Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
The 5 Elements of IoT
Security
Julien Vermillard - Sierra Wireless
Who am I?
Software Engineer Sierra Wireless
AirVantage.net cloud service
Eclipse IoT:
Leshan project lead
Wakaama and Cali...
Agenda
In the news
Hardware
OTA Upgrades
Secure Communication
Key Distribution
Cloud Security
Open Source IoT Infrastructu...
In the news
“The killer toaster”
“The nightmare on connected home street”
“What’s wrong with connected devices”
HP Fortify 2014 IoT security report
Reviewed the most popular devices:
TVs, webcams, thermostats, power
outlets, sprinkler...
Secure your hardware
Hardware security
Risks:
Rogue firmware
Invisible backdoor
Malicious certificate
Eavesdropping
Mitigation:
Secure storage
...
You can’t secure
what you can’t update
High engineering and BoM cost!
Custom bootloader
Flash size
Flash & switch update
Firmware
V 1
Firmware
V 2
Bootloader
Reboot & Patch update
Firmware
Patch
Bootloader
Must be bulletproof
Upgrading is hard:
● NAND flash errors
● Unexpected power loss
● Network errors
● Unexpected incompati...
Secure Communication
Cipher suite? Pre-shared key
TLS_PSK_WITH_AES_128_CCM_8
TLS_PSK_WITH_AES_128_CBC_SHA256
Client and server have a common se...
Secure communication is not cheap
https://tools.ietf.org/html/draft-ietf-lwig-tls-minimal-01
+----------------------+-----...
Cipher suite? Public Key
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Server and client don’...
X.509 Certificate
Chain-of-trust for validating identity!
No more credential provisioning
Used for HTTPS
Certificate: revocation checks
Revocation checking is still an issue in 2015:
Validity date checking: RTC? NTP?
More and m...
Pre-shared key vs X.509?
PSK is lighter, can run on very small target
X.509 crypto is heavier: (EC)DH,ECDSA/RSA
PSK Infras...
Key Distribution
Pre-shared key generation
Everything should be provisioned at factory?
Don’t move big plain text list of credentials
Don’t...
Secret rotation
Be sure to be ready to change them ASAP
Don’t wait the next Heartbleed for doing it
Good practice:
Changin...
Key management protocols?
Enterprise PKI for X.509: CMP, OCSP
For PSK or X.509: Lightweight M2M bootstrap
LwM2M bootstrap in a nutshell
Flash bootstrap
credentials
LwM2M bootstrap in a nutshell
I only have bootstrap
credentials or I can’t
reach final server
LwM2M bootstrap in a nutshell
POST /bs
Bootstrap Server
LwM2M bootstrap in a nutshell
Write DM
URL & credentials
Bootstrap Server
LwM2M bootstrap in a nutshell
DM ServerBootstrap Server
I have credential for
the DM server
LwM2M bootstrap in a nutshell
DM ServerBootstrap Server
POST /rd
LwM2M bootstrap in a nutshell
DM ServerBootstrap Server
Start managing the
device
Server Security
Why it’s mattering?
Risk:
Takeover of your whole device fleet
You are a juicy target
Mitigations:
More security (ex. 2 fac...
Now where I start?
Ask more time/budget?
Now you are part of the
70% unencrypted network services
Open-source to the rescue!
Eclipse IoT - Leshan
Lightweight M2M implementation in Java
A library for building:
bootstrap, and device management serve...
Eclipse IoT - Leshan
Update firmware, software
Manage secrets (bootstrap)
Monitor and configure device
Can support custom ...
Eclipse IoT - Wakaama
C implementation of Lightweight M2M
Focused on embedded
Bring your own IP stack
Bring your own DTLS ...
Eclipse IoT - Wakaama
You can receive packages for
firmware/software update
But you need to implement live re-flashing on
...
TinyDTLS | https://tindydtls.sf.net
MIT License, Eclipse proposal!
“Support session multiplexing in single-
threaded appli...
TinyDTLS
Supported ciphersuites:
TLS_PSK_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES128_CCM_8
Demo!
From Toolbox
To Jump start
Thanks!
Questions?
Contact me:
@vrmvrm
jvermillard@sierrawireless.com
Blog post
+1 0 -1
Sign in: www.eclipsecon.org
Evaluate the sessions
The 5 elements of IoT security
Prochain SlideShare
Chargement dans…5
×

The 5 elements of IoT security

More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".

We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?

Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?

Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.

Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!

Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!

