How To Secure The Internet Of Things

Transcription

1 Pusan National University Howon Kim Oct. 2014

2 Agenda Security and Privacy Issues in Internet of Things 1. Vulnerabilities in IoT 2. Device Security in IoT 3. Comm./Network Security in IoT 4. Security in IoT Services 5. Privacy Issues in IoT 6. Concluding Remarks 2

3 1. Vulnerabilities in IoT Security Problems in IoT IoT is highly vulnerable due to its components complexity Also, different subjects make it difficult to resolve the security vulnerabilities Vulnerabilities are possible in device firmware, OS, network protocol, service software, service APIs, etc. It means that difference subjects such as device vendor, service provider, device manufacturer, ISP, etc. should be responsible for fixing the vulnerabilities Also, the horizontal market characteristics in IoT service make the vulnerabilities worse Once private information is gathered by service provider, Ensuring the the Right to self-control on private information is not easy Also, current data mining techniques make this difficulty worse IoT Service (Sensed Privacy information: DB) AP Current IoT devices have many risks such as device theft, data leakage, data disclosure, phising attack, spyware/malware attack, etc. Weight scale Vulnerable wireless protocol is able to be used for eavesdropping attack The cracked sensing device is able to be used for illegal private information gathering (The existence of the user at home, etc.) Adversary Service User [ Possible Security/Privacy Vulnerabilities in IoT Scale ] Ref) 3

4 1. Vulnerabilities in IoT Security & Privacy Domain in IoT Security technology for IoT devices Countermeasure against Side Channel Attack Countermeasure against Physical Attack Security technology for IoT comm./network protocols ZigBee security(ieee security) CoAP security(dtls security) LwM2M security UDP security MQTT security Security technology for IoT Services IoT Platform security IoT-A security Privacy enhancing technology for IoT services API security for IoT Services OAuth security 4

5 2. Device Security in IoT Vulnerabilities in IoT Devices Side Channel Attack ex) Power analysis attack (SPA, DPA, CPA) can extract critical information (key values, etc.) in IoT devices Cracking and Reversing Attack Chip Cloning, Chip Reversing, ROM Code extraction, key/password extraction, etc. Attack on Device OS and SW Injecting malicious code, Code cracking, etc. 5

6 2. Device Security in IoT Side Channel Attack 소비전력 정보 Power Trace Side Channel Analysis 6 Secret Key Extraction (RSA, ECC, AES keys, etc.)

7 2. Device Security in IoT Cracking and Reversing Attack Circuit Engineering Compa ny Limited continues to be recognized as the Souther n China Leader in Services for IC Read, MCU Crack, Chip Extract, Microcontroller Unlock service. With the advancement of today s modern circuit board technology, it is more important than ever to have specialists available to help you at a moment s notice. Our engineering and commercial teams collectively have a vast amount of electronic experience covering field include Consumer Electronics, Industrial Automation Electronics, Wireless Communication Electronics., etc. For more information please contact us through . 7

8 2. Device Security in IoT Security technology for IoT devices Tamper Resistance / Tamper Evidence Clone detection (with PUF, etc.) Key zeroisation when tampering attack, etc. Side Channel Attack Countermeasure SPA/DPA/CPA attack countermeasure : Random masking, Algorithmic approaches, etc. Device Authentication/Authorization Using secret credential, Certificate (X.509), etc. Access Control in IoT Devices Access Control techniques (ACL, RBAC, etc.) Code Integrity Hash value, MIC(Message Integrity Code), etc. 8

9 2. Device Security in IoT Cryptography Issues in IoT Devices Lightweight crypto algorithms Block Cipher: PRESENT, LEA, AES,etc. Public Key Cryptography: ECC (NIST compliant) Target Platform : MSP430, Atmega, Cortex M3, etc. How about Smart Dust? Security Architecture for Device Authentication/Authorization Based on X.509? CA server for Device Revocation List Management Server Pseudonym CA for Privacy Preserving 9

10 3. Communication & Network Security in IoT ZigBee security Security Architecture SSP (Security Service Provider)/APS (Application Support) provides NWK layer security TC (Trust Center) in ZC (ZigBee Coordinator) is in charge of key management Two security modes are provided: SSM (Standard Security Mode) & HSM (High Security Mode) ZigBee IEEE Application Object SSP (Security Service Provider) APL(Application Layer) ZDO (ZigBee Device Object) APS (Application Support) Layer NWK (Network) Layer MAC (Medium Access Control) Layer PHY(Physical) Layer ZigBee Stack Structure TC (Trust Center) ZC(ZigBee Coordinator) ZR(ZigBee Router) ZED(ZigBee End Device) ZigBee Network 10

