Secure Internet of Things Project

Transcription

Secure Internet of
Things Project
Philip Levis, Stanford
Computer Forum Internet of Things Workshop
April 14, 2016
Stanford University
1
The Internet of Things (IoT)
Secure Internet of Things Project (SITP)
2
A Security Disaster
•
HP conducted a security
analysis of IoT devices1
▶
▶
▶
▶
▶
80% had privacy concerns
80% had poor passwords
70% lacked encryption
60% had vulnerabilities in UI
60% had insecure updates
1http://fortifyprotect.com/HP_IoT_Research_Study.pdf
3
Securing the Internet of Things
• Secure Internet of Things Project
▶
▶
▶
5 year project (just started second year)
12 faculty collaborators
3 universities: Stanford, Berkeley, and Michigan
• Rethink IoT systems, software, and applications
from the ground up
• Make a secure IoT application as easy as a
modern web application
4
This Talk
• Technology trends: why today?
• Security: why is it so hard?
• Research: what we’re doing
▶
▶
Architectural principles
A brief overview of talks today
5
The EmNets Vision
•  “Information technology (IT) is on the verge of
another revolution… The use of EmNets
[embedded networks] throughout society could
well dwarf previous milestones.” 1
•  “The motes [EmNet nodes] preview a future
pervaded by networks of wireless batterypowered sensors that monitor our environment,
our machines, and even us.” 2
1 National Research Council. Embedded, Everywhere, 2001.
2 MIT Technology Review. 10 Technologies That Will Change the World, 2003.
15.iii.2005
Stanford Interview Talk
2
6
Two Game-Changers
• ARM Cortex M series
▶
▶
▶
▶
First released 2004
Ultra-low power 32-bit processor
8-96kB of RAM, 64-512kB code flash
Sleep currents recently dropped <1µA • Bluetooth Low Energy
▶
▶
▶
First released in 2006
Send a 30 byte packet once per second,
last for a year on a coin cell battery
Support was weak until Apple
incorporated into iBeacon, now all major
smartphones include it
7
Example Part: nRF51822
• Cortex M0+ with integrated 2.4GHz transceiver
▶
▶
Supports Bluetooth Low Energy
Two models: 32kB/256kB or 16kB/128kB
• DigiKey cost for 25,000: $1.99
8
This Talk
▶
▶
9
IoT Security is Hard
•
Complex, distributed systems
▶
▶
▶
•
•
103-106
differences in resources across tiers
Many languages, OSes, and networks
Specialized hardware
embedded C
(ARM, avr, msp430)
ZigBee,
ZWave,
Bluetooth,
WiFi
Just developing applications is hard
Securing them is even harder
▶
▶
▶
3G/4G,
TCP/IP
Enormous attack surface
Reasoning across hardware, software, languages, devices, etc.
What are the threats and attack models?
Secure Internet of Things
•
Valuable data: personal, location, presence
•
Rush to development + hard ➔ avoid, deal later
Ruby/Rails,
Python/Django,
J2EE, PHP, Node.js
Obj-C/C++, Java,
Swift, Javascript/HTML 23
10
This Talk
▶
▶
11
Architectural Principles
• Longevity: these systems will last for up to 20
years and their security must too.
• Transparency: we must be able to observe what
our devices are saying about us. • End-to-end: consider security holistically, from
data generation to end-user display.
12
years and their security must too.
• Transparency: we must be able to observe what
our devices are saying about us. • End-to-end: consider security holistically, from
13
14
1995: SSL 0.2
15
Flexible Crypto Hardware
• Devices need to be able to support ciphers that
•
•
are used 20 years from now
Add extensible cryptographic accelerator: silicon is
cheap and BLE dominates the SoC
Designing a 20-year crypto processor
▶
▶
▶
Symmetric crypto: S-boxes and vectors, an instruction set
Public key crypto: several very different constructions
What if quantum computers are real in 20 years?
• There is often unused micro controller die area
16
11:20 - 11:40, Kevin Kiningham
CESEL
Symmetric ciphers
Vector arithmetic
MCU Core
(Cortex M)
ECC public-key operations
RNG, atomic counter
RNG/CTR
Polynomial mult.
