Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IoT Meets Security

3,421 views

Published on

Habib Virji covers how IoTivity handles security in order to meet the needs of modern technology.

Published in: Software
  • Be the first to comment

IoT Meets Security

  1. 1. 1Samsung Open Source Group IoT meets Security Habib Virji habib.virji@samsung.com Samsung Open Source Group Samsung Research, UK LinuxCon Europe 2015 Dublin, Ireland, October 5 – 7, 2015
  2. 2. 2Samsung Open Source Group Agenda  Need for IoT Security  Overview of IoTivity  Device Security – Onboarding – Provisioning – Software Resource Manager – Hardware Hardening  Connectivity – Local – Remote  Privacy
  3. 3. 3Samsung Open Source Group Need for IoT Security  IoT device to be around 26 billion by 2020 [1]  Increase in IoT device require strong security.  Lots of issues still in current IoT devices:[4] – 80% of devices had privacy issues. – 70% of devices used unencrypted network. – 90% of device collected personal information. – 70% of device along with their cloud enable attacker to identify valid user account using account renumeration.  Need for IoT devices to have device, network and privacy concerns addressed.
  4. 4. 4Samsung Open Source Group IoTivity Overview  IoTivity is Linux Foundation project to implement the OIC standard. – OIC is an industry consortium to define a IoT (Internet of Things) standard and certification. – IoTivity implementation is happening in parallel.  Discovery of device is done by looking for a RESTful interface using multicast communication.  Communication is done using: – CoAP (Constrained Application Protocol) over UDP in local scenarios. – XMPP is used in remote scenarios.  Support for multiple OSs platforms – Tizen, Android, Linux, Arduino, etc.
  5. 5. 5 OIC Server Samsung Open Source Group Resource Model  Discovery  Control resource  Observe Status: On/Of Dimming: 0-100 Resource Property: rt=oic.light (Type) ra=192.168.1.1/a/light (Address) obs=1 (Observable) acl=oic/sec/acl/1 (Access Control) Resource Attributes: { “status” : on “dimming” : 35 } Discover Connect & ControlOIC Client Resource
  6. 6. 7Samsung Open Source Group IoTivity Security  Protection of resources.  Three step in the security mechanism – Connectivity. – Secure channel. – Privacy permission.  Device needs to be onboarded and provisioned. Discover Connect & ControlOIC Client OIC Server Resource Access Control
  7. 7. 8Samsung Open Source Group Device Security
  8. 8. 9 Use Case: Device Provisioning LAN Network (Home) LAN Network (Home) Home Gateway Smart Device CloudCloud IP Camera (Thin Device) Smart Device
  9. 9. 10 OWASP Device Security Risks  Physical – Poor physical security  Software – Insecure cloud interface – Insecure mobile interfaces – Insufficient security configuration – Insecure software/firmware
  10. 10. 11Samsung Open Source Group Onboarding  Establishes device ownership. – Device becomes part of the user network. – Device cannot onboard other device ownership.  It is a two step process: – Isolated secure communication between physical device and onboarding tool (OBT). – Then it assigns ownership key and second carrier key  Onboarding relies on ownership transfer protocol. – Ownership credential (OC) establishes OBT and device communication and authenticate each other.  Ownership protocols – Just Work – Random PIN – Asymmetric (Certificate)
