information security education awareness (isea) seciot...
TRANSCRIPT
1
24/10/2016 SecIoT Workshop IIT
Kharagpur
Information Security Education Awareness (ISEA)
SecIoT (Security of Internet of Things)
Workshop
Secured Embedded Architecture Laboratory
(SEAL)
Department of Computer Science and Engineering
2
24/10/2016 SecIoT Workshop IIT
Kharagpur
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR
CSE Department
3
24/10/2016 SecIoT Workshop IIT
Kharagpur
The Seal Family
4
24/10/2016 SecIoT Workshop IIT
Kharagpur
COURSE LINK
http://cse.iitkgp.ac.in/conf/IoT/
24th-26th October, 2016.
5
24/10/2016 SecIoT Workshop IIT
Kharagpur
COURSE INSTRUCTORS
Prof Debdeep Mukhopadhyay
Prof Rajat Subhra Chakraborty
Prof Sandip Chakraborty
Mr Debapriya Basu Roy
Ms Urbi Chatterjee
Mr Rajat Sadhukhan
Ms Vidya Govindan
6
24/10/2016 SecIoT Workshop IIT
Kharagpur
COURSE LAYOUT
Lectures:
◦ Fundamentals:
Physically Unclonable Functions: A Promising Primitive for IoT Security
Security Model and Threat Taxonomy for Internet of Things (IoT)
Physically Unclonable Functions: Construction and attacks.
Side Channel Analysis
Lectures:
◦ Security and Privacy for IoT
Privacy Issues in Smart Devices
Introduction to Wireless Hacking
Public Key Cryptography for IoT
PUF based Authentication Protocols
Introduction to Lightweight Symmetric Cryptosystem
Demo:
◦ Eavesdropping attack on Phillips Hue Wireless Lighting System
◦ Man-In-Middle attack on Wireless Surveillance System.
◦ Design and implementation of Physically Unclonable Functions
Demo:
◦ Implementation of Hardware Trojan Horse
◦ Integrating PUFs with the Smart Devices
◦ Exploiting Safe error attack based Key leakage in RFID authentication protocols.
7
24/10/2016 SecIoT Workshop IIT
Kharagpur
Debdeep Mukhopadhyay
Secured Embedded Architecture Laboratory
(SEAL)
Department of Computer Science and Engineering
Physically Unclonable Function: a
Promising Security Primitive for
Internet of Things
8
24/10/2016 SecIoT Workshop IIT
Kharagpur8
9
24/10/2016 SecIoT Workshop IIT
Kharagpur
Embedded Security: The Gap between Theory and Practice
Cryptographic Theory has limitations.There is an absence of theory for the reality!Even mathematically strong ciphers leak in the real world!
E
Ka
D
Kb
CommunicationChannel
Message Message
Mallory
Alice Bobleaked Information
Side Channels in the real worldThrough which a cryptographic module
leaks information to its environment
unintentionally
10
24/10/2016 SecIoT Workshop IIT
Kharagpur
Threats at Different Stages of Design
and Manufacturing Flow
IP ToolsStd.
Cells Models
DesignSpecifications Fab Interface Mask Fab
Wafer
Probe
Dice and
Package
Package
Test
Deploy
and
Monitor
Trusted
Either
Untrusted
Wafer
*http://www.darpa.mil/MTO/solicitations/baa07-24/index.html
Not really Trusted!!
Offshore
Third-party
11
24/10/2016 SecIoT Workshop IIT
Kharagpur
Internet of Things (IoT): Next
Generation Networks IoTs will extend today’s internet
much further, connecting a wide spectrum of devices.
It is estimated that by 2020, 50 billion devices will be internet connected, which includes critical device, like cars, pacemakers, electrical grids.
Management
Education
Food
Pharmaceuticals
IoT
Applications
Retail
Logistics
IoTs can revolutionize quality of
life
However, commercial IoT
devices lack security measures!
Can have catastrophic
consequences to mankind.
12
24/10/2016 SecIoT Workshop IIT
Kharagpur
Applications of IoT: Indian Context Sensor technologies can monitor
vulnerable environments and limit natural disasters.
