Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Getting Hacked Via Your Fridge or, 
the IoT Security Imperative 
Amit Rohatgi, president prpl Foundation 
CIE-SF / CINA Se...
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 2
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 3
More connected homes, more problems 
• “Smart refrigerators and TVs 
hacked to send out spam …” 
– NBC news 
• If hackers ...
Incorrect Perception  Bad Planning 
• Integration 
• Device cost 
• Data mining 
• Footprint 
Lower TCO 
Added 
revenue...
Target Breach: an anatomy 
$200M cost, 
CEO ousted 
1 HVAC systems 
Compromised 
credentials from 
HVAC vendor 
monitor te...
How Big Is this Problem? 
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 7
Problem – Enterprise and Corporate Risk 
• According to the MPAA and RIAA – studios 
and artists lost over $10B due to pir...
Problem – Personal Risk 
• Mobile devices are “valuable” – due to their 
transaction and content capabilities 
– Privacy l...
IoT Market Challenges 
• Scale 
– Billions of devices (identity & authentication management, in-field updates, dynamic int...
IoT Security Chain (device-to-datacenter) 
Sensors 
Nodes 
Aggregation Points 
Routers /Gateways 
STBs 
Cloud 
HW Root of ...
IoT Security Aspects 
• System Security must be Embedded 
• Know what is being protected 
• Trust begins at home 
– Secure...
Secure Platform Principles 
Secure Boot 
Secure 
Storage 
Secure 
Execution 
Hardware 
Root 
of Trust 
Secure 
Asset Store...
Platform Security 
• Secure boot process starts out in 
ROM 
• After bootloader, the root of 
trust (hypervisor) is verifi...
Platform Security 
• Secure boot process starts out in 
ROM 
• After bootloader, the root of 
trust (hypervisor) is verifi...
Exploring Virtualization 
Multiple Secure Domains More Reliable & Predictable 
Secure Hypervisor 
CPU 1 CPU 2 CPU 3 CPU 4 ...
IoT in our daily lives 
• Sleep is precious 
• Alarm defaults to 8am 
– +45m (meeting delay) 
– -5m (gas) 
– -15m (acciden...
Portability, Virtualization, and Compute 
WHAT IS prpl? 
IoT & Security: presented Thursday, September 4th, 2014 by Amit R...
What is prpl? 
• A Foundation created to accelerate a robust 
ecosystem via collaboration 
– Open-source community support...
Why Open-Source? 
• Enabling the Big Data 
revolution needs collaborative 
minds 
• Fragmentation will slow down 
innovati...
Synergies Drive Innovation 
• IoT will enable big data 
• big data needs analytics 
• analytics will improve 
processes fo...
KBMBGBPTEBZBYBnon-linear! 
BIG DATA 
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE...
Big Data: The Internet of Cow 
1.5B cows 
200MB/yr/cow 
= 
300,000 GB 
(0.3 petabytes) 
per year 
IoT & Security: presente...
Big Data: Turbines 
12,000 turbines 
500GB/day each 
= 
6 million GB 
(6 petabytes) 
per day 
IoT & Security: presented Th...
Little Data  Big Data  Huge Data 
• Each successive node in the IoT chain adds 
– Data and Storage requirements 
– Proce...
lots of hardware 
DIVERSITY IN IoT 
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 26
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 27
Key Enablers for IoT 
• Processing power 
• Networking infrastructure and connectivity 
• Low cost, secure devices 
• Stor...
Standardization Challenge 
IoT Architecture For Heterogeneous 
Fleets of Things 
1 
3 
© 2013 Gartner, Inc. and/or its aff...
prpl foundation 
PORTABILITY AND VIRTUALIZATION 
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi a...
Mission 
‘prpl’ is an open-source, community-driven, collaborative, non-profit 
consortium focusing on the MIPS architectu...
Scalable Processor Architecture Needed, e.g. MIPS 
1GHz+ CPU Solution 
mobile and home 
entertainment 
32-bit microcontrol...
Key Domains 
Embedded& 
IoT 
Buildroot, RTOS 
Networking 
openWrt, yocto 
Montavista 
Datacenter 
RHEL, Fedora, 
Ubuntu, C...
Work-flow 
Upstream projects: 
gnu.org, kernel.org, llvm.org 
prpl: 
Domains and 
Engineering 
Groups 
regardless of archi...
prpl Engineering Groups (PEGs) 
▪ VZ Ecosystem 
▪ Hypervisors (eg KVM, Fiasco.oc) 
▪ OS 
▪ Data Center – Redhat, Ubuntu, D...
Low Cost Hardware 
❖ MIPS CI20 
➢ dual core MIPS32 CPU @1.2GHz, PowerVR SGX540 GPU, HDMI, 1GB RAM, 8GB Flash, 2 
usb, audi...
Summary: what will prpl do? 
• Focus on the software “glue” necessary to carry secure 
structured and unstructured data fr...
E.g. Develop Software Enabling 
Security and Multiple Contexts 
• Multiple contexts are required 
– Shared resource 
– Pro...
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 39
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 40
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 41 41
Resources 
• http://prplfoundation.org 
• http://www.cisco.com/web/about/ac79/docs/in 
nov/IoE_Economy.pdf 
• http://thein...
Thanks!
How to Get Involved in prpl 
Mailing list 
lists.prplfoundation.org 
Wiki 
wiki.prplfoundation.org 
Forums 
forum.prplfoun...
Upcoming SlideShare
Loading in …5
×

