Download - iotdi slides final for pdf - Ptolemy Project...•E.g., WSN, MANET or swarm devices •Assume homogeneous environments •Not designed for Internet scale[2] [1] C. Neumanet al., 2005.

TerraSwarmTerraSwarm

SponsoredbytheTerraSwarmResearchCenter,oneofsixcentersadministeredbytheSTARnetphaseoftheFocusCenterResearchProgram(FCRP)aSemiconductorResearchCorporationprogramsponsoredbyMARCOandDARPA.

AToolkitforConstructionofAuthorizationServiceInfrastructurefor

theInternetofThings(IoT)HokeunKim1,Eunsuk Kang1,EdwardA.Lee1,DavidBroman2

IoTDI 2017,Pittsburgh,PAApril19,2017

1UniversityofCalifornia,Berkeley2KTHRoyalInstituteofTechnology

Overview– IoT &Authorization

TerraSwarm Research Center 2

Privatedata

Control

• InternetofThings • Authorization(accesscontrol)– Criticalforcomputersecurity

Benefits,butalsochallenges

• Existingsecuritysolutions?– Mayworkwellforsomepartsof

theIoT,butnotfortheentireIoT!

• Proposedapproach– SST– SST:SecureSwarmToolkit– Anopen-sourcetoolkitforbuilding

authorizationinfrastructurefortheIoT– ToaddressIoT securitychallenges

Motivation• ChallengesinIoT security[1]

TerraSwarm Research Center 3[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"

Heterogeneity• Securityrequirements&resourceavailability• Connectivity(wiredconnectionsvs.mobiledevices)• Systemmanagement

Motivation(cont'd)


• ChallengesinIoT security[1]

[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"

Operationinanopen(orhostile)Environment• Physicalaccess & wirelessaccesstoIoT devices• Higherriskofbeingcompromised• MustbeabletorevokeaccessofcompromisedIoT devices

Motivation(cont'd)


• ChallengesinIoTsecurity[1]

[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"

Sources:"Ericsson MobilityReport",June2016/"CiscoGlobalCloudIndex:ForecastandMethodology,2015–2020",Publishedin2016

Scalability• 28billionconnecteddevicesin2021• 15.3ZBdatatrafficin2020

– 1ZB(Zetta byte)=109 TB(Terrabytes)

Background:Authorization&IoT

• Authorization– Accesscontrol• "CanIentertheEECSbuilding?"

– Allowing/denyingaccesstoresources– Revokingaccess(e.g.,lostIDcard)


• Authentication– Identifyingsomeone/something• "MemberofEECS?"

– Essentialforauthorization

Background(cont'd)

• ManyIoT platformsuseTLS(orDTLS[2])forauthentication/authorization– E.g.,AmazonAWSIoT,OpenIoT[3],OSCAR[4],etc.


• TLS(TransportLayerSecurity,alsocalledSSL/TLS)– UnderlyingsecurityprotocolforHTTPS–Widelyused,verysuccessfulforweb

[1]VariantofTLSoverUDP,2012"DatagramTransportLayerSecurityVersion1.2.RFC6347"[2]JohnSoldatos etal.,2015."OpenIoT:OpenSourceInternet-of-ThingsintheCloud"[3]Vucinic etal.,2015."OSCAR:ObjectsecurityarchitecturefortheInternetofThings"

Background(cont'd)

TerraSwarm Research Center 8[1]Mutton,"Certificaterevocation:WhybrowsersremainaffectedbyHeartbleed",Netcraft,April,2014[2]Duncan,"How certificate revocation (doesn’t)work inpractice",Netcraft,May,2013

• ChallengeswithusingTLSfortheentireIoT– Energyoverheadofpublic-keycrypto&certificates– Scalability(managingcertificatesfor~28billiondevices)– Revocationofcertificatescanbeproblematic[1,2]

– Limitedsupportforone-to-manycommunication

• TLSbasedonadigitalcertificate

EncryptedSecurechannel

CertificateissuedbyCA

BrowserWebServer

CertificateAuthority(CA)

Certificate Public-keycryptography

Background(cont'd)


– Kerberos[1]• Advantagesforaccessrevocation• Requiresstableconnection• Centralizedarchitecture

– Securitysolutionsfor"Things"• E.g.,WSN,MANETorswarmdevices• Assumehomogeneousenvironments• NotdesignedforInternetscale[2]

[1]C.Neuman etal.,2005."TheKerberosNetworkAuthenticationService(V5)".RFC4120[2]Alcaraz etal.,2010."Wirelesssensornetworksandtheinternetofthings:Doweneedacompleteintegration?"

