information security education awareness (isea) seciot...

1

24/10/2016 SecIoT Workshop IIT

Kharagpur

Information Security Education Awareness (ISEA)

SecIoT (Security of Internet of Things)

Workshop

Secured Embedded Architecture Laboratory

(SEAL)

Department of Computer Science and Engineering

IIT [email protected]

2


Kharagpur

INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR

CSE Department

3


Kharagpur

The Seal Family

4


Kharagpur

COURSE LINK

http://cse.iitkgp.ac.in/conf/IoT/

24th-26th October, 2016.

http://cse.iitkgp.ac.in/conf/IoT/

5


Kharagpur

COURSE INSTRUCTORS

Prof Debdeep Mukhopadhyay

Prof Rajat Subhra Chakraborty

Prof Sandip Chakraborty

Mr Debapriya Basu Roy

Ms Urbi Chatterjee

Mr Rajat Sadhukhan

Ms Vidya Govindan

6


Kharagpur

COURSE LAYOUT

Lectures:

◦ Fundamentals:

Physically Unclonable Functions: A Promising Primitive for IoT Security

Security Model and Threat Taxonomy for Internet of Things (IoT)

Physically Unclonable Functions: Construction and attacks.

Side Channel Analysis

Lectures:

◦ Security and Privacy for IoT

Privacy Issues in Smart Devices

Introduction to Wireless Hacking

Public Key Cryptography for IoT

PUF based Authentication Protocols

Introduction to Lightweight Symmetric Cryptosystem

Demo:

◦ Eavesdropping attack on Phillips Hue Wireless Lighting System

◦ Man-In-Middle attack on Wireless Surveillance System.

◦ Design and implementation of Physically Unclonable Functions

Demo:

◦ Implementation of Hardware Trojan Horse

◦ Integrating PUFs with the Smart Devices

◦ Exploiting Safe error attack based Key leakage in RFID authentication protocols.

7


Kharagpur

Debdeep Mukhopadhyay

Secured Embedded Architecture Laboratory

(SEAL)

Department of Computer Science and Engineering

IIT [email protected]

Physically Unclonable Function: a

Promising Security Primitive for

Internet of Things

8


Kharagpur8

9


Kharagpur

Embedded Security: The Gap between Theory and Practice

Cryptographic Theory has limitations.There is an absence of theory for the reality!Even mathematically strong ciphers leak in the real world!

E

Ka

D

Kb

CommunicationChannel

Message Message

Mallory

Alice Bobleaked Information

Side Channels in the real worldThrough which a cryptographic module

leaks information to its environment

unintentionally

10


Kharagpur

Threats at Different Stages of Design

and Manufacturing Flow

IP ToolsStd.

Cells Models

DesignSpecifications Fab Interface Mask Fab

Wafer

Probe

Dice and

Package

Package

Test

Deploy

and

Monitor

Trusted

Either

Untrusted

Wafer

*http://www.darpa.mil/MTO/solicitations/baa07-24/index.html

Not really Trusted!!

Offshore

Third-party

11


Kharagpur

Internet of Things (IoT): Next

Generation Networks IoTs will extend today’s internet

much further, connecting a wide spectrum of devices.

It is estimated that by 2020, 50 billion devices will be internet connected, which includes critical device, like cars, pacemakers, electrical grids.

Management

Education

Food

Pharmaceuticals

IoT

Applications

Retail

Logistics

IoTs can revolutionize quality of

life

However, commercial IoT

devices lack security measures!

Can have catastrophic

consequences to mankind.

12


Kharagpur

Applications of IoT: Indian Context Sensor technologies can monitor

vulnerable environments and limit natural disasters.

E-governance:

◦ Warehouse, management

Inventory control

◦ Port management

Ships, boats, containers, etc.

Nano-sensors can be used to monitor water quality at reduced cost

Nano-membranes can assist in the treatment of waste-water.

Food Control: Control geographical origin, Food production management, Nutrition calculations

Pharmaceuticals:

◦ Intelligent tags for drugs

◦ Drug usage tracking, Pharmaceuticals: Product websites

◦ RFIDs can be used to track the origin of safe drugs thereby reducing counterfeits.

Enable the emergency treatment to be given faster and more correct.

Need to integrate security into the IoT by

developing novel secured protocols for

interactions of multiple components, which are

secured against these menacing threats.

