: Don’t worry about (some aspects) the high-end of the IoT…

WINLAB

But I don’t believe you, what about the Green Whatever movement… pg 1.

Let’s take a minute and talk energy, technology advancement

and the green movement…

– Our devices have limitations…

– Much better batteries are not coming

(Aka, bond energy is not a Moore’s Law phenomena!)

– Energy harvesting is being touted as a solution to our energy problems…

but how much can they really harvest?

– Lightweight crypto is either questionable or not light enough…

Next few slides, I’ll attempt to make the case…

Take-away: Please don’t believe the hype…

WINLAB

There’s plenty of energy and computing available… not true!

Lifecycle of a typical IoT device

– Sense and read data from memory

– Frame data into a packet

– Move packet from processor to radio

– Power up radio

– Stabilize and calibrate radio to meet

frequency regulations

– Transmit!

TI MSP430 16-bit microcontroller, CC1150

Radio

– The MSP430 requires 1mA to operate

– The radio requires 23mA to broadcast at

6dBm

– Example: 14byte packet at 250kbps requires

448 msec, requires 32.3 mJ

– Coin cell battery has about 2-3 kJ of stored

energy

– Allows only about 20000 operations to

perform non-essential (security) operationsLightweight TLS needs 16M operations

WINLAB

Batteries are a mature technology with centuries of engineering behind them.

Over past several decades, improvement at about 7% per year

There are only a limited number of elements in the periodic table and their

potentials have long been known

We are already using some of the highest energy density materials available

Green Batteries? Not going to happen… this ain’t your typical Moore’s Law phenomena, pg 3.

WINLAB

Harvest energy from the environment– manmade or natural

RF energy harvesting (e.g. passive RFID)

– Tag collects the energy, converts it to DC to power microprocessor and RF

– Fundamental constraint: radio energy decreases in density by

– Example: 4Watts of power emitted by a basestation can support distances of

3meters for an IoT tag in a environment

100W gives 10 meters… far in excess of safe and legal exposure!

Photovoltaics

– At high noon on a clear (summer) day, 100 mW/cm2 provided by the sun

– Photovoltaic cells have an efficiency of (roughly) 1% to 25%

– Practical limitations: shadows, clouds, nighttime, dust accumulation, etc…

– Example: NYC average solar energy in winter is 12 mW/cm2 for a cell

aimed at sun

– Reality check: IoT devices will experience shadows, will not be kept clean,

will have rechargeable battery leakage, etc…

Green Harvesting? Maybe in an ideal world, but the world is not ideal!, pg 4.

2

1

r3/1 r

WINLAB

OK, no Green Panacea… so where can we secure the IoT? Three Plane Approach

Things IoT Middleware

Future Internet

Applications

Device-level

Security

IoT Middleware

Security

Network Security

We can introduce security here… and here… and here…

WINLAB

Three Planes for Security

Device-level:

– To prevent data modification (while it is stored in the device), memory is protected in most RFID

tags, such as EPCglobal Class-1 Generation-2 and ISO/IEC 18000–3 tags

– Lightweight cryptography between devices and the aggregator:

CLEFIA (ISO/IEC 29192) is a 128-bit blockcipher or SIMON/SPECK: NSA recent recommendation for

lightweight crypto

Caveat Emptor!!!

– Reuse functionality and other information for security (anomaly detection) purposes: Physical

layer, traffic statistics, etc.

Network:

– Between gateways and servers, utilize conventional network security protocols (TLS!)

– Future Internet semantic/content-centric networking can provide privacy

– In-network caching can ride out DoS.

Middleware, or “the data computation layer”:

– Analyze the data you get, look for outliers and suspicious data, send warnings!

For the sake of the discussion, I won’t worry about where you put these modes…

some will be at device to gateway, some will be in the backend cloud

New forms of security can exist outside of the crypto!!! This is Forensics!

WINLAB

So lets put it together in a story/case-study

Call it the “Indiana Jones Attack!”

NETWORK`

TAGGED ASSETS

BASE-STATION

BACK-END

Hard problem, case study: Thwarting an Indiana Jones Attack… still research to be done!

WINLAB

0.00

1.00

2.00

3.00

4.00

5.00

6.00

7.00

8.00

0 20 40 60 80 100 120 140 160

Mo

bili

ty S

core

Seconds

Tag 8e Mobile

Tag 77 Stationary

Tag 3B Mobile

Threshold

Thwarting an Indiana Jones Attack: Mobility Detection Using Active IOT Tags

Localization turned out to be hard, but detecting

movement was not!

WINLAB

Putting it all together case study: Thwarting an Indiana Jones Attack, it doesn’t quite work (yet!!!)

Let’s return to the Indiana Jones

Attack…

– Even if item is immobile, a quick

imposter can replicate its radio signals

Problem:

– Replacement events (“Indiana Jones”

attacks) cause variations in signal

strength that are similar to those seen

from immobile transmitters when people

are moving close by.

– Replacement events would only rarely

be detected as mobility events.

We need better “forensics” tools!

WINLAB

Placing security in the middleware: study the actual data to find anomalous activity

We have (lots of) data and physical

phenomena on our side…

– Data analytics can allow us to look for

and use correlations to validate the

Process of Measurement (POM):

Identify anomalous data

Tag data with quality assessments using historical or physical phenomena

– Temporal Consistency Checking

– Multimodal Consistency Checking

Use physics and correlations

Data analytics needed for forensics and

analysis can get fancy (and fun!) very

fast!

1: nnn XXX

WINLAB

Will Allow…

Wrapping it up… Securing the IoT will involve a lot of data analysis– at different locations within the system

Standard security protects only some aspects

Data analysis and forensics will flag anomalous events and

protect the applications being built upon IoT

DATA

Forensics

Algorithms