E-governance:
◦ Warehouse, management
Inventory control
◦ Port management
Ships, boats, containers, etc.
Nano-sensors can be used to monitor water quality at reduced cost
Nano-membranes can assist in the treatment of waste-water.
Food Control: Control geographical origin, Food production management, Nutrition calculations
Pharmaceuticals:
◦ Intelligent tags for drugs
◦ Drug usage tracking, Pharmaceuticals: Product websites
◦ RFIDs can be used to track the origin of safe drugs thereby reducing counterfeits.
Enable the emergency treatment to be given faster and more correct.
Need to integrate security into the IoT by
developing novel secured protocols for
interactions of multiple components, which are
secured against these menacing threats.
13
24/10/2016 SecIoT Workshop IIT
Kharagpur
Side Channel Laboratory at IIT Kharagpur
Power Analysis
Fault Analysis
EM Analysis
Laser Injections
Cache Analysis
http://cse.iitkgp.ac.in/resgrp/seal/
14
24/10/2016 SecIoT Workshop IIT
Kharagpur
IoT Lab at IIT Kharagpur◦ Description IOT Lab introduces relatively new research platform
at IIT Kharagpur which is focused towards research, learning and hands-on experimentation on the promising Internet of Things.
◦ On going Experiments Design of PUF based secure mutual
authentication and communication protocol for IOT applications.
Exploiting the security vulnerabilities in
Philips Hue Lighting system.
Exploiting the security vulnerabilities of
a video surveillance system using Wifi.
◦ Equipments Available Philips Hue light system
Intel Edison board
Nexys 4 DDR
Logitech HD Camera
Rasberry Pi Kit
HP Wireless network printer
15
24/10/2016 SecIoT Workshop IIT
Kharagpur
Definition of Internet of
Things (IoT) The term Internet of Things
was first used by Kevin Ashton in 1999.
Refers to uniquely identifiable objects (things) and their virtual representations in an Internet-like structure
Management
Education
Food
Pharmaceuticals
IoT
Applications
Retail
Logistics
But commercial IoTs lack
security measures!
16
24/10/2016 SecIoT Workshop IIT
Kharagpur
Overview on IoT
3-layered architecture for IoT:
◦ Application Layer
◦ Network Layer
◦ Perception Layer
17
24/10/2016 SecIoT Workshop IIT
Kharagpur
Perception Layer
Perceive physical properties such as temperature, location, speed, etc. by various sensing devices.
This information is converted to digital signals and transmitted through digital networks and stored.
The objects of this layer can have sensing and/or actuating abilities.
An actuator receives programmed commands and performs tasks at specific times.
18
24/10/2016 SecIoT Workshop IIT
Kharagpur
Network Layer
Responsible for transmitting data received from the perception layer to a data base, server, or processing center.
Include cellular technologies, 2G/3G, Wi-Fi, BlueTooth, Zigbee, etc.
Need to address the expected billions of things: Use of IPv6 for large addressing space.
19
24/10/2016 SecIoT Workshop IIT
Kharagpur
Application Layer
Stores, processes, and analyzes the information received from the Network layer.
These facilitate end-user applications such as building automation, location based services, identity authentication, safety etc.
This layer promotes IoT, thus is important for the spread of IoT.
20
24/10/2016 SecIoT Workshop IIT
Kharagpur
IoT Components
Perception Layer:Sensors
ActuatorsEnd-Devices (small
Boards, with an integrated uC used to
provide processing and communication abilities
to sensors/actuators)
Application Layer: IoT cloud platforms
Software applications
Network Layer:Communication
protocolsM2M servers
GatewaysOperating Systems for
end-devicesMessage Queues
21
24/10/2016 SecIoT Workshop IIT
Kharagpur
IoT Components
End Device
End Device
End Device
GateWayM2M Servers
IoTCloud
IoT
Application
Layer
Protocol
IoT
Application
Layer
Protocol
IoT
Communication
Protocol
22
24/10/2016 SecIoT Workshop IIT
Kharagpur
A Case Study of Security Weakness:
A Simple Eavesdrop Attack on Philips Hue Wireless
Lighting System
• Allows the user to wirelessly control the
lighting system in home via Philips Hue App
for Android and iOS.
