iot security & usabilitydottorato.di.uniba.it/userfiles/downloads/seminari/... · •...
TRANSCRIPT
Bari, 15/05/2018
IoT Security & Usability
Domenico Rotondi – FINCONS SpA([email protected])
The Seminars on “Information Technology Outlook”
PhD Programme in Computer Science and Mathematics
Dipartimento di Informatica
Università degli Studi di Bari
2Bari, 15/05/2018
• FINCONS Group
• H2020 Fiesta-IoT Project & FINCONS activities
• Internet of Things
• Servitization
• IoT & our lives
• IoT: Main Issues
• IoT: Usability
• Event Driven Architecture (EDA) & Serverless computing
• Edge / Fog Computing
• IoT: Security & Privacy Threats
• Trust Management
• Identity Management
• Access Control
• Privacy
• Data Protection
• Quantum Computing Threat
Summary
Reliable as a large company, agile as a small enterprise
Shareholders design the strategy of the Group and are directly involved in market
development and management activities, ensuring:
care for new business opportunities
close focus on both clients’ and partners’ needs
agile decision-making
long-term perspective
Close to our customers since more than 30 years
Fincons Group Offices
Fincons Group Highlights
FINCONS GROUP is a reliable partner to design, implement and manage theInformation Technology to enable business competitive advantage and aresponsive organization.
We are a Group of more than1300 professionals
A significant growthmantained over the years
Fincons Group value proposition
Our extended offering of professional services allows us to support clients along all
different stages of complex innovation programs.
On
Sit
eSm
art
-sh
ore
IT Services
Management Consulting
Program and Change Management
Business and Process Consulting
Application Management
Sys
tem
In
teg
rati
on
Sys
tem
B
uild
ing
Pro
pri
eta
rySo
luti
on
s
Design and development of custom core business solutions
System Integrationof leading market products
ICT Innovation
International Research&InnovationInitiatives
• Feasibility Study and cost/benefit evaluation
• Process analysis and optimization
• IT strategy & Transformation
Delivery Center
BUSINESS UNITS
DIGITAL, WEB & MOBILE
BI, ANALITYCS & BIG DATA
TE
CH
NO
LO
GIE
S
CRM
ERP
Organization
BUSINESS UNITS with industry know-how on different markets with strong and consolidated competencies
BUSINESS UNITS with industry know-how on different markets with strong and consolidated competencies
BUSINESS CONSULTING
Strong Business know-how and a tailored system integration approach, supported by a Smart-shore service model delivery,
make Fincons Group Offering competitive and innovative.
Fincons Group Pillars
Business Consultingand process Knowledge
Industry Know how Solutions tailoring for different industries
System IntegrationBest of breed Solutions
Smart-shore IT Service
Fincons Group Delivery Center
To support internationalization strategy in 2013 the Group established the IBD - International Business Development & Innovation, a dedicated department aiming to export distinctive competencies in EMEA, leveraging on the group assets and research.
International Business Development and Innovation Lab
Innovation must be considered as a real process that has to be nourished.The Innovation Lab leverages the potential of new technologies to translate them into a competitive offering of effective and valuable solutions.
Leveraging international research
Collaboration with Universities and
Research centers:
• Research Centers: IRT (DE),
Fraunhofer (DE), Tecnalia (ES), Forth
(GR), …
• European network of universities:
Surrey, Lancaster, Plymouth, Berlin,
Madrid, Paris Polytechnic, EPFL
Lausanne, NTUA Athens, Milan and
Bari Polytechnic
R&I International Funds:
• European Funds: Horizon 2020, Framework
Programme 7
• Swiss Funds: SERI, CTI
• UK Government Funds: Innovate UK
• Italian Funds: National (MIUR), Regional
(CdP Puglia, Sanità Lombardia)
DEMO POINT IN MILAN
Recent blue chips
Bari Polytechnic – Fincons Group Research Lab
Fincons approach to R&D: an opportunity to share with clients
Funded R&D Projects and collaboration with research centers and universities
Bring Innovation to our Business Units
Exploit Innovation towards clients
Eng
age
into
rese
arc
h
BROADBAND-BROADCAST CONVERGENCY, CREATIVE INDUSTRY
Innovative R&D Projects in this area:
• FP7 FI-Content: demonstrating interactiveAD effectiveness on HbbTV, through 2nd
screen applications.
• H2020 MPAT: innovative tools to support theeditorial team to create compelling multi-screen experiences and HbbTV applications.
• H2020 PRODUCER: enhancing pre- andpost-production video content enrichment toenable interactivity and personalisation.
• H2020 ABC-DJ: musical branding solutionsfor the retail sector, in the creative industry.
