towards an architecture for trusted edge iot security …...towards an architecture for trusted edge...
TRANSCRIPT
Towards an Architecture for Trusted Edge IoT Security Gateways
Matt McCormack, Amit Vasudevan, Guyue Liu, Sebastián Echeverría, Kyle O’Meara, Grace Lewis, Vyas Sekar
IoT Insecurity is Growing
2
krebsonsecurity.com
iotsecurityfoundation.org
wired.com
washingtonpost.com
Prior Work: “Bolt-on” Security Gateways
3[Yu et al., HotNets 15], [Ko and Mickens, ANRW 18]
Advantages: practical, deployable, agile
Edge Gateway
ControllerPolicy
Control PlaneData Plane Device-specific NFs
Problem: Edge Gateways are Insecure
4
Edge Gateway
Controller1. Alter NF
3. Alter security policy
2. Bypass NF
Policy
Our Vision: Trusted “Bolt-on” Security
5
Edge Gateway
Controller Policy
1. Cannot alter NFs
2. Cannot alter paths
3. Cannot alter policy
Requirements Contributions
6
Holistic Coverage–Data plane–Control plane
Aligns with “Bolt-on” Security Gateways
–General– Legacy compatible–Performant
Key security properties of a trusted gateway
Trusted gateway architecture built on a micro-hypervisor
Foundational Security Properties
7
Software Integrity
Secure Data Channel
Secure Control Channel
Data Isolation & Mediation
Background: Extensible Micro-Hypervisor
8
micro-hypervisor
Hardware
OS
Extension
App 1 App n…
General
Legacy compatible
Performant
[Vasudevan et al., IEEE SP 13, USENIX Security 16, IEEE EuroSP 18]
Security Foundation
Edge Gateway
Controller1. Alter NF
Trusted Data Plane Approach
9
Edge Gateway
micro-hypervisorvTPM
1. Detect altered NFs: Periodically attest
Edge Gateway
Controller
2. Bypass NFs
Trusted Data Plane Approach
10
Edge Gateway
micro-hypervisorPacket Signing
2. Enforce path: per-hop
authentication
Promising Preliminary Results
11
Data plane: Packet Signing Extension–OVS & Docker: +13% latency
Control plane: Policy Extension–Custom controller: +17% latency
Prototype on Raspberry Pi 3–Micro-hypervisor: uberXMHF
(https://uberxmhf.org)
Conclusions
12
• Edge gateways offer hope for IoT security–Currently these gateways lack trust
• Vision for trusting edge IoT security gateways–Defined a holistic adversary model to derive our
foundational trust properties–High-level architecture for trusted data and
control plane built on top of a micro-hypervisor
• Thank you! – Contact: [email protected]