Programming the Internet of Things Securely · 2017-09-26 · The Internet of Things •...
Transcript of Programming the Internet of Things Securely · 2017-09-26 · The Internet of Things •...
Sanjiva Prasad, Fukuoka
Programming the Internet of Things Securely
Sanjiva PrasadIIT Delhi
January 20161
Sanjiva Prasad, Fukuoka
What a Wonderful World!
January 2016 2
Sanjiva Prasad, Fukuoka
Another Vision of the World
• (Image source: engagor.com)
January 2016 3
Sanjiva Prasad, Fukuoka
Research Strands
January 2016 4
Logistics and RFID
Mobile Computing
Cloud Computing
Pervasive Computing Wireless Sensor Networks
Cyber-Physical Systems Control Systems
Sanjiva Prasad, Fukuoka
The Internet of Things• Appliances: addressable,
networked • Sense-Analyse-Actuate
Smart-grids, smart-buildings, smart-traffic… – Greater automation – Increased utility – New functionality
• Very Big Thing: disruptive • Billions & billions of
devices • (Image Source: Dr Seuss, The Cat in the Hat)
January 2016 5
Sanjiva Prasad, Fukuoka
A Variety of Applications
– Consumer and Home – Smart Infrastructure – HealthCare – Security and Surveillance – Transportation – Industrial, Shop-floor – Retail – …
January 2016 6
Sanjiva Prasad, Fukuoka
“Any time, any place, any …”A technology model or a business model?
(Image: Economic Times)
January 2016 7
Sanjiva Prasad, Univ Illinois ChicagoJanuary 2016 8
Sanjiva Prasad, Fukuoka
IoT Challenges
• Scale • Architecture • Correctness & Robustness • Open Interactions • Security – Integrity and Trust – Privacy
• Mobility • Dynamics
January 2016 9
Sanjiva Prasad, Fukuoka
Scale
• Trillions of devices (1012) – Size of Namespace
• Heterogeneity of devices, systems – Discover, Authenticate, Use, Maintain, Protect
• Data – Volume, Variety, Velocity of Data – Validate, Analyze, Curate
• Energy – Powering things, recharging
January 2016 10
Sanjiva Prasad, Fukuoka
Architecture
– Connect, Control, Communicate
• Interactions, interoperation • Standards • Dependencies: unforeseen constraints • Novel Interactions • Sharing resources: sensors, actuators,
communication devices, correlations in analysis.
January 2016 11
Sanjiva Prasad, Fukuoka
Openness
• An open model of interaction • Dynamic inclusion of systems • Composition with other systems • Interoperable: communication formats • Ever-changing system model • Dynamics
January 2016 12
Sanjiva Prasad, Fukuoka
Dream …. or …
Image Source: © Maurice Sendak, “Where the Wild Things Are”.
January 2016 13
Sanjiva Prasad, Fukuoka
Dystopian Warnings - 1
• New Attack Surfaces • Jeep Cherokee UConnect Attack
[Andy Greenberg, Wired online, July 2015]
• Miller-Valasek take control of climate control system, entertainment system, wipers, lights, steering, brakes, transmission….
• and crash Jeep • remotely from their couch 10 miles away
January 2016 14
Sanjiva Prasad, Fukuoka
Dystopian Warnings -2
Commercialization & Anti-competition / monopoly [Schneier, Atlantic, December 2015] • “Engage, Extend, Eliminate” • Incompatibility between software and things
• Philips Hue system • Keurig Coffee pods • HP Printer Software • Amazon eBook and other software • Apple iTunes Store and music players.
January 2016 15
Sanjiva Prasad, Fukuoka
Questioning Things - 1
• Unique ids, addressability of all devices – All devices interconnected! – Do we really need all Toasters of the
World to Unite? – Do we need Globally unique ids? – Do we need an Internet of Things, or… – Firewalls, Managed networks etc?
January 2016 16
Sanjiva Prasad, Fukuoka
Questioning Things 2
• Security: The Achilles Heel
• Programmability of devices -> Hackability • New attack planes • Integrity and Trustworthiness of data • Privacy of data • Death of Anonymity • Ubiquitous Data Collection • Unexpected uses of Consumer Data • Novel Interactions, unforeseen leakages
January 2016 17
Sanjiva Prasad, Fukuoka
What’s Not Right
• Currently, IoT programmed using low-level computational models, languages
• Need better programming abstractions • Need better frameworks, tools and techniques
for reasoning • Security not inbuilt from First Principles • Standards (too many, not precise) • Wanted: Transparency, Well-documented APIs,
Configuration options & Opt-out
January 2016 18
Sanjiva Prasad, Fukuoka
PL-style Approach
• Security as a design element • A High-level programming model • Clean interfaces • Invariant maintenance as the guiding
principle • Standard APIs and clear semantics • Security in storage, communication,
processingJanuary 2016 19
Sanjiva Prasad, Fukuoka
Models for Composition
• Closed Interfaces • Secure by default • Explicit mechanisms to communicate • Doesn’t realise IoT potential
• Open Interfaces • Insecure, arbitrary access possible • Good for discovering insecurities
IoT needs Open Interface but security!
January 2016 20
Sanjiva Prasad, Fukuoka
Prescriptions1. A Data Flow Model for Things
• … as Stream producers/consumers but reactive, event based (FRP/Yampa; Lustre) • Clear modular interfaces • Low resource footprint — tasks and event
handlers • Atomicity of actions • Compile High-level to nesC (Lustre -> C)
January 2016 21
Sanjiva Prasad, Fukuoka
Prescriptions - 2
2. A Logic-based Specification
Invariants clearly documented • Conflict resolution • Consistency criteria • Exceptions and Constraints
expressed in high-level logical terms
January 2016 22
Sanjiva Prasad, Fukuoka
Prescriptions - 3
3. A Structural model • Nesting, Locality & Admin domains • Communication • Mobility and Reconfiguration • Reprogrammabilty, Upgrade,
Replacement • Verification: reachability, model-
checking [Milner’s Bigraphs]
January 2016 23
Sanjiva Prasad, Fukuoka
Prescriptions 4 & 5
4. Axiomatic model for Communication
[Karsten et al’s ABC]
5. An Analytical model for Secure Information Flow
• security is more than access control & cryptography
• “Obsecurity” is not good enough
January 2016 24
Sanjiva Prasad, Fukuoka
When Things Fail..
• Let them die? • Patches not easy
(limited battery & compute power) Patches as an attack vector?
• Less diverse ecosystem -> standard • but “epidemics” can lead to big failures
• Many diverse non-standard systems • self-limiting failures, but low pay-off
January 2016 25
Sanjiva Prasad, Fukuoka
Questions?
January 2016 26
Sanjiva Prasad, Fukuoka
Thank You!
January 2016 27