  11. 11. 12Samsung Open Source Group © SAMSUNG Electronics Co. Ownership Transfer – Just Works Onboarding Tool Enrolling DeviceOnboarding Tool Ownership Transfer Start GET /oic/sec/doxm?Owned=”False” RSP [{“OxmType”: “oic.sec.doxm.jw”, “DeviceId”: “UUID”}] Discovery Preparing for Ownership transfer using Just Works Set Ownership transfer Method PUT /oic/sec/doxm [{“OxmSel”: “oic.sec.doxm.jw”}] RSP 2.04 SRM enables TLS_ECDH_anon_WITH_AES_12SHA256 cipher suite DTLS Connection PUT /oic/sec/doxm [{“Owned”: “T”, “Owner”: “Admin0””}] RSP 2.04 Ownership Transfer Stops
  12. 12. 13Samsung Open Source Group © SAMSUNG Electronics Co. Ownership Transfer – Random PIN Onboarding Tool Enrolling DeviceOnboarding Tool Ownership Transfer Start GET /oic/sec/doxm?Owned=”False” RSP [{“OxmType”: “oic.sec.doxm.rdp”, “DeviceId”: “UUID”}] Discovery Preparing for Ownership transfer using Random PIN Set Ownership transfer Method PUT /oic/sec/doxm [{“OxmSel”: “oic.sec.doxm.rdp”}] RSP 2.04 SRM enables TLS_ECDHE_PSK_WITH_AES_128_CBC_SH A256 cipher suite DTLS Connection PUT /oic/sec/doxm [{“Owned”: “T”, “Owner”: “Admin0””}] RSP 2.04 Ownership Transfer Stops
  13. 13. 14Samsung Open Source Group © SAMSUNG Electronics Co. Owner transfer protocol - Asymmetric certificate  Minimum certificate size (292 bytes) and minimal parser.  Certificate generated with signed certificate and asymmetric key pair. – OBT binary app signed trusted CA to communicate with above certificate. – Device and OBT authenticate each other using ECDSA. – Authenticate successful then link exchange over ECDH. Root CA Manufacturer1 CA Manufacturer2 CA Gateway Sub CA Manufacturer1 Dev Sub-CA Manufacturer1 Dev Sub-CA2 M1 Dev Cert M1 Dev Cert Manufacturer2 Dev Cert
  14. 14. 15Samsung Open Source Group © SAMSUNG Electronics Co. 8 Onboarding Tool Enrolling DeviceOnboarding Tool Ownership Transfer Start GET /oic/sec/doxm?Owned=”False” RSP [{“OxmType”: “oic.sec.doxm.mfgcert”, “DeviceId”: “UUID”}] Discovery Preparing for Ownership transfer using Certificate Set Ownership transfer Method PUT /oic/sec/doxm [{“OxmSel”: “oic.sec.doxm.mfgcert”}] RSP 2.04 SRM enables TLS_ECDHE_ECDSA_WITH_AES_128_CCM_ 8_SHA256 cipher suite DTLS Connection POST /oic/sec/doxm [{“credid”: “..”, “sub”: “..”, “credType”: “8”, “pdbdata”: “device and CA in base 64”, “pvdata”: {“x”: “x position of elliptic curve in base 64”, “y”: “y position of elliptic curve in base 64”, “ownrs”: “” }}] RSP 2.04 Ownership Transfer Stops Owner transfer protocol - Asymmetric certificate
  15. 15. 16Samsung Open Source Group © SAMSUNG Electronics Co. Provisioning  Credential are transferred from OBT to device.  Device needs to engage with bootstrap server to provision – Client directed: Client update server is in need of provisioning. – Server directed: Server self checks if it is provisioned.  Proper security credential and parameters.  Parameters include: – Security credentials through credential management service. – Access control policies and ACL – Devices are self aware about security provision status.
  16. 16. 17Samsung Open Source Group © SAMSUNG Electronics Co. Provisioning 8 Onboarding Tool Enrolling DeviceOnboarding Tool ACL Provisioning Start GET /oic/sec/pstat RSP [{“IsOp”: “False”, “Sm”: “0x11”}] Status Client Mode PUT /oic/sec/pstat [{“Om”: “0x11”}] RSP 2.04 RSP 2.04 ACL Provisioning Stop DTLS with Owner PSK RSP 2.04 RSP 2.04
  17. 17. 18Samsung Open Source Group © SAMSUNG Electronics Co. Secure Resource Manager (SRM)  Management of the secure virtual resource and ACL [3]. Secure Resource Manager Layer Resource Manager (RM) Persistent Storage interface Policy Engine (PE) Connection Abstraction (CA) Layer DTLS Module Resource Introspection (RI) Layer Application Secure Virtual Resource Database
