cybersecurity and service stations · • using norms and standards • penetration testing •...
TRANSCRIPT
© COPYRIGHT COESSI 2017
CYBERSECURITY AND SERVICE STATIONS
1
Hocine AMEUR and Simon Elrharbi
© COPYRIGHT COESSI 2017
AGENDA
2
1. WHO WE ARE
2. IoT and Security
3. Connected service stations security
4. How to improve IoT security
5. Secure Elements for IoT
© COPYRIGHT COESSI 2017
WHO WE ARE
3
2010 15 20
2013 25%
2014 2 14
2017
CoESSI
was foundedCollaborators
Active
clients
Recognized as a Young
Innovative CompanyOf the sales are
invested in R&D
Consultants
& Engineers
Sites Paris
& Nantes
A N R
Project
FUI
Project
© COPYRIGHT COESSI 2017 4
▪ Risk assessment,
▪ management
▪ cyber-security evaluation
▪ Security auditing
▪ penetration testing
▪ intrusion detection
▪ Developing penetration
testing tools
▪ Compliance testing
▪ Standard and norm
development
▪ Security-by-design
▪ privacy-by-design
EIS (Enterprise
Information System)IoT (ZigBee, SigFox…) ICS (PLC…)
WHO WE ARE: COESSI CORE ACTIVITY
© COPYRIGHT COESSI 2017 5
System
DescriptionRisk
Assessment
result
Smart Grid Security
WHO WE ARE: RISK ASSESSMENT PROJECTS
© COPYRIGHT COESSI 2017
▪ Penetration testing methodology
development
▪ Penetration testing tools development
▪ Mobile Apps
▪ Wireless communication in IoT (IEEE 802.15.4, 6LowPAN, Z-Wave) using SDR
▪ Communication APIs▪ ICS/SCADA networks▪ CAN bus networks (cars, boats…)▪ Hardware (JTAG/UART exploitation, binary
exploitation)▪ Networks protocol stack fuzzing
6
WHO WE ARE: PENETRATION TESTING PROJECTS
© COPYRIGHT COESSI 2017 7
IOT AND SECURITY: IOT INFRASTRUCTURE
Sensors/Actuators
(Edge)
Concentrators
Gateways
(Gateway)
Cloud (Storage,
analytics...)
IoT communication
network (ZigBee, Z-Wave,
EnOcean, PLC, CAN,
MODBUS...)
Cellular/Core
network
(Cloud)
Mobile App
(Mobile)
Enterprise
Information System
• Surveillance, Retail, Transportation, Financial service, etc
Application
• Data flow management, Security control, Configuration, etc.
Management service
• Radio comm. modules, Access Point, SIM, etc
Gateway and Network
• Network activity, Wi-Fi, Ethernet, RFID, Sensors & Actuators
Sensors connectivity and network
© COPYRIGHT COESSI 2017 8
Sensors/Actuators
(Edge)
Concentrators
Gateways
(Gateway)
Cloud (Storage,
analytics...)
IoT communication
network (ZigBee, Z-Wave,
EnOcean, PLC, CAN,
MODBUS...)