13


Kharagpur

Side Channel Laboratory at IIT Kharagpur

Power Analysis

Fault Analysis

EM Analysis

Laser Injections

Cache Analysis

http://cse.iitkgp.ac.in/resgrp/seal/

14


Kharagpur

IoT Lab at IIT Kharagpur◦ Description IOT Lab introduces relatively new research platform

at IIT Kharagpur which is focused towards research, learning and hands-on experimentation on the promising Internet of Things.

◦ On going Experiments Design of PUF based secure mutual

authentication and communication protocol for IOT applications.

Exploiting the security vulnerabilities in

Philips Hue Lighting system.

Exploiting the security vulnerabilities of

a video surveillance system using Wifi.

◦ Equipments Available Philips Hue light system

Intel Edison board

Nexys 4 DDR

Logitech HD Camera

Rasberry Pi Kit

HP Wireless network printer

15


Kharagpur

Definition of Internet of

Things (IoT) The term Internet of Things

was first used by Kevin Ashton in 1999.

Refers to uniquely identifiable objects (things) and their virtual representations in an Internet-like structure

Management

Education

Food

Pharmaceuticals

IoT

Applications

Retail

Logistics

But commercial IoTs lack

security measures!

16


Kharagpur

Overview on IoT

3-layered architecture for IoT:

◦ Application Layer

◦ Network Layer

◦ Perception Layer

17


Kharagpur

Perception Layer

Perceive physical properties such as temperature, location, speed, etc. by various sensing devices.

This information is converted to digital signals and transmitted through digital networks and stored.

The objects of this layer can have sensing and/or actuating abilities.

An actuator receives programmed commands and performs tasks at specific times.

18


Kharagpur

Network Layer

Responsible for transmitting data received from the perception layer to a data base, server, or processing center.

Include cellular technologies, 2G/3G, Wi-Fi, BlueTooth, Zigbee, etc.

Need to address the expected billions of things: Use of IPv6 for large addressing space.

19


Kharagpur

Application Layer

Stores, processes, and analyzes the information received from the Network layer.

These facilitate end-user applications such as building automation, location based services, identity authentication, safety etc.

This layer promotes IoT, thus is important for the spread of IoT.

20


Kharagpur

IoT Components

Perception Layer:Sensors

ActuatorsEnd-Devices (small

Boards, with an integrated uC used to

provide processing and communication abilities

to sensors/actuators)

Application Layer: IoT cloud platforms

Software applications

Network Layer:Communication

protocolsM2M servers

GatewaysOperating Systems for

end-devicesMessage Queues

21


Kharagpur

IoT Components

End Device

End Device

End Device

GateWayM2M Servers

IoTCloud

IoT

Application

Layer

Protocol

IoT

Application

Layer

Protocol

IoT

Communication

Protocol

22


Kharagpur

A Case Study of Security Weakness:

A Simple Eavesdrop Attack on Philips Hue Wireless

Lighting System

• Allows the user to wirelessly control the

lighting system in home via Philips Hue App

for Android and iOS.

•When the app was launched, the hashed value of the

MAC address of the device was used to create the

username and was “white-listed” in the bridge.

•If the attacker knows the MAC address of the device,

she can easily retrieve the username of the device.

1: User name is created at the time of registration.

2: While sending any command to Bridge, username is fetched in Wire shark.

3: Using IP Address of the Bridge and the username, entire white-list of the Bridge is exposed.

• Later, this mechanism was

changed.

•But the communication is

now in plain text!

If the attacker can capture traffic

between a legitimate user and Hue

bridge, then it can be used to

extract the bridge’s IP and all

“white-listed” usernames using a

python script.

23


Kharagpur

Security for IoT…

Source: Patrick Koeberl – Security Architect at Intel Labs, Intel

Corporation, IDF14 23

24


Kharagpur

Hardware Root of Trust

24


Corporation, IDF14

Just enough security for each end points

25


Kharagpur

Trustworthy Handling of large

Number of Devices

25


Corporation, IDF14

26


Kharagpur

Trust in IoT

26

• 50 Billion Devices

to be connected by

2020!

• Devices need to

trust the owner and

also each other.

• Devices connected

through

heterogeneous

network, and are

resource

constrained.

27


Kharagpur

Whom can you Trust?

What do we know about the device?

◦ Is it running the correct software?

◦ Is it genuine?

We need to guarantee:

◦ Integrity

◦ Privacy

◦ Quality

IoT endpoints operate under resource

constraints:

◦ CPU

◦ Memory

◦ Energy

◦ Communications

Traditional Security features do not

scale down!

