iotdi slides final for pdf - Ptolemy Project...•E.g., WSN, MANET or swarm devices •Assume...
Transcript of iotdi slides final for pdf - Ptolemy Project...•E.g., WSN, MANET or swarm devices •Assume...
-
TerraSwarmTerraSwarm
SponsoredbytheTerraSwarmResearchCenter,oneofsixcentersadministeredbytheSTARnetphaseoftheFocusCenterResearchProgram(FCRP)aSemiconductorResearchCorporationprogramsponsoredbyMARCOandDARPA.
AToolkitforConstructionofAuthorizationServiceInfrastructurefor
theInternetofThings(IoT)HokeunKim1,Eunsuk Kang1,EdwardA.Lee1,DavidBroman2
IoTDI 2017,Pittsburgh,PAApril19,2017
1UniversityofCalifornia,Berkeley2KTHRoyalInstituteofTechnology
-
Overview– IoT &Authorization
TerraSwarm Research Center 2
Privatedata
Control
• InternetofThings • Authorization(accesscontrol)– Criticalforcomputersecurity
Benefits,butalsochallenges
• Existingsecuritysolutions?– Mayworkwellforsomepartsof
theIoT,butnotfortheentireIoT!
• Proposedapproach– SST– SST:SecureSwarmToolkit– Anopen-sourcetoolkitforbuilding
authorizationinfrastructurefortheIoT– ToaddressIoT securitychallenges
-
Motivation• ChallengesinIoT security[1]
TerraSwarm Research Center 3[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Heterogeneity• Securityrequirements&resourceavailability• Connectivity(wiredconnectionsvs.mobiledevices)• Systemmanagement
-
Motivation(cont'd)
TerraSwarm Research Center 4
• ChallengesinIoT security[1]
[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Operationinanopen(orhostile)Environment• Physicalaccess & wirelessaccesstoIoT devices• Higherriskofbeingcompromised• MustbeabletorevokeaccessofcompromisedIoT devices
-
Motivation(cont'd)
TerraSwarm Research Center 5
• ChallengesinIoTsecurity[1]
[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Sources:"Ericsson MobilityReport",June2016/"CiscoGlobalCloudIndex:ForecastandMethodology,2015–2020",Publishedin2016
Scalability• 28billionconnecteddevicesin2021• 15.3ZBdatatrafficin2020
– 1ZB(Zetta byte)=109 TB(Terrabytes)
-
Background:Authorization&IoT
• Authorization– Accesscontrol• "CanIentertheEECSbuilding?"
– Allowing/denyingaccesstoresources– Revokingaccess(e.g.,lostIDcard)
TerraSwarm Research Center 6
• Authentication– Identifyingsomeone/something• "MemberofEECS?"
– Essentialforauthorization
-
Background(cont'd)
• ManyIoT platformsuseTLS(orDTLS[2])forauthentication/authorization– E.g.,AmazonAWSIoT,OpenIoT[3],OSCAR[4],etc.
TerraSwarm Research Center 7
• TLS(TransportLayerSecurity,alsocalledSSL/TLS)– UnderlyingsecurityprotocolforHTTPS–Widelyused,verysuccessfulforweb
[1]VariantofTLSoverUDP,2012"DatagramTransportLayerSecurityVersion1.2.RFC6347"[2]JohnSoldatos etal.,2015."OpenIoT:OpenSourceInternet-of-ThingsintheCloud"[3]Vucinic etal.,2015."OSCAR:ObjectsecurityarchitecturefortheInternetofThings"
-
Background(cont'd)
TerraSwarm Research Center 8[1]Mutton,"Certificaterevocation:WhybrowsersremainaffectedbyHeartbleed",Netcraft,April,2014[2]Duncan,"How certificate revocation (doesn’t)work inpractice",Netcraft,May,2013
• ChallengeswithusingTLSfortheentireIoT– Energyoverheadofpublic-keycrypto&certificates– Scalability(managingcertificatesfor~28billiondevices)– Revocationofcertificatescanbeproblematic[1,2]
– Limitedsupportforone-to-manycommunication
• TLSbasedonadigitalcertificate
EncryptedSecurechannel
CertificateissuedbyCA
BrowserWebServer
CertificateAuthority(CA)
Certificate Public-keycryptography
-
Background(cont'd)
TerraSwarm Research Center 9
– Kerberos[1]• Advantagesforaccessrevocation• Requiresstableconnection• Centralizedarchitecture
– Securitysolutionsfor"Things"• E.g.,WSN,MANETorswarmdevices• Assumehomogeneousenvironments• NotdesignedforInternetscale[2]
[1]C.Neuman etal.,2005."TheKerberosNetworkAuthenticationService(V5)".RFC4120[2]Alcaraz etal.,2010."Wirelesssensornetworksandtheinternetofthings:Doweneedacompleteintegration?"