11 3. Communication & Network Security in IoT ZigBee security Frame encryption & authentication(msg integrity) Confidentiality & Integrity are provided with AES-CCM* NWK Header APS Header Payload ZigBee frame with no security NWK Header Auxiliary Header Encrypted NWK Payload MIC NWK frame which provides confidentiality & integrity Integrity Protection NWK Header APS Header Auxiliary Header Encrypted APS Payload MIC APS frame which provides confidentiality & integrity Integrity Protection Security Level Security Control Key Identifier Frame Counter Extended Nonce Source Address Reserved Key Sequence Number Security Level : notifies CCM* mode is used or not Key Identifier : specifies the types of key used Extended Nonce : The extended nonce sub-field shall be set to 1 if the sender address field of the auxiliary header is present. Otherwise, it shall be set to 0 Frame Counter : prevents replay attack with this counter number Source Address : address of the sending device Key Sequence Number :used when Key Identifier is the NK 11

12 3. Communication & Network Security in IoT ZigBee security 8 types of security mode 모드 적용내용 No Security No security AES-CBC-MAC-32(MIC-32) 32bit msg authentication AES-CBC-MAC-64(MIC-64) 64bit msg authentication AES-CBC-MAC-128(MIC-128) 128bit msg authentication AES-CTR(ENC) Only encryption is provided AES-CCM-32 32bit Enc/Msg Auth AES-CCM-64 64bit Enc/Msg Auth AES-CCM bit Enc/Msg Auth There are 3 key types in ZigBee Symmetric Key Distribution Methods Key Transport: is where the Trust Center sends the key (securely wherever possible) to the device Key Establishment: is where the device negotiates with the Trust Center and keys are established at either end without being transported (using SKKE, etc.) Pre Installation: is where keys are placed into device using out-of-band method, e.g. commissioning tool MK(Master Key) LK(Link Key) NK(Network Key) - Shared key between two devices at initial state - Only shared by SKKE protocols - which is uniquely shared between two and only two devices for protecting frames at the APS layer - Usually dynamically established using key establishment service - Can also be pre-installed or transported from the Trust Center - Global key which is used by all devices in the network - Usually transported from the Trust Center - Can also be pre-installed

13 3. Communication & Network Security in IoT CoAP(Constrained Application Protocol) security CoAP is secured by DTLS (Datagram Transport Layer Security) while HTTP is secured by TLS (Transport Layer Security) Two main issues in CoAP security Difficulty in end-to-end security CoAP HTTP combination problem (Though TLS and DTLS are similar, it does not mean the seamless communication b/w CoAP and HTTP) Proxy is needed for CoAP-HTTP translation Also, dedicated security mechanism is needed for end-to-end security over CoAP and HTTP (To avoid message eavesdropping due to decryption in Proxy, double encryption may be needed) Lack of multicast security No standard exists for CoAP multicast security Dedicated verification method for signed multicast message is needed Certificate based multicast key verification can be considered Ref) Security for Practical CoAP Applications : Issues and Solution Approaches, FGSN

14 3. Communication & Network Security in IoT MQTT security Services based on MQTT should meets the following security requirements Authentication of users and devices Authorization of access to Server resources Integrity of MQTT Control Packets and application data contained therein Privacy of MQTT Control Packets and application data contained therein Security techniques recommended in MQTT standard (1) In MQTT standard, it recommends the standards which are defined in NIST cyber security framework, FIPS-140-2, NSA Suite B, etc. The recommended light weight crypto algorithms Though specific crypto algorithms are not defined in document, it recommends algorithms described in ISO 29192(PRESENT and CLEFIA for lightweight block cipher) 14

15 3. Communication & Network Security in IoT Security techniques recommended in MQTT standard(2) The following security requirements are defined Client Authentication by Server Client authentication by server with proper authentication methods are recommended VPN and SSL certificate can be used Client Authorization by Server Client access to server resources should be controlled by proper authorization Server Authentication by Client MQTT is assumed to be used in untrustable environment, client should do server authentication VPN or SSL can also be used for this purpose Provides Integrity for Application message and control packet Proper integrity should be provided No specific methods are not defined in standard 15

