Securing	
  the	
  Internet	
  of	
  Things	
  
Paul	
  Fremantle	
  
CTO,	
  WSO2	
  (paul@wso2.com)	
  
PhD	
  researche...
About	
  me	
  
•  CTO	
  and	
  Co-­‐Founder	
  
WSO2	
  
– Open	
  Source	
  Middleware	
  
plaLorm	
  
•  Part-­‐Mme	
 ...
Firstly,	
  does	
  it	
  maQer?	
  
	
  
“Google	
  	
  
Hacking”	
  
hQp://www.forbes.com/sites/kashmirhill/2013/07/26/smart-­‐homes-­‐hack/	
  	
  
hQp://freo.me/1pbUmof	
  
So	
  what	
  is	
  different	
  about	
  IoT?	
  
•  The	
  longevity	
  of	
  the	
  device	
  
–  Updates	
  are	
  hard...
Physical	
  Hacks	
  
A	
  PracMcal	
  AQack	
  on	
  the	
  MIFARE	
  Classic:	
  	
  
hQp://www.cs.ru.nl/~flaviog/publica...
Or	
  try	
  this	
  at	
  home?	
  
hQp://freo.me/1g15BiG	
  	
  
hQp://www.cl.cam.ac.uk/techreports/UCAM-­‐CL-­‐TR-­‐630.html	
  	
  
Hardware	
  recommendaMons	
  
•  Don’t	
  rely	
  on	
  obscurity	
  
	
  
Hardware	
  recommendaMons	
  
•  Don’t	
  rely	
  on	
  obscurity	
  
•  Don’t	
  rely	
  on	
  obscurity	
  
•  Don’t	
 ...
Hardware	
  RecommendaMon	
  #2 	
  	
  
•  Unlocking	
  a	
  single	
  device	
  should	
  risk	
  only	
  that	
  
devic...
The	
  Network	
  
Crypto	
  on	
  small	
  devices	
  
•  PracMcal	
  ConsideraMons	
  and	
  ImplementaMon	
  
Experiences	
  in	
  Securin...
ROM	
  requirements	
  
ECC	
  is	
  possible	
  	
  
(and	
  about	
  fast	
  enough)	
  
Crypto	
  
Borrowed	
  from	
  Chris	
  Swan:	
  
	
  hQp://www.slideshare.net/cpswan/security-­‐protocols-­‐in-­‐constrai...
Won’t	
  ARM	
  just	
  solve	
  this	
  problem?	
  
Cost	
  maQers	
  
8	
  bits	
  
$5	
  retail	
  
$1	
  or	
  less	
  to	
  embed	
  
32	
  bits	
  
$25	
  retail	
  
$??...
Another	
  opMon?	
  
SIMON	
  and	
  SPECK	
  
hQps://www.schneier.com/blog/archives/2013/07/simon_and_speck.html	
  	
  
Datagram	
  Transport	
  Layer	
  Security	
  
(DTLS)	
  
•  UDP	
  based	
  equivalent	
  to	
  TLS	
  
•  hQps://tools.i...
Key	
  distribuMon	
  
CoAP	
  
•  Constrained	
  ApplicaMon	
  Protocol	
  
– hQp://tools.ieL.org/html/dra_-­‐ieL-­‐core-­‐coap-­‐18	
  	
  
– R...
MQTT	
  
MQTT	
  
•  Very	
  lightweight	
  messaging	
  protocol	
  
–  Designed	
  for	
  8-­‐bit	
  controllers,	
  SCADA,	
  et...
MQTT	
  
•  Relies	
  on	
  TLS	
  for	
  confidenMality	
  
•  Username/Password	
  field	
  
Passwords	
  
•  Passwords	
  suck	
  for	
  humans	
  
•  They	
  suck	
  even	
  more	
  for	
  devices	
  
	
  
Tokens	
  
Why	
  OAuth2?	
  
•  Widely	
  implemented	
  
•  PreQy	
  good	
  	
  
– Of	
  course	
  there	
  is	
  never	
  100%	
 ...
Why	
  FIAM	
  for	
  IoT?	
  
