Contenu connexe Similaire à Smart City Lecture 3 - An Open And/Or Secure Smart City (20) Smart City Lecture 3 - An Open And/Or Secure Smart City1. © Waher Data AB, 2018.
Smart City Lecture 3
An Open and/or Secure Smart City?
3. © Waher Data AB, 2018.
Smart City / Society
Automation
Open Data
Transport
Traffic (C-ITS)
Parking
Utilities
Health Care
Law enforcement
Schools
Libraries
Waste management
Citizens?
…
Smart for whom?
4. © Waher Data AB, 2018.
Vision of a Smart City
Ubiquitous access to interoperable
sensors and things.
Ubiquitous access to data and
information from society’s authorities.
Access to smart services in all niches of
society.
Definition of ownership of information.
Protection of Privacy, by design and by
default.
Market for access to things and data.
6. Ex-Director of National Intelligence
James R. Clapper
http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
”America's greatest
threat is the
Internet of Things”
Feb 9, 2016
7. © Waher Data AB, 2018.
Problem domain
IoT systems particularly vulnerable:
Long-term operation
Technologies become obsolete
Lack of updates
Invisible operation
No visible clues something is wrong
No human operator (for normal use case)
Lack of supervision
Larger scale
More units and attack surfaces
8. © Waher Data AB, 2018.
Vulnerabilities
National Security
Exploiting
Surveillance
Logistics
Utilities
Health Care
Traffic (C-ITS)
Residential systems
Law enforcement
Waste management
Schools
Parking
Libraries
Monitoring citizens
…
9. © Waher Data AB, 2018.
What is Government Doing?
Mayor of Stockholm (2017) wants to “turn
Stockholm into the world's smartest city”
Also:
“I don't have the answers”
“powered rubbish bins”
“making small steps forward”
“being a connected city”
“how little interest there has been locally”
“Security is one of the biggest questions … when we're
talking about key and lock systems”
No strategy at all. Can you compete in
world’s most vulnerable city?
https://www.thelocal.se/20170731/meet-karin-wanngard-the-mayor-who-wants-to-turn-stockholm-into-the-worlds-smartest-city
10. © Waher Data AB, 2018.
What must Governments do?
Governments must make sure to provide
a strong foundation on which smart
services can be built.
Broadband access were
infrastructure projects.
Giving access to broadband for
everyone was a strategy.
Likewise, Smart City Infrastructure
must be defined, required in RFPs, and
provided to everyone.
11. © Waher Data AB, 2018.
Options?
Sealed secure systems?
or
Open, Interoperable, but vulnerable
systems?
or is it possible to have:
Open, Interoperable & secure systems?
13. © Waher Data AB, 2018.
Open Society
How are open societies defined?
Personal decisions
Exchange of ideas
Pluralism
Responsibility under the law
Government transparency
Privacy
14. © Waher Data AB, 2018.
Digital Open Society
How do we digitally model:
Personal decisions?
Exchange of ideas?
Pluralism?
Responsibility under the law?
Government transparency?
Privacy?
15. © Waher Data AB, 2018.
Personal decisions
To allow maximum freedom of choice:
Loosely coupled
Architectures
Communication Patterns
Data representation
Federation
✓✓✓✓ XMPP, IoT Harmonization
✓✓✓ CoAP(S)
✓✓ HTTP(S), LWM2M
✓ MQTT, Blockchain
16. © Waher Data AB, 2018.
Exchange of Ideas
Translate into Interoperability:
Transport (Communication)
Representation
Operation
✓✓✓ LWM2M, IoT Harmonization
✓✓ CoAP(S), HTTP(S)
✓ XMPP, MQTT
✗ Blockchain
17. © Waher Data AB, 2018.
Pluralism
Same infrastructure can support:
Different types of devices
Different types of solutions
Different manufacturers
Different service providers
Different operators
✓✓✓✓✓ HTTP(S), CoAP(S), XMPP, IoT Harmonization
✓✓ LWM2M, MQTT
✓ Blockchain
18. © Waher Data AB, 2018.