16 3. Communication & Network Security in IoT Security techniques recommended in MQTT standard(3) Confidentiality in application message & control packet Verified crypto algorithms can be used for encrypting application message Also, TLS and VPN can be used for privacy Other security requirements in MQTT standard Abnormal behavior detection mechanism is needed Repeated connection attempts Repeated authentication attempts Abnormal termination of connections Topic scanning (attempts to send or subscribe to many topics) Sending undeliverable messages (no subscribers to the topics) Clients that connect but do not send data etc. Non-repudiation mechanism is also needed 16

17 4. Security in IoT Services IoT Platform Security Privacy/Trust management Authentication/Authorization Secure Data Exchange System Security Security & Privacy Privacy/Trust management Data anonymization ID management Trust management Authentication & Authorization Secure identification Access control Privilege management Secure data exchange Data encryption Secure protocols System Security Firewall & Intrusion detection Runtime verification & Malware detection Key management Bootstrapping 17

18 4. Security in IoT Services IoT-A Security In IoT-A, 5 security components (AuthZ, AuthN, IM, KEM, TRA) are defined for providing service security Component Name and Short Name Component Functionality Security Goals Targeted AuthZ(Authorization) Access control on services Service access control Confidentiality (data) Integrity (data) Access control on resolution infrastructure Service privacy Service availability AuthN (Authentication) IM (Identity Management) Authentication of service users Management of Identities, Pseudonyms and related access policies Authentication Accountability User privacy Service privacy KEM (Key Exchange and Management) TRA (Trust & Reputation) Exchange of cryptographic keys Collecting user reputation scores and calculating service trust levels Confidentiality (communication) Integrity (communication) Service Reputation Metering Service Trust 18

19 4. Security in IoT Services Relationships b/w Security Techniques defined in IoT-A Secret key, certificate mgmt KEM (Key Exchange & Mgmt) Trust and reputation mgmt on Things, Services TRA (Trust & Reputation) User authentication, object(things, services) authentication Authentication (AuthN) Access rights are granted Authorization (AuthZ) Execution Thing/Service Discovery, Resolution and Lookup Thing/Service Resolution Infrastructure Access Access Control (RBAC, ABAC) Fine grain access control IM (ID Mgmt) ID mgmt., Pseudonym, Anonymity mgmt 19

20 4. Security in IoT Services IoT-A security (1/2) AuthN: Authentication For authentication, methods, password, smartcard, secure token, fingerprint can be used Also, Pre-shared secret key and public key based certificate can be used for user/server/thing authentication AuthZ: Authorization Through authentication, access rights are assigned to a certain resource Authorization may be combined to resource finding operations(discovery/resolution/lookup) RBAC(Role Based Access Control) or ABAC(Attribute Based Access Control) can be used for fine grain access control to resources IM: ID Management From the privacy viewpoint, the ID management is needed for privacy enhancing Anonymization or Pseudonymization techniques can be used for this purposes 20

21 4. Security in IoT Services IoT-A security (2/2) KEM: Key Exchange & Management Secret key/certificate management, key distribution and exchange are needed TRA: Trust & Reputation In IoT services, user reputation on sensor and services should be collected and then trust levels should be calculated This is necessary because the sensed data and remotely located IoT services may be malfunctioned and even be malicious 21

22 5. Privacy Issues in IoT Privacy Enhancing Technology in IoT PII (Personally Identifiable Information) : Name, Social Security number, phone number, , address, etc. Anything that identifies a person directly Does removing PII mean Privacy Preservation? Not enough! PII can be constructed from Re-identification by Linking It means that Re-identification by Data mining in IoT Services à infringes the Privacy 22

23 5. Privacy Issues in IoT Example of the Re-identification by Linking NAHDO(National Association of Health Data Organization) can collect Medical Data legally Ethnicity Visit date Diagnosis Procedure Medication Total charge Medical Data ZIP Birthdate Gender Name Address Date registered Party affiliation Date last voted Voter List Group Insurance Commission in Massachusetts bought anonymized Medical Data from NAHDO Massachusetts State sells its Medical Data to Disease Researchers based on the rule One of Researcher who had Medical Data got Voter List information in Massachusetts Using the ZIP, Birthdate, Gender information from Voter List, the Researcher can get someone s Medical Information From Data Linking, the Researcher can specify someone (Re-identification by Linking) 23

