The document discusses security challenges and approaches for IoT networks and ecosystems. It provides an overview of common IoT communication protocols like Zigbee, Bluetooth Low Energy, and IEEE 802.15.4. It then demonstrates hands-on exercises attacking these protocols by sniffing and manipulating packets. It also discusses securing the AWS IoT platform and introduces the security development lifecycle approach for securing IoT products throughout the development process.

1. Designing IoT Networks & Ecosystems
to thwart low power communication
protocol attacks
Sumanth Naropanth & Nitin Lakshmanan
DEEP
ARMOR

2. Agenda
• Technical overview of an IoT/wearable ecosystem
• Building blocks
• Communication Protocols
• Hands-on Exercises
• IEEE 802.15.4/ZigBee
• Bluetooth and BLE
• AWS IoT Core
• Security Development Lifecycle (SDL) overview

3. Instructors
• Nitin Lakshmanan
• Security Analyst — Deep Armor
• Aujas Networks, Aricent/Intel
• Sumanth Naropanth
• Founder and CEO — Deep Armor
• Intel, Palm/HP, Sun Microsystems
• Security consulting, vulnerability testing, SDL and training services for
emerging technologies
• www.deeparmor.com | @deep_armor

4. Gateway
IoT Ecosystem
Zigbee/Z-Wave/RF
HTTP/S
NB-IoT
Cat M1
WiFi/BT/BLE/NFC/ANT+
HTTP/S
Nod
e
Nod
e
Nod
e
Cloud
(AWS/GCP/Azure/Private)
WiFi/BT/BLE/NFC/ANT+

5. Attacks on IoT products

6. Gateway
Weak Links
Zigbee/Z-Wave/RF
HTTP/S
NB-IoT
Cat M1
WiFi/BT/BLE/NFC/ANT+
HTTP/S
- HW access
- Secure Boot/FOTA
- Crypto/Key Management
- DARE
- Node Spoofing
- Node security requirements
(see below)
+
- If (Rich OS), OS security
- User Management
- Secure Configuration
- API security
- Portal/UI security
- Crypto/Key management
- Container Security
- Network security
- Weaknesses in Wireless Standards
- Side channel and timing attacks
- Secure Provisioning
- Secure Data Transmission
- User/App Identification
- Implementation weaknesses
- Crypto
- Crypto/Key Management
Nod
e
Nod
e
Nod
e
Cloud
(AWS/GCP/Azure/Private)
- Secure Identification
- Secure Debug
- Secure Provisioning
- Protocol attacks
- Sensor value tampering
WiFi/BT/BLE/NFC/ANT+

7. Communication Channels
Back End
Services
Gateway Gateway
Node Node Node Node Node Node
Sensors Sensors Sensors Sensors
HTTP/HTTPS
HTTP/HTTPS
HTTP/HTTPS
BT/BLE/WiFi/NFC/WiFi-Direct
BT/BLE/NFC
BLE/ANT+
Zigbee/Z-wave
BLE/ANT+
Zigbee/Z-wave

8. IoT Protocols
BLE
Blueto
oth
Zigbe
e
DSMx
NFC
ANT+
Z-Wave
Wi-Fi
Cellular
MQTT
6LoWP
AN
RFID
SigFox
CoAP
Thread
LTE
4G
DASH
nWave

9. Zigbee

10. Zigbee
• Low data rate wireless applications
• Smart energy, medical, home automation, IIoT
• Two bands of operation: 868/915MHz and 2450MHz
• Simpler & less expensive than Bluetooth
• 10-100m range
• Zigbee Alliance

11. Zigbee Security Model
• Open Trust model (Device Trust Boundary)
• Crypto protection
• Network Key
• Link Key (App Support Sublayer)
• Secure key storage assumptions
• Transmission of network key for new nodes
• Hard-coded Trust Center Link Keys

12. IEEE 802.15.4

13. 802.15.4
• IEEE standard for low-rate
wireless personal area
networks (LR-WPANs)
• 6LoWPAN for IPv6 over
WPANs
• Zigbee extends 802.15.4
(wrapper services)
Application
Presentation
Session
Transport
Network
Data Link
Physical
Logical Link Control
Media Access Control

14. Exercise 1a
Generating & Analyzing IEEE 802.15.4
WSN packets (MAC Layer)

15. Packet Structure
Payload
[DA/DD]
[DATA]
SRC
SEQ NUM
PAN ID
DST

16. Attacking WSN - Setup
• IoT product simulator
• Zigbee-like 802.15.4 based communication protocol
• Packet sniffing, capture and injection
• Goals:
• Basic packet header formats
• Security models for protecting comms
• Hardware and software tools for packet sniffing & injection