Responsibility under the law
Requires:
Strong identities
Verifiable
Legal
Smart Contacts
Digital Signatures
✓✓✓✓ Blockchain, IoT Harmonization
✓ HTTP(S), LWM2M, XMPP
✗ CoAP(S), MQTT
19. © Waher Data AB, 2018.
Government Transparency
5-star Open Data:
Availability
Structured
Open format
URIs
Links
⋆⋆⋆⋆ CoAP(S), HTTP(S), IoT Harmonization
⋆⋆⋆ LWM2M
⋆⋆ Blockchain, MQTT, XMPP
20. © Waher Data AB, 2018.
Privacy
Basic requirements (see lectures 1 & 2):
Processing on the Edge
Data ownership
Actively protects privacy
Does not contradict GDPR requirements
✓✓✓✓ IoT Harmonization
✓✓ XMPP
✓ HTTP(S), CoAP(S), MQTT, LWM2M
✗ Blockchain
21. © Waher Data AB, 2018.
Openness Summary
Block
chain
CoAP HTTP IoT.H. LW
M2M
MQTT XMPP
Personal ✓ ✓✓✓ ✓✓ ✓✓✓✓ ✓✓ ✓ ✓✓✓✓
Interop. ✗ ✓✓ ✓✓ ✓✓✓ ✓✓✓ ✓ ✓
Plurality ✓ ✓✓✓✓✓ ✓✓✓✓✓ ✓✓✓✓✓ ✓✓ ✓✓ ✓✓✓✓✓
Law ✓✓✓✓ ✗ ✓ ✓✓✓✓ ✓ ✗ ✓
Transparency ⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆ ⋆⋆ ⋆⋆
Privacy ✗ ✓ ✓ ✓✓✓✓ ✓ ✓ ✓✓
8 15 15 24 12 7 15
23. © Waher Data AB, 2018.
Identities
Identities affect your security:
Anonymity
Strong identities
Pseudonyms
24. © Waher Data AB, 2018.
Anonymity
Protects
Whistle blower
Dissident
(Criminal)
(Terrorist)
Security decisions difficult
Facilitates leaking personal data
How do you protect sensitive information, if you don’t know
who’s on the other end?
25. © Waher Data AB, 2018.
Strong Identities
Protects information owners
Allows selective responses
Can be used to track
individuals
Logging for security purposes is legitimate. How can you
make sure logging is only used for security purposes?
(One answer: Use of standardized, open software that are
agnostic to the purposes of processing, such as brokers and
End-to-End encryption of payloads.)
26. © Waher Data AB, 2018.
Decentralization
Decentralization has security implications:
More attack surfaces.
But value of each node is small.
Value/Effort ratio small.
Easier to protect.
Massive data breaches difficult.
You don’t put all your eggs into the same basket.
More resilient.
End-to-end encryption.
28. © Waher Data AB, 2018.
HTTP(S)
Standardized by IETF
Popular
Well known
Request/Response communication pattern
Web-socket
Bidirectional
Asynchronous
TLS transport encryption
Problems:
Topology
Middleware
Distributed/Global Identities
Difficult to make secure
29. © Waher Data AB, 2018.
Topology Problem
Actors
Client
Server
Server must be reachable by the client
Thing a server
Natural, from a conceptual perspective.
Sacrifices security: “hole punching”
Thing a client
Unnatural
Sacrifices privacy
Creates potential bottlenecks
Server or Middleware processing
30. © Waher Data AB, 2018.
Middleware
How can a client communicate with a client?
“Middle”-ware: Software in the middle of clients.
Acts as servers to both clients.
Proprietary solutions
Multitudes
Hybrid solutions
LWM2M (just data collection)
MQTT (proprietary HTTP bindings)
Standardized solutions
XMPP (BOSH or Web-socket bindings)
31. © Waher Data AB, 2018.
Scalability Problem
C10K problem
Difficulty in creating scalable middleware.
Vulnerability increases by scale
Alternative: Federated middleware
XMPP (standardized option)
32. © Waher Data AB, 2018.
Identity Problem
Authentication
Server typically manages accounts
Distributed identities difficult
Reversed original architecture
Difficult to make security decisions in a
distributed environment.
