IoT Security Imperative: Stop your Fridge from Sending you Spam

Getting Hacked Via Your Fridge or, the IoT Security Imperative

Amit Rohatgi, president prpl Foundation

CIE-SF / CINA September Seminar9/4/2014

IoT & Security: presented by Amit Rohatgi at CIE-SF 2Thursday, September 4th, 2014


• “Smart refrigerators and TVs hacked to send out spam …” – NBC news

• If hackers can exploit a weakness in a single type of Internet-connected home appliance or system—such as an Internet-connected door lock—they may be able to harm thousands of people at once.

More connected homes, more problems


Incorrect Perception Bad Planning

• Integration• Device cost• Data mining• Footprint

Lower TCOAdded

revenue

• Security & privacy

• Integrity• Reliability

Higher cost??

Waste of time??


Target Breach: an anatomy

HACK

ED

$200M cost, CEO ousted

Compromised credentials from

HVAC vendor

1 HVAC systems monitor temp. changes for see

how long customers stay

2

Malware programs

installed on HVAC systems

3Unified backend systems at store

(and most retailers)

4

PoS system breached

5Millions of credit

card numbers start flowing out

6Breach

detected! Manual intervention was

needed

7


How Big Is this Problem?


Problem – Enterprise and Corporate Risk• According to the MPAA and RIAA – studios and

artists lost over $10B due to piracy in 2010

• Technology companies, such as Qualcomm and Cisco, lose hundreds of millions in revenue, due to cloning

• Corporate Cloud usage is on the rise with Mobile access– A breach at the corporate level would be very

expensive


Problem – Personal Risk

• Mobile devices are “valuable” – due to their transaction and content capabilities– Privacy loss more than hardware loss– Attackers want data, not devices

• Mobile cloud storage is UP !– Need to “bind” device to cloud

• Devices are easily “rooted”– Secure sandboxes for data and code execution

are required


IoT Market Challenges

• Scale– Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real time

data mgmt.)

• Multiple technologies and standards– Creation of technology silos– Established / emerging / competing– Standardization is a key enabler

• Solutions are highly fragmented– Need for common/flexible platforms– Applications environments with multiple PKIs or Roots of Trust

• Low power requirements– Operate for 2 years on a coin battery

• Cost limitation

• Long life cycles

Security


IoT Security Chain (device-to-datacenter)

Sensors NodesAggregation Points

Routers /GatewaysSTBs Cloud

HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates

Secure sensor data for sensitive applications (e.g.

medical, industrial, enterprise)

Enable in field device personalization (add/remove features)Future proof designs with flexible programmable architecture

Private Data Disposal

Secure Server + Secure Network => Secure

Services

Secure Remote MonitoringProtect Intellectual Property against SW cloning (e.g. proprietary algorithms)

Intellectual Property Tampering Detection Intrusion Detection and Secure Remote Monitoring


IoT Security Aspects

• System Security must be Embedded

• Know what is being protected

• Trust begins at home– Secure boot, run time protection, process separation

(TEE)

• Trust between network elements– Authentication and confidentiality– Via registration protocols (trust all devices signed by

manufacturer’s signing key) or online protocols (pairing, TLS, IKE)

IoT Security Questions

1. What is the connectivity model?2. Who owns the device?3. What is running on it?4. Where is it located?5. How is it protected?6. How are attacks detected?7. What is the recovery mechanism?


Secure Platform Principles

Secure Boot

Secure

Execution

HardwareRoot

of Trust

SecureAsset Store

SecureStorage

SecureCommunication


Platform Security

• Secure boot process starts out in ROM

• After bootloader, the root of trust (hypervisor) is verified and loaded

• Iteratively verifies next stage of boot until HLOS (optionally inclusive)

• Secure partition(s) able to access full memory map. Non-secure can access only its partition

Non-secure HLOS (e.g. Android)

SecureOS 1

Secure App 1

Secure App 2

Secure App 3

Non-Secure

App

Non-Secure

App

Non-Secure

App

Secure & Protected Hypervisor

Virtualized N-core MIPS i6400 CPU

Virtualized I/O and Memory thru entire SoC Complex

Secure OS 2


Platform Security

• Secure boot process starts out in ROM

• After bootloader, the root of trust (hypervisor) is verified and loaded

• Iteratively verifies next stage of boot until HLOS (optionally inclusive)