•  Can	
  enable	
  a	
  meaningful	
  consent	
  mechanism	
  
for	
  sharing	
  of	
  dev...
Two	
  aspects	
  using	
  OAuth	
  with	
  IoT	
  	
  
•  On	
  the	
  device	
  
– Tokens	
  are	
  good	
  
– LimiMng	
...
Demo	
  components	
  
	
  
MosquiQo	
  
(Open	
  Source	
  MQTT	
  
Broker)	
  
	
  
AcMng	
  as	
  “Resource	
  
Server”...
WSO2	
  IdenMty	
  Server	
  
	
  
Lessons	
  learnt	
  
•  MQTT	
  and	
  MPU	
  /	
  I2C	
  code	
  is	
  97%	
  of	
  Duemilanove	
  
–  Adding	
  the	
  ...
What	
  I	
  haven’t	
  covered	
  enough	
  of	
  
Summary	
  
•  Think	
  about	
  security	
  with	
  your	
  next	
  device	
  
•  We	
  as	
  a	
  community	
  need	
  t...
QuesMons?	
  
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Securing IoT Applications
Upcoming SlideShare
Loading in...5
×

Securing IoT Applications

1,178

Published on

Published in: Technology, Education
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,178
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
88
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Securing IoT Applications

  1. 1. Securing  the  Internet  of  Things   Paul  Fremantle   CTO,  WSO2  (paul@wso2.com)   PhD  researcher,  Portsmouth  University   (paul.fremantle@port.ac.uk)     @pzfreo  
  2. 2. About  me   •  CTO  and  Co-­‐Founder   WSO2   – Open  Source  Middleware   plaLorm   •  Part-­‐Mme  PhD  looking  at   security   •  Working  in  Apache  for   14  years   •  Working  with  Cloud,   SOA,  APIs,  MQTT,  IoT   2  
  3. 3. Firstly,  does  it  maQer?    
  4. 4. “Google     Hacking”  
  5. 5. hQp://www.forbes.com/sites/kashmirhill/2013/07/26/smart-­‐homes-­‐hack/    
  6. 6. hQp://freo.me/1pbUmof  
  7. 7. So  what  is  different  about  IoT?   •  The  longevity  of  the  device   –  Updates  are  harder  (or  impossible)   •  The  size  of  the  device   –  CapabiliMes  are  limited  –  especially  around  crypto   •  The  fact  there  is  a  device   –  Usually  no  UI  for  entering  userids  and  passwords   •  The  data   –  O_en  highly  personal   •  The  mindset   –  Appliance  manufacturers  don’t  think  like  security  experts   –  Embedded  systems  are  o_en  developed  by  grabbing  exisMng   chips,  designs,  etc  
  8. 8. Physical  Hacks   A  PracMcal  AQack  on  the  MIFARE  Classic:     hQp://www.cs.ru.nl/~flaviog/publicaMons/AQack.MIFARE.pdf     Karsten  Nohl  and  Henryk  Plotz.  MIFARE,  LiQle  Security,  Despite  Obscurity  
  9. 9. Or  try  this  at  home?   hQp://freo.me/1g15BiG    
  10. 10. hQp://www.cl.cam.ac.uk/techreports/UCAM-­‐CL-­‐TR-­‐630.html    
  11. 11. Hardware  recommendaMons   •  Don’t  rely  on  obscurity    
  12. 12. Hardware  recommendaMons   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity    
  13. 13. Hardware  RecommendaMon  #2     •  Unlocking  a  single  device  should  risk  only  that   device’s  data  
  14. 14. The  Network  
  15. 15. Crypto  on  small  devices   •  PracMcal  ConsideraMons  and  ImplementaMon   Experiences  in  Securing  Smart  Object  Networks   –  hQp://tools.ieL.org/html/dra_-­‐aks-­‐crypto-­‐sensors-­‐02  
  16. 16. ROM  requirements  
  17. 17. ECC  is  possible     (and  about  fast  enough)  
  18. 18. Crypto   Borrowed  from  Chris  Swan:    hQp://www.slideshare.net/cpswan/security-­‐protocols-­‐in-­‐constrained-­‐environments/13    
  19. 19. Won’t  ARM  just  solve  this  problem?  
  20. 20. Cost  maQers   8  bits   $5  retail   $1  or  less  to  embed   32  bits   $25  retail   $??  to  embed  
  21. 21. Another  opMon?  