•When the app was launched, the hashed value of the
MAC address of the device was used to create the
username and was “white-listed” in the bridge.
•If the attacker knows the MAC address of the device,
she can easily retrieve the username of the device.
1: User name is created at the time of registration.
2: While sending any command to Bridge, username is fetched in Wire shark.
3: Using IP Address of the Bridge and the username, entire white-list of the Bridge is exposed.
• Later, this mechanism was
changed.
•But the communication is
now in plain text!
If the attacker can capture traffic
between a legitimate user and Hue
bridge, then it can be used to
extract the bridge’s IP and all
“white-listed” usernames using a
python script.
23
24/10/2016 SecIoT Workshop IIT
Kharagpur
Security for IoT…
Source: Patrick Koeberl – Security Architect at Intel Labs, Intel
Corporation, IDF14 23
24
24/10/2016 SecIoT Workshop IIT
Kharagpur
Hardware Root of Trust
24
Source: Patrick Koeberl – Security Architect at Intel Labs, Intel
Corporation, IDF14
Just enough security for each end points
25
24/10/2016 SecIoT Workshop IIT
Kharagpur
Trustworthy Handling of large
Number of Devices
25
Source: Patrick Koeberl – Security Architect at Intel Labs, Intel
Corporation, IDF14
26
24/10/2016 SecIoT Workshop IIT
Kharagpur
Trust in IoT
26
• 50 Billion Devices
to be connected by
2020!
• Devices need to
trust the owner and
also each other.
• Devices connected
through
heterogeneous
network, and are
resource
constrained.
27
24/10/2016 SecIoT Workshop IIT
Kharagpur
Whom can you Trust?
What do we know about the device?
◦ Is it running the correct software?
◦ Is it genuine?
We need to guarantee:
◦ Integrity
◦ Privacy
◦ Quality
IoT endpoints operate under resource
constraints:
◦ CPU
◦ Memory
◦ Energy
◦ Communications
Traditional Security features do not
scale down!
◦ The Trusted Computing Base (TCB) must be as
small as possible!
Trust is a major enabler
for IoT
Are there more optimal solutions for the
hardware root of trust?
28
24/10/2016 SecIoT Workshop IIT
Kharagpur
Lightweight Elliptic Curve Cryptography for IoTURISC Processor: Using One-Instruction
Computing, which are Turing Complete.
New Area Record for ECC Hardware on FPGAs
in GF(p). Resource Less than 100 slices.
NIST-256 Curve
Virtex 5: 81 slices, 8 DSP, 22 BRAM
Spartan 6: 72 slices, 8 DSP, 24 BRAM
Debapriya Basu Roy, Poulami Das, and Debdeep Mukhopadhyay,
“ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC
Design in GF(p)”, SAC 2015.
SBN-OISC based ECC Architecture
COMPARISIONS
Lightweight Field
Multiplier
Deployed SBN
Instructions
29
24/10/2016 SecIoT Workshop IIT
Kharagpur
Power
consumption
Threats from Side Channel Attacks
Data input
Data output
Terminal IC chip
Power supply
00111…
Measure power
consumptionGuess secret information
stored on IC chip memory
0 1 1 1Secret
information0 1
30
24/10/2016 SecIoT Workshop IIT
Kharagpur
Countering Side Channels by Design
Physical Key Extraction Attacks on PCs, Daniel Genkin, Lev Pachmanov, Itamar Pipman, Adi Shamir, Eran
Tromer, Communications of the ACM, Vol. 59 No. 6, Pages 70-79
Suvadeep Hajra, Chester Rebeiro, Shivam Bhasin, Gaurav Bajaj, Sahil Sharma, Sylvain Guilley, Debdeep
Mukhopadhyay: DRECON: DPA Resistant Encryption by Construction. AFRICACRYPT 2014: 420-439
Eliminating Side
Channel Leakages by
design could reduce
the huge over-head
from ad-hoc counter-
measures, rendering
them suitable for IoT.
