Programming the Internet of Things Securely · 2017-09-26 · The Internet of Things •...

Sanjiva Prasad, Fukuoka

Programming the Internet of Things Securely

Sanjiva PrasadIIT Delhi

January 20161


What a Wonderful World!

January 2016 2


Another Vision of the World

• (Image source: engagor.com)

January 2016 3

http://engagor.com


Research Strands

January 2016 4

Logistics and RFID

Mobile Computing

Cloud Computing

Pervasive Computing Wireless Sensor Networks

Cyber-Physical Systems Control Systems


The Internet of Things• Appliances: addressable,

networked • Sense-Analyse-Actuate

Smart-grids, smart-buildings, smart-traffic… – Greater automation – Increased utility – New functionality

• Very Big Thing: disruptive • Billions & billions of

devices • (Image Source: Dr Seuss, The Cat in the Hat)

January 2016 5


A Variety of Applications

– Consumer and Home – Smart Infrastructure – HealthCare – Security and Surveillance – Transportation – Industrial, Shop-floor – Retail – …

January 2016 6


“Any time, any place, any …”A technology model or a business model?

(Image: Economic Times)

January 2016 7

Sanjiva Prasad, Univ Illinois ChicagoJanuary 2016 8


IoT Challenges

• Scale • Architecture • Correctness & Robustness • Open Interactions • Security – Integrity and Trust – Privacy

• Mobility • Dynamics

January 2016 9


Scale

• Trillions of devices (1012) – Size of Namespace

• Heterogeneity of devices, systems – Discover, Authenticate, Use, Maintain, Protect

• Data – Volume, Variety, Velocity of Data – Validate, Analyze, Curate

• Energy – Powering things, recharging

January 2016 10


Architecture

– Connect, Control, Communicate

• Interactions, interoperation • Standards • Dependencies: unforeseen constraints • Novel Interactions • Sharing resources: sensors, actuators,

communication devices, correlations in analysis.

January 2016 11


Openness

• An open model of interaction • Dynamic inclusion of systems • Composition with other systems • Interoperable: communication formats • Ever-changing system model • Dynamics

January 2016 12


Dream …. or …

Image Source: © Maurice Sendak, “Where the Wild Things Are”.

January 2016 13


Dystopian Warnings - 1

• New Attack Surfaces • Jeep Cherokee UConnect Attack

[Andy Greenberg, Wired online, July 2015]

• Miller-Valasek take control of climate control system, entertainment system, wipers, lights, steering, brakes, transmission….

• and crash Jeep • remotely from their couch 10 miles away

January 2016 14


Dystopian Warnings -2

Commercialization & Anti-competition / monopoly [Schneier, Atlantic, December 2015] • “Engage, Extend, Eliminate” • Incompatibility between software and things

• Philips Hue system • Keurig Coffee pods • HP Printer Software • Amazon eBook and other software • Apple iTunes Store and music players.

January 2016 15


Questioning Things - 1

• Unique ids, addressability of all devices – All devices interconnected! – Do we really need all Toasters of the

World to Unite? – Do we need Globally unique ids? – Do we need an Internet of Things, or… – Firewalls, Managed networks etc?

January 2016 16


Questioning Things 2

• Security: The Achilles Heel

• Programmability of devices -> Hackability • New attack planes • Integrity and Trustworthiness of data • Privacy of data • Death of Anonymity • Ubiquitous Data Collection • Unexpected uses of Consumer Data • Novel Interactions, unforeseen leakages

January 2016 17


What’s Not Right

• Currently, IoT programmed using low-level computational models, languages

• Need better programming abstractions • Need better frameworks, tools and techniques

for reasoning • Security not inbuilt from First Principles • Standards (too many, not precise) • Wanted: Transparency, Well-documented APIs,

Configuration options & Opt-out

January 2016 18


PL-style Approach

• Security as a design element • A High-level programming model • Clean interfaces • Invariant maintenance as the guiding

principle • Standard APIs and clear semantics • Security in storage, communication,

processingJanuary 2016 19


Models for Composition

• Closed Interfaces • Secure by default • Explicit mechanisms to communicate • Doesn’t realise IoT potential

• Open Interfaces • Insecure, arbitrary access possible • Good for discovering insecurities

IoT needs Open Interface but security!

January 2016 20


Prescriptions1. A Data Flow Model for Things

• … as Stream producers/consumers but reactive, event based (FRP/Yampa; Lustre) • Clear modular interfaces • Low resource footprint — tasks and event

handlers • Atomicity of actions • Compile High-level to nesC (Lustre -> C)

January 2016 21


Prescriptions - 2

2. A Logic-based Specification

Invariants clearly documented • Conflict resolution • Consistency criteria • Exceptions and Constraints

expressed in high-level logical terms

January 2016 22


Prescriptions - 3

3. A Structural model • Nesting, Locality & Admin domains • Communication • Mobility and Reconfiguration • Reprogrammabilty, Upgrade,

Replacement • Verification: reachability, model-

checking [Milner’s Bigraphs]

January 2016 23


Prescriptions 4 & 5

4. Axiomatic model for Communication

[Karsten et al’s ABC]

5. An Analytical model for Secure Information Flow

• security is more than access control & cryptography

• “Obsecurity” is not good enough

January 2016 24


When Things Fail..

• Let them die? • Patches not easy

(limited battery & compute power) Patches as an attack vector?

• Less diverse ecosystem -> standard • but “epidemics” can lead to big failures

• Many diverse non-standard systems • self-limiting failures, but low pay-off

January 2016 25


Questions?

January 2016 26


Thank You!

January 2016 27

Programming the Internet of Things Securely · 2017-09-26 · The Internet of Things •...

Documents

Transcript of Programming the Internet of Things Securely · 2017-09-26 · The Internet of Things •...