IoT Security Imperative: Stop your Fridge from Sending you Spam

2,248 views

Published on

We've all heard the continuing news about or been victims of hacked passwords, data breaches, identity theft and lost privacy, because our heavy reliance on Internet connectivity. Our digital world necessitates ever improving security. But now we're on the cusp of a major revolution where our appliances, cars, clothes and the very fabric of our lives (no pun intended) are also connected. Software and silicon designers must take active design measures for ensuring user data. In this talk, Amit Rohatgi, president of the prpl Foundation, will outline the market and technical challenges as well as the essential measures in the design phase for securing our ever-more-connected digital world. He will also discuss why open-source is appropriately suited for addressing theses challenge and how the prpl Foundation is tackling this from the ground-up.

Published in: Internet
  • Very nice tips on this. In case you need help on any kind of academic writing visit website ⇒ www.WritePaper.info ⇐ and place your order
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Check the source ⇒ www.WritePaper.info ⇐ This site is really helped me out gave me relief from headaches. Good luck!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I wish I would have found this years ago! I recently got the EZ Battery Reconditioning program and just reconditioned two car batteries. The guides were very easy to follow. I wish I would have found this years ago! Thanks! ♣♣♣ http://ishbv.com/ezbattery/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get paid to post comments on Facebook - $25 per hour ▲▲▲ https://tinyurl.com/rbrfd6j
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get Paid $25 per hour to watch YouTube videos ♥♥♥ http://t.cn/AieXipTS
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

