How to secure the Internet of Things?

How to secure the Internet of Things? Hannes Tschofenig hannes.tschofenig@arm.com 19 th May 2015 1

Agenda IoT is about optimizing for constrained environments. IoT is not a precise/well-defined concept. I will explain what ARM is focusing on. There are problems with deployed IoT products but there are also solutions. How is ARM contributing to better IoT security? 2

3 What is Internet of Things?

Recent Example of IoT Announcement Ubuntu Core devices will requires a 600MHz processor with 128MB RAM and a 4GB flash for factory reset and system rollback. Ubuntu Core itself will only take up 40MB RAM leaving the rest for applications. 4

ARM Processors in Smartphones ARM Cortex-A family: 5 Applications processors for feature-rich OS and 3rd party applications ARM Cortex-R family: Embedded processors for real-time signal processing, control applications ARM Cortex-M family: Microcontrolleroriented processors for MCU, ASSP, and SoC applications

Cortex-M Processors Lowest cost Low power Example: Touchscreen Controller Lowest power Outstanding energy efficiency Example: Sensor node Bluetooth Smart Performance & efficiency Feature rich connectivity Example: Weables, Activity trackers, Wifi receiver Digital Signal Control (DSC)/ Processor with DSP Accelerated SIMD Floating point (FP) Example: Sensor fusion, motor control Maximum Performance Flexible Memory Cache Single & Double Precision FP Examples: Automotive, High-end audio set 6 Processors use the 32-bit RISC architecture http://www.arm.com/products/processors/cortex-m/index.php

Wide Range of Constraints Constrained Node Constrained Networks Text copied from RFC 7228 Terminology for Constrained-Node Networks 7

Example: STM32L063C8T6 32bit CORTEX M0+ with max 32 Mhz Flash: 64 KB RAM: 8 KB Datasheet can be found here. Mouser Volume Price 1000 2,25 2500 2,14 5000 2,06 8

Example: STM32F215RET6 32bit CORTEX M3 with120 Mhz Flash: 512 KB RAM: 128KB Features: Interfaces: CAN, I2C, SPI, UART, USART, USB, Ethernet Camera interface Random number generator, hardware accelleration (AES-128, AES-192, AES-256, Triple DES, MD5, SHA1, HMAC) Real-Time Clock A/D & D/A Converters Temperature sensor Serial wire JTAG debug port Datasheet can be found here. Farnell Volume Price 1-9 16,49 10-99 13,61 100-249 10,15 250-499 8,99 500-999 8,09 1000-1999 7,35 2000+ 6,62 9

Example: STM32F415ZGT6 32bit CORTEX M4 with168 Mhz Flash: 1MB RAM: 192KB Features: Interfaces: CAN, I2C, SPI, UART, USART, USB, Ethernet Camera interface Random number generator, hardware accelleration (AES-128, AES-192, AES-256, Triple DES, MD5, SHA1, HMAC) Real-Time Clock A/D & D/A Converters Temperature sensor Serial wire JTAG debug port Datasheet can be found here and here. Farnell Volume Price 1-9 12,40 10-99 11,36 100-249 10,14 250-499 9,33 500-999 8,59 1000-1999 7,90 2000+ 6,75 10

Example: Board with A-Class Processor CHIP - The World's First Nine Dollar Computer WiFi & Bluetooth Smart built-in Link to Kickstarter project is here. Economies of scale tends to be somewhat counter-intuitive. 11

Cost Distribution Reducing total system cost by enabling better system tradeoffs = Total Cost + + Hardware Cost Energy Cost Development Cost (amortized, inc. deployment cost) We care about this. But it can make sense to spend more here (e.g., on flash/ram, CPU, BOM) 12 if it results in savings here (e.g. sophisticated power management) More detailed treatment of this topic in a webinar by Peter Aldworth about How to Select Hardware for Volume IoT Deployments? and here. (e.g. firmware update, manageability)

13 Securing Internet of Things

The Internet: A Distributed Design Story Examples of Problems Cryptographic Primitives Protocol Specifications and Architecture Implementation Deployment Improved algorithms for integer factorization, too small key size. No end-to-end security, complexity in specifications, insecure authentication protocols Buffer overflow attacks, poor UI or other usability problems, poor choice of hardware Enabled debug ports, missing deployment of security mechanisms Understanding the distributed nature of the development process is essential for tackling security problems. Depending on your role you are a consumer of various technologies and you might be able to influence one or several areas. 14 14

