Piotr Nazimek TestWarez 2017
Internet of Things will have a huge impact on many areas of live like human health, home, workplace, city infrastructure or transport systems. Securing the IoT systems is essential for its reliability and sensitive data protection. Due to the nature of used hardware usually other techniques must be used than in typical systems.
3. About me
• Piotr Nazimek
• interested in systems
reliability, computer
security, cryptography
and protocols
1
4. About me
• Piotr Nazimek
• interested in systems
reliability, computer
security, cryptography
and protocols
• electronic cards
programmer
• IT trainer
1
5. About me
• Piotr Nazimek
• interested in systems
reliability, computer
security, cryptography
and protocols
• electronic cards
programmer
• IT trainer
• traveling is one of my
favorite hobbies
1
27. Internet of Things
It’s also a buzzword!
Gartner forecast:
over 20 bilion devices by 2020
IHS Markit forecast:
over 30 bilion devices by 2020
8
28. IoT vs non IoT
• Internet of Things • Internet of Computers
9
29. IoT vs non IoT
• Internet of Things
• machine interaction
• Internet of Computers
• human interacion
9
30. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• Internet of Computers
• human interacion
• action on request
9
31. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• Internet of Computers
• human interacion
• action on request
• general use
9
32. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• create content
• Internet of Computers
• human interacion
• action on request
• general use
• create and consume
9
33. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• create content
• low computational
performance
• Internet of Computers
• human interacion
• action on request
• general use
• create and consume
• high computational
performance
9
34. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• create content
• low computational
performance
• simple construction
• Internet of Computers
• human interacion
• action on request
• general use
• create and consume
• high computational
performance
• very complex
9
35. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• create content
• low computational
performance
• simple construction
• cheap
• Internet of Computers
• human interacion
• action on request
• general use
• create and consume
• high computational
performance
• very complex
• expensive
9
36. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• create content
• low computational
performance
• simple construction
• cheap
• funny applications
• Internet of Computers
• human interacion
• action on request
• general use
• create and consume
• high computational
performance
• very complex
• expensive
• old and boring
9
37. IoT vs non IoT
• Internet of Things
• machine interaction
• automatic actions
• special purpose
• create content
• low computational
performance
• simple construction
• cheap
• funny applications
• usually unsecured
• Internet of Computers
• human interacion
• action on request
• general use
• create and consume
• high computational
performance
• very complex
• expensive
• old and boring
• a lot of security stuff
9
41. Does security matter?
• usually not, until
somebody breaks your
system or device
• usually not, until you
lose your privacy or
money
12
42. Does security matter?
• usually not, until
somebody breaks your
system or device
• usually not, until you
lose your privacy or
money
• usually not, until your
system is used against
you or your company
12
43. Does security matter?
• usually not, until
somebody breaks your
system or device
• usually not, until you
lose your privacy or
money
• usually not, until your
system is used against
you or your company
https://imgur.com/rHJvDjd
12
44. Basic facts about security
• there is no such thing as 100 percent security
13
45. Basic facts about security
• there is no such thing as 100 percent security
• security is a cost (not only money)
• security is often hard to understand for end user (usability)
13
46. Basic facts about security
• there is no such thing as 100 percent security
• security is a cost (not only money)
• security is often hard to understand for end user (usability)
• security should be made by design not through obscurity
• system should be secure even if everything about it is
known (except the keys)
13
47. Basic facts about security
• there is no such thing as 100 percent security
• security is a cost (not only money)
• security is often hard to understand for end user (usability)
• security should be made by design not through obscurity
• system should be secure even if everything about it is
known (except the keys)
• common, heavily analyzed and accepted as secure
protocols and algorithms should be used
• don’t roll your own crypto
• security should be keep as simple as possible
• implement security from the early begining, not at the end
13
48. Basic facts about security
• there is no such thing as 100 percent security
• security is a cost (not only money)
• security is often hard to understand for end user (usability)
• security should be made by design not through obscurity
• system should be secure even if everything about it is
known (except the keys)
• common, heavily analyzed and accepted as secure
protocols and algorithms should be used
• don’t roll your own crypto
• security should be keep as simple as possible
• implement security from the early begining, not at the end
• many security systems are trust-based services
13
49. Basic tips
• try to understand what does your device do and how it
works
• read the manual and change default settings
• set strong passwords and a different password for every
device
14
50. Basic tips
• try to understand what does your device do and how it
works
• read the manual and change default settings
• set strong passwords and a different password for every
device
• turn off unnecessary services
• configure services properly
14
51. Basic tips
• try to understand what does your device do and how it
works
• read the manual and change default settings
• set strong passwords and a different password for every
device
• turn off unnecessary services
• configure services properly
• update your devices
• remove unnecessary private data
• remember about physical security of device
14
52. Security in IoT world
• low computational performance – security is expensive
15
53. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
15
54. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
15
55. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
• used outdoors – physically out of our control
15
56. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
• used outdoors – physically out of our control
• always online – for many many years
15
57. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
• used outdoors – physically out of our control
• always online – for many many years
• are we sure that the sensor data is correct?
