Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Senzations’15: Secure Internet of Things

Security challenges for IoT based solutions

  • Login to see the comments

Senzations’15: Secure Internet of Things

  1. 1. Secure Internet of Things: Challenges and potential approaches Dr.-Ing. Konrad Wrona NATO Communications and Information Agency 1
  2. 2. Internet of Things 2
  3. 3. Internet of Threats 3
  4. 4. Internet of Threats 4
  5. 5. Internet of Threats § A baby monitoring in Texas, USA § The newly-crowned Miss Teen USA § A botnet of over 100,000 hijacked everyday consumer devices § Delivery of incorrect dosages of insulin, § Printers catching on fire 5
  6. 6. What is Internet of Things? 6
  7. 7. Attacks on SCADA and M2M § Theft of water (Gignac Canal System in France) § Release of raw sewage, Maroochy Shire Sewage plant in Australia) § Interference with a Landsat-7 earth observation satellite § Computer viruses infecting the ground-control systems of the Predator and Reaper remotely piloted aircraft 7
  8. 8. What are the solutions § Secure configuration of the devices and OS § Secure network communication § Secure storage § Physical security § Hack-proof security is unrealistic •  Need for intrusion detection and response § Defence-in-depth approach •  Several complementary security mechanisms •  Context-aware security and broken-glass policies 8
  9. 9. TLS/DTLS/eDTLS § TLS – Transport Layer Security •  The most widely deployed security protocol •  Uses TCP: requires reliable, in-order packet delivery § DTLS – Datagram Transport Layer Security •  Uses UDP: works with unreliable, out-of-order packet delivery used in constrained platforms and networks •  No multi-record stream cyphers § eDTLS on small embedded platforms •  Reduced state-machine code size, data overhead, compressed handshake protocol •  More keying flexibility: Pre-shared, raw public/private, X.509 certificate 9
  10. 10. Where are the problems § Network layer security is the easy part § Security provisioning and management is difficult •  Constrained user interface •  Amount of devices •  Untrained users § Higher security means higher initial cost, complexity, power •  However, data or life loss might be more expensive 10
  11. 11. Internet of Threats 11
  12. 12. DARPA view on IoT security 12
  13. 13. So, does all military equipment has military-level security? 13
  14. 14. Car hacking 14
  15. 15. Car hacking 15
  16. 16. Car hacking 16
  17. 17. Data recorded by automobile manufacturers §  BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes- Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen, and Volvo §  Aston Martin, Lamborghini, and Tesla did not respond 17
  18. 18. Data recorded by automobile manufacturers 18
  19. 19. Data recorded by automobile manufacturers 19
  20. 20. Data recorded by automobile manufacturers §  Physical location recorded at regular intervals; §  Previous destinations entered into navigation system; §  Last location parked. §  Potential crash events, such as sudden changes in speed; §  Status of steering angle, brake application, seat belt use, and air bag deployment; §  Fault/error codes in electronic systems. §  Vehicle speed; §  Direction/heading of travel; §  Distances and times traveled; §  Average fuel economy/ consumption; §  Status of power windows, doors, and locks; §  Tire pressure; §  Fuel level; §  Engine RPM; §  Odometer reading; §  Mileage since last oil change; §  Battery health; §  Coolant temperature; §  Engine status; §  Exterior temperature and pressure. 20