How to Secure IoT? Perform Classical Threat Analysis Following Security Recommendations Learn from Attacks Follow Design Patterns See IETF#92 plenary talk with Dave Thaler and Mary Barnes (Internet Architecture Board). 15 15

Learn from Attacks Selected attacks to illustrate common problems: Limited software update mechanism Missing key management Inappropriate access control Missing communication security Vulnerability to physical attacks Looking at real-world attacks allows us to easily see the need for security (and to convince others like management -- to do something). Don t forget to secure the mobile/cloud interfaces as well, as discussed in the Open Web Application Security Project (OWASP) Internet of Things Top-10 2014* list. 16 (*) Note: OWASP might be biased in their assessment since the organization deals mostly with Web-based vulnerabilities. 16

Limited Software Update Mechanism In January 2014 Bruce Schneier published an article where he expresses concerns about the lack of software update mechanisms in IoT deployments. In a presentation at the Chaos Communication Congress in December 2014 a security vulnerability of devices implementing the TR69 protocol, which also provides a software update mechanism, was disclosed. Real problem: Fix released in 2005 by AllegroSoft already but has not been distributed along the value chain of chip manufacturers, gateway manufacturers, Internet service providers. What happens when vendors do not support certain products anymore? Do IoT devices need a time-to-die / shelf-life? 17 17

Missing Key Management Problem Example: LIFX - Internet connected light bulb The attack revealed that an AES key shared among all devices to simplify key management. The firmware image was extracted via JTAG using a Bus Blaster. Then, the firmware was analyzed using IDA Pro. Mistakes only made by startups? See BMW ConnectedDrive 18 Pictures taken from h1p://contex6s.co.uk/resources/blog/hacking- internet- connected- light- bulbs 18

Inappropriate Access Control Insecure default settings have caused problems with Insteon LED Bulbs, as reported in When 'Smart Homes' Get Hacked: I Haunted A Complete Stranger's House Via The Internet Insteon LED Bulbs To find IoT devices connected to the Internet global scans have been used, for example, using ZMap. Similar problems have been seen with various other appliances, such as surveillance cameras, baby monitoring cameras and gas stations. Lacking access control to configuration files can cause problems for the entire system, as demonstrated with attacks against industrial control systems. 19 19

Missing Communication Security In Green Lights Forever: Analyzing the Security of Traffic Infrastructure Ghena,et al. analyzed the security of the traffic infrastructure. Results: The wireless connections are unencrypted and the radios use factory default usernames and passwords. All of the settings on the controller may be configured via the physical interface on the controller, but they may also be modified though the network. An FTP connection to the device allows access to a writable configuration database. This requires a username and password, but they are fixed to default values which are published online by the manufacturer. A similar attack also exploited the unencrypted communication. I even tested the attack launched from a drone flying at over 650 feet, and it worked! 20 20

Vulnerability to Physical Attacks Physical access to IoT devices introduces a wide range of additional attack possibilities. In some cases it might be necessary to extract keys contained on chip. This can be accomplished using power analysis, or fault injection (glitching) attacks. Tools for physical attacks decrease in cost and become easier to use. Important to keep these attacks in mind since we will see more of them in the future. JTAGulator Chip Whisperer 21 21

Not all hacks are security attacks Example: irobot Create 2 22 The 2007 release Create was a closed system and researchers hacked it to use it for educational purposes. Create 2 is the programmable version. Many border-line cases: Nest devices at http://venturebeat.com/2014/08/10/hello-dave-i-control-your-thermostat-googles-nest-gets-hacked/ and http://www.engadget.com/2014/06/23/nest-thermostat-rooted/ Remotely controlling cars using wireless dongles: http://hackaday.com/2015/01/21/remotely-controlling-automobiles-via-insecure-dongles/ Hacking a toaster: https://www.youtube.com/watch?v=vi7twd7b3ii Hacking your printer: http://contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/

Learn from Attacks, cont. Integrate a software update mechanism and leave enough head room. Use modern operating system concepts to avoid system-wide compromise due to a single software bug. Use an automated key management protocol with proper authentication and authorization (access control). Threat analysis must take physical attacks into account. Use Internet security protocols offering communication security. Take security into account during the software development lifecycle and in the deployment phase. 23 23