• ChallengeswithapplyingothersecuritysolutionsKerberos
AuthenticationServer
ServiceServerClient
*Ticket:temporarytokenforaccessingservice
*
*
Source:http://www.yuden.co.jp/ut/solutions/wsn/
-
ProposedApproach• SST– SecureSwarmToolkit
TerraSwarm Research Center 10
– Anopen-sourcetoolkitforauthentication/authorizationoftheIoT (availableonhttps://github.com/iotauth)
-
ProposedApproach(Cont'd)
• SpecificgoalsofSST
TerraSwarm Research Center 11
Heterogeneity
OpenEnvironment(AccessRevocation)
Scalability
Integrationofexistingsecuritysolutions(notinventingnewones)
Locallycentralizedandgloballydistributedarchitecture
Easeofdeploymentbylocaldomainexpertsatalargescale
-
SST’sDesignandImplementation
• Auth[1]– Locallycentralized,globallydistributedauthentication/authorizationentity(software)
– Javaprogramtobedeployedonedgedevices[2] (e.g.,IntelIoT gateways)
TerraSwarm Research Center 12
[1]AprototypeofAuth hasbeenproposedinKimetal.,2016."ASecureNetworkArchitecturefortheInternetofThingsBasedonLocalAuthorizationEntities"[2]Lopezetal.,2015."Edge-centricComputing:VisionandChallenges”
AuthAuth
Auth
Auth
Auth
Auth
ElectricVehicle
SmartHome
Auth
Auth
Auth
Auth
MedicalCenter
SmartPowerGrid
Auth
Internet
ConferenceRoom
Factory
PersonalArea
Network
-
DesignandImplementation(cont'd)
• Securecommunicationaccessors
TerraSwarm Research Center 13
– Softwarebuildingblocks forsecurelyaccessingAuth andtheIoT services
– Encapsulatecryptokeys&operations– HelpIoT developerswhoarenot
securityexperts
– Formoreinformation,seehttps://accessors.org– We'restillatastartingpointandworkingonmoreaccessors!
IoT Application(Actor-orientedProgramModel)
Secure Comm Accessor
IoT ServiceAuth
CryptoKey
Encrypt&authenticate
Decrypt&verify
Message
Message
GenerateMessage
ProcessMessage
Message
– Currentlyavailableaccessors(inJavaScript)
-
DesignandImplementation(cont'd)
TerraSwarm Research Center 14
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
AuthSessionKeyIwanttouse
IoT Service!
EncryptedwithDistributionKeybetweenAuth andClient
• Example:HowSST(Auth andaccessors)works
-
DesignandImplementation(cont'd)
TerraSwarm Research Center 15
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-response
Challenge-response[1] tocheckwhetherIoT ServerhasthesameSessionKey
[1]SimilartoTLSPSKextensionbyEronen andTschofenig.2005.Pre-SharedKeyCiphersuites forTLS.RFC4279.
• Example:HowSST(Auth andaccessors)works
-
DesignandImplementation(cont'd)
TerraSwarm Research Center 16
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-response
SessionKey
EncryptedwithDistributionKeybetweenAuth andIoT Server
• Example:HowSST(Auth andaccessors)worksOK,Clientcanaccess
thisIoT Service.