15
58. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
• used outdoors – physically out of our control
• always online – for many many years
• are we sure that the sensor data is correct?
• are we sure that the data comes from our device?
15
59. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
• used outdoors – physically out of our control
• always online – for many many years
• are we sure that the sensor data is correct?
• are we sure that the data comes from our device?
• what is the impact of IoT data on our environment?
15
60. Security in IoT world
• low computational performance – security is expensive
• many devices – somebody must manage them
• machine communication – we forget about them
• used outdoors – physically out of our control
• always online – for many many years
• are we sure that the sensor data is correct?
• are we sure that the data comes from our device?
• what is the impact of IoT data on our environment?
• we can ask the above questions from the point of view of
the IoT device
15
62. Information security services
• Integrity – data cannot be modified in an undetected or
unauthorized manner
• Authentication – the process of confirming identity of a
person, thing or data
16
63. Information security services
• Integrity – data cannot be modified in an undetected or
unauthorized manner
• Authentication – the process of confirming identity of a
person, thing or data
• Confidentiality – information is not disclosed to
unauthorized entities
16
64. Information security services
• Integrity – data cannot be modified in an undetected or
unauthorized manner
• Authentication – the process of confirming identity of a
person, thing or data
• Confidentiality – information is not disclosed to
unauthorized entities
• Non-repudiation – parties of a transaction cannot deny
having sent or received any data
16
65. Information security services
• Integrity – data cannot be modified in an undetected or
unauthorized manner
• Authentication – the process of confirming identity of a
person, thing or data
• Confidentiality – information is not disclosed to
unauthorized entities
• Non-repudiation – parties of a transaction cannot deny
having sent or received any data
• authorization, availability, ...
16
67. Integrity
→ 01d58360dd9f4f295cd2c09171c798905cd4be3c7fd31d55
• cryptographic hash functions
• one-way functions
• it is difficult to calculate the original message that
produced given hash value
• it should be hard to find two different messages with the
same hash value
• collision resistance functions
17
68. Integrity
→ 01d58360dd9f4f295cd2c09171c798905cd4be3c7fd31d55
• cryptographic hash functions
• one-way functions
• it is difficult to calculate the original message that
produced given hash value
• it should be hard to find two different messages with the
same hash value
• collision resistance functions
• SHA-256, SHA3-256, SHA3-512, Keccak-256, Tiger
17
72. Authentication
• device generates random key pair: private and public
→ −→ → ?
• digital signature is computed using a private key
• digital signature is verified using a public key
• shared secret key can also be used for authentication
18
73. Authentication
• device generates random key pair: private and public
→ −→ → ?
• digital signature is computed using a private key
• digital signature is verified using a public key
• shared secret key can also be used for authentication
• symmetric algorithms: CMAC, HMAC
• asymmetric algorithms: RSA, DSA, ECDSA
18
77. Confidentiality
• device generates random secret key
→ −→ →
• recipient generates random key pair: private and public
• symmetric key is encrypted by sender using recipient’s
public key
• only owner of the private key can decrypt secret key and
than whole message
19
78. Confidentiality
• device generates random secret key
→ −→ →
• recipient generates random key pair: private and public
• symmetric key is encrypted by sender using recipient’s
public key
• only owner of the private key can decrypt secret key and
than whole message
• for security it is essential to use cryptographically secure
(pseudo)random number generator (PRNG)
19
79. Confidentiality
• device generates random secret key
→ −→ →
• recipient generates random key pair: private and public
• symmetric key is encrypted by sender using recipient’s
public key
• only owner of the private key can decrypt secret key and
than whole message
• for security it is essential to use cryptographically secure
(pseudo)random number generator (PRNG)
• symmetric algorithms: AES, 3DES, Blowfish
• asymmetric algorithms: RSA, ECIES 19
81. Hardware layer
• devices are mobile
• devices are used in the field, without owner protection
• devices may be in the field for many years, longer that
typical PC
21
82. Hardware layer
• devices are mobile
• devices are used in the field, without owner protection
• devices may be in the field for many years, longer that
typical PC
• low-cost hardware
• without secure storage
• firmware is not easily patched (if at all)
• proprietary protocols at hardware level
21
84. Network layer
• use network layer security, but...