Remarks Internet of Things security today is like PC security 20 years ago. Most attacks on consumer-oriented IoT systems fall under the script kiddie category. For industrial control systems many attacks are already scary (see DragonFly, and attack against German steel factory). Risk analysis is often complex since hacked devices may be used for further attacks. Hence, indirect consequences also need to be taken into account. Examples: DDoS attacks using SNMP (used in printers), hacked Femto home router used for spying 24 24

25 How is ARM contributing to a more secure IoT?

Mbed Today 70,000+ developers 8+ years of IoT products 9,000+ projects 5+ years 24/7 1M+ builds/year 30+ official mbed boards 26 Go to https://mbed.org

mbed Ecosystem Partners Developers Enabled Services Enabled Products mbed Device Server Freemium model to enable startups Application data and device management Growth market access for cloud platforms and operators mbed OS Free for use on ARM architecture Leading connectivity standards Productivity, minimized costs Built-in management Security ARM Cortex -M -based MCU 27

Lifecycle Security Directory and Subscription Security, Admin and Multi-tenancy Data Flow Management RESTful and Publish/Subscribe Device Management Lightweight M2M (LWM2M) Communication Security mbed Device Interface Open Web Standards Application Transfer Protocols CoAP, HTTP, MQTT mbed TLS mbed Device Server IPv4 IPv6, 6LoWPAN mbed TLS Device Management: LWM2M Device Security Cryptobox mbed OS 28

Traditional MCU Flat Security Model IoT devices include significant software complexity Server With flat security all code/data lives in a shared address space Bugs in any code can lead to a security flaw Application Protocol BLE Stack SSL Library WiFi Stack Diagnose Secure Storage Device Management Secure ID Crypto API Crypto Keys Firmware Update RNG 29

Device Security: Secure Partitioning for MCUs Server Split memory into private critical and public uncritical Small private footprint simplifies code analysis Public code never sees keys/secrets Vulnerabilities on public side can t affect private side Private side can verify integrity of the public side Public code can t write code directly to Flash Private side can reliably recover device to clean state Public BLE Stack WiFi Stack Application Protocol SSL Library Device Management Private Firmware Update Secure Storage Crypto Keys Crypto API Secure ID RNG Diagnose 30

Security Services in mbed OS : μvisor The ARM Cortex-M CPU Architecture enforces access privileges The Memory Protection Unit (MPU) enforces CPU memory partitioning Low latency, efficient, transitions (incl. interrupts) Designed so that transitions are infrequent Generally low overhead in system Performance, memory, power, developer Software mbed OS and User Application [Public code/data] Cryptobox Security Services [Private code/data] μvisor [Privileged] Hardware ARM Cortex-M CPU [privilege enforcement] ARM Cortex-M MPU [partition enforcement] Memory/Peripherals (SRAM; Flash; DMA; Crypto HW) 31

Security Services in mbed OS: Key Storage; Crypto; RNG Un-cloneable device identity Key and certificate storage Protection of server API tokens Supporting mbed TLS code (and APIs to corresponding HW features) Cryptographic algorithms Random number generation 32

Security Services in mbed OS: Agile Security Software is never finished New features, bug fixes, patching vulnerabilities and tracking standards Flash update security layer prevents storage of unsigned code Managed via mbed Device Server Fully secured and integrity checked within device Firmware Over The Air (FOTA) enables agile security Patch vulnerabilities Move to new (stronger) crypto algorithms 33

Lifecycle Security and OMA LWM2M Device Identity and config. for Bootstrap Assign devices to a particular owner and service vendor Manufacturing Support Registered with service and ready to use Bootstrap Support Device Support (for a specific IoT service vendor) FOTA update extends device lifetime Device requests credentials and configuration for service Distribution Factory 34 Setup Delivery Usage Update Recovery Usage Can choose to reassign device to new service or owner Re-provisioning

Lifecycle Security: Enabled with mbed Device Server Security Administration Provides management of security material via a User Interface or API Population of endpoint X.509 certificates Management of black list Web Interface Security TLS-based HTTPs transport with certificates Device Interface Security DTLS-based CoAP transport mbed OS Device X.509 certificate mode (TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8) 35

Summary Very few developers have strong security experience (or are event Internet protocol specialists). mbed aims to make it easier for developers to accomplish their goals. Offers operating systems Internet Protocol stack Comprehensive security foundation Ongoing standardization efforts (such as IETF ACE or Thread). 36