◦ The Trusted Computing Base (TCB) must be as

small as possible!

Trust is a major enabler

for IoT

Are there more optimal solutions for the

hardware root of trust?

28


Kharagpur

Lightweight Elliptic Curve Cryptography for IoTURISC Processor: Using One-Instruction

Computing, which are Turing Complete.

New Area Record for ECC Hardware on FPGAs

in GF(p). Resource Less than 100 slices.

NIST-256 Curve

Virtex 5: 81 slices, 8 DSP, 22 BRAM

Spartan 6: 72 slices, 8 DSP, 24 BRAM

Debapriya Basu Roy, Poulami Das, and Debdeep Mukhopadhyay,

“ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC

Design in GF(p)”, SAC 2015.

SBN-OISC based ECC Architecture

COMPARISIONS

Lightweight Field

Multiplier

Deployed SBN

Instructions

29


Kharagpur

Power

consumption

Threats from Side Channel Attacks

Data input

Data output

Terminal IC chip

Power supply

00111…

Measure power

consumptionGuess secret information

stored on IC chip memory

0 1 1 1Secret

information0 1

30


Kharagpur

Countering Side Channels by Design

Physical Key Extraction Attacks on PCs, Daniel Genkin, Lev Pachmanov, Itamar Pipman, Adi Shamir, Eran

Tromer, Communications of the ACM, Vol. 59 No. 6, Pages 70-79

Suvadeep Hajra, Chester Rebeiro, Shivam Bhasin, Gaurav Bajaj, Sahil Sharma, Sylvain Guilley, Debdeep

Mukhopadhyay: DRECON: DPA Resistant Encryption by Construction. AFRICACRYPT 2014: 420-439

Eliminating Side

Channel Leakages by

design could reduce

the huge over-head

from ad-hoc counter-

measures, rendering

them suitable for IoT.

31


Kharagpur

Micro-architectural Side Channel Analysis

on Desktops

Sarani Bhattacharya and Debdeep Mukhopadhyay, “Who watches the watchmen?:

Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms”, CHES 2015.

Strong correlation between two-bit predictor

and system branch predictor

Partitioning Ciphertexts set based on

simulated Branch miss Modelling

Branch misprediction values from Hardware Performance Counter revealing the secret exponent bit of RSA

IoTs are heterogeneous.

Several ciphers would be

executing on standard

desktops.

Micro-architectural side

channel analysis would

ensure their safety.

32


Kharagpur

Fault Attacks exploiting DRAM vulnerability

Sarani Bhattacharya and Debdeep Mukhopadhyay,

“Curious case of Rowhammer: Flipping Secret Exponent

Bits using Timing Analysis”, CHES 2016.

DRAM Architecture

Code inducing Rowhammer fault

A DRAM module and alignment of DRAM cell in rows and columns

Number of bit flips observed in all

banks of a single DIMM

Remote Fault Attacks

could compromise

ciphers over the

internet.

33


Kharagpur

Fortifying IoTs through Key-less Crypto

Side Channel Analysis is an extremely important topic!◦ It is an art and works in the real scenarios.

Side Channels make conventional cryptography challenged:◦ Overheads are huge.

◦ Counter-measures against one side channel can aid other side-channels.

Cryptographic keys are stored in memory, which could be a point of attack: Row-hammer bugs.

With more advancement in computer architecture, more vulnerabilities are introduced.

What would be the way ahead?

Debdeep Mukhopadhyay, PUFs as Promising Tools for Security

in Internet of Things. IEEE Design & Test 33(3):103-115(2016)

34


Kharagpur

Physically Unclonable Function (PUF)P

hys

ical

ly U

nlc

on

able

Fu

nct

ion

:

2013-14

•Design of Low Area-overhead Ring Oscillator PUF with Large Challenge Space [ReconFig 2013]

•Composite PUF: A New Design Paradigm for Physically Unclonable Functions on FPGA [HOST 2014]

2015

•A Case of Lightweight PUF Constructions: Cryptanalysis and Machine Learning Attacks [IEEE TCAD 2015]

•Efficient Attacks on Robust Ring Oscillator PUF with Enhanced Challenge-response Set [DATE 2015]

2016

•Security Analysis of Arbiter PUF and Its Lightweight Compositions Under Predictability Test [ACM TODAES 2016]

•Fault Tolerant Implementations of Delay-based Physically Unclonable Functions on FPGA [FDTC 2016]