• H2020 CONTENT4ALL: Smart TV contentcreation and services for the Deafcommunity
SMART MANUFACTURING & LOGISTICS
Innovative R&D Projects in this area:
• FP7 FI-Space: collaborative transportplanning and monitoring in manufacturing.
• H2020 PSYMBIOSYS: collaboration tools forProduct-Service symbiosys in themanufacturing industry.
• H2020 BEinCPPS: IoT, CPS and Industry4.0applications applied to tractors manufacturing.
• Italian R&D - FINCONS SmartManufacturing Platform: IoT-based tools tosupport Smart Manufacturing processes:preventive & predictive maintenance, AR/VRsupport, green manufacturing .
• Italian R&D- H2020 SMART4CPPS: IoT-based tools applied to luxury textilesmanufacturing.
Fincons is investing in IoT technologies and their application to the Smart Manufacturing
revolution, also known as Industry 4.0.
IoT for SMART CITIES & DIGITAL PA
Innovative R&D Projects in this area:
• Regional - Energy Router: IoT for IntelligentEnergy Efficiency, applied to micro- nano- grids inSmart Cities.
• FP7 RADICAL and H2020 SymbIoTe: IoTsolutions and social networks for monitoringsound pollution in Smart Cities.
• H2020 Fiesta-IoT: cyber-security applied to IoTdatasets in Smart Cities and SmartAdministration contexts (air pollution, agriculture,etc..).
• H2020 TagItSmart: brand protection and productintegrity guarantee via smart tags in conjunctionwith blockchain and Augmented Reality.
• H2020 CITADEL: citizens involvement in the co-creation of PA digital services
• Italian R&D ECOLOOP: intelligent use of publicwater in agriculture thanks to IoT
3Bari, 15/05/2018
H2020 Fiesta-IoT Project
4Bari, 15/05/2018
• Fiesta-IoT (Federated Interoperable Semantic IoT/cloud Testbeds and Applications) an on-lineplatform that: enables IoT testbed operators to interconnect their facilities in an
interoperable way
allows IoT solution providers to test their applications by accessing intransparent way to a multitude of sensor data through an “Experiment as aService” layer
that adapts and federates existing IoT platforms
• H2020 RIA project
• Budget: 5.485 K€
• Started: February 2015
• End: January 2018
• Website: http://fiesta-iot.eu/
Fiesta-IoT
5Bari, 15/05/2018
• FINCONS has used the FIESTA-IoT platform for its SPY-IoT (Securityand Privacy for IoT infrastructures) experimentation: use FINCONS solution based on new CP-ABE encryption techniques to
provide end-to-end data protection in IoT environments, in compliance withthe new privacy regulation.
Fiesta-IoT & FINCONS
6Bari, 15/05/2018
• SPY-IoT provides end-to-end data protection, especially forprivacy-related data based on new CP-ABE techniques where:
1. explicit policies are used to control access to the protected information
2. subjects have their own personal key
3. personal keys are generated based on subject’s attributes and
4. the decryption process succeeds only if those subject’s attributes meet the accesspolicy
SPY-IoT complies with the GDPR supporting: privacy-by-design end-to-end protection of personal data (from cradle to grave) Encryption features applied to data protection in IoT contexts, relevant due to the
sensitivity of data (e.g. health data, house information, infrastructures’ data) efficiency of AES symmetric cryptography combined with flexibility and fine
granularity of attribute-based cryptography, not optimal for resource constrained devices
SPY-IoT
7Bari, 15/05/2018
Encrypted Dataset
Subscribed User
Secure SymmetricKey Setup
+CP-ABE Protected
Symmetric Key
Symmetric Encryption
ISL Client Library
Get AccessTicket
Policy DefinitionUsers’
Configuration
Dataset in clear
Demo application
Access Token Service (ATS)
Policy Storage Service(PSS)
RetrieveRetrieve
Symmetric Decryption
Get AccessPolicy
Policy Evaluation
StorePolicyUser Service (US)
ManageUsers
Admin
ABE ProxyService
Data Receiver
SpyIoTAdmin
Tool
ABE Key Generation Service
(KGS)
Get UserProfile
Decrypt
Encrypt
EEE
IoTRegistry
Get ConfidentialData
SPY-IoT Architecture
8Bari, 15/05/2018
Internet of Things
9Bari, 15/05/2018
• Not a unique and clear definition:– IoT (Internet of Things): ITU-T, IEEE, IETF, IERC, …
– CPS (Cyber Physical System): US NIST
– WoT (Web of Things): W3C
– IoE (Internet of Everythings): CISCO
• ITU-T SG 13 IoT definition(1): – “A global infrastructure for the information society, enabling advanced services by
interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies”
• NIST CPS definition(2): – “… integrate computation, communication, sensing, and actuation with physical
systems to fulfill time-sensitive functions with varying degrees of interaction with the environment, including human interaction”
IoT
1) ITU, SERIES Y, 20052) US NIST, “Framework for Cyber-Physical Systems – Release 1.0”, May 2016
10Bari, 15/05/2018
• IoT macro-categories ≥ 2(1):
– Industrial IoT (IIoT) – key characteristics:• Smart systems/CPSs• Reliability, security/safety, distributed logic• Integrability/Interoperability (servitization), unmanned operation• Focused on product or service
• …
– Consumer IoT (CIoT) – key characteristics:• Usability (easy of use)• Based on widely used platforms (e.g., Twitter, Facebook, …) or
devices (e.g., smart phone)• Focus on the user
• …
IoT Categories
1) http://radar.oreilly.com/2014/02/the-industrial-iot-isnt-the-same-as-the-consumer-iot.html
11Bari, 15/05/2018
• What is it(1):• “The Industrial Internet is an internet of things, machines, computers and
people, enabling intelligent industrial operations using advanced data Analytics for transformational business outcomes”
• “the convergence of the global industrial ecosystem, advanced computing and manufacturing, pervasive sensing and ubiquitous network connectivity”
• "The force behind the Industrial Internet is the integration of InformationTechnologies (IT) and Operational Technologies (OT)"
Industrial IoT – What is it!
1) IIC, “The Industrial Internet of Things - Volume G1: Reference Architecture – Version 1.8” (January 2017)
Industrial IoT
Industrie 4.0 (German R&D program)
Industrial Internet(General Electric)
12Bari, 15/05/2018
Commissioning: device initialization & testing
Provisioning: device enrollment and configuration (e.g., system configuration)
Operation: device usage in a given operational context
Recovery: out of expected operation
De-Commissioning: moved out of an operational context or device’s End of Life
Each life-cycle phase has its own actors which have:
specific skills
specific objectives
IoT Life-Cycle
13Bari, 15/05/2018
IoT Solutions landscape
14Bari, 15/05/2018
Servitization
15Bari, 15/05/2018
What is servitization(1)?
• Servitization is the concept of manufacturers offering services tightly coupled to their products
• It’s about moving from a transactional (just sell a product) to a relationshipbased business model (delivering a capability) featuring long-term, incentivized, ‘pay-as-you-go’ contracts
What is servitization(2)?
• Servitization is the innovation of organisation’s capabilities and processes to better create mutual value through a shift from selling product to selling Product-Service Systems
• A Servitized Organisation designs, builds and delivers an integrated product and service offering that delivers value in use
Servitization
1) Aston Business School, “Servitization impact study: How UK based manufacturing organisations are transforming themselves to compete through advanced services”, Aston University (2013)
2) Andy Neely & al, “The Servitization of Manufacturing: Further evidence”, University of Cambridge (2011)
16Bari, 15/05/2018
Servitization:
• Product + Service
• Product → Service
Examples:
• Rolls-Royce offering TotalCare on gas turbines for their airline customers based on a ‘fixed dollar per flying hour’
• Xerox delivering ‘pay-per-click’ scanning, copying and printing of documents
• New Business Models (e.g., Uber, Airbnb)
• New Production Models (e.g., OpenDesk - https://www.opendesk.cc/)
Examples
17Bari, 15/05/2018
P-S: the SMILE challenge
19Bari, 15/05/2018
Shifting mindsets: • of marketing: from transactional to relational • of sales: from selling multi-million dollar products to selling service
contracts and capability • of customers: from wanting to own the product to being happy with the
service
Business Model & Customer offer:• Understanding what value means to customers and consumers (not
producers and suppliers) • Developing capability to design and deliver services rather than products • Developing a service culture
Timescale:• Managing and delivering multi-year partnerships • Managing and controlling long term risk and exposure • Modelling and understanding the cost and profitability implication of long-
term partnerships
The challenges of servitization
20Bari, 15/05/2018