  22. 22. SIMON  and  SPECK   hQps://www.schneier.com/blog/archives/2013/07/simon_and_speck.html    
  23. 23. Datagram  Transport  Layer  Security   (DTLS)   •  UDP  based  equivalent  to  TLS   •  hQps://tools.ieL.org/html/rfc4347  
  24. 24. Key  distribuMon  
  25. 25. CoAP   •  Constrained  ApplicaMon  Protocol   – hQp://tools.ieL.org/html/dra_-­‐ieL-­‐core-­‐coap-­‐18     – REST-­‐like  model  built  on  UDP   – Californium  project  coming  soon  to  Eclipse  IoT   •  No  authenMcaMon  or  authorizaMon   – Relies  on  DLTS  or  data  in  the  body      
  26. 26. MQTT  
  27. 27. MQTT   •  Very  lightweight  messaging  protocol   –  Designed  for  8-­‐bit  controllers,  SCADA,  etc   –  Low  power,  low  bandwidth   –  Binary  header  of  2  bytes   –  Lots  of  implementaMons   •  MosquiQo,  Paho,  RSMB  and  MoqueQe  from  Eclipse   –  Clients:   •  Arduino,  Perl,  Python,  PHP,  C,  Java,  JS/Node.js,  .Net,  etc   •  Plus  an  even  lighter-­‐weight  version  for  Zigbee   –  MQTT-­‐SN  (Sensor  Network)  
  28. 28. MQTT   •  Relies  on  TLS  for  confidenMality   •  Username/Password  field  
  29. 29. Passwords   •  Passwords  suck  for  humans   •  They  suck  even  more  for  devices    
  30. 30. Tokens  
  31. 31. Why  OAuth2?   •  Widely  implemented   •  PreQy  good     – Of  course  there  is  never  100%  agreement   – Or  certainty  with  security  protocols   •  Not  just  HTTP:   – hQp://tools.ieL.org/html/dra_-­‐ieL-­‐kiQen-­‐sasl-­‐ oauth-­‐12   – OAuth2  used  with  SSL      
  32. 32. Why  FIAM  for  IoT?   •  Can  enable  a  meaningful  consent  mechanism   for  sharing  of  device  data   •  Giving  a  device  a  token  to  use  on  API  calls   beQer  than  giving  it  a  password   – Revokable   – Granular   •  May  be  relevant  for  both   – Device  to  cloud   – Cloud  to  app  
  33. 33. Two  aspects  using  OAuth  with  IoT     •  On  the  device   – Tokens  are  good   – LimiMng  the  access  of  the  device   •  On  the  cloud   – Puvng  users  in  control  of  their  data   – Just  good  current  pracMce   •  Demo  with  MQTT     – But  not  just  for  MQTT   – Also  for  the  cloud,  CoAP,  and  other  protocols  too  
  34. 34. Demo  components     MosquiQo   (Open  Source  MQTT   Broker)     AcMng  as  “Resource   Server”     MosquiQo_py_auth     mqQ-­‐oauth2.py   IdP     WSO2  IdenMty   Server   ESB   IntrospecMon   API   Refresher.py   Arduino   CreateToken.py   1 2 3 4 5 6
  35. 35. WSO2  IdenMty  Server    
  36. 36. Lessons  learnt   •  MQTT  and  MPU  /  I2C  code  is  97%  of  Duemilanove   –  Adding  the  final  logic  to  do  OAuth2  flow  pushed  it  to  99%   –  No  TLS  in  this  demo  is  a  big  issue   •  Different  Oauth2  implementaMons  behave  differently   (e.g.  changing  the  refresh  token  every  Mme  you  refresh)   •  Need  to  be  able  to  update  the  scope  of  token  if  this  will   work  for  long  term  embedded  devices   •  The  refresh  flow  should  not  really  go  via  the  Resource   server   –  Easy  fix     •  MQTT  should  have  a  well  defined  model  for  sending  a   message  to  just  one  client  (securely)  
  37. 37. What  I  haven’t  covered  enough  of  
  38. 38. Summary   •  Think  about  security  with  your  next  device   •  We  as  a  community  need  to  make  sure  that   the  next  generaMon  of  IoT  devices  are  secure   •  We  need  to  create  exemplars   – Shields   – Libraries   – Server  so_ware   – Standards  
  39. 39. QuesMons?  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×