• do not rely only on it
• Bluetooth: BlueBorne attack
• Wi-Fi: weakness in WPA2 protocol, Krack
• ...
23
85. Network layer
• use network layer security, but...
• do not rely only on it
• Bluetooth: BlueBorne attack
• Wi-Fi: weakness in WPA2 protocol, Krack
• ...
• despite of the low computational performance IoT are an
attractive target for hackers
• it’s easy to hack them
• botnet of IoT is ideal for DDoS attacks
• who will be responsible for attack?
23
88. Data protection
• at least data should be authenticated
• sensitive data should be encrypted
• but due to cryptography everything works slower and it’s
more complicated
25
89. Data protection
• at least data should be authenticated
• sensitive data should be encrypted
• but due to cryptography everything works slower and it’s
more complicated
It’s your decision
25
90. Data protection
• at least data should be authenticated
• sensitive data should be encrypted
• but due to cryptography everything works slower and it’s
more complicated
It’s your decision
after risk analysis!
25
91. Lightweight Cryptography
• performance may not be acceptable when we use
algorithms from non IoT world
• Lightweight Cryptography = algorithms dedicated for small
computing devices that have limited resources
26
92. Lightweight Cryptography
• performance may not be acceptable when we use
algorithms from non IoT world
• Lightweight Cryptography = algorithms dedicated for small
computing devices that have limited resources
• standardized in ISO/IEC 29192
• no more excuses for IoT software manufacturers
26
93. Lightweight Cryptography
• performance may not be acceptable when we use
algorithms from non IoT world
• Lightweight Cryptography = algorithms dedicated for small
computing devices that have limited resources
• standardized in ISO/IEC 29192
• no more excuses for IoT software manufacturers
• integrity: PHOTON, Quark, SPONGENT
• symmetric authentication: Chaskey, TuLP, LightMAC
• confidentiality: AES-128
• eSTREAM competition (started in 2008)
26
95. Authenticated Encryption
• we can implement authentication and encryption
independently
• but it’s not easy
• fundamental principle: use different keys for different
security services
27
96. Authenticated Encryption
• we can implement authentication and encryption
independently
• but it’s not easy
• fundamental principle: use different keys for different
security services
• AE = Authenticated Encryption
• AEAD = Authenticated Encryption with Associated Data
• dedicated algorithms for both security services
• based on one key
• GCM, CCM, EAX
27
97. Transport Layer Security
• TLS = Transport Layer Security
• cryptographic protocol that provide communication
security
• parties authentication (usually based on asymmetric
algorithms)
• data authentication and encryption (based on symmetric
algorithms)
• it must be run on top of some reliable transport protocol
28
98. Transport Layer Security
• TLS = Transport Layer Security
• cryptographic protocol that provide communication
security
• parties authentication (usually based on asymmetric
algorithms)
• data authentication and encryption (based on symmetric
algorithms)
• it must be run on top of some reliable transport protocol
• it is possible to use symmetric mechanisms for
authentication like pre-shared key (PSK) or secure remote
password (SRP)
• DTLS = Datagram Transport Layer Security
28
99. Keys management
• we can implement security services, but where to store
the keys?
29
100. Keys management
• we can implement security services, but where to store
the keys?
• even more questions
• where to generate the keys?
• how to transfer the keys?
• how to exchange the keys?
• what should we do when keys are compromised?
29
101. Keys management
• we can implement security services, but where to store
the keys?
• even more questions
• where to generate the keys?
• how to transfer the keys?
• how to exchange the keys?
• what should we do when keys are compromised?
• keys management procedures and flows should be
analyzed and described
• keys also must be authenticated
• even if we encrypt the keys in storage they are used in
open form in memory
29
102. Secure element
• SE can operate in a secure manner on confidential and
cryptographic data like keys
• equipped with a secure memory area
• it is a tamper-resistant chip secure microcontroller
30
103. Secure element
• SE can operate in a secure manner on confidential and
cryptographic data like keys
• equipped with a secure memory area
• it is a tamper-resistant chip secure microcontroller
• SIM card (Universal Integrated Circuit Card) is an example
of SE
• nowadays SE is built in most phones as an embedded SE
30
104. Secure element
• SE can operate in a secure manner on confidential and
cryptographic data like keys
• equipped with a secure memory area
• it is a tamper-resistant chip secure microcontroller
• SIM card (Universal Integrated Circuit Card) is an example
of SE
• nowadays SE is built in most phones as an embedded SE
• it can often be inside programmed (in Java!)