IoT & our lives
21Bari, 15/05/2018
IoT Pervasiveness:
• IoT is becoming a standard presence in all contexts of our lives
• IoT is becoming the main road to pervasive computing / ambient intelligence
Smartness:
• In the past used to improve the capacity/ability of devices/appliances
• Today with a servitization approach
consciousness:
• Hard for all of us to be conscious of what smart devices are collecting
• Difficult to remember active smart devices and their activities
IoT & our lives
22Bari, 15/05/2018
The pervasiveness of IoT in every contextsrequires a deep revision of the usability, securityand privacy technologies and approaches
IoT Key Aspects
23Bari, 15/05/2018
IoT: Main Issues
24Bari, 15/05/2018
IoT systems are complex distributed computing systems
Scalability– Identity Management, Trust Management, Access Control, …
Usability & manageability– Human System Interaction, Safety, System management, …
– Usable security
Distributed Reasoning– Internet of Things (Semantic) Web of Things
– Edge/Fog Computing
design & development paradigm shift– SOA EDA
– Synchronous programming Reactive programming
IoT Key Aspects
25Bari, 15/05/2018
• Potentially unbounded number of interacting subjects (things, applications, humans)
• Users/usage: Non-ICT skilled users
Everyday life
• Interaction patterns: Traditional patterns: planned and long-lived
IoT world: short-lived, often casual and/or spontaneous
• Context relevance: Actions/requests/data/… analysis can depend from a set of other data sources
(i.e. requestor/provider context)
• Resource constraints
• …
Scalability: IoT Impacts
26Bari, 15/05/2018
IoT: Usability
27Bari, 15/05/2018
Usability(1):
• “The extent to which a product can be used by specified users to achieve goals with effectiveness, effciency, and satisfaction in a specific context of use”
Usable Security(2):
• “delivering the required levels of security and also user effectiveness, efficiency, and satisfaction”
Stop Trying to Fix the User(3):
• “We must stop trying to fix the user to achieve security. We’ll never get there, and research toward those goals just obscures the real problems. Usable security doesn’t mean “getting people to do what we want.” It means creating security that works, given (or despite) what people do”
IoT & Usability
1) ISO 9241-210: Ergonomics of Human-System Interaction - Part 210: Human-Centered Design for Interactive Systems, 20102) Deanna D. Caputo & al, “Barriers to Usable Security? Three Organizational Case Studies”, in IEEE Security & Privacy, vol. 14, no. 5, 20163) B. Schneier, "Stop Trying to Fix the User," in IEEE Security & Privacy, vol. 14, no. 5, Sept.-Oct. 2016
28Bari, 15/05/2018
• The Problem: Bob has to go on holidays
his house needs some housekeeping while Bob is away
his neighbour Dave offered to takes care of Bob’s house housekeeping
how does Bob currently proceed?
Use-case Example
29Bari, 15/05/2018
Computer Scientist’s approach 1:1. Bob creates Dave’s account
2. Bob grants Housekeeping Role to Dave’s account
3. Bob sends (securely) credentials to Dave
4. Dave can finally perform the housekeeping activities
Computer Scientist’s approach (1)
Bob’s House
Dave
Bob 3
4
Dave’s credentials
Bob’s Administrative Domain
Bob’s AAA Service
12
Housekeeping
30Bari, 15/05/2018
Computer Scientist’s approach 2:1. Bob & Dave set up a trust relationship between their administrative domains
2. Dave identifies which role in his Administrative Domain has to do Housekeeping
3. Bob grants Housekeeping Role to Dave’s AD identified role
4. Dave can finally perform the housekeeping activities
Computer Scientist’s approach (2)
Bob’s House
Dave
Bob
3
4
Bob’s Administrative Domain
Bob’s AAA Service 1
2
Housekeeping
Dave’s Administrative Domain
Dave’s AAA Service
31Bari, 15/05/2018
• End User usual approach:1. Bob gives his house’s keys to Bob
2. Dave can finally perform the housekeeping activities
End User usual approach
Bob’s House
DaveBob
1
2
Bob’s house keys hand over
32Bari, 15/05/2018
Pros: Dave cannot use Bob’s token for non-envisaged/non-authorized activities
Dave cannot pass the token to someone else, nor can use it outside the validity period
Easy to understand and easy to use approach (no rules to manage, fire&forget, …)
IT user-friendly approach:1. Bob creates an Housekeeping Token that states what Dave can perform (e.g.