• ChallengeswithapplyingothersecuritysolutionsKerberos

AuthenticationServer

ServiceServerClient

*Ticket:temporarytokenforaccessingservice

*

*

Source:http://www.yuden.co.jp/ut/solutions/wsn/

ProposedApproach• SST– SecureSwarmToolkit


– Anopen-sourcetoolkitforauthentication/authorizationoftheIoT (availableonhttps://github.com/iotauth)

ProposedApproach(Cont'd)

• SpecificgoalsofSST


Heterogeneity

OpenEnvironment(AccessRevocation)

Scalability

Integrationofexistingsecuritysolutions(notinventingnewones)

Locallycentralizedandgloballydistributedarchitecture

Easeofdeploymentbylocaldomainexpertsatalargescale

SST’sDesignandImplementation

• Auth[1]– Locallycentralized,globallydistributedauthentication/authorizationentity(software)

– Javaprogramtobedeployedonedgedevices[2] (e.g.,IntelIoT gateways)


[1]AprototypeofAuth hasbeenproposedinKimetal.,2016."ASecureNetworkArchitecturefortheInternetofThingsBasedonLocalAuthorizationEntities"[2]Lopezetal.,2015."Edge-centricComputing:VisionandChallenges”

AuthAuth

Auth

Auth

Auth

Auth

ElectricVehicle

SmartHome

Auth

Auth

Auth

Auth

MedicalCenter

SmartPowerGrid

Auth

Internet

ConferenceRoom

Factory

PersonalArea

Network

DesignandImplementation(cont'd)

• Securecommunicationaccessors


– Softwarebuildingblocks forsecurelyaccessingAuth andtheIoT services

– Encapsulatecryptokeys&operations– HelpIoT developerswhoarenot

securityexperts

– Formoreinformation,seehttps://accessors.org– We'restillatastartingpointandworkingonmoreaccessors!

IoT Application(Actor-orientedProgramModel)

Secure Comm Accessor

IoT ServiceAuth

CryptoKey

Encrypt&authenticate

Decrypt&verify

Message

Message

GenerateMessage

ProcessMessage

Message

– Currentlyavailableaccessors(inJavaScript)



Client

SecureCommClient

AccessResponse

FromService

RequestToSend

ProcessClient

Message

RespondToClient

SecureCommServer

IoT Service

AuthSessionKeyIwanttouse

IoT Service!

EncryptedwithDistributionKeybetweenAuth andClient

• Example:HowSST(Auth andaccessors)works



Client

SecureCommClient

AccessResponse

FromService

RequestToSend

ProcessClient

Message

RespondToClient

SecureCommServer

IoT Service

Auth

Initiatechallenge-response

Challenge-response[1] tocheckwhetherIoT ServerhasthesameSessionKey

[1]SimilartoTLSPSKextensionbyEronen andTschofenig.2005.Pre-SharedKeyCiphersuites forTLS.RFC4279.




Client

SecureCommClient

AccessResponse

FromService

RequestToSend

ProcessClient

Message

RespondToClient

SecureCommServer

IoT Service

Auth


SessionKey

EncryptedwithDistributionKeybetweenAuth andIoT Server

• Example:HowSST(Auth andaccessors)worksOK,Clientcanaccess

thisIoT Service.



Client

SecureCommClient

AccessResponse

FromService

RequestToSend

ProcessClient

Message

RespondToClient

SecureCommServer

IoT Service

Auth

Initiatechallenge-responseFinishchallenge-response

Protectedcommunicationchannelusingsessionkeyandstandardcryptography[2]


Securecommunication

[2]FollowedTLS1.2’sstandard,includingsequencenumber,encrypt-then-MAC

Updatedusingpublickey

Permanent

Nodirectkeydistribution

EphemeralDiffie-Hellman

Encryption

Authenticationonly

Strong&shortLightweight&long

Distribution key

Cryptostrength&keylifetimes

SessionkeyusageNumberof

sessionkeysharers

Cachedsessionkeys

Underlyingprotocol

TCP

UDP

One

Two(server-client)

Morethantwo(broadcasting)

Unlimited

Unlimited Multiple

D-3

D-1

D-2P-1

P-2

C-1 C-2 C-3K-1K-2K-3

O-1

O-2

O-3

S-1

S-2

S-3

SSTforHeterogeneity

• SST’sconfigurationalternatives


Heterogeneity

OpenEnv.