(Cloud)
Mobile App
(Mobile)
Enterprise
Information System
- Hardware
- Firmware
- Wireless media
- Internet facing services
- Cloud infrastructure
- Mobile Apps
- Communication API
Cellular/Core
network
IOT AND SECURITY: IOT ATTACK SURFACE
© COPYRIGHT COESSI 2017 9
Cloud
Wireless LAN
WAN
Remote
management /
monitoring
Tank Gauge
Pressure sensor… Payment TerminalLAN (Wired, Wireless)
Payment, Control…
Displays
- Network segregation
- Securing network traffic
- Requiring authentication
- Isolating guests network
- Securing wireless communication
- SCADA network segregation
- Requiring authentication- Hardware security
▪ Cloud interface security
▪ Cloud data security
▪ Communications APIs security
- Mobile app security
- Securing web interfaces/apps
- Communication APIs security
ATM
© COPYRIGHT COESSI 2017
Wireless LAN
WAN
LAN (Wired, Wireless)
Payment, Control…
ATM
10
Cloud
Remote
management /
monitoring
Tank Gauge
Pressure sensor…
Displays
Payment Terminal
CONNECTED SERVICE STATION SECURITY
© COPYRIGHT COESSI 2017
HOW ATTACKS CAN BE PERFORMED
SDR hardware
Hardware attacks
11
© COPYRIGHT COESSI 2017
ATTACK SCENARIOS
12
• Taking advantage of vulnerable remote display protocols (eg. downgrade
attack)
• Taking advantage of the patch management policy (firmware updated in
such a manner that open an attack vector)
• Taking advantage of an insecure key management policy
• Extracting credentials and hardcoded passwords from the connected objects
• Man in the middle attacks
• SQL injection, XSS, CSRF, Command injection
• Denial of service, Jamming
• Buffer overflow on services
• Web HMI vulnerabilities
© COPYRIGHT COESSI 2017
WHAT CAN BE DONE
• Bringing control/distribution to a standstill.
• Changing pump names (eg: unleaded to diesel)
• Changing pumping volume (putting the volume as full when it is empty)
• Data leakage, block access to data
13
© COPYRIGHT COESSI 2017
THREAT ACTORS
“Cyber Attacks Statistics – HACKMAGEDDON.” [Online]. Available: http://www.hackmageddon.com/category/security/cyber-attacks-statistics/.
14
© COPYRIGHT COESSI 2017
IOT SECURITY INCIDENTS
Mirai botnet Cold in Finland2.5 million IoT devices infected by
Mirai botnet in Q4 2016:McAfee
15
IoT reaper
2 million IoT devices in only one
month
© COPYRIGHT COESSI 2017
HOW TO IMPROVE IOT SECURITY
16
• Risk assessment • Identifying critical elements (Impact x likelihood)• Using norms and standards
• Penetration testing• Evaluating the security level• Identifying vulnérabilities
Risk assessment
Penetration testing(OS, Application, Network, Hardware)
Identifying
critical threats
Updating the
likelihood of
threats
Identifying
the context
Identifying the
feared events
Identifying
threats
Identifying risksPropose
countermeasures
© COPYRIGHT COESSI 2017 17
KEY MANAGEMENT
Low power devices High power devices
• Asymmetric cryptography (RSA,
Elliptic Curves),
• Standard protocols (IPsec, TLS…)
• Manufacturing ; Device is ready to
use, possibly headless installation,
what about expiring certificates in
stored devices?
• When first installing the device,
needs access to a registration
authority
• What if the network is unavailable?
• Symmetric cryptography only
(AES, ChaCha20…) using either
AEAD or MAC for authentication
• Bad strategy : randomly generated
and stored
• Good strategy : diversification,
using KDF(device_id, key_version,
master_key)
© COPYRIGHT COESSI 2017 18
PATCH MANAGEMENT BEST PRACTICES
• Know your dependencies
• Do watch for new vulnerabilities
• Need to have a dedicated, accelerated, validation procedure for security fixes
• Work upfront to lower the need to ship fixes, embark minimal, hardened programs. No one needs OpenSSL in a thermometer!
• Prefer LTS branches
• Audit the software and the configuration
• Do impact analysis on new vulnerabilities to assess exposure
© COPYRIGHT COESSI 2017
SECURE ELEMENTS FOR IOT
• Security issues from:• Communication
• Storage (secrets)
• Integrity
• It is time for the IoT industry to consider securing connected devices with Secure Elements, like Mobile Phones, Bank Cards, Identity Cards, and Hardware Authentication Tokens have been for many years.
• Secure Element as firewall:• Identity (Certificate) + Security (associated Private key)
• Tamper resistance + secure communications + storage
19
© COPYRIGHT COESSI 2017
ABOUT SECURE ELEMENTS
• 10 billion of SE has been shipped in 2017, for SIM modules, bank cards, ePassport, PKI tokens.