monitoring and configuring Bob’s garden watering system) and for how long
2. Bob sends the token to Dave
3. Dave can finally perform the housekeeping activities
IT user-friendly approach
Bob’s Smart House
1
2
BobDave
Bob’s House Access Token Grant
33Bari, 15/05/2018
Event Driven Architecture (EDA)
&
Serverless computing
36Bari, 15/05/2018
Push model in place of the traditional Pull model
Asynchronous, fire-and-forget, communication patterns
Horizontal integration
Publish/Subscribe Model
EDA Interaction Patterns
37Bari, 15/05/2018
EDA is promoting:
Reactive Programming(1) (2):– programming paradigm oriented around data flows and the propagation of
change
– different from traditional responsive systems that react only to explicit service requests (like in SOA systems)
Event Processing (EP) / Complex Event Processing (CEP)(3):– events are analysed to identify specific patterns and trigger reactions by one of
more components of the system
– patterns are defined in terms of timing, correlations, values’ trends, or other, even computed, characteristics
– EP/CEP computing performs operations on events using specific software platforms called CEP engines
EDA: Related Technologies (1)
1) J. Lang, J. Janik, “Reactive Distributed System Modeling Supported by Complex Event Processing”, Engineering of Computer Based Systems (ECBS-EERC), 2013
2) https://en.wikipedia.org/wiki/Reactive_programming3) O. Etzion, P. Niblett, “Event Processing in Action”, Manning Publications, 2010
38Bari, 15/05/2018
Based on Event Processing Networks (EPNs):
Event Producers: originate the data (e.g., DBMSs, IoT devices, …)
Event Consumers: consume “actions” generated by the EPN
Event Channels (ECs):– Move Event (Producers/EPAs Event Consumers/EPAs)
Event Processing Agents (EPAs):– detect patterns in raw events
– enrich/transform/validate events
– derive new events
– 3 possible states:
• Pattern matching
• Processing
• Emission
Complex Event Processing
39Bari, 15/05/2018
Serverless computing(1):– “Serverless computing is a cloud computing execution model in which the
cloud provider dynamically manages the allocation of machine resources”
– Not necessarily confined to the cloud environment
Serverless Frameworks:
– Amazon AWS Lambda (https://aws.amazon.com/lambda/)
– Google Cloud Functions (https://cloud.google.com/serverless/)
– Microsoft Azure Functions (https://azure.microsoft.com/en-us/services/functions/)
– IBM/Apache OpenWisk (https://openwhisk.apache.org/)
– Platform agnostic serverless framework (https://serverless.com/)
EDA: Related Technologies (2)
1) https://en.wikipedia.org/wiki/Serverless_computing
40Bari, 15/05/2018
Edge / Fog Computing
41Bari, 15/05/2018
Edge Computing(1):– “method of optimising cloud computing systems by performing data
processing at the edge of the network, near the source of the data”
Edge Computing
1) https://en.wikipedia.org/wiki/Edge_computing
Edge approaches:– LTE: Long-Term Evolution
– CDN: content delivery network
– u(v)CPE: universal (virtualized) customer-premises equipment
– NERG: network-enhanced residential gateway
– CORD: Central Office Re-architected as a Datacenter
42Bari, 15/05/2018
EdgeX Foundry:
– Linux Foundation Project
– “vendor-neutral open source project building a common open framework for IoT edge computing”
– https://www.edgexfoundry.org/
ParaDrop:
– “replaces today's Wi-Fi router with an intelligent platform capable of handling the fast-paced, complex, and evolving Internet of tomorrow”
– University of Wisconsin-Madison
– https://paradrop.org/
Edge Computing
43Bari, 15/05/2018
Fog Computing(1):– “is an architecture that uses one or more collaborative end-user clients
or near-user edge devices to carry out a substantial amount of storage …, communication …, control, configuration, measurement and management”
– Promoted by CISCO
OpenFog Consortium(2):– “centered around creating a framework for efficient & reliable networks
and intelligent endpoints combined with identifiable, secure, and privacy-friendly information flows between clouds, endpoints and services based on open standard technologies”
– “OpenFog Reference Architecture” (February 2017)
Fog Computing
1) https://en.wikipedia.org/wiki/Fog_computing2) https://www.openfogconsortium.org/
44Bari, 15/05/2018
Fog Computing
45Bari, 15/05/2018
IoT:
Security & Privacy
Threats
46Bari, 15/05/2018
Data capture:
• Data is the New Oil of the Digital Economy:
• U.S. data brokerage market: $202 billion revenues in 2014 (Direct Marketing Association)
• Surveillance fuels the Internet
Security:
• Security is not a market relevant features
• Almost all of us does not take into account security for consumer goods
• Companies therefore save money on security
• “26% of Companies Ignore Security Bugs Because They Don’t Have the Time to Fix Them” (RSA survey)
Ownership:• In the digital economy we no longer own our devices and data
• Internet companies “freely” sell personal data• Digital barons & the new Digital Serfdom
IoT & Digital Economy
47Bari, 15/05/2018
Standard Privacy Policy:
• the manufacturer reserves the right to …
Personal Data:
• roughly 50% of U.S. adults in the FBI's facial recognition database are unaware of being in this DB (Guardian estimate)
• Equifax last data breach: 143 million US customers (roughly 44% of the US population)
• iRobot sells house maps acquired via Roomba devices
• Standard Innovations’ We-Vibe (an internet-connected vibrator) logged lots of personal data (date, device’s temperature, session’s time and duration)
• …
Data collection examples
48Bari, 15/05/2018
• Vulnerabilities Identified in Abbott's Implantable Cardiac Pacemakers (https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm)
• Hackers could exploit solar power equipment (https://www.theregister.co.uk/2017/08/07/solar_power_flaw/)
• Mirai attack: IP cameras and home routers (620 gb/sec)
• DNA to exploit computers (https://thehackernews.com/2017/08/hacking-computer-with-
dna.html)
• …
Security breaches examples
49Bari, 15/05/2018
Commissioning: device initialization & testing
Provisioning: device enrollment and configuration (e.g., system configuration)
Operation: device usage in a given operational context
Recovery: out of expected operation
De-Commissioning: moved out of an operational context or device’s End of Life
IoT Life-Cycle
50Bari, 15/05/2018
Commissioning: initialization of security tamper resistant components, loading of manufacturer related data, …
Provisioning: system configuration and enrollment performed by authorized subjects, loaded configuration data or enrollment context are integral and authentic
Operation: system accessed in a proper way, privacy/confidentiality, integrity & originality of SW updates
Recovery: recovery/self-healing features
De-Commissioning: remove Personally Identifiable Information (PII) or confidential Information
IoT Life-Cycle Security Issues
51Bari, 15/05/2018
Security:
Trust Management
52Bari, 15/05/2018
Trust?
– particular level of the subjective probability with which an agent assesses that another agent will perform a particular action
Solutions that:
– face the IoT scalability challenge
– are easy to deploy
– Work on open, dynamic contexts
– can be deployed on simple devices (e.g.: reduce the amount of supporting data, communications, etc.)
– are secure
– …
Trust & IoT: Requirements
53Bari, 15/05/2018
Basic Security solutions:
PUF (Physical Unclonable Function): a physical characteristics of an IC/device easy to evaluate but hard to predict / impossible to duplicate
Trusted Computing: specific secure HW features (e.g., TPM, Intel SGX, AMD "Secure Memory Encryption“, ARM TrustZone)
Distributed Ledger (Blockchain):
an agreed, replicated, shared, and synchronized digital data spread across multiple entities
unchangable, digitally recorded data
Can support the sharing of critical information
Trust: Some Approaches
54Bari, 15/05/2018
Main Characteristics:
– Peer-to-Peer Network: used to share the managed data
– Consensus Algorithm: a mechanism to agree on trusting DLT data
– Chained Blocks: shared data are arranged in linked blocks to assure data unchangeability
Trust: Distributed Ledger
55Bari, 15/05/2018
Types of nodes:
– Full node: standard nodes that process transactions passively (can read from the blockchain, but cannot write on it)
– Mining node: nodes that process transactions actively (can read from and write into the blockchain)
Distributed Ledger Technologies (1)
Figure from “Building Ethereum ĐApps”
56Bari, 15/05/2018
Programmable blockchain:
– Smart Contract: “A smart contract is a set of promises, specified in digital form, including protocols within which the parties perform on these promises”
– Decentralized Organization (DO): contains assets and different classes of subjects, but is not controlled by anyone. Interactions are based on predefined protocols
– Decentralized Autonomous Organization (DAO): like an autonomous agent, is a software entity that interacts autonomously with external software services. Individuals involved with the DAO interact, like in DOs, through predefined protocols
Distributed Ledger Technologies (2)
57Bari, 15/05/2018
Security:
Identity Management
58Bari, 15/05/2018
IdM?
– Methodologies & technologies to identify subjects and resources
– Mechanisms to authenticate subjects
Solutions that:
– face the IoT scalability challenge
– are easy to deploy
– Work on open, dynamic contexts
– can be deployed on simple devices (e.g.: reduce the amount of supporting data, communications, etc.)
– are secure
– …
IdM & IoT: Requirements
59Bari, 15/05/2018
IBE:– public cryptographic scheme
– the public key of an entity is any unique entity’s information (e.g., the entity name, the device’s EPC Global OIDs, entity’s IPV4/IPV6 address, E.164 ID, etc.)
– an IBE solution makes it possible for a sender entity to simply encrypt a message for a recipient using its “identity” without any need to contact a central server or to store certificates
Identity Based encryption (IBE)
60Bari, 15/05/2018
Security:
Access Control
61Bari, 15/05/2018
Access Control solutions that:
– face the IoT scalability challenge
– are easy to use, easy to understand and easy to manage
– can be deployed on simple devices (e.g.: reduce the amount of supporting data, communications, etc.)