• Secure partition(s) able to access full memory map. Non-secure can access only its partition

Non-secure HLOS (e.g. Android)

SecureOS 1

Secure App 1

Secure App 2

Secure App 3

Non-Secure

App

Non-Secure

App

Non-Secure

App

Secure & Protected Hypervisor

Virtualized N-core MIPS i6400 CPU

Virtualized I/O and Memory thru entire SoC Complex

Secure OS 2

• Flexible

• Scalable

• Reliable

• High

Performance


Exploring VirtualizationMultiple Secure Domains More Reliable & Predictable

More Powerful & Efficient Safer!• Global Platform considering

certifiable containers• Secure services can only affect

their container, not the overall system

Secure HypervisorCPU 1

CPU 2

CPU 3

CPU 4

CPU 1

Secure MonitorCPU 2

CPU 3

CPU 4

CPU 1


CPU 3

CPU 4

CPU 1

Secure MonitorCPU 2

CPU 3

CPU 4

CPU 1

Secure MonitorCPU 2

CPU 3

CPU 4

CPU 1


CPU 3

CPU 4


IoT in our daily lives

• Sleep is precious• Alarm defaults to 8am– +45m (meeting delay)– -5m (gas)– -15m (accident)– -20m (late train)= EXTRA 5 mins!!


WHAT IS prpl?Portability, Virtualization, and Compute


What is prpl?

• A Foundation created to accelerate a robust ecosystem via collaboration– Open-source community supporting the MIPS architecture, and

open to all– Provide access to free, unencumbered toolchains, associated

libraries – Common platform, debuggers, probes and software easily

accessible

• Community Benefits– Large ROI benefit – up to 4x gain– Time-to-Market & lower TCO – Strengthen MIPS ecosystem– Accelerate MIPS64 to mainstream– Faster innovation through focus on core competency


Why Open-Source?

• Enabling the Big Data revolution needs collaborative minds

• Fragmentation will slow down innovation

• More eyeballs = more secure


Synergies Drive Innovation

• IoT will enable big data• big data needs analytics• analytics will improve

processes for more IoT devices


BIG DATAKBMBGBPTEBZBYBnon-linear!


Big Data: The Internet of Cow

1.5B cows200MB/yr/cow

=

300,000 GB(0.3 petabytes)

per year


Big Data: Turbines

12,000 turbines500GB/day each

=

6 million GB(6 petabytes)

per day


Little Data Big Data Huge Data

• Each successive node in the IoT chain adds– Data and Storage requirements– Processing Requirements– Multi-tenant Requirements (ie security)

BytesMegabytes

Terabytes

Petabytes

ExabytesZETTABYTES(1000^7)


DIVERSITY IN IoTlots of hardware


Key Enablers for IoT

• Processing power• Networking infrastructure and connectivity• Low cost, secure devices• Storage• Loads and loads of secure, portable software• A way to make money


Standardization Challenge

• Fragmentation!– Connectivity Standards– Operating Systems– Topologies– Security

• Expect diverse solutions, so– Software abstraction (APIs) needed at

each node– Multi-tenant environment needed for

security


PORTABILITY AND VIRTUALIZATIONprpl foundation


Mission

‘prpl’ is an open-source, community-driven, collaborative, non-profit consortium focusing on the MIPS architecture and ecosystem, and open to all

- with a focus on enabling next-generation datacenter-to-device portable

software and virtualized architectures


Scalable Processor Architecture Needed, e.g. MIPS

1GHz+ CPU Solution mobile and home

entertainment

32-bit microcontrollers for embedded storage,

automotive and IoT

64-bit multicore advanced networking,

datacenter and infrastructure

Efficient solutions for a broad range of

networking & storage applications


Key Domains

Embedded& IoT

Buildroot, RTOS

Networking

openWrt, yoctoMontavista

Datacenter

RHEL, Fedora, Ubuntu, CentOS

Digital Home & Mobile

openWrt, Linux, Android


Work-flowUpstream projects:

gnu.org, kernel.org, llvm.org

prpl: Domains and Engineering

Groups

supported kernels and projects

projects pulled from upstream

❖ Optimized Linux Kernels regardless of architecture

❖ SDKs and Tools➢ license free versions

❖ launchpad to upstream

❖ advanced future work➢ SDN➢ heterogeneous

compute➢ LLVM➢ vision


prpl Engineering Groups (PEGs)