  21. 21. Why worry? 21
  22. 22. Why we need fine grained access control? 22
  23. 23. How to protect customers from the Internet of Threats? § Market design •  Ask at the Business track of the school § Legislation 23
  24. 24. Example of Legislation: Security and Privacy in Your (SPY) Car Act (2015) § Vehicle owners to be made aware of what data is being collected, transmitted and shared § To be offered the chance to opt out of data collection without losing access to key navigation or other features where feasible § Requiring an easy method for consumers to evaluate how well an automaker goes beyond the minimums defined in the proposed law 24
  25. 25. § Market design •  Ask at the Business track of the school § Legislation § Secure design •  Technology •  Usability of configuration •  Easy understanding of implications 25 How to protect customers from the Internet of Threats?
  26. 26. OLP Dimensions 26
  27. 27. 27
  28. 28. Proposed solution: CPR •  Originator defines content description (attributes), not confidentiality markings •  Content attributes determine –  Protection requirements •  How the content is to be processed and stored –  Release conditions •  To whom it can be released 28 {PROTECTION  REQUIREMENTS} {RELEASE  CONDITIONS} Terminal   attributes User  attributes ACCESS  REQUEST D D + RELEASE  DECISION CPRESS
  29. 29. NATO Object Level Protection: Content-based Protection and Release 29
  30. 30. CPR cryptographic access control: Encryption 30
  31. 31. CPR cryptographic access control: Decryption 31
  32. 32. BobAlice sksk Symmetric Key Encryption Schemes § Same secret key used for encryption and decryption. § Any user can generate keys. § Relies on an authenticated distribution mechanism. 32
  33. 33. BobAlice pk CA sk pk sk Public-Key Encryption Schemes § Different keys for encryption and decryption •  The encryption key is made public •  The decryption key is kept secret § Any user can generate keys. § Relies on authenticated distribution mechanism for public keys. 33
  34. 34. BobAlice sk alice@email.com bob@email.com Key  Distribution sk Identity-Based Encryption Schemes § Public-key encryption scheme with custom- formatted public keys § No longer relies on authenticated distribution mechanism for public keys § Private keys need to be generated by a central entity 34
  35. 35. BobAlice Key  Distribution Female MSc Management Male Medical Trainee Female  ˅  Trainee Attribute-Based Encryption Schemes § Extension of IBE where users can be assigned various attributes •  Users receive private keys corresponding to their attributes. •  Ciphertexts are linked with a predicate on the attributes. •  Decryption ciphertext possible by a user if and only if the linked predicate evaluates to TRUE on its user attributes. 35
  36. 36. § Predicate Encryption (PE) •  Also incorporates schemes that support predicate hiding. § Functional Encryption (FE) •  Also incorporates schemes where the outcome of a decryption is a non-trivial function of the involved message, predicate and key. § Relationship: 𝑃𝐾𝐸⊂ 𝐼𝐵𝐸⊂ 𝐴𝐵𝐸⊂ 𝑃𝐸⊂ 𝐹𝐸. Other Related Encryption Schemes 9/4/15 36NATO UNCLASSIFIED RELEASABLE TO PFP
  37. 37. Hybrid Encryption with ABE § Concept •  Encrypt plaintext with symmetric encryption scheme. •  Encrypt symmetric key using ABE. § Motivation •  The overhead of using ABE is relative to the size of the data it encrypts. •  Symmetric keys tend to be much smaller than the plaintext to be encrypted. •  Limited overhead when using symmetric encryption. •  This significantly reduces the overhead of using ABE relative to the plaintext to be encrypted. 37