IoT Security Imperative: Stop your Fridge from Sending you Spam

  1. 1. Getting Hacked Via Your Fridge or, the IoT Security Imperative Amit Rohatgi, president prpl Foundation CIE-SF / CINA September Seminar 9/4/2014
  2. 2. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 2
  3. 3. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 3
  4. 4. More connected homes, more problems • “Smart refrigerators and TVs hacked to send out spam …” – NBC news • If hackers can exploit a weakness in a single type of Internet-connected home appliance or system—such as an Internet-connected door lock—they may be able to harm thousands of people at once. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 4
  5. 5. Incorrect Perception  Bad Planning • Integration • Device cost • Data mining • Footprint Lower TCO Added revenue • Security & privacy • Integrity • Reliability Higher cost?? Waste of time?? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 5
  6. 6. Target Breach: an anatomy $200M cost, CEO ousted 1 HVAC systems Compromised credentials from HVAC vendor monitor temp. changes for see how long customers stay 2 Malware programs installed on HVAC systems 3 Unified backend systems at store (and most retailers) 4 PoS system breached 5 Millions of credit card numbers start flowing out 6 Breach detected! Manual intervention was needed 7 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 6
  7. 7. How Big Is this Problem? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 7
  8. 8. Problem – Enterprise and Corporate Risk • According to the MPAA and RIAA – studios and artists lost over $10B due to piracy in 2010 • Technology companies, such as Qualcomm and Cisco, lose hundreds of millions in revenue, due to cloning • Corporate Cloud usage is on the rise with Mobile access – A breach at the corporate level would be very expensive IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 8
  9. 9. Problem – Personal Risk • Mobile devices are “valuable” – due to their transaction and content capabilities – Privacy loss more than hardware loss – Attackers want data, not devices • Mobile cloud storage is UP ! – Need to “bind” device to cloud • Devices are easily “rooted” – Secure sandboxes for data and code execution are required IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 9
  10. 10. IoT Market Challenges • Scale – Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real time data mgmt.) • Multiple technologies and standards – Creation of technology silos – Established / emerging / competing – Standardization is a key enabler • Solutions are highly fragmented – Need for common/flexible platforms – Applications environments with multiple PKIs or Roots of Trust • Low power requirements – Operate for 2 years on a coin battery • Cost limitation • Long life cycles Security IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 10
  11. 11. IoT Security Chain (device-to-datacenter) Sensors Nodes Aggregation Points Routers /Gateways STBs Cloud HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates Secure sensor data for sensitive applications (e.g. medical, industrial, enterprise) Enable in field device personalization (add/remove features) Future proof designs with flexible programmable architecture Private Data Disposal Secure Server + Secure Network => Secure Services Secure Remote Monitoring Protect Intellectual Property against SW cloning (e.g. proprietary algorithms) Intellectual Property Tampering Detection Intrusion Detection and Secure Remote Monitoring IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 11
  12. 12. IoT Security Aspects • System Security must be Embedded • Know what is being protected • Trust begins at home – Secure boot, run time protection, process separation (TEE) • Trust between network elements – Authentication and confidentiality – Via registration protocols (trust all devices signed by manufacturer’s signing key) or online protocols (pairing, TLS, IKE) IoT Security Questions 1. What is the connectivity model? 2. Who owns the device? 3. What is running on it? 4. Where is it located? 5. How is it protected? 6. How are attacks detected? 7. What is the recovery mechanism? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 12
  13. 13. Secure Platform Principles Secure Boot Secure Storage Secure Execution Hardware Root of Trust Secure Asset Store Secure Communication IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 13
  14. 14. Platform Security • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 14
  15. 15. Platform Security • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 15
  16. 16. Exploring Virtualization Multiple Secure Domains More Reliable & Predictable Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 2 CPU 3 CPU 4 More Powerful & Efficient Safer! CPU 1 • Global Platform considering certifiable containers Secure Monitor • Secure services can only affect their container, not the overall system CPU 1 Secure Hypervisor CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 16
  17. 17. IoT in our daily lives • Sleep is precious • Alarm defaults to 8am – +45m (meeting delay) – -5m (gas) – -15m (accident) – -20m (late train) = EXTRA 5 mins!! IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 17
  18. 18. Portability, Virtualization, and Compute WHAT IS prpl? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 18
  19. 19. What is prpl? • A Foundation created to accelerate a robust ecosystem via collaboration – Open-source community supporting the MIPS architecture, and open to all – Provide access to free, unencumbered toolchains, associated libraries – Common platform, debuggers, probes and software easily accessible • Community Benefits – Large ROI benefit – up to 4x gain – Time-to-Market & lower TCO – Strengthen MIPS ecosystem – Accelerate MIPS64 to mainstream – Faster innovation through focus on core competency IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 19
  20. 20. Why Open-Source? • Enabling the Big Data revolution needs collaborative minds • Fragmentation will slow down innovation • More eyeballs = more secure IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 20
  21. 21. Synergies Drive Innovation • IoT will enable big data • big data needs analytics • analytics will improve processes for more IoT devices IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 21