17. Setup
Victim (Sender & Receiver) Attacker

18. Packet Sniffing/Injection

19. Outline
DA Packets
DD Packets
Manipulate
Payload
Sniff
Inject
Demo 1

20. Exercise 1b
Packet Manipulation using Scapy

21. Hardening the WSN

22. Outline
HMAC (DA
packet payload)
HMAC (DD
packet payload
Manipulate
Payload
Sniff
Inject
Demo 2a

23. Is that enough?

24. Can we attack something else?

25. Packet Structure
Payload
[DA/DD]
[DATA]
SRC
SEQ NUM
PAN ID
DST

26. Outline
HMAC (DA packet
payload)
HMAC (DD packet
payload)
Manipulate
SEQ NUM
Sniff
Inject
Demo 2b

27. Exercise 2
Manipulating the SEQ NUM header

28. Hardening the WSN

29. Outline
HMAC (DA packet
payload + headers)
Manipulate
SEQ NUM/payload
HMAC (DD packet
payload + headers)
Sniff
Inject
Demo 3

30. Hardening Wireless Sensor Networks
• Integrity of the packet is maintained
• HMAC implemented for integrity protection
• With Cryptographic hash function like SHA256
• Key provisioning can be via many ways - DH, for
example

31. Bluetooth and Bluetooth Low
Energy (BLE)

32. GAP
Defines how devices discover, connect and
create bonding between them
SMP
Protocol for pairing and key distribution and
authenticating other device
Shared secrets can be managed and hence
speed-up the reconnection process
L2CAP
Multiplexing layer for BLE
GATT
Describes characteristics, services and type of
attributes/ their usage
ATT
Simple Client/ Server stateless protocol with rules
for accessing data on a peer device
Overview: Bluetooth Stack

33. Intro to BLE
• Wireless protocol for short range data exchange (~10 to
100 m)
• Light-weight subset of classic Bluetooth with low power
consumption
• Operates in radio frequencies between 2.4 to 2.485 GHz
• Managed by the Bluetooth Special Interest Group (SIG)
• Use cases include wearable devices, smart pay systems,
smart security systems etc

34. BLE Security
Pairing request
Pairing response
Establish STK based encryption
Long term key ( LTK) agreement
Encrypted Channel

35. Pairing Algorithms
Secure Simple Pairing
• Just Works: very limited/ no user interface
• Numeric Comparison: devices with display plus
yes/no button
• Passkey Entry: 6 digit pin as the pass key
• Out Of Band: Use of an out of the band channel
against MITM attacks

36. Security weaknesses in BT/BLE
• Security of the communication link depends on
pairing algorithm
• Eaves dropping on pairing mechanism compromises
encryption keys
• ‘Just works’ mode prone to MITM attacks
• Apps (on the same phone as the companion app)
snooping on encrypted BLE traffic – Let’s explore this!

37. BT/BLE Security - Tools
• Ubertooth
• Bluefruit LE sniffer
• NRFsniffer (Nordic BLE sniffer)
• Ellisys sniffer

38. BLE packet eavesdropping with
Ubertooth

39. Overview
• Market products for fitness tracking
• Use Bluetooth Low Energy
• Packet sniffing, capture and cracking LE encryption
• Goals:
• BLE traffic eavesdropping
• Tools to crack the basic security offered by BLE spec

40. Setup

41. Problems & Packet Injection
• Multiple advertising channels (37, 38, 39)
• Uncertainty —> 3 Ubertooths are better than 1
• Custom FW for packet injection

42. Exercise 1
BLE Packet Analysis using
Wireshark

43. Understanding BLE
pcaps
• Protocol Data Unit
• PDU length determines —> advertising packet
or not
•pdu_type == 5 [connection request by
bluetooth device ]

44. Exercise 2
Crackle - breaking LE encryption

45. Stealing the LTK
Pairing request
Pairing response
Establish STK based encryption
Long term key ( LTK) agreement
Encrypted Channel

46. Hardening BLE

47. Options
• Basic security- Switch on LE encryption
• Crackle can break it!
• Holistic Security — Application level encryption on top of
network-level encryption
• LE Privacy Mode

48. Hacking
[Wearable - Mobile]
Channels

49. BT/BLE problems with Android
and iOS
Device Commands:
• Put device into
recovery mode
• Do a FW update
• Change Device (BLE)
name
Notifications:
• Social apps
• Calls and texts
Information:
• User activity data
• User profile updates
• Application action (calls,
music control)
• Call/text/social updates
(sometimes)
ATTACKER