-
DesignandImplementation(cont'd)
TerraSwarm Research Center 17
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-responseFinishchallenge-response
Protectedcommunicationchannelusingsessionkeyandstandardcryptography[2]
• Example:HowSST(Auth andaccessors)works
Securecommunication
[2]FollowedTLS1.2’sstandard,includingsequencenumber,encrypt-then-MAC
-
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
SSTforHeterogeneity
• SST’sconfigurationalternatives
TerraSwarm Research Center 18
Heterogeneity
OpenEnv.
Scalability
Moresecurityguarantees
Lessenergyoverhead
Effectofknobswillbeshownthroughexperiments!
-
SSTforOpenEnvironment
TerraSwarm Research Center 19
– SST'sdesigntotimelyrevoke keys(session&distributionkeys)• MustalwaysbeauthorizedbyAuth• Revocationtakeseffectimmediately
• Limitingdamagefromcompromisedentities
Heterogeneity
OpenEnv.
Scalability
– EvenwhenClientwithavalidsessionkeyiscompromised,Auth canpreventitsaccesstoIoT Server!
Client
SecureCommClient
AccessReceivedMessage
MessageToSend
Auth SessionKey
ProcessReceivedMessage
RespondToClient
SecureCommServer
IoT Service
Initiatechallenge-response
Client
-
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 20
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
Heterogeneity
OpenEnv.
Scalability
-
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 21
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
Heterogeneity
OpenEnv.
Scalability
-
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 22
SecurePublisherMessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
MessageBroker
Message
Message
Message Message
ThroughMQTT(publish-subscribeprotocol)
Heterogeneity
OpenEnv.
Scalability
Auth
-
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 23
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
UDPbroadcastoveralocalnetworkMessage
Heterogeneity
OpenEnv.
Scalability
Object(data)security(e.g.,forinformation-centricnetworks)
-
SSTforScalability(cont'd)
• GloballydistributedAuths (toscalewith#IoT devices)– Trustrelationshipswithoutacentralizedauthority
TerraSwarm Research Center 24
Auth Auth
Client IoT Service
Heterogeneity
OpenEnv.
Scalability
Auth
Auth Auth
Auth
AuthAuth
Auth
AuthAuthTrustrelationshipbetweenAuths
Secure communication
-
Evaluation:SecurityAnalysis
TerraSwarm Research Center 25
DesiredSecurityProperties• Confidentiality(ofdata)• Messageauthenticity• Dataintegrity
ThreatModel• Networkattackers
• Eavesdroporinjectpackets• CompromisedIoT Entities
• Trytobreaksecurityofothers• NocompromisedAuths
FormalSecurityModelofSST[1]• ModeledinAlloy[2] (Modelcheckingtool&language)• IncludesmodelsforAuths,entitiesandcommunicationmessages
Result:Formallyproventosatisfythesecurityproperties![1]https://github.com/iotauth/security_analysis[2]http://alloy.mit.edu/alloy/
-
Evaluation:ScalabilityAnalysis• Auth’s authorizationtasksinclude– CommunicationwithIoT entities andAuths– Cryptographicoperations– AccessingAuth’s database (keys,accesspolicy,etc.)
TerraSwarm Research Center 26
Accessactivityperentity↑
AuthAuth
AuthAuth
AuthAuth AuthAuth
AuthAuth
AuthAuth
NumberofIoT entities↑
Authorizationworkload↑
• Scalabilityanalysisresult:– EachAuth’s workloadisalinearfunctionof“numberofentitiesperAuth”, not
“totalnumberofentitiesinthesystem”,assumingaccessactivityperentityisfixed– Intheory,wecanalwaysscalewithincreasingentitiesbyaddingAuths accordingly
-
Experiments&Results
• Effectofvariousconfigurationalternatives– Estimatedenergyconsumptionforsettingupsecureconnections betweenIoT clients&IoT servers• Loggedcryptooperationsandcapturedpackets• UsedenergynumbersfromUAB[1]andSICS[2]
TerraSwarm Research Center 27
[1]UAB(UniversitatAutònomadeBarcelona),Rifà-PousandHerrera-Joancomartí.2011[2]SICS(SwedishInstituteofComputerScience),FeeneyandNilsson.2001
Client
IoT Server
Client
Client
ClientClient
Energyoverhead?
