0
Securing the Internet of Things
Paul Fremantle
CTO, WSO2 (paul@wso2.com)
PhD researcher, Portsmouth University
(paul.frema...
About me
• CTO and Co-Founder
WSO2
– Open Source Middleware
platform
• Part-time PhD looking at
security
• Working in Apac...
Firstly, does it matter?
“Google
Hacking”
http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
http://freo.me/1pbUmof
So what is different about IoT?
• The longevity of the device
– Updates are harder (or impossible)
• The size of the devic...
Physical Hacks
A Practical Attack on the MIFARE Classic:
http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf
Karst...
Or try this at home?
http://freo.me/1g15BiG
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html
Hardware recommendations
• Don’t rely on obscurity
Hardware recommendations
• Don’t rely on obscurity
• Don’t rely on obscurity
• Don’t rely on obscurity
• Don’t rely on obs...
Hardware Recommendation #2
• Unlocking a single device should risk only that
device’s data
The Network
Crypto on small devices
• Practical Considerations and Implementation
Experiences in Securing Smart Object Networks
– http...
ROM requirements
ECC is possible
(and about fast enough)
Crypto
Borrowed from Chris Swan:
http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
Won’t ARM just solve this problem?
Cost matters
8 bits
$5 retail
$1 or less to embed
32 bits
$25 retail
$?? to embed
Another option?
SIMON and SPECK
https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
Datagram Transport Layer Security
(DTLS)
• UDP based equivalent to TLS
• https://tools.ietf.org/html/rfc4347
Key distribution
CoAP
• Constrained Application Protocol
– http://tools.ietf.org/html/draft-ietf-core-coap-18
– REST-like model built on UD...
MQTT
MQTT
• Very lightweight messaging protocol
– Designed for 8-bit controllers, SCADA, etc
– Low power, low bandwidth
– Binar...
MQTT
• Relies on TLS for confidentiality
• Username/Password field
Passwords
• Passwords suck for humans
• They suck even more for devices
Tokens
Why OAuth2?
• Widely implemented
• Pretty good
– Of course there is never 100% agreement
– Or certainty with security prot...
Why FIAM for IoT?
• Can enable a meaningful consent mechanism
for sharing of device data
• Giving a device a token to use ...
Two aspects using OAuth with IoT
• On the device
– Tokens are good
– Limiting the access of the device
• On the cloud
– Pu...
Demo components
Mosquitto
(Open Source MQTT
Broker)
Acting as “Resource
Server”
Mosquitto_py_auth
mqtt-oauth2.py
IdP
WSO2 ...
WSO2 Identity Server
Lessons learnt
• MQTT and MPU / I2C code is 97% of Duemilanove
– Adding the final logic to do OAuth2 flow pushed it to 99%...
What I haven’t covered enough of
Summary
• Think about security with your next device
• We as a community need to make sure that
the next generation of IoT...
Questions?
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Securing the Internet of Things
Upcoming SlideShare
Loading in...5
×

Securing the Internet of Things

4,446

Published on

A talk given at the EclipseCon 2014 M2M day.
This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT

Published in: Technology

Transcript of "Securing the Internet of Things"