Server
Client
Client
Client
Client Client
Server
Server
Server
Server
34. © Waher Data AB, 2018.
MQTT
Standardized by OASIS
Popular
Most used protocol for IoT
Publish/Subscribe communication pattern
Efficiently distributes data to multiple
subscribers
The broker solves the topology problem.
TLS Transport Encryption
Problems:
Multiple serious design-vulnerabilities
Scalability
Identities
36. © Waher Data AB, 2018.
Vulnerabilities by design 1(2)
No forwarded identities
Authorization becomes impossible by things
Makes injection a great threat
Control signals
False data
Bandwidth depletion
Lack of privacy
No negotiation of who can subscribe
Access control out-of-band (proprietary)
Wildcards
Makes it easy to eavesdrop
Scalability
Topic tree and number of devices have limits
No natural way to federate
How do you interoperate across domains?
37. © Waher Data AB, 2018.
Vulnerabilities by design 2(2)
Passwords in clear text*
Out-of-band (proprietary) authentication with
client certificates required
Lack of content meta-data*
Impedes interoperability
Indeterministic
Cannot foresee the consequences of an operation
Relies on careful operation of broker
Overview of topic tree difficult
Who operates the broker across domains?
(*) Partially solved if explicitly used in MQTT v5.
38. © Waher Data AB, 2018.
Warnings
Governments warn against bad
MQTT implementations.
MQTT is notoriously difficult to use
securely.
Use it only in internal secured networks.
https://cert.se/2016/09/mqtt-i-sverige
40. © Waher Data AB, 2018.
CoAP(S)
Standardized by IETF
“Binary HTTP”
Resource-constrained networks
Resource-constrained devices
UDP
Solves C10K problem
Communication Patterns
Request Response
Event Subscription
Multi-casting
DTLS transport encryption
Not for multi-casting
41. © Waher Data AB, 2018.
Limitations
Still has topology problem
Assumes middleware for Internet use
LWM2M is standardized middleware
Some interoperability
IPSO Smart Objects
Only for data collection
Difficult to interoperate between things
Distributed identities still difficult.
43. © Waher Data AB, 2018.
LWM2M
Standardized by OMA
IPSO Smart Objects
Adds security to CoAP
Manages keys and authentication
Bootstrapping
Device Management
Access Control Lists
45. © Waher Data AB, 2018.
XMPP
Standardized by IETF
Federated
Globally scalable
Extensible
XML namespaces
Open
Robust
Secure
Interoperable
Binding
Socket, HTTP, WebSocket
46. © Waher Data AB, 2018.
Communication
Brokers
Accounts
Rosters
Routing
Federation
Topology insensitive
Server-less
Peer-to-peer
Authentication
SASL
Encryption
TLS
E2E
47. © Waher Data AB, 2018.
Federated Brokers
Authenticate clients
SASL
Cooperate (federation)
Forward identities
Authorization
Roster
Presence
Subscription
Solve
Topology problem.
Latency problem.
Scalability problem.
48. © Waher Data AB, 2018.
Security
Standard layers of security:
Global Identities (always forwarded)
Authentication (SASL)
Encryption (TLS)
Authorization (presence subscription)
Blocking
Spam reporting
Provisioning
49. © Waher Data AB, 2018.
Communication Patterns
Intrinsic patterns:
Asynchronous messages (message)
Request/Response (iq)
Publish/Subscribe (presence)
Extended
Publish/Subscribe
(extended by XEP-0060, 0163)
Multicasting
(extended by XEP-0045)
50. © Waher Data AB, 2018.
XMPP & Privacy
Data protection by design & by default:
Decentralization
Ubiquitous encryption
Even end-to-end encryption
Global identities
Authenticated
Forwarded
Authorization
Consent-based negotiation
51. © Waher Data AB, 2018.