24 5. Privacy Issues in IoT Traditional Privacy Preserving Method Get owner s permission when gathering information When gathering information, getting owner s permission should be provided Privacy enhancing by encryption Data confidentiality is provided by encryption However, privacy is different from encryption Preventing information leakage by strong access control Well defined access control blocks the information leakaga Also DB encryption techniques, searchable encryption technique can be used Using legacy security technology Firewall, sandbox, etc. Privacy is not preserved by encryption, access control and firewall etc. Because current big data processing, data mining techniques will cause privacy imfringement problem 24

25 5. Privacy Issues in IoT Privacy Preserving at the stage of Data Collection and Publishing à Sanitization Input perturbation Add noise to sensed input data (i.e., add noise to database) Output perturbation Add noise to data statistics(published information) 25

26 5. Privacy Issues in IoT Privacy Preserving at the Stage of Data Processing/Usage à Privacy preserving data mining Privacy-preserving data publishing Data mining algorithm which applies to perturbed data ex) Anonymization Changing the results of data mining applications Many data mining methods such as association rule mining, classification rule mining infringe privacy. So mining results are needed to modify to enhance privacy ex) Association rule hiding method Query auditing Query requests and results are controlled ex) Query output perturbing, Query restriction 26

27 5. Privacy Issues in IoT Cryptographic methods for Distributed Privacy Restricts information gathering by data distribution ex) Pinkas s multiparty protocol Randomization 기법 Add noise to data ex) data perturbation 27

28 5. Privacy Issues in IoT Differential Privacy Differential Privacy : DB Privacy Preserving Technique Alice Bob You M Collection and sanitization Users (government, rese archers, marketers, ) Census problem Utility: Users can extract global statistics Privacy: Individual information stays hidden à Typical method for providing differential privacy : Sanitization technique 28

29 5. Privacy Issues in IoT Differential Privacy Differential Privacy example of sanitization Input perturbation Change data before processing E.g. Randomized response Summary statistics Means, variances Marginal totals (# people with blue eyes and brown hair) Regression coefficients Output perturbation Summary statistics with noise Interactive versions of above: Auditor decides which queries are OK 29

30 5. Privacy Issues in IoT Differential Privacy Differential Privacy definition of Differential Privacy The risk to my privacy should not substantially increase as a result of participating in a statistical database Pr [t] Any info adversary can obtain, it could obtain without Me (my data). 30

31 5. Privacy Issues in IoT Differential Privacy Differential Privacy can be implemented by output perturbation User Database Tell me f(x) f(x)+noise x 1 x n For noise, Laplace noise is used frequently 31

32 5. Privacy Issues in IoT Differential Privacy Differential Privacy Laplace noise Laplace distribution K adds noise to the function output f(x) Add noise to each of the k dimensions 32

33 5. Privacy Issues in IoT Differential Privacy Differential Privacy Also in differential privacy, indistinguishability should be satisfied DB= Differ in 1 row DB = x 1 x 2 x 3 M x n-1 x n x 1 x 2 y 3 M x n-1 x n Sanitization random coins Sanitization query 1 answer 1 M query T answer T query 1 answer 1 M query T answer T transcript S transcript S Distance between distributions is at most e random coins 33

34 6.Concluding Remarks III. 맺음말 Security/Privacy Issues exist in each IoT Service Components From devices to services via network and platform, each IoT domains need proper (different) security/privacy technology Also, the perimeter security and the security/privacy issues in integration of different domains should be carefully designed and managed Main Issues in IoT Security/Privacy Device Security Self-control on private information 34

35 Howon Kim Pusan National University 35

36 참고 자료 참고 자료 [1] 부산대학교, 개방형 고성능 표준 IoT 기술 개발, [2] Internet of Things Architecture, IoT-A, Project Deliverable D4.2 [3] Getting Started with OAuth 2.0 [4] OAuth Web Authorization Protocol [5] OAuth 공식 홈페이지 - [6] Google Developer site - [7] MAC Access Authentication 자료 - [8] Karol Furdik, IoT challenges, approaches, and outcomes in the context of European research projects [9] CISCO, The Internet of Things, How the Next Evolution of the Internet Is Changing Everything [10] Security as a Service for User Customized Data Protection by Kenichi Takahashi, etc., Software Engineering and Computer Systems,