  38. 38. Definition Attribute-Based Encryption § Let 𝑃: 𝐾× 𝐼→{0,1} be a PT predicate. § ABE consists of four PPT algorithms: Ø ( 𝑝𝑘, 𝑚𝑠𝑘)← 𝑆𝑒𝑡𝑢𝑝(​1↑𝜆 ) Ø  𝑠𝑘← 𝐾𝑒𝑦𝐺𝑒𝑛( 𝑚𝑠𝑘, 𝒌) Ø  𝑐← 𝐸𝑛𝑐𝑟𝑦𝑝𝑡( 𝑝𝑘,  (𝒊𝒏𝒅, 𝑚)) Ø  𝑦← 𝐷𝑒𝑐𝑟𝑦𝑝𝑡(𝑠𝑘, 𝑐) where 𝑘∈ 𝐾 and 𝑖𝑛𝑑∈ 𝐼 and Ø  𝑦={█■𝑚      if   𝑃( 𝑘, 𝑖𝑛𝑑)=1⁠⊥      if   𝑃(𝑘, 𝑖𝑛𝑑)=0   38
  39. 39. Key Policy § The key space 𝐾 consists of 𝑛-variable Boolean formulas 𝜙. § Elements 𝑖𝑛𝑑= 𝑧=(​ 𝑧↓1 ,​ 𝑧↓2 ,⋯,​ 𝑧↓𝑛 ) from the index space 𝐼∈​{0,1}↑𝑛  are interpreted as representations of 𝑛 Boolean values. §  𝑃(𝜙, 𝑧)={█■1        if   𝜙(𝑧)=1        ⁠0        otherwise               39
  40. 40. Ciphertext Policy § The key space 𝐾=​{0,1}↑𝑛  consists of representations 𝑘= 𝑧=(​ 𝑧↓1 ,​ 𝑧↓2 ,⋯,​ 𝑧↓𝑛 ) of 𝑛 Boolean values. § Elements 𝑖𝑛𝑑= 𝜙 from the index space 𝐼 are 𝑛-variable Boolean formulas. §  𝑃(𝑧, 𝜙)={█■1        if   𝜙(𝑧)=1        ⁠0        otherwise               40
  41. 41. Challenger Adversary (Setup) (Query  Phase  1) (Challenge  set  selection) (Plaintext  submission) (Query  Phase  2) (Guess) (Challenge  response) public  parameters key  queries attribute  set  S  not  accepted  by  queried  keys challenge  messages  m0,  m1 Encrypt(pk,(S,m0))  or  Encrypt(pk,(S,m1)) queries  for  keys  with  policy  not  accepting  S m0  or  m1 Full Security § Security defined by the following game: 41 41
  42. 42. Challenger Adversary (Setup) (Query  Phase  1) (Challenge  set  selection) (Plaintext  submission) (Query  Phase  2) (Guess) (Challenge  response) public  parameters attribute  set  S challenge  messages  m0,  m1 Encrypt(pk,(S,m0))  or  Encrypt(pk,(S,m1)) queries  for  keys  with  policy  not  accepting  S m0  or  m1 queries  for  keys  with  policy  not  accepting  S Selective Security § Security defined by the following game: 4242
  43. 43. Selective Security Limitations § Can only use policies that accept the challenge attribute set. § Can only use attributes in the challenge attribute set. •  This in particular makes selective security unsuitable for ABE schemes that need to support both positive and negative attributes. § Therefore, we mainly focus on fully secure schemes. 43
  44. 44. § Attribute assignments are Boolean. •  E.g., a person may get assigned the attribute “member”, “not a member” or no attribute related to membership at all. § Relatively efficient inequality comparisons involving static integers are however possible. •  Uses attributes corresponding to bit representations. •  E.g., 6 encodes as the set {“1∗∗”,  “∗1∗”,  “∗∗0”}. •  E.g, 𝑎  <  5 encodes as “0∗∗”  ∨  (“∗0∗”  ∧  “∗∗0”). Inequalities in Policies 9/4/15 44NATO UNCLASSIFIED RELEASABLE TO PFP
  45. 45. Revocation § Revocation mechanism types •  Indirect revocation •  Direct revocation § Efficiency-enhancing techniques for revocation 45
  46. 46. USE CASES 46
  47. 47. §  Provide protection of information in an environment where both communication and data storage infrastructure are controlled by a third party §  Support all standard information exchange scenarios CPR cryptographic access control: Infrastructure 47
  48. 48. CPR Example: Information sharing for Passive Missile Defence 48 NATO Desktop located in Class I areaNATO employee with NATO Secret clearance NATO contractor with NATO Restr. clearance NATO laptop Red Cross worker Unknown terminal Full view Partial view Public information only CPR
  49. 49. Thank you! konrad.wrona@ncia.nato.int

×