Communication Patterns (Flexibility)
CoAP HTTP IoT.H. LW
M2M
MQTT XMPP
Async. Msg. ✓ ✓ ✓ ✓
Req/Resp. ✓ ✓ ✓ ✓ ✓
Pub/Sub. ✓✓✓ ✓ ✓✓✓
Federation ✓ ✓ ✓ ✓
Broker ✓ ✓ ✓
Severless ✓ ✓ ✓
P2P7 ✓ ✓
4 2 9 2 2 9
53. © Waher Data AB, 2018.
Blockchain
Cryptographic Algorithms fixed
Has an implicit built-in expiration time
Lends itself to future frauds
Vulnerable in Heterogenous networks
Requires constant hardware updates
Severe privacy issues
Energy inefficient
54. © Waher Data AB, 2018.
Blockchain & Privacy
Blocks cannot
be deleted
on request
after a given time
… or ever
be corrected
Access is given to all or nothing
Public access has to be assumed
Hashes of personal information is still
personal
Blockchain is not suitable for personal information at all.
56. © Waher Data AB, 2018.
Security Summary
Block
chain
CoAP HTTP IoT.H. LW
M2M
MQTT XMPP
Identities ✓ ✓ ✓ ✓ ✓
Authentication ✓ ✓ ✓ ✓ ✓
Authorization ✓ ✓ ✓
Encryption ✓ ✓ ✓ ✓ ✓ ✓
E2E ✓ ✓
Consent ✓ ✓
Decentralized ✓ ✓ ✓ ✓
By design ✓ ✓ ✓
Flexibility 4 2 9 2 2 9
Openness 8 15 15 24 12 7 15
11 21 20 41 19 10 32
57. © Waher Data AB, 2018.
6. Openness + Security
For Things
58. © Waher Data AB, 2018.
Strong Foundation
Things are “stupid” and need help with:
Decision Support
Ownership
Owner consent
Lifecycle
Transfer of ownership
Decommissioning
Discovery
Interoperability
Data
Operations
59. © Waher Data AB, 2018.
IoT Harmonization (IEEE 1451-99)
Sensor Data
Control Operations
Localization (M2M, M2H)
Tokens for distributed transactions
Decision Support (for devices)
Provisioning (for owners)
Peer-to-Peer communication
End-to-end encryption
Concentrator/Bridge (“Thing of things”)
Discovery
Ownership
Clock Synchronization
Secure Account Creation
Legal Identities
Contracts
Automated provisioning
Economic feedback
https://gitlab.com/IEEE-SA/XMPPI/IoT
60. © Waher Data AB, 2018.
Backbone
Efficiency
Interoperability
Global scalability
Bridges technologies
vs
62. © Waher Data AB, 2018.
Smart City Lectures*
1. How to build a Smart City (Oct 4th)
2. Privacy in the Smart City (Oct 18th)
3. An Open and/or Secure Smart City (Oct 25th)
4. Harmonizing the Internet of Things (Nov 8th)
5. Introduction to Encryption (Nov 15th)
6. Earning by Sharing in the Smart City (Nov 22th)
7. …
8. …
(*) Funded by Swedish Internet Fund.
63. © Waher Data AB, 2018.
Smart City Labs*
1. Sensors and actuators (Oct 10th)
2. Connect and chat with your device (Oct 17th)
3. Publishing data from your sensor (Oct 24th)
4. Publishing and discovering devices (Nov 7th)
5. Controlling actuators (Nov 14th)
6. Decision Support for your devices (Nov 21th)
7. …
8. …
(*) Funded by Swedish Internet Fund.
64. © Waher Data AB, 2018.
Raspberry Pi & Arduino
Sensors, Actuators, Controllers,
Concentrators, Bridges
Protocols:
MQTT, HTTP, CoAP, LWM2M, XMPP
Interoperability
Social Interaction
Decision Support
Product Lifecycle
IoT Service Platforms
IoT Harmonization
Security
Privacy
Amazon
Packt
Microsoft Store
Contact: https://waher.se/, https://littlesister.se/
Mastering Internet of Things
65. © Waher Data AB, 2018.
8. Open Discussion
Ownership?
Privacy?
Security?
Surveillance?
Interoperability?
Cool stuff?
Qué?
Where’s the Money?
Who pays?
What could go wrong?
Little Sister?
Harmonization?