IoT Security in Action!
Julien Vermillard, Sierra Wireless
@vrmvrm - [email protected]
EclipseCON EU 2016
Introduction
Managing connected devices
Why it is simple to exploit non-secured systems
How simple to have the minimum security
Network security
Deep dive: demo setup
IoT Device(MangOH)
Attacker
Internet Gateway(Linux PC)
Local network
Internet
Man-in-the-Middle?
IoT Device(MangOH)
Attacker PCLinuxEttercap
Internet Gateway(Linux PC)
Local network
Internet
Before attack
IoT Device(RaspberryPI)
Attacker PCLinuxEttercap
Internet Gateway(Linux PC)
Local network
Internet
Traffic to Internet
ARP poisoning
IoT Device(MangOH)
Attacker PCLinuxEttercap
Internet Gateway(Linux PC)
Local network
Internet
I’m the gateway!
Route everything to the gateway
Traffic to Internet
DNS spoofing
IoT Device(MangOH)
Attacker PCLinuxEttercap
Internet Gateway(Linux PC)
Local network
Internet
Fake DNS response
DNS queryiot.eclipse.org
LWM2M connection
With TLS/DTLS?
IoT Device(RaspberryPI)
Attacker PCLinuxEttercap
Internet Gateway(Linux PC)
Local network
Internet
Fake DNS response
DNS queryiot.eclipse.org
DTLS handshakefailure
Security with gateways
Sensor network(ex: Zigbee)
Gateway:collect data and push to cloud
cable, 4G, etc..
Secure transportLow or no security
public network
Security with gateways
public network
Sensor network(ex: Zigbee)
cable, 4G, etc..
Attack gatewayget access to all the network
Local wireless sniffing
End-to-end security
public network
Low power nodes:security starts here
Sensor network(ex: Thread)
Router
cable, 4G, etc..
See only encrypted communicationNot your Achilles’ heel
Other benefits of IP to the edge device
Simplicity: only IP networks
Topology flexibility compared to gateway
Scaling IP routing is something well known
Can we trust wireless network?
Wifi password?
GPRS encryption?
3G/4G femtocell?
Zigbee?
Bluetooth?
Not talking of plain text wireless network :)
Example: GPRS
https://discourse.criticalengineering.org/t/howto-gsm-base-station-with-the-beaglebone-black-debian-gnu-linux-and-a-usrp/56
Example: 3G/4G femtocell
http://www.ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf
Key Management
Key management
You will have a fleet of device
They needs secrets (key, password, etc..)
Unique across devices
You need to be able to change those secrets
You will probably don’t trust your factory
Lightweight M2M Bootstrap
Flash bootstrap credentials
I only have bootstrap credentials or I can’t reach final server
Lightweight M2M Bootstrap
Lightweight M2M Bootstrap
Give me key and my server(s)
Bootstrap Server
Lightweight M2M Bootstrap
New keys and server(s) URLsand ACL
Bootstrap Server
Lightweight M2M Bootstrap
Registration
Bootstrap Server
Registration
Home AutomationServer
Device Manag.Server
Secret key rotation using bootstrap?
Renew or upgrade your secret:
1 - Device authenticate with the bootstrap server2 - Bootstrap server rewrite the bootstrap secret
Next bootstrap the device use the new bootstrap secrets
Public Key Infrastructure?
Root CA
Intermediate CA
End entity 1 End entity 2 End entity3
How to verify a certificate
Root trustIdentity to verify Intermediate
Issuer Signature
Expiration ~3 y
Public Key
Issuer Identity
Issuer Signature
Expiration ~5 y
Public Key
Issuer Identity
Root Signature
Root CA Identity
Root Public Key
Find
Verify Find
Verify
Identity
Identity
Enrollment with PKI
Generate
Private Public
Enrollment with PKI
Private Public
Certification Authority
Certificate Request
Enrollment with PKI
Generate
Private Public
Certification Authority
Certificate
CA Private
Sign using CA private key a X.509 certificate
Enrollment with PKI
Generate
Private Public
Service
CA Public
Sign using certificate for authentication
Still not IoT friendly
A lot of enterprise protocols:
IKE: Internet Key Exchange RFC2409
CMP: Certificate Management Protocol RFC4210
SCEP: Simple Certificate Enrollment Protocol draft-gutmann-scep-02
EST: Enrollment Over Secure Transport RFC7030
IEEE 802.1AR: Secure Device Identity 802.1AR
But still nothing ready to use for constrained networks & devices
Firmware download
Firmware download
IoT Device(RaspberryPI)
Attacker PCLinuxEttercap
Internet Gateway(Linux PC)
Local network
Internet
Send firmware with backdoor
HTTP GET
CMS (Cryptograpic Message Syntax)
See RFC5652 (replaces PKCS #7)
Used to digitally sign, digest, authenticate, or encrypt arbitrary message content.
Supported by OpenSSL (CLI: openssl cms)
Secure boot
Hardware (ROM) enforces booting only correctly signed code
Often based on ECDSA signature
Hardware based ⇒ no algorithm agility
Open-source solutions are there
Eclipse IoT:
Leshan, Wakaama, TinyDTLS, Scandium, Paho,
Mosquitto, Hono
OpenSSL, Mbed TLS
CFSSL
GnuPG
U-Boot
Credits
Tom Medley - The Noun ProjectGuilhem - The Noun ProjectGiuditta Valentina Gentile - The Noun ProjectSergey Krivoy - The Noun ProjectJon Anderson - The Noun ProjectRyan Beck - The Noun ProjectEdward Boatman - The Noun Project