Scalability

Moresecurityguarantees

Lessenergyoverhead

Effectofknobswillbeshownthroughexperiments!

SSTforOpenEnvironment


– SST'sdesigntotimelyrevoke keys(session&distributionkeys)• MustalwaysbeauthorizedbyAuth• Revocationtakeseffectimmediately

• Limitingdamagefromcompromisedentities

Heterogeneity

OpenEnv.

Scalability

– EvenwhenClientwithavalidsessionkeyiscompromised,Auth canpreventitsaccesstoIoT Server!

Client

SecureCommClient

AccessReceivedMessage

MessageToSend

Auth SessionKey

ProcessReceivedMessage

RespondToClient

SecureCommServer

IoT Service


Client

SSTforScalability

• Sharedkeysupportforone-to-manycommunication(fordatascalability)


SecurePublisher

Auth

MessageToPublish

AccessPublishedMessage

SecureSubscriber

Sender

Receiver1


SecureSubscriber

Receiver2


SecureSubscriber

ReceiverN

Heterogeneity

OpenEnv.

Scalability

SSTforScalability



SecurePublisher

Auth

MessageToPublish


SecureSubscriber

Sender

Receiver1


SecureSubscriber

Receiver2


SecureSubscriber

ReceiverN

Heterogeneity

OpenEnv.

Scalability

SSTforScalability



SecurePublisherMessageToPublish


SecureSubscriber

Sender

Receiver1


SecureSubscriber

Receiver2


SecureSubscriber

ReceiverN

MessageBroker

Message

Message

Message Message

ThroughMQTT(publish-subscribeprotocol)

Heterogeneity

OpenEnv.

Scalability

Auth

SSTforScalability



SecurePublisher

Auth

MessageToPublish


SecureSubscriber

Sender

Receiver1


SecureSubscriber

Receiver2


SecureSubscriber

ReceiverN

UDPbroadcastoveralocalnetworkMessage

Heterogeneity

OpenEnv.

Scalability

Object(data)security(e.g.,forinformation-centricnetworks)

SSTforScalability(cont'd)

• GloballydistributedAuths (toscalewith#IoT devices)– Trustrelationshipswithoutacentralizedauthority


Auth Auth

Client IoT Service

Heterogeneity

OpenEnv.

Scalability

Auth

Auth Auth

Auth

AuthAuth

Auth

AuthAuthTrustrelationshipbetweenAuths

Secure communication

Evaluation:SecurityAnalysis


DesiredSecurityProperties• Confidentiality(ofdata)• Messageauthenticity• Dataintegrity

ThreatModel• Networkattackers

• Eavesdroporinjectpackets• CompromisedIoT Entities

• Trytobreaksecurityofothers• NocompromisedAuths

FormalSecurityModelofSST[1]• ModeledinAlloy[2] (Modelcheckingtool&language)• IncludesmodelsforAuths,entitiesandcommunicationmessages

Result:Formallyproventosatisfythesecurityproperties![1]https://github.com/iotauth/security_analysis[2]http://alloy.mit.edu/alloy/

Evaluation:ScalabilityAnalysis• Auth’s authorizationtasksinclude– CommunicationwithIoT entities andAuths– Cryptographicoperations– AccessingAuth’s database (keys,accesspolicy,etc.)


Accessactivityperentity↑

AuthAuth

AuthAuth

AuthAuth AuthAuth

AuthAuth

AuthAuth

NumberofIoT entities↑

Authorizationworkload↑

• Scalabilityanalysisresult:– EachAuth’s workloadisalinearfunctionof“numberofentitiesperAuth”, not

“totalnumberofentitiesinthesystem”,assumingaccessactivityperentityisfixed– Intheory,wecanalwaysscalewithincreasingentitiesbyaddingAuths accordingly

Experiments&Results

• Effectofvariousconfigurationalternatives– Estimatedenergyconsumptionforsettingupsecureconnections betweenIoT clients&IoT servers• Loggedcryptooperationsandcapturedpackets• UsedenergynumbersfromUAB[1]andSICS[2]


[1]UAB(UniversitatAutònomadeBarcelona),Rifà-PousandHerrera-Joancomartí.2011[2]SICS(SwedishInstituteofComputerScience),FeeneyandNilsson.2001

Client

IoT Server

Client

Client

ClientClient

Energyoverhead?