  1. 1. Securing the Internet of Things Paul Fremantle CTO, WSO2 (paul@wso2.com) PhD researcher, Portsmouth University (paul.fremantle@port.ac.uk) @pzfreo Paul Madsen* Technical Architect, PingIdentity (pmadsen@pingidentity.com) @paulmadsen *Paul M helped me with the initial content, but I take responsibility for anything you don’t like in this slide deck.
  2. 2. About me • CTO and Co-Founder WSO2 – Open Source Middleware platform • Part-time PhD looking at security • Working in Apache for 14 years • Working with Cloud, SOA, APIs, MQTT, IoT 3
  3. 3. Firstly, does it matter?
  4. 4. “Google Hacking”
  5. 5. http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
  6. 6. http://freo.me/1pbUmof
  7. 7. So what is different about IoT? • The longevity of the device – Updates are harder (or impossible) • The size of the device – Capabilities are limited – especially around crypto • The fact there is a device – Usually no UI for entering userids and passwords • The data – Often highly personal • The mindset – Appliance manufacturers don’t think like security experts – Embedded systems are often developed by grabbing existing chips, designs, etc
  8. 8. Physical Hacks A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
  9. 9. Or try this at home? http://freo.me/1g15BiG
  10. 10. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html
  11. 11. Hardware recommendations • Don’t rely on obscurity
  12. 12. Hardware recommendations • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity
  13. 13. Hardware Recommendation #2 • Unlocking a single device should risk only that device’s data
  14. 14. The Network
  15. 15. Crypto on small devices • Practical Considerations and Implementation Experiences in Securing Smart Object Networks – http://tools.ietf.org/html/draft-aks-crypto-sensors-02
  16. 16. ROM requirements
  17. 17. ECC is possible (and about fast enough)
  18. 18. Crypto Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
  19. 19. Won’t ARM just solve this problem?
  20. 20. Cost matters 8 bits $5 retail $1 or less to embed 32 bits $25 retail $?? to embed
  21. 21. Another option?
  22. 22. SIMON and SPECK https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
  23. 23. Datagram Transport Layer Security (DTLS) • UDP based equivalent to TLS • https://tools.ietf.org/html/rfc4347
  24. 24. Key distribution
  25. 25. CoAP • Constrained Application Protocol – http://tools.ietf.org/html/draft-ietf-core-coap-18 – REST-like model built on UDP – Californium project coming soon to Eclipse IoT • No authentication or authorization – Relies on DLTS or data in the body
  26. 26. MQTT
  27. 27. MQTT • Very lightweight messaging protocol – Designed for 8-bit controllers, SCADA, etc – Low power, low bandwidth – Binary header of 2 bytes – Lots of implementations • Mosquitto, Paho, RSMB and Moquette from Eclipse – Clients: • Arduino, Perl, Python, PHP, C, Java, JS/Node.js, .Net, etc • Plus an even lighter-weight version for Zigbee – MQTT-SN (Sensor Network)
  28. 28. MQTT • Relies on TLS for confidentiality • Username/Password field
  29. 29. Passwords • Passwords suck for humans • They suck even more for devices
  30. 30. Tokens
  31. 31. Why OAuth2? • Widely implemented • Pretty good – Of course there is never 100% agreement – Or certainty with security protocols • Not just HTTP: – http://tools.ietf.org/html/draft-ietf-kitten-sasl- oauth-12 – OAuth2 used with SSL
  32. 32. Why FIAM for IoT? • Can enable a meaningful consent mechanism for sharing of device data • Giving a device a token to use on API calls better than giving it a password – Revokable – Granular • May be relevant for both – Device to cloud – Cloud to app
  33. 33. Two aspects using OAuth with IoT • On the device – Tokens are good – Limiting the access of the device • On the cloud – Putting users in control of their data – Just good current practice • Demo with MQTT – But not just for MQTT – Also for the cloud, CoAP, and other protocols too
  34. 34. Demo components Mosquitto (Open Source MQTT Broker) Acting as “Resource Server” Mosquitto_py_auth mqtt-oauth2.py IdP WSO2 Identity Server ESB Introspection API Refresher.py Arduino CreateToken.py 1 2 3 4 5 6
  35. 35. WSO2 Identity Server
  36. 36. Lessons learnt • MQTT and MPU / I2C code is 97% of Duemilanove – Adding the final logic to do OAuth2 flow pushed it to 99% – No TLS in this demo is a big issue • Different Oauth2 implementations behave differently (e.g. changing the refresh token every time you refresh) • Need to be able to update the scope of token if this will work for long term embedded devices • The refresh flow should not really go via the Resource server – Easy fix • MQTT should have a well defined model for sending a message to just one client (securely)
  37. 37. What I haven’t covered enough of
  38. 38. Summary • Think about security with your next device • We as a community need to make sure that the next generation of IoT devices are secure • We need to create exemplars – Shields – Libraries – Server software – Standards
  39. 39. Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×