Livres associés

Gratuit avec un essai de 30 jours de Scribd

Tout voir
  • Soyez le premier à commenter

The 5 elements of IoT security

  1. 1. The 5 Elements of IoT Security Julien Vermillard - Sierra Wireless
  2. 2. Who am I? Software Engineer Sierra Wireless AirVantage.net cloud service Eclipse IoT: Leshan project lead Wakaama and Californium committer Twitter: @vrmvrm Email: jvermillard@sierrawireless.com
  3. 3. Agenda In the news Hardware OTA Upgrades Secure Communication Key Distribution Cloud Security Open Source IoT Infrastructure
  4. 4. In the news “The killer toaster” “The nightmare on connected home street” “What’s wrong with connected devices”
  5. 5. HP Fortify 2014 IoT security report Reviewed the most popular devices: TVs, webcams, thermostats, power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms,scales, and garage door openers 90% collected personal data 70% used unencrypted network services http://h20195.www2.hp.com/V2/GetDocument.aspx?docname=4AA5-4759ENW&cc=us&lc=en
  6. 6. Secure your hardware
  7. 7. Hardware security Risks: Rogue firmware Invisible backdoor Malicious certificate Eavesdropping Mitigation: Secure storage Secure boot Drawbacks: Vendor lock Tivoization Nest Example: https://www.blackhat.com/docs/us-14/materials/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home.pdf
  8. 8. You can’t secure what you can’t update
  9. 9. High engineering and BoM cost! Custom bootloader Flash size
  10. 10. Flash & switch update Firmware V 1 Firmware V 2 Bootloader
  11. 11. Reboot & Patch update Firmware Patch Bootloader
  12. 12. Must be bulletproof Upgrading is hard: ● NAND flash errors ● Unexpected power loss ● Network errors ● Unexpected incompatibilities ● Checksum, cryptographic signature A 0.1% failure rate on a 1m fleet is 1000 bricked devices
  13. 13. Secure Communication
  14. 14. Cipher suite? Pre-shared key TLS_PSK_WITH_AES_128_CCM_8 TLS_PSK_WITH_AES_128_CBC_SHA256 Client and server have a common secret Symmetric cryptography Tampering the device or the server give you access to all the future and past communications
  15. 15. Secure communication is not cheap https://tools.ietf.org/html/draft-ietf-lwig-tls-minimal-01 +----------------------+-----------------+ | | DTLS | | +--------+--------+ | | ROM | RAM | +----------------------+--------+--------+ | State Machine | 8.15 | 1.9 | | Cryptography | 3.3 | 1.5 | | DTLS Record Layer | 3.7 | 0.5 | +----------------------+--------+--------+ | TOTAL | 15.15 | 3.9 | +----------------------+--------+--------+ Table 1: Memory Requirements in KB
  16. 16. Cipher suite? Public Key TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Server and client don’t share private keys, only public keys Perfect forward secrecy: past communication can’t be decrypted after secret compromission
  17. 17. X.509 Certificate Chain-of-trust for validating identity! No more credential provisioning Used for HTTPS
  18. 18. Certificate: revocation checks Revocation checking is still an issue in 2015: Validity date checking: RTC? NTP? More and more complexity on the device side: CRL, OCSP, stapling Hard fail? Soft fail? Certificate pinning?
  19. 19. Pre-shared key vs X.509? PSK is lighter, can run on very small target X.509 crypto is heavier: (EC)DH,ECDSA/RSA PSK Infrastructure is simpler but weaker (Hello SIM card key files) X.509 Public Key Infrastructure is complex, but can be outsourced
  20. 20. Key Distribution
  21. 21. Pre-shared key generation Everything should be provisioned at factory? Don’t move big plain text list of credentials Don’t use stupid formulas: password = MD5(IMEI + CARRIER_NOT_SO_SECRET) https://www.blackhat.com/docs/us-14/materials/us-14- Solnik-Cellular-Exploitation-On-A-Global-Scale-The-Rise- And-Fall-Of-The-Control-Protocol.pdf
  22. 22. Secret rotation Be sure to be ready to change them ASAP Don’t wait the next Heartbleed for doing it Good practice: Changing the factory credential during the 1st communication
  23. 23. Key management protocols? Enterprise PKI for X.509: CMP, OCSP For PSK or X.509: Lightweight M2M bootstrap
  24. 24. LwM2M bootstrap in a nutshell Flash bootstrap credentials
  25. 25. LwM2M bootstrap in a nutshell I only have bootstrap credentials or I can’t reach final server
  26. 26. LwM2M bootstrap in a nutshell POST /bs Bootstrap Server
  27. 27. LwM2M bootstrap in a nutshell Write DM URL & credentials Bootstrap Server
  28. 28. LwM2M bootstrap in a nutshell DM ServerBootstrap Server I have credential for the DM server
  29. 29. LwM2M bootstrap in a nutshell DM ServerBootstrap Server POST /rd
  30. 30. LwM2M bootstrap in a nutshell DM ServerBootstrap Server Start managing the device
  31. 31. Server Security
  32. 32. Why it’s mattering? Risk: Takeover of your whole device fleet You are a juicy target Mitigations: More security (ex. 2 factor auth) than classical web service Collect only the necessary data Isolate as much as possible web and devices
  33. 33. Now where I start?
  34. 34. Ask more time/budget?
  35. 35. Now you are part of the 70% unencrypted network services
  36. 36. Open-source to the rescue!
  37. 37. Eclipse IoT - Leshan Lightweight M2M implementation in Java A library for building: bootstrap, and device management servers Support DTLS PSK, RPK, (X.509 soon) And also client for beefier devices or testing
  38. 38. Eclipse IoT - Leshan Update firmware, software Manage secrets (bootstrap) Monitor and configure device Can support custom object for applications IPSO objects
  39. 39. Eclipse IoT - Wakaama C implementation of Lightweight M2M Focused on embedded Bring your own IP stack Bring your own DTLS implementation Bootstrap supported
  40. 40. Eclipse IoT - Wakaama You can receive packages for firmware/software update But you need to implement live re-flashing on your platform Known to be running on Linux, Arduino mega, ARM Cortex processors
  41. 41. TinyDTLS | https://tindydtls.sf.net MIT License, Eclipse proposal! “Support session multiplexing in single- threaded applications and thus targets specifically on embedded systems.” Examples for Linux, or Contiki OS
  42. 42. TinyDTLS Supported ciphersuites: TLS_PSK_WITH_AES_128_CCM_8 TLS_ECDHE_ECDSA_WITH_AES128_CCM_8
  43. 43. Demo!
  44. 44. From Toolbox
  45. 45. To Jump start
  46. 46. Thanks! Questions? Contact me: @vrmvrm jvermillard@sierrawireless.com Blog post
  47. 47. +1 0 -1 Sign in: www.eclipsecon.org Evaluate the sessions

×