-
495
417
312
259
227
225
120
67 35985
642
424
327
259 451
232
135
671967
1093
650
461
324
901
458
270
133
0200400600800
100012001400160018002000
1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞
TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP
Updated Permanent Updated Permanent Updated Permanent
TLS SST TLS SST TLS SST
16Clients 32Clients 64Clients
Energy(m
J)
Estimatedenergyconsumptionofresource-constrainedserver
Public-keycryptoSym.crypto&MACNetworkcomm.
Numberofallowedcachedsessionkeys
UnderlyingProtocolDistribution keymanagement
Numberofclients
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
Experiments&Results(cont'd)
TerraSwarm Research Center 28
• Moreresultsinourpaper!(forIoT clients)
EstimatedenergyforanIoT serverconnectedby16,32,and64clients
Moresecurityguarantees
Lessenergyoverhead
Tradeoffsforheterogeneity!
Note:TLSwasusedasareferenceandwedonotclaimthatSSTisbetterthanTLS
32
1
1
23
-
Experiments&Results(cont'd)
• Asenderandmultiplereceiverswithdifferentsettings
TerraSwarm Research Center 29
(1)ConnectionswithSSL/TLS (2)SharedKey+secureconnectionsbySST
(3)Sharedkey+MQTTmessagebroker
Sender
ReceiverReceiver
ReceiverSSL/TLS
Sender
ReceiverReceiver
ReceiverUDPbroadcast
ReceiverReceiver
ReceiverBrokerSender TCPTCP
Sender
ReceiverReceiver
ReceiverSSTsecureconnection
(4)Sharedkey+UDPbroadcast
:SharedsessionkeydistributedbyAuth
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
-
54.0
48.6
3.4
3.0
108.1
96.9
3.4
3.0
216.2
193.5
3.4
3.0
0
50
100
150
200
250
TLS ISC MB UB TLS ISC MB UB TLS ISC MB UB
16Receivers 32Receivers 64Receivers
Energy(m
J)
Estimatedenergyforsending1KBmessage
Sym.crypto&MACNetworkcomm.
Net.Setting
#receivers
Experiments&Results(cont'd)
TerraSwarm Research Center 30
Estimatedenergyforasendertosenda1KB-messagetoreceivers
TLS: (1)SSL/TLSISC:(2)IndividualSSTConnections+sharedkeyMB:(3)MQTTMessagebrokerUB:(4)UDPbroadcast
TradeoffexampleAsensornode(500mAh/1.5Vbattery)sending1KBperminuteto64receivers
Expectedbatterylife
-
Conclusions
• BenefitsofSST:SecureSwarmToolkit– AuthorizationforawiderangeofIoT fromsensornodestosafety-critical systems
– EnableInternet-scaledeployment withincreasingconnecteddevicesandtraffic
– HelpdeploymentofIoT securitysolutionsbysystemdesignerswithmoderateknowledgeinsecurity
– Possibleintegration withotherIoT-relatedefforts(e.g.,securingCoAP[1])
TerraSwarm Research Center 31[1]Shelbyetal.,2014."TheConstrainedApplicationProtocol(CoAP)".RFC6347
-
Conclusions(cont'd)
• Futurework–Mitigationagainstavailabilityattacks (e.g.,Denial-of-Serviceattacks)
– DetectionofmaliciousbehaviorofcompromisedIoT entitiesorAuth
– FurtherstudiesonusabilityofSST– EfficientinitialsetupofSST(e.g.,registeringIoTdeviceswithAuth)
• Forfurtherinformation– https://github.com/iotauth
TerraSwarm Research Center 32