– are secure
– support advanced features (e.g.: access rights delegation, auditability, …)
– are flexible
– …
Access Control for IoT: Requirements
62Bari, 15/05/2018
• Traditional Access Control models:
RBAC (Role Based Access Control) – we have to manage:
• Identities
• Roles
• Identities Roles assignment
• Trust of Identity Providers (IdP) and/or Service Providers (SP)
ABAC (Attributes Based Access Control) – we have to manage:
• Attribute names
• Attribute meanings
• Identities
• Trust of IdPs, SPs, Attributes Providers (APs)
• Issues: Usability (in particular in end-user’ centered scenarios)
Do not scale
Require significant Management effort
Identity/Right delegation is complex
Security issues, auditability
Current Approaches & Related Issues
Scalability is a key issue in IoT contexts (explosion of resources/subjects)
Management a nightmare in IoT contexts (explosion of resources/operations)
IoT can require complex and efficient delegation chains (many more services to orchestrate/integrate)
63Bari, 15/05/2018
• Decouple Authorization from Authentication
• Access tied to having a Token:
Capability URLs(1) (e.g., Google doc URL)
Google Macaroons(2)
OAuth2.0(3)
Claims-based / Proof-carrying Approaches
1) https://www.w3.org/TR/capability-urls/2) http://macaroons.io/3) RFC6749
64Bari, 15/05/2018
• Capability based security: what is it?– is a security model in which “… a capability (known in some systems as a key) is a
communicable, unforgeable token of authority. It refers to a value that references an object
along with an associated set of access rights”
• Not a new concept:– Levy “Capability-Based Computer Systems” (1984) – Tanenbaum “Using Sparse Capabilities in a Distributed Operating System” (1986)– “RFC2693 - SPKI Certificate Theory” (1999)– Miller “Capability Myths Demolished” (2003)– Karp “Solving the Transitive Access Problem for the Services Oriented Architecture” (2010)– …
Capability Based Security
65Bari, 15/05/2018
Privacy
66Bari, 15/05/2018
The issue:
– IoT captures lots of confidential/personal data
– Data owner concerns/constraints
– Law constraints (e.g., EU GDPR)
Solutions that:
– Manage the full data life-cycle (from cradle to grave)
– can be deployed on simple devices (e.g., low processing / communication resources)
– are secure
– provides clear and machine readable privacy policies (e.g. Creative
Commons)
– …
The problem
67Bari, 15/05/2018
• EU GDPR:– It’s a Regulation not a Directive
– global data protection law:
• extends beyond companies that operate only in the EU
• any organization that targets consumers in the EU (i.e., processes EU citizens personal data)
• EU GDPR requirements:– End-2-End Data Protection (from the cradle to the grave)
– Proper technical & organizational measures (e.g., DPIA - Data Protection Impact Assessments)
– Accountability of personal data protection measures
– Explicit & clear consent (how to manage this for IoT?)
– Privacy-by-Design
– Privacy-by-Default– …
Personal Data
68Bari, 15/05/2018
• End-2-End Data Protection:– Some approach in the following
• Explicit & clear consent:– Clear: what does it mean?
– The Privacy Policy is a “contract” how can it be: Clear
Legally binding
• A possible model:– Creative Commons approach
EU GDPR
69Bari, 15/05/2018
• Each CC license is structured in 3 layers:
– legal code layer: uses the legal language and format
– human readable layer: provides the license in an end-user understandable wording
– machine readable layer: provides the freedoms and constraints in a machine processable format (CC Rights Expression Language)
• Blockchain & legally binding contracts:
– combine defining elements of the legal agreement in a format that can both be used by organizations/users, and executed in software (smart contract)
– Kantara promoted user consent management
– Ricardian Contracts
Creative Commons approach
1) C. D. Clack & al., “Smart Contract Templates: foundations, design landscape and research directions”, CoRR abs/1608.00771 (2016)2) C. D. Clack & al., “Smart Contract Templates: essential requirements and design options”, CoRR abs/1612.04496 (2016)3) Kantara Initiative, “Consent Receipt Specification, Version: 1.1.0 DRAFT 8”, 2018
70Bari, 15/05/2018
• Currently explored to formalize and automate usual contracts
• A Ricardian Contract paradigm securely integrates:
– the parameters: are elements specific to a particular contract (e.g., contract date, actors, prices)
– the code: executable of pseudo-executable
– the legal prose: constitutes the main legal enforceability element
• commonaccord initiative (http://www.commonaccord.org/) plans to be able to automate the support of legally enforceable contracts along their whole lifecycle
Ricardian Contract
71Bari, 15/05/2018
Security:
Data Protection
72Bari, 15/05/2018
Why?