  22. 22. KBMBGBPTEBZBYBnon-linear! BIG DATA IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 22
  23. 23. Big Data: The Internet of Cow 1.5B cows 200MB/yr/cow = 300,000 GB (0.3 petabytes) per year IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 23
  24. 24. Big Data: Turbines 12,000 turbines 500GB/day each = 6 million GB (6 petabytes) per day IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 24
  25. 25. Little Data  Big Data  Huge Data • Each successive node in the IoT chain adds – Data and Storage requirements – Processing Requirements – Multi-tenant Requirements (ie security) Bytes Megabytes Terabytes Petabytes Exabytes ZETTABYTES (1000^7) IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 25
  26. 26. lots of hardware DIVERSITY IN IoT IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 26
  27. 27. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 27
  28. 28. Key Enablers for IoT • Processing power • Networking infrastructure and connectivity • Low cost, secure devices • Storage • Loads and loads of secure, portable software • A way to make money IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 28
  29. 29. Standardization Challenge IoT Architecture For Heterogeneous Fleets of Things 1 3 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. 12 2 • Fragmentation! – Connectivity Standards – Operating Systems – Topologies – Security • Expect diverse solutions, so – Software abstraction (APIs) needed at each node – Multi-tenant environment needed for security IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 29
  30. 30. prpl foundation PORTABILITY AND VIRTUALIZATION IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 30
  31. 31. Mission ‘prpl’ is an open-source, community-driven, collaborative, non-profit consortium focusing on the MIPS architecture and ecosystem, and open to all - with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 31
  32. 32. Scalable Processor Architecture Needed, e.g. MIPS 1GHz+ CPU Solution mobile and home entertainment 32-bit microcontrollers for embedded storage, automotive and IoT 64-bit multicore advanced networking, datacenter and infrastructure Efficient solutions for a broad range of networking & storage applications IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 32
  33. 33. Key Domains Embedded& IoT Buildroot, RTOS Networking openWrt, yocto Montavista Datacenter RHEL, Fedora, Ubuntu, CentOS Digital Home & Mobile openWrt, Linux, Android IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 33
  34. 34. Work-flow Upstream projects: gnu.org, kernel.org, llvm.org prpl: Domains and Engineering Groups regardless of architecture ➢ license free versions supported kernels and projects projects pulled from upstream ❖ Optimized Linux Kernels ❖ SDKs and Tools ❖ launchpad to upstream ❖ advanced future work ➢ SDN ➢ heterogeneous compute ➢ LLVM ➢ vision IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 34
  35. 35. prpl Engineering Groups (PEGs) ▪ VZ Ecosystem ▪ Hypervisors (eg KVM, Fiasco.oc) ▪ OS ▪ Data Center – Redhat, Ubuntu, Debian, CentOS ▪ Networking –Montavista, OpenWrt ▪ Embedded/IoT & Mobile - Android, Chromium, Tizen, WebOS, RTOSs, Yocto ▪ Kernel (device tree, power mgmt, multi-threading) ▪ Portability ▪ JITs (V8, openJDK, etc) ▪ Emulation (QEMU) ▪ Tools (SDK, IDE) ▪ Platform ▪ UEFI and boot loaders ▪ Optimization ▪ Intrinsics (eg SIMD) and libraries (eg memcpy) – ■ Multimedia - video, audio, speech ■ Networking ■ Security ■ Networking (multi-core friendly and aynchronous) ■ e.g. BGP, OVS, snort, routing protocols, DPI IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 35
  36. 36. Low Cost Hardware ❖ MIPS CI20 ➢ dual core MIPS32 CPU @1.2GHz, PowerVR SGX540 GPU, HDMI, 1GB RAM, 8GB Flash, 2 usb, audio, WiFi, BT ➢ Linux and Android 4.4 - community supported, rasbpi header ➢ Available now - http://elinux.org/MIPS_Creator_CI20 ➢ Price: $40 ❖ prpl stamp #2 ➢ dual core MIPS32 interAptiv @600MHz, PowerVR SGX520, HDMI, 512MB RAM, 4 GB Flash, usb, audio, WiFi, BT, aggressive power savings modes enabling 30-day battery life ➢ Android Wear (smartwatch and IoT platform) ➢ ETA: Dec 2014 ➢ Price: $35 (est.) ❖ Interface Masters MIPS64 Niagara3218 ➢ MIPS64 network system ❖ Interface Masters MIPS64 Niagara804-BP ➢ MIPS64 network adapter IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 36
  37. 37. Summary: what will prpl do? • Focus on the software “glue” necessary to carry secure structured and unstructured data from the device to the datacenter • Example: – Secure hypervisors for multiple tenants – Portable software, such as JITs – SaaS, PaaS, IaaS OTA secure – Programming models to enable big data processing (eg hadoop) over heterogenous processors Embedded nodes OpenWrt hub Networking backbone Datacenter IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 37
  38. 38. E.g. Develop Software Enabling Security and Multiple Contexts • Multiple contexts are required – Shared resource – Protected resource – Energy conservation • Heterogenous programming models are required – Close working relationship with leading VMn VM3 VM2 VM1 Guest User -------- Guest Kernel Guest User -------- Guest Kernel Guest User -------- Guest Kernel vGPU 1 vGPU S/W 2 Secure Hypervisor (R/G MMU) CPU Cluster Coherent Fabric SoC Network layers Offloads (Crypto, IP, etc) I/O H/W Guest User -------- Guest Kernel industry consortia, leading semiconductor companies, OEMs and ISVs Memory Memory GPU Cluster Increase Privilege TPM ------- Boot ROM X X Secure Domains Protected Partitions IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 38
  39. 39. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 39
  40. 40. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 40
  41. 41. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 41 41
  42. 42. Resources • http://prplfoundation.org • http://www.cisco.com/web/about/ac79/docs/in nov/IoE_Economy.pdf • http://theinstitute.ieee.org/benefits/standards/s etting-the-stage-for-the-internet-of-things • FTC Workshop on IoT and Security (Nov ‘13) • amit (at) prplfoundation (dot) org (thanks!) IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 42
  43. 43. Thanks!
  44. 44. How to Get Involved in prpl Mailing list lists.prplfoundation.org Wiki wiki.prplfoundation.org Forums forum.prplfoundation.org Code github.com/prplfoundation IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 44

×