  18. 18. 19Samsung Open Source Group Hardware Hardening  Secure storage is to provided using encryption and hardware security.  Secure execution environment: – Secure storage – Secure execution engine – Trusted I/O paths – Secure Time Source/Clock – Random number generator – Cryptographic algorithm – Hardware tampering
  19. 19. 20Samsung Open Source Group Connectivity
  20. 20. 21 Use Case: Local and Remote Network Connectivity Smoke & Carbon Monoxide Detector Smart Locks Smart Lights LAN Network (Home) LAN Network (Home) Home Gateway Smart Device CloudCloud Smart Device
  21. 21. 22 OWASP Network Security Risks ● Insecure network services ● Lack of transport encryption ● Insecure web interface ● Insufficient authentication/authorization
  22. 22. 23Samsung Open Source Group Secure Connectivity  DTLS to provide packet by packet protection.  OIC client and server communication should be protected using – Eavesdropping – Message replay – Tampering  Device authentication – Client verifies server using device id – Client if it has match sends server message – Server verifies message exchange dtls_write dtls_handle_message tinyDTLS tinyDTLS IoTivity
  23. 23. 24Samsung Open Source Group Low End Device Secure Connectivity ● Low end device uses extension of DTLS handshake to establish session keys. ● Based on Diffie-Hellman key agreement. ● Can be used in owner transfer protocol to establish keys. ● Breaks down further DTLS handshake to ease smaller packet transfer and fragmented PDU. – 6 way message protocol instead of 3 message. tinyDTLS
  24. 24. 25Samsung Open Source Group Remote connectivity  OIC device communicate with XMPP server – Authenticates using XMPP roster credential  Device identified using JID – Server: me@mydomain.com/oic/1.0/oic.d.light/FFFFDDDD- YYYY-4567-JADE-123456789A123 – Client: me@mydomain.com/oic/1.0/client/FFFFDDDD-YYYY- 4567-JADE-123456789A123  Remote XMPP server and OIC server have secure connection.  Inband bytestream is used between XMPP and OIC server.
  25. 25. 26Samsung Open Source Group Privacy
  26. 26. 27 Use Case: Controlling Access Wife's Tablet LAN Network (Home) LAN Network (Home) Child 2 Room Child 1 Room X
  27. 27. 28Samsung Open Source Group Privacy  Protects resources at the OIC server.  ACL are defined via ACE (access control entities).  Every resource should have an ACE.  ACE are stored either locally or remotely on Access manager server (AMS).  ACL needs to be secure stored and partitioned between logical OIC servers.  Access control levels is per group, device, resource or properties.
  28. 28. 29Samsung Open Source Group Local Access Control Is light open? Request Accept Response Turn Light Off Request Reject Response acl[0] acl[0]
  29. 29. 30 Remote Access Control Samsung Open Source Group Is light open? Request Accept Response Turn Light Off Request Reject Response Request amacl[0] amacl[0] Request AMS1 AMS1 Response Response
  30. 30. 31Samsung Open Source Group © SAMSUNG Electronics Co. Conclusion  IoTivity addresses majority of the OWASP issues.  OIC provides following security functionality: – Onboarding mechanism to get device securely in user network – Policies control who can read/write on to the device. – Secure connectivity between device.  Hardening mechanism suggested.  SRM includes security functionality.
  31. 31. 32Samsung Open Source Group © SAMSUNG Electronics Co. References  [1] http://www.gartner.com/newsroom/id/2636073  [2] https://www.owasp.org/images/8/8e/Infographic-v1.jpg  [3] https://wiki.iotivity.org/iotivity_security  [4] http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf 
  32. 32. 33Samsung Open Source Group Thank You!

×