495

417

312

259

227

225

120

67 35985

642

424

327

259 451

232

135

671967

1093

650

461

324

901

458

270

133

0200400600800

100012001400160018002000

1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞

TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP

Updated Permanent Updated Permanent Updated Permanent

TLS SST TLS SST TLS SST

16Clients 32Clients 64Clients

Energy(m

J)

Estimatedenergyconsumptionofresource-constrainedserver

Public-keycryptoSym.crypto&MACNetworkcomm.

Numberofallowedcachedsessionkeys

UnderlyingProtocolDistribution keymanagement

Numberofclients


Permanent



Encryption

Authenticationonly


Distribution key



sessionkeysharers

Cachedsessionkeys

Underlyingprotocol

TCP

UDP

One

Two(server-client)


Unlimited

Unlimited Multiple

D-3

D-1

D-2P-1

P-2

C-1 C-2 C-3K-1K-2K-3

O-1

O-2

O-3

S-1

S-2

S-3

Experiments&Results(cont'd)


• Moreresultsinourpaper!(forIoT clients)

EstimatedenergyforanIoT serverconnectedby16,32,and64clients

Moresecurityguarantees

Lessenergyoverhead

Tradeoffsforheterogeneity!

Note:TLSwasusedasareferenceandwedonotclaimthatSSTisbetterthanTLS

32

1

1

23


• Asenderandmultiplereceiverswithdifferentsettings


(1)ConnectionswithSSL/TLS (2)SharedKey+secureconnectionsbySST

(3)Sharedkey+MQTTmessagebroker

Sender

ReceiverReceiver

ReceiverSSL/TLS

Sender

ReceiverReceiver

ReceiverUDPbroadcast

ReceiverReceiver

ReceiverBrokerSender TCPTCP

Sender

ReceiverReceiver

ReceiverSSTsecureconnection

(4)Sharedkey+UDPbroadcast

:SharedsessionkeydistributedbyAuth


Permanent



Encryption

Authenticationonly


Distribution key



sessionkeysharers

Cachedsessionkeys

Underlyingprotocol

TCP

UDP

One

Two(server-client)


Unlimited

Unlimited Multiple

D-3

D-1

D-2P-1

P-2

C-1 C-2 C-3K-1K-2K-3

O-1

O-2

O-3

S-1

S-2

S-3

54.0

48.6

3.4

3.0

108.1

96.9

3.4

3.0

216.2

193.5

3.4

3.0

0

50

100

150

200

250

TLS ISC MB UB TLS ISC MB UB TLS ISC MB UB

16Receivers 32Receivers 64Receivers

Energy(m

J)

Estimatedenergyforsending1KBmessage

Sym.crypto&MACNetworkcomm.

Net.Setting

#receivers



Estimatedenergyforasendertosenda1KB-messagetoreceivers

TLS: (1)SSL/TLSISC:(2)IndividualSSTConnections+sharedkeyMB:(3)MQTTMessagebrokerUB:(4)UDPbroadcast

TradeoffexampleAsensornode(500mAh/1.5Vbattery)sending1KBperminuteto64receivers

Expectedbatterylife

Conclusions

• BenefitsofSST:SecureSwarmToolkit– AuthorizationforawiderangeofIoT fromsensornodestosafety-critical systems

– EnableInternet-scaledeployment withincreasingconnecteddevicesandtraffic

– HelpdeploymentofIoT securitysolutionsbysystemdesignerswithmoderateknowledgeinsecurity

– Possibleintegration withotherIoT-relatedefforts(e.g.,securingCoAP[1])

TerraSwarm Research Center 31[1]Shelbyetal.,2014."TheConstrainedApplicationProtocol(CoAP)".RFC6347

Conclusions(cont'd)

• Futurework–Mitigationagainstavailabilityattacks (e.g.,Denial-of-Serviceattacks)

– DetectionofmaliciousbehaviorofcompromisedIoT entitiesorAuth

– FurtherstudiesonusabilityofSST– EfficientinitialsetupofSST(e.g.,registeringIoTdeviceswithAuth)

• Forfurtherinformation– https://github.com/iotauth