31
24/10/2016 SecIoT Workshop IIT
Kharagpur
Micro-architectural Side Channel Analysis
on Desktops
Sarani Bhattacharya and Debdeep Mukhopadhyay, “Who watches the watchmen?:
Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms”, CHES 2015.
Strong correlation between two-bit predictor
and system branch predictor
Partitioning Ciphertexts set based on
simulated Branch miss Modelling
Branch misprediction values from Hardware Performance Counter revealing the secret exponent bit of RSA
IoTs are heterogeneous.
Several ciphers would be
executing on standard
desktops.
Micro-architectural side
channel analysis would
ensure their safety.
32
24/10/2016 SecIoT Workshop IIT
Kharagpur
Fault Attacks exploiting DRAM vulnerability
Sarani Bhattacharya and Debdeep Mukhopadhyay,
“Curious case of Rowhammer: Flipping Secret Exponent
Bits using Timing Analysis”, CHES 2016.
DRAM Architecture
Code inducing Rowhammer fault
A DRAM module and alignment of DRAM cell in rows and columns
Number of bit flips observed in all
banks of a single DIMM
Remote Fault Attacks
could compromise
ciphers over the
internet.
33
24/10/2016 SecIoT Workshop IIT
Kharagpur
Fortifying IoTs through Key-less Crypto
Side Channel Analysis is an extremely important topic!◦ It is an art and works in the real scenarios.
Side Channels make conventional cryptography challenged:◦ Overheads are huge.
◦ Counter-measures against one side channel can aid other side-channels.
Cryptographic keys are stored in memory, which could be a point of attack: Row-hammer bugs.
With more advancement in computer architecture, more vulnerabilities are introduced.
What would be the way ahead?
Debdeep Mukhopadhyay, PUFs as Promising Tools for Security
in Internet of Things. IEEE Design & Test 33(3):103-115(2016)
34
24/10/2016 SecIoT Workshop IIT
Kharagpur
Physically Unclonable Function (PUF)P
hys
ical
ly U
nlc
on
able
Fu
nct
ion
:
2013-14
•Design of Low Area-overhead Ring Oscillator PUF with Large Challenge Space [ReconFig 2013]
•Composite PUF: A New Design Paradigm for Physically Unclonable Functions on FPGA [HOST 2014]
2015
•A Case of Lightweight PUF Constructions: Cryptanalysis and Machine Learning Attacks [IEEE TCAD 2015]
•Efficient Attacks on Robust Ring Oscillator PUF with Enhanced Challenge-response Set [DATE 2015]
2016
•Security Analysis of Arbiter PUF and Its Lightweight Compositions Under Predictability Test [ACM TODAES 2016]
•Fault Tolerant Implementations of Delay-based Physically Unclonable Functions on FPGA [FDTC 2016]
Composite PUF [HOST 2014]:
• A composition of primitive PUFs
• Achieved improved modeling
resistance
PUF Overview Our
contributions
Arb
ite
r P
UF
[Lim
2
00
2, M
IT]
Silicon PUF exploiting CMOS
process in defining device-
specific (unique) random
mapping
RO
PU
F
[Su
h, 2
00
7]
Applications:1) On-the-fly private key generation (an
alternative for non-volatile key storage)
2) Hardware authentication (anti-
counterfeiting)
We aim at designing secure PUF compositions:
Challenges
• Model-building and side channel resistant reliable
PUF designs on ASICs
• ASIC designs need to be experimented with large
number of instances of the same PUF design.
• Fault Tolerance of PUF ASICs
• Test Strategies for PUFs: metrics for assessing
architectures of PUFs
Reliability and Model building
attacks are main issues.
• Same design
• Same waferChips with
unique and
(physically)
unclonable
fingerprints
35
24/10/2016 SecIoT Workshop IIT
Kharagpur
PUF in the context of IoT
35
Challenge
Response1Response2
Response3
• The responses have to be unpredictable.
• Should not be able to modeled using mathematical
analysis.
• The responses should also be unique and
independent.
• That is knowledge of one response, should not leak
information of the others!
36
24/10/2016 SecIoT Workshop IIT
Kharagpur
What is a PUF?