Composite PUF [HOST 2014]:

• A composition of primitive PUFs

• Achieved improved modeling

resistance

PUF Overview Our

contributions

Arb

ite

r P

UF

[Lim

2

00

2, M

IT]

Silicon PUF exploiting CMOS

process in defining device-

specific (unique) random

mapping

RO

PU

F

[Su

h, 2

00

7]

Applications:1) On-the-fly private key generation (an

alternative for non-volatile key storage)

2) Hardware authentication (anti-

counterfeiting)

We aim at designing secure PUF compositions:

Challenges

• Model-building and side channel resistant reliable

PUF designs on ASICs

• ASIC designs need to be experimented with large

number of instances of the same PUF design.

• Fault Tolerance of PUF ASICs

• Test Strategies for PUFs: metrics for assessing

architectures of PUFs

Reliability and Model building

attacks are main issues.

• Same design

• Same waferChips with

unique and

(physically)

unclonable

fingerprints

35


Kharagpur

PUF in the context of IoT

35

Challenge

Response1Response2

Response3

• The responses have to be unpredictable.

• Should not be able to modeled using mathematical

analysis.

• The responses should also be unique and

independent.

• That is knowledge of one response, should not leak

information of the others!

36


Kharagpur

What is a PUF?

36

Fingerprint of Devices

The challenge-response mapping is unclonable (ideally)

and instance-specific (depends on manufacturing process

variations evident in ASICs)

n-bit Challenge(C) PUF n-bit Response (R)

A challenge-response mechanism in which the mapping

between an applied input (“challenge”) and the

corresponding observed output (“response”) is dependent

on the complex and variable nature of a physical material

37


Kharagpur

An Example with a simple SR-

Latch

Make the input in=1, y=1, y’=1.

Make the input in=0, both of the

following states are possible:

◦ y=1, y’=0

◦ y=0, y’=137

in

Source of randomness!

38


Kharagpur

From Theory to Practice FPGAs are ideal for security implementations

◦ In-house and high-performance

◦ Programmability is an added feature

◦ But careful implementation is needed.

38

module SR(in , Q, Qbar);

input in;

output Q, Qbar;

nand N1(Q, ~in, Qbar);

nand N2(Qbar, ~in, Q);

endmodule

AND

in

Q

OR

Qbar

The non-determinism and

hence the randomness is

gone!

LUT1LUT2

39


Kharagpur

Another Attempt

This design has the non-determinism as

expected!

We can also design using NAND primitives.39

module SR(in, Q, Qbar

);

input in;

output Q, Qbar;

(* KEEP = "TRUE" *) wire w1, w2;

nand N1(Q, ~in, w1);

nand N2(Qbar, ~in, w2);

assign w1 = Qbar;

assign w2 = Q;

endmodule

OR

OR

in

Q

Qbar

w1

w2

40


Kharagpur

The Silicon Space

Mismatch in driving

capabilities of the

gates

Difference in

routing delays of

the feedback path

◦ a Latch cell will give

either 0 or 1 as

output.

◦ Depends on the

(x,y) position of the

silicon area.

ICISS 2011 40

(x1,y1) (x2,y2) (x3,y3) (x4,y4)

(x6,y6) (x7,y7) (x8,y8) (x9,y9)

(x11,y11) (x12,y12) (x13,y13) (x14,y14) (x15,y15)

(x10,y10)

(x5,y5)

(x16,y16) (x17,y17) (x18,y18) (x19,y19) (x20,y20)

(x25,y25)(x24,y24)(x23,y23)(x22,y22)(x21,y21)

0 1 1 0 1

Values of Q

41


Kharagpur

World without PUF

Trusted party embeds and tests

secret keys in a secure non-

volatile memory (NVM)

EEPROM adds additional

complexity to manufacturing

Adversaries may physically

extract secret key from non-

volatile memory

Advantage PUF!!

41

World with PUF

Intrinsic properties of device is

used to generate secret key.

Key never leaves the IC’s

cryptographic boundary, nor be

stored in a non-volatile memory.

Key is deleted after usage in de-

or encryption process

42


Kharagpur

PUFs for Identification

42

Protect against ASIC substitution and counterfeits without using

cryptographic operations

AuthenticDevice A

PUF

Untrusted Supply Chain / Environments

???

Challenge Response

Is this theauthenticDevice A?

=?