• still rarely used in IoT
• one month ago: vulnerable RSA generation (CVE-2017-15361)
30
105. Replay attack
• anyone can eavesdrop the transmitted data (passive
man-in-the-middle)
• data, even authenticated, can be used once again
31
106. Replay attack
• anyone can eavesdrop the transmitted data (passive
man-in-the-middle)
• data, even authenticated, can be used once again
• because data and signature will be the same as before
31
107. Replay attack
• anyone can eavesdrop the transmitted data (passive
man-in-the-middle)
• data, even authenticated, can be used once again
• because data and signature will be the same as before
• password, even encrypted, can be used once again
• because password cryptogram will be the same as before
31
108. Replay attack
• anyone can eavesdrop the transmitted data (passive
man-in-the-middle)
• data, even authenticated, can be used once again
• because data and signature will be the same as before
• password, even encrypted, can be used once again
• because password cryptogram will be the same as before
• signing device unique id will not protect us from creation
of it’s copy
• challenge-response protocol
31
109. Replay attack
• anyone can eavesdrop the transmitted data (passive
man-in-the-middle)
• data, even authenticated, can be used once again
• because data and signature will be the same as before
• password, even encrypted, can be used once again
• because password cryptogram will be the same as before
• signing device unique id will not protect us from creation
of it’s copy
• challenge-response protocol
• randomness must be used
31
111. Randomness
It’s impossible to implement
strong authentication
without good randomness!
It’s not simple to implement
good source of random numbers,
it must be a part of hardware.
32
112. Randomness
It’s impossible to implement
strong authentication
without good randomness!
It’s not simple to implement
good source of random numbers,
it must be a part of hardware.
Remark: not always randomness –
nonces (numbers used only once) are often enough.
32
113. Timing attack
bool check(char pin1[4], char pin2[4])
{
for (int i = 0; i < 4; i++)
if (pin1[i] != pin2[i]) return false;
return true;
}
bool check(char pin1[4], char pin2[4])
{
bool status = true;
for (int i = 0; i < 4; i++)
if (pin1[i] != pin2[i]) status = false;
return status;
}
33
114. Timing attack
bool check(char pin1[4], char pin2[4])
{
for (int i = 0; i < 4; i++)
if (pin1[i] != pin2[i]) return false;
return true;
}
bool check(char pin1[4], char pin2[4])
{
bool status = true;
for (int i = 0; i < 4; i++)
if (pin1[i] != pin2[i]) status = false;
return status;
}
Brute-force attack: 10000 vs 40
Conclusion: not only security of design,
security of implementation is also critical.
33
115. Relay attack
• used to extend device range
• payment device, online immobilizer
• attacker relays messages between the two parties without
even analyzing them
• combination of man-in-the-middle and replay attack
34
116. Relay attack
• used to extend device range
• payment device, online immobilizer
• attacker relays messages between the two parties without
even analyzing them
• combination of man-in-the-middle and replay attack
• attacker can open your car when you are at home
34
117. Relay attack
• used to extend device range
• payment device, online immobilizer
• attacker relays messages between the two parties without
even analyzing them
• combination of man-in-the-middle and replay attack
• attacker can open your car when you are at home
• retransmission takes some time
• payment devices
• implementation of time assertions
34
119. Turn it off!
Don’t connect IoT devices
unless you really need it!
After use - turn it off!
35
120. Turn it off!
Don’t connect IoT devices
unless you really need it!
After use - turn it off!
What if there is no such possibility?
35
121. OWASP Internet of Things Project
• OWASP = Open Web Application Security Project
36
122. OWASP Internet of Things Project
• OWASP = Open Web Application Security Project
• The OWASP Internet of Things Project is designed to help
manufacturers, developers, and consumers better
understand the security issues associated with the Internet
of Things, and to enable users in any context to make better
security decisions when building, deploying, or assessing
IoT technologies. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
• attack surface areas, testing guide and top vulnerabilities
36
123. OWASP Internet of Things Project
• OWASP = Open Web Application Security Project
• The OWASP Internet of Things Project is designed to help
manufacturers, developers, and consumers better
understand the security issues associated with the Internet
of Things, and to enable users in any context to make better
security decisions when building, deploying, or assessing
IoT technologies. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
• attack surface areas, testing guide and top vulnerabilities
• very strong assumptions
• web based services
• strong hardware
36
125. Non-repudiation: DLT
• non-repudiation is very expensive
• lot of storage is needed for evidence
• maybe blockchain is the future for IoT
• DLT = Distributed Ledger Technology
• it is a distributed database, which ensures integrity and
authenticity
37
126. Non-repudiation: DLT
• non-repudiation is very expensive
• lot of storage is needed for evidence
• maybe blockchain is the future for IoT
• DLT = Distributed Ledger Technology
• it is a distributed database, which ensures integrity and
authenticity
• IOTA project (https://iota.org/)
• transactional settlement and data transfer layer for the
Internet of Things
37