36
Fingerprint of Devices
The challenge-response mapping is unclonable (ideally)
and instance-specific (depends on manufacturing process
variations evident in ASICs)
n-bit Challenge(C) PUF n-bit Response (R)
A challenge-response mechanism in which the mapping
between an applied input (“challenge”) and the
corresponding observed output (“response”) is dependent
on the complex and variable nature of a physical material
37
24/10/2016 SecIoT Workshop IIT
Kharagpur
An Example with a simple SR-
Latch
Make the input in=1, y=1, y’=1.
Make the input in=0, both of the
following states are possible:
◦ y=1, y’=0
◦ y=0, y’=137
in
Source of randomness!
38
24/10/2016 SecIoT Workshop IIT
Kharagpur
From Theory to Practice FPGAs are ideal for security implementations
◦ In-house and high-performance
◦ Programmability is an added feature
◦ But careful implementation is needed.
38
module SR(in , Q, Qbar);
input in;
output Q, Qbar;
nand N1(Q, ~in, Qbar);
nand N2(Qbar, ~in, Q);
endmodule
AND
in
Q
OR
Qbar
The non-determinism and
hence the randomness is
gone!
LUT1LUT2
39
24/10/2016 SecIoT Workshop IIT
Kharagpur
Another Attempt
This design has the non-determinism as
expected!
We can also design using NAND primitives.39
module SR(in, Q, Qbar
);
input in;
output Q, Qbar;
(* KEEP = "TRUE" *) wire w1, w2;
nand N1(Q, ~in, w1);
nand N2(Qbar, ~in, w2);
assign w1 = Qbar;
assign w2 = Q;
endmodule
OR
OR
in
Q
Qbar
w1
w2
40
24/10/2016 SecIoT Workshop IIT
Kharagpur
The Silicon Space
Mismatch in driving
capabilities of the
gates
Difference in
routing delays of
the feedback path
◦ a Latch cell will give
either 0 or 1 as
output.
◦ Depends on the
(x,y) position of the
silicon area.
ICISS 2011 40
(x1,y1) (x2,y2) (x3,y3) (x4,y4)
(x6,y6) (x7,y7) (x8,y8) (x9,y9)
(x11,y11) (x12,y12) (x13,y13) (x14,y14) (x15,y15)
(x10,y10)
(x5,y5)
(x16,y16) (x17,y17) (x18,y18) (x19,y19) (x20,y20)
(x25,y25)(x24,y24)(x23,y23)(x22,y22)(x21,y21)
0 1 1 0 1
Values of Q
41
24/10/2016 SecIoT Workshop IIT
Kharagpur
World without PUF
Trusted party embeds and tests
secret keys in a secure non-
volatile memory (NVM)
EEPROM adds additional
complexity to manufacturing
Adversaries may physically
extract secret key from non-
volatile memory
Advantage PUF!!
41
World with PUF
Intrinsic properties of device is
used to generate secret key.
Key never leaves the IC’s
cryptographic boundary, nor be
stored in a non-volatile memory.
Key is deleted after usage in de-
or encryption process
42
24/10/2016 SecIoT Workshop IIT
Kharagpur
PUFs for Identification
42
Protect against ASIC substitution and counterfeits without using
cryptographic operations
AuthenticDevice A
PUF
Untrusted Supply Chain / Environments
???
Challenge Response
Is this theauthenticDevice A?
=?
PUF
Challenge Response’
Challenge Response
Database for Device A
1001010 010101
1011000 101101
0111001 000110
Record
IC rejected if Response’ does not
match the enrolled Response
43
24/10/2016 SecIoT Workshop IIT
Kharagpur
An IoT Test-Bed
RFID tag prototypes interfaced with an FPGA (like Nexys-2)
RFID reader acts as a translator from IPv6 to a tag-specific
communication interface (IPv6 makes ubiquitous computing
feasible by providing unique identifiers to all connected
objects)
Typically comprise of
sensor nodes, micro-
processors, embedded
processors, network
gateways, and finally
the cloud.