50. Outline
Activity Data, Notifications, etc.
Commands, FOTA, etc.
Step Count & Calories
Demo X

51. Root Cause
All applications on Android and iOS can subscribe to the BT service
and get the data on the same BT channels or BLE characteristics as
the legitimate app
• Android
• android.permission.BLUETOOTH
• android.permission.BLUETOOTH_ADMIN – quote:
• iOS
• Core Bluetooth (CB) Framework
• Centrals (client/phone) and Peripherals (server/wearable)
classes

52. Hardening

53. Outline
Activity Data, Notifications, etc.
Commands, FOTA, etc.
Encrypted (Step Count, Distance & Calories)
LTK-encrypted
Decrypted (Step
Count, Distance &
Calories)

54. LTK-Encryption
What happened there?
Decrypted (Step
Count, Distance &
Calories)
Decrypted
((Encrypted(Step Count,
Distance & Calories))
LTK-Encrypted (Step Count,
Distance & Calories)
Wrapper Service B
Wrapper Service A
Encryption
BLE Link Layer

55. Challenges
• Multiple mobile devices per device
• Key provisioning and OOBE exposure
• Solution
• Use the Cloud

56. AWS IoT Core

57. What is it?
• Managed cloud service for connected devices
to interact with cloud applications
• Connect and manage devices
• Secure the communication
• Process and Act
• Monitor

58. Demo & Exercise
• Setup
AWS IoT
core
Policy
Thing
Certs
IoT
Device
Simulat
or
MQTT
• Creating Policy/Thing/Certificates and attaching them to certificate
• Run IoT device simulators from laptops
• Observe traffic in Wireshark

59. Topics of Interest
• Review of overly permissive policies
• Wild card should be avoided [iot : *]
• iot:Publish/UpdateJobExecution/GetThingShadow
• Must specify ARN of resource [wildcard * should not be used]

60. Topics of Interest
• AWS forces MQTT over TLS
• All traffic to and from AWS IoT must be encrypted over
Transport Layer Security (TLS).
• AWS Authentication
• X.509 certificates
• IAM users, groups, and roles
• Amazon Cognito identities
• Federated identities

61. Security Development Lifecycle

62. Need for SDL
• Next-gen SDL
• For IoT, wearable and cloud technologies.
• Especially when they all come together
• Ecosystem security
• Agile
• Security, Privacy and Legal woven into the development cycle
• Leveraging industry standards

63. Security
Architecture,
Privacy
Requirements
Threat
Modeling,
Attack Trees &
Data Access
Reviews
Focused
Security Code
Reviews &
Privacy Planning
Fuzzing,
Penetration
Testing, Privacy
Sign-off
Fix verification,
Incident
Response
Planning
Delta Security
Assessment,
Security for
Continuous
Integration/Deliv
ery
Program Conception Design Implementation Pre-Launch Deployment Maintenance
Reviews
Reviews &
Reports
Reports
Resolution &
Sign-off
Reports
IoT
Mobil
e
Cloud
Security Development Lifecycle Approach

64. Unshackling from traditional SDL

65. Challenges: Securing a never-
before gadget
• Lack of tactical SDL frameworks for rapid time-to-market products with
constantly evolving requirements
• Diverse, non-standard and evolving communication protocols
• Weaknesses in adoption of protocol specifications
• Long lives for IoT products
• Privacy
• Nascent research in IoT security

66. Challenges - Technical
• Collection of personal data and PII is higher
• Geo-location information
• Biometric data
• Sensor data
• Payment services
• Limited SW stack —> security may get
compromised
• Often FW running on micro-controllers
• Field updates are difficult
• Asymmetric key crypto, TEEs, etc. are heavy
• Multi-tier, multi-tenant product architecture
• Cross-domain flows
• Multiple exposure points as a consequence

67. Privacy
• Why worry?
• Global Markets
• Country-specific guidelines
• Ecosystems and overlapping policies

68. Summary
• Plethora of protocols (and standards)
• Custom hardware & software for IoT comms penetration
testing
• RZUSBStick works great. Also, APImote
• Not much else
• BT/BLE sniffing is still sketchy
• SDL/SPDL and Shift-left
Mobil
e
Clou
d
IoT
devic
e
Communicatio
n channel

69. www.deeparmor.com | @deep_armor | services@deeparmor.com
SDL
Vulnerability
Assessments
Security
Consulting
Trainings