– IoT captures lots of confidential/personal data
– Law constraints (e.g., EU GDPR – General Data Protection Regulation)
Solutions that:
– Manage the full data life-cycle (from cradle to grave)
– can be deployed on simple devices (e.g., low processing / communication resources)
– are secure
– …
Data Protection & IoT
73Bari, 15/05/2018
Most common approaches:
– TLS/SSL: data protected while in transit
– Data Encryption:
• Symmetric Encryption:
– key sharing, key distribution
• Asymmetric Encryption:
– PKI
– One-to-one
Data Protection & IoT
74Bari, 15/05/2018
ABE scheme:– public cryptographic scheme
– Information encrypted so that decryption can be performed using many, different decryption keys
– the decryption keys can be generated on the basis of a set of public elements and a varying set of subject’s attributes (e.g., user’s profile)
– The encryption process performed based on a public key + varying attributes
2 types of ABE schemes:
– Ciphertext Policy Attribute Based Encryption (CP-ABE): data encrypted on the basis of an access control policy (authorized users must have a suitable profile)
– Key-Policy Attribute-Based Encryption (KP-ABE): reversed approach (ciphertextassociated to attributes, users’ keys associated with policies)
Attribute Based Encryption (ABE)
75Bari, 15/05/2018
Key Generation Service
(KGS)
Data Owner/
Policy Manager
CP-ABE Encryption
Original data
Policy Encrypted
Data
KGS Public Key
Access Policy
The policy «drives» the encryption process
The KGS Public Key is used with the policy
CP-ABE Encryption Process
76Bari, 15/05/2018
Key Generation Service
(KGS)
CP-ABE Decryption
Original dataPolicy
Encrypted Data
Personal Key
Data User
Each user has a Personal Key
The Personal Key depends on the User’s Profile
The decryption process succeeds if the Personal Key meets the Access Policy
CP-ABE Decryption Process
77Bari, 15/05/2018
is a publish/subscribe, AMQP/MQTT based system implementing a securepub/sub event exchange based on CP-ABE & AES cryptographic techniques
SeDEM objective is to support privacy or confidentiality in events processing, forexample to comply with EU GDPR when collecting data from sensors as the videois showing
SeDEM: what is it?
78Bari, 15/05/2018
ABE Proxy Service
Key Generation Service(KGS)
Data Owner
KGS Public Key
CP-ABE Encryption
EphemeralKey
EphemeralKey
Access Policy Access Policy
Personal Key
CP-ABE EncryptedEphemeral Key
message
Symmetric Encryption
Encrypted Keys DB
Symmetric Decryption
message
Data ConsumerData Source
CP-ABE Decryptio
n
Message Broker
SeDEM Architecture & Interactions
79Bari, 15/05/2018
SeDEM Browser
80Bari, 15/05/2018
Advantages:
• flexibility & granularity of CP-ABE
• effficiency & speed of AES
• AES ephemeral keys automatic renewal (Forward Secrecy)
SeDEM Advantages
81Bari, 15/05/2018
the combination of CP-ABE & AES encryptiontechniques substantially:
328 358,8 394,3 445,7 531,5 547,9 563,2 616,3746,5
857,7
50,1 55,2 59,7 76,3 86,3 90,2 93,6 98,7 116,5 125,9
1105,3
1679,7
2322,7
2863,4
3557,1
4086,8
4690,3
5261,5
5954,8
6524,7
0
1000
2000
3000
4000
5000
6000
7000
1 2 3 4 5 6 7 8 9 1 0
TIM
E (M
ILLI
SEC
ON
DS)
NUMBER OF ATTRIBUTES
CP-ABE/AES(KR=1 msg)
CP-ABE/AES(KR=8 msg)
CP-ABE
• improves performances
• reduces resource usage
SeDEM performance figures
82Bari, 15/05/2018
Security:
Quantum Computing Threat
83Bari, 15/05/2018
What is Quantum Computing(1)?
• Quantum computing studies computation systems (quantum computers) that make direct use of quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data
Why Quantum Computing will affect security(2)?
• Current public-key crypto-systems based essentially of factorization
• In 1994, Peter Shor (Bell Labs) showed quantum computers can efficiently solve each of these problems
• Post-Quantum Crypto initiatives
Quantum Computing
1) https://en.wikipedia.org/wiki/Quantum_computing2) US NIST, "ISTIR 8105 - Report on Post-Quantum Cryptography " (http://dx.doi.org/10.6028/NIST.IR.8105) (April 2016)
�������� ∗ ������� = ���������������
√ Easy������������������� = ? ? ? ? ? ? ? ∗ ? ? ? ? ? ? ? ?
X Hard