44
24/10/2016 SecIoT Workshop IIT
Kharagpur
Threats from Model Building
Attacks
44
Threats from machine learning
algorithms:
Attempt to develop a
model from the observed
Challenge-Response Pairs
(CRPs)
45
24/10/2016 SecIoT Workshop IIT
Kharagpur
Lightweight PUFs and PUF
Composition
Layers of PUF
45
INPUT
LAYER
Combiners
Challenge
OUTPUT
LAYER
Response
Side
Channel
Attacker
ML Attacker
46
24/10/2016 SecIoT Workshop IIT
Kharagpur
A Side Channel and Machine
Learning Resistant Ideal
PUF Composition.
Reference: Composite PUF: A new design paradigm for Physically
Unclonable Functions on FPGA. IEEE HOST 2014: 50-55
iPUF design proposal is selected as finalist in “CyberSEED
Hardware Challenge”, 2014 (http://www.csi.uconn.edu/cybersecurity-
week)
47
24/10/2016 SecIoT Workshop IIT
Kharagpur
Security Analysis for the
IoT Testbed
PUFs
PUFs/IC s
for ciphers
Secured Implementation
of ciphers
Mallory
leaked Information
Side Channels in the IoT
48
24/10/2016 SecIoT Workshop IIT
Kharagpur
Security and Privacy in
Context to IoT The IoT has no protection against attacks
Seamless information exchange without user intervention implies need for adequate security measures
But this ease-of-use and seamlessness should not facilitate certain classes of implementation-specific attacks:
◦ Side-channel attacks (which utilize leaked information to compromise the security of secure systems)
Design low-overhead IoT that are sufficiently robust against side-channel attacks:
◦ IoT subsystems are resource constrained!
◦ Need light-weight solutions.
Debdeep Mukhopadhyay, PUFs as Promising Tools for Security
in Internet of Things. IEEE Design & Test 33(3):103-115(2016)
49
24/10/2016 SecIoT Workshop IIT
Kharagpur
Securing IoT using PUFs
Combining PUFs with Public key Cryptography
The nodes are enabled with FPGA PUFs
We have selected Intel Edison Board ( which is widely used for IoT Applications) as a “Smart Device”.
We will connect a FPGA board with each of the Edison boards.
In the FPGA board, we will implement Physically Unclonable Functions (PUFs) which will be used to uniquely identify each of the Edison boards to the server in which they are registered.
◦ The server will send challenges wirelessly to the Edison board for authentication and using the PUF circuit deployed in the FPGA board, the Edison board will send responses to the server.
These responses will be used by the server to authenticate the smart device.
A naïve protocol for PUF based
authentication
An Experimental
Set-up for
Secured
Authentication
using PUFs
Challenges: Designing an efficient mathematical proven secured PUF based authentication
protocol with an untrusted server.
Idea: Combining Public Key Cryptography (Identity based encryption using Elliptic Curves)
with PUFs.
50
24/10/2016 SecIoT Workshop IIT
Kharagpur
A generic IoTTest-Bed using
PUFs
PUFs
PUFs/IC s
for ciphers
Secured Implementation
of ciphers
Mallory
leaked Information
Side Channels in the IoT
51
24/10/2016 SecIoT Workshop IIT
Kharagpur
Building IoTTestBeds:
A Smart Grid Test-Bed
Smart Meters
Collector/Router
Collector/Router
Collector/Router
Collector/Router
Collector/Router
Collector/Router
Power Supply
LOAD LOAD LOAD
Power Supply
Smart Meters
Smart Meters
Smart Meters
Smart Meters
Smart Meters
Smart Meters
Smart Meters
PUF based
Authentication
PUFs are the hardware root of
trust
52
24/10/2016 SecIoT Workshop IIT
Kharagpur
Conclusions
The project is expected to have several far reaching effects.
◦ Develop expertise in Security, Embedded Systems, VLSI, Architecture, Networks, ML
Bring benefits to the Indian mass:
◦ Ubiquitous, equitable, affordable access to technology
◦ Drug control, diagnosis and treatment, natural disaster control, mines, etc.
◦ Application of IoT will always be influenced by local conditions.
◦ We wish to take the first steps in this context, with security upfront.
“The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.”- Dr Mark Weisser, Father of Ubuiquitous Computing
53
24/10/2016 SecIoT Workshop IIT
Kharagpur
Thank You for your attention!!