▪ VZ Ecosystem▪ Hypervisors (eg KVM, Fiasco.oc)

▪ OS▪ Data Center – Redhat, Ubuntu, Debian, CentOS▪ Networking –Montavista, OpenWrt▪ Embedded/IoT & Mobile - Android, Chromium,

Tizen, WebOS, RTOSs, Yocto▪ Kernel (device tree, power mgmt, multi-threading)▪ Portability

▪ JITs (V8, openJDK, etc)▪ Emulation (QEMU)

▪ Tools (SDK, IDE)

▪ Platform▪ UEFI and boot loaders

▪ Optimization▪ Intrinsics (eg SIMD) and libraries (eg memcpy) –

■Multimedia - video, audio, speech■Networking■Security

■Networking (multi-core friendly and aynchronous)■e.g. BGP, OVS, snort, routing protocols, DPI


Low Cost Hardware

❖ MIPS CI20

➢ dual core MIPS32 CPU @1.2GHz, PowerVR SGX540 GPU, HDMI, 1GB RAM, 8GB Flash, 2 usb, audio, WiFi, BT

➢ Linux and Android 4.4 - community supported, rasbpi header

➢ Available now - http://elinux.org/MIPS_Creator_CI20

➢ Price: $40

❖ prpl stamp #2

➢ dual core MIPS32 interAptiv @600MHz, PowerVR SGX520, HDMI, 512MB RAM, 4 GB Flash, usb, audio, WiFi, BT, aggressive power savings modes enabling 30-day battery life

➢ Android Wear (smartwatch and IoT platform)

➢ ETA: Dec 2014

➢ Price: $35 (est.)

❖ Interface Masters MIPS64 Niagara3218

➢ MIPS64 network system

❖ Interface Masters MIPS64 Niagara804-BP

➢ MIPS64 network adapter


Summary: what will prpl do?

• Focus on the software “glue” necessary to carry secure structured and unstructured data from the device to the datacenter

• Example:– Secure hypervisors for multiple tenants– Portable software, such as JITs– SaaS, PaaS, IaaS OTA secure– Programming models to enable big data processing (eg hadoop) over

heterogenous processors

Embedded nodes

OpenWrt hub

Networking backbone

Datacenter


E.g. Develop Software Enabling Security and Multiple Contexts• Multiple contexts are required

– Shared resource– Protected resource– Energy conservation

• Heterogenous programming models are required– Close working relationship with leading

industry consortia, leading semiconductor companies, OEMs and ISVs MemoryMemory

CPUCluster

Coherent FabricSoC

Network layersOffloads (Crypto, IP, etc)

I/O

GPUCluster

Secure Hypervisor (R/G MMU)

H/W

TPM-------BootROM

XX

GuestUser

--------GuestKernel

GuestUser

--------GuestKernel

GuestUser

--------GuestKernel

GuestUser

--------GuestKernel

vGPU1

vGPU2S/W

VM1VM2VM3VMn

Incr

ease

Priv

ilege

Secure DomainsProtected Partitions

IoT & Security: presented by Amit Rohatgi at CIE-SF 41Thursday, September 4th, 2014 41


Resources

• http://prplfoundation.org• http://www.cisco.com/web/about/ac79/docs/

innov/IoE_Economy.pdf• http://theinstitute.ieee.org/benefits/standards/s

etting-the-stage-for-the-internet-of-things• FTC Workshop on IoT and Security (Nov ‘13)• amit (at) prplfoundation (dot) org

(thanks!)

http://theinstitute.ieee.org/benefits/standards/setting-the-stage-for-the-internet-of-things

http://theinstitute.ieee.org/benefits/standards/setting-the-stage-for-the-internet-of-things

http://www.ftc.gov/sites/default/files/documents/public_events/internet-things-privacy-security-connected-world/internet_of_things_workshop_slides.pdf

Thanks!


How to Get Involved in prpl

Mailing list lists.prplfoundation.orgWiki wiki.prplfoundation.orgForums forum.prplfoundation.orgCode github.com/prplfoundation

IoT Security Imperative: Stop your Fridge from Sending you Spam

Internet

Transcript of IoT Security Imperative: Stop your Fridge from Sending you Spam