Post-quantum public key
Memory bus
ECC
co-processor
S-Boxes
R-LWE
Processor
SHA-2, SHA-3
Fast
hash function
17
11:40 - 12:00, Ben Lampert
Random Numbers
Symmetric ciphers
Vector arithmetic
MCU Core
(Cortex M)
ECC public-key operations
RNG, atomic counter
RNG/CTR
Polynomial mult.
Post-quantum public key
Memory bus
ECC
co-processor
S-Boxes
R-LWE
Processor
SHA-2, SHA-3
Fast
hash function
18
11:00 - 11:20, Amit Levy
Tock: A Secure, Embedded OS
• Written in Rust, a type-safe systems language
▶
▶
▶
Microkernel design
Kernel has small trusted base of unsafe code
Applications can load safe kernel modules for drivers
• Applications can be written in any language
▶
▶
System call interface requires applications allocate memory for
kernel calls
Kernel can grant direct register access (CortexM MPU operates
at 32 byte granularity)
• Systems challenges
▶
▶
Concurrency models
Event-driven memory safety
high address
TRNG
Kernel Stack
App specific
Kernel memory
low address
Memory Mapped I/O
Second App Memory
First App Memory
Code
App code
19
years and their security must too. • Transparency: we must be able to observe what
our devices are saying about us.
• End-to-end: consider security holistically, from
20
Model Today
•
•
Transport-layer security (TLS) between
devices and cloud services
Internet applications: we control one end point
▶
•
Can install new certificates, observe data
IoT applications: we are a transit network
▶
Can’t see or control what happens on either end
21
Intrusion Detection
• How do we build an intrusion detection system for
our smart home?
▶
▶
Can’t see what data our devices are transmitting
They could be compromised and we’ll never know • Enterprises solve this by installing new certificates
on endpoints, allow IDS to look inside TLS, filter
trojan horses from email, etc.
▶
We don’t control these devices, can’t install new certificates
22
10:00 - 10:20, Judson Wilson Keith Winstein
TLS - Rotate and Release
•
•
Transport Layer Security Rotate and Release
A trusted auditor
▶
▶
•
can decrypt all traffic
but not forge traffic (hard part!)
Four operating modes that
together are compatible with
all versions of TLS
auditor
23
years and their security must too. • Transparency: we must be able to observe what
our devices are saying about us.
• End-to-end: consider security holistically, from
24
2:30 - 2:50, Holly Chiang
2:50 - 3:10, Joanne Lo
3:10 - 3:30, Meghan Clark
Applications!
• Applications drive and inform all this research
• Water conservation in a Stanford dorm
▶
Holly Chiang, 2:30 - 2:50
• Wearable, smart technology in everyday objects
▶
Joanne Lo, 2:50 - 3:10
• Personal telepresence in the home
▶
Meghan Clark, 3:10 - 3:30
25
1:55 - 2:15, Laurynas Riliskis
Ravel Framework
• Write a distributed model view controller pipeline
▶
Models, views, controllers. transforms. and spaces
26
1:15 - 1:35, Rohit Ramesh
1:35 - 1:55, Luke Hsiao
Device Generation
•
Applications involve software and hardware
▶
•
Hardware/software boundary is difficult
▶
•
•
Embedded devices are application specific
Refining a design is easier than writing from scratch
Idea: generate a prototype device from
software specification, allow a programmer
to tweak
Two problems
▶
▶
How does one compile the embedded device?
Compiler must have a library of components to use:
where does it come from?
27
10:20 - 10:40, Chang Lan
Securing Middleboxes
• All networks today depend on middleboxes
▶
▶
Firewalls, optimizers, NATs, intrusion detection
The IoT will be no different
• Outsourcing this functionality into the cloud has
many advantages
▶
Simplicity, management, aggregation: network as a service
• Is it possible to securely outsource this
functionality (perform it on encrypted data)?
28
Day’s Schedule
8:30am - 9:30am