• A Secure Element (SE) is a tamper resistant microcontroller whose security is enforced by multiple HW and logical countermeasures:
• Specific reg. (EventRegister) logs abnormal operating conditions (V, CLK, T°)• Bus & Memories encrypted• Sensor mesh against the physical intrusions• Countermeasures against attacks DPA, etc
• Certification according to the Common Criteria (CC, ISO 15408) standards with proven National Scheme and with Evaluation Assurance level (EAL)
• Multiple standards (ISO 7816, 14443, ETSI, etc.) and consortium group (GP, NFC Forum, EMVCo) have defined the interface (physical, electrical and communication protocol) and through which secure transaction are negotiated between the outside world and the Secure Elements and finally defining a process for application selection.
20
© COPYRIGHT COESSI 2017
SE WITH DIFFERENT FORM FACTORS FOR MULTIPLE DEVICES
• The client of a service (stored in the SE) is identified and not the terminal
• Mobiles and devices are equipped with SE running the TLS stack
• Strong mutual authentication based on TLS
21
or
User SE
holderNFC – ISO 14443
Terminal
• Smart Phone - OS Android
• Tablette - OS Android
• PC
• NFC wearable Device
Authorization
Server
SE
ISO 7816
Proxy App
1
3
2
© COPYRIGHT COESSI 2017
THE CLOUD OF SECURE ELEMENT PLATFORM
• 2 trusted services• https
• Auth the client through the certificate
• On the server side, a simple phpscript handles the strong Mutual Authentication between the NFC card and the remote server
• RACS HSM: PKCS#15 device are hosted in a RACS HSM server,
• possibility to login with the Certificate and PW with the electronic signature operation
22
© COPYRIGHT COESSI 2017
USE CASE WITH SE AND IOT
• NFC trusted services• IoT device is managed remotely by the
operator.• Selected authorized resources have direct
device access through a mobile phone with an identity module (optionally imbedded in a secure element for added security, such as preventing the tampering/cloning of embedded apps).
•
•
23
© COPYRIGHT COESSI 2017
SMART CITY & NFC
• Internet of Things but also Internet of People
• Smart city concepts based on Information + ICT infrastructure deployment that aims to enhance, among other things, efficiency of mobility and economy.
•
•
• NFC is also a major contributor technology for promotion of IoT
• Emergence of new digital banking technologies
• Cless smart card, NFC devices, NFC HCE, etc.)
• Deliver real-time value transfer capabilities without jeopardizing trust and security
• NFC interoperability communication issues, still ongoing concern
24
© COPYRIGHT COESSI 2017
SKILLS WE CAN BRING
25
• Risk assessment and risk management in a cyber-security context• Technical cyber-security evaluation of developed solutions• Security-by-design and privacy-by-design specification and
implementation• Technical and methodological expertise on cyber-security (IoT, Smart-*,
SCADA)• Standard and norm development• Compliance testing and evaluation regarding existing/developed standards• Developing tools and methods for security auditing, penetration testing
and intrusion detection• Security controls and policy enforcement tools development• Security modeling (Attack trees, threat modeling)
© COPYRIGHT COESSI 2017
SKILLS WE CAN BRING
26
• Security issues:• SE based Infrastructure for securing on-line payment, remote access,
cloud storage, IoT.
• TLS stacks that are embedded in SE to enable strong mutual authentication based on certificates and asymmetric keys
• NFC interoperability communication issues, • NFC Low level + Transmission protocol
• Remote power supply, loading effect, data transmission quality, etc
• Still ongoing concern and need to take actions to improve the actual situation
• Not only managing but solving (as far as possible) the NFC communication issues
© COPYRIGHT COESSI 2017© COPYRIGHT COESSI 2017
Thank you!
Questions?
27
WWW
Linkedin/company/coessi
Twitter.com/coessi_fr
[email protected]@coessi.fr