PUF

Challenge Response’

Challenge Response

Database for Device A

1001010 010101

1011000 101101

0111001 000110

Record

IC rejected if Response’ does not

match the enrolled Response

43


Kharagpur

An IoT Test-Bed

RFID tag prototypes interfaced with an FPGA (like Nexys-2)

RFID reader acts as a translator from IPv6 to a tag-specific

communication interface (IPv6 makes ubiquitous computing

feasible by providing unique identifiers to all connected

objects)

Typically comprise of

sensor nodes, micro-

processors, embedded

processors, network

gateways, and finally

the cloud.

44


Kharagpur

Threats from Model Building

Attacks

44

Threats from machine learning

algorithms:

Attempt to develop a

model from the observed

Challenge-Response Pairs

(CRPs)

45


Kharagpur

Lightweight PUFs and PUF

Composition

Layers of PUF

45

INPUT

LAYER

Combiners

Challenge

OUTPUT

LAYER

Response

Side

Channel

Attacker

ML Attacker

46


Kharagpur

A Side Channel and Machine

Learning Resistant Ideal

PUF Composition.

Reference: Composite PUF: A new design paradigm for Physically

Unclonable Functions on FPGA. IEEE HOST 2014: 50-55

iPUF design proposal is selected as finalist in “CyberSEED

Hardware Challenge”, 2014 (http://www.csi.uconn.edu/cybersecurity-

week)

47


Kharagpur

Security Analysis for the

IoT Testbed

PUFs

PUFs/IC s

for ciphers

Secured Implementation

of ciphers

Mallory

leaked Information

Side Channels in the IoT

48


Kharagpur

Security and Privacy in

Context to IoT The IoT has no protection against attacks

Seamless information exchange without user intervention implies need for adequate security measures

But this ease-of-use and seamlessness should not facilitate certain classes of implementation-specific attacks:

◦ Side-channel attacks (which utilize leaked information to compromise the security of secure systems)

Design low-overhead IoT that are sufficiently robust against side-channel attacks:

◦ IoT subsystems are resource constrained!

◦ Need light-weight solutions.

Debdeep Mukhopadhyay, PUFs as Promising Tools for Security

in Internet of Things. IEEE Design & Test 33(3):103-115(2016)

49


Kharagpur

Securing IoT using PUFs

Combining PUFs with Public key Cryptography

The nodes are enabled with FPGA PUFs

We have selected Intel Edison Board ( which is widely used for IoT Applications) as a “Smart Device”.

We will connect a FPGA board with each of the Edison boards.

In the FPGA board, we will implement Physically Unclonable Functions (PUFs) which will be used to uniquely identify each of the Edison boards to the server in which they are registered.

◦ The server will send challenges wirelessly to the Edison board for authentication and using the PUF circuit deployed in the FPGA board, the Edison board will send responses to the server.

These responses will be used by the server to authenticate the smart device.

A naïve protocol for PUF based

authentication

An Experimental

Set-up for

Secured

Authentication

using PUFs

Challenges: Designing an efficient mathematical proven secured PUF based authentication

protocol with an untrusted server.

Idea: Combining Public Key Cryptography (Identity based encryption using Elliptic Curves)

with PUFs.

50


Kharagpur

A generic IoTTest-Bed using

PUFs

PUFs

PUFs/IC s

for ciphers

Secured Implementation

of ciphers

Mallory

leaked Information

Side Channels in the IoT

51


Kharagpur

Building IoTTestBeds:

A Smart Grid Test-Bed

Smart Meters

Collector/Router

Collector/Router

Collector/Router

Collector/Router

Collector/Router

Collector/Router

Power Supply

LOAD LOAD LOAD

Power Supply

Smart Meters

Smart Meters

Smart Meters

Smart Meters

Smart Meters

Smart Meters

Smart Meters

PUF based

Authentication

PUFs are the hardware root of

trust

52


Kharagpur

Conclusions

The project is expected to have several far reaching effects.

◦ Develop expertise in Security, Embedded Systems, VLSI, Architecture, Networks, ML

Bring benefits to the Indian mass:

◦ Ubiquitous, equitable, affordable access to technology

◦ Drug control, diagnosis and treatment, natural disaster control, mines, etc.

◦ Application of IoT will always be influenced by local conditions.

◦ We wish to take the first steps in this context, with security upfront.

“The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.”- Dr Mark Weisser, Father of Ubuiquitous Computing

53


Kharagpur

Thank You for your attention!!

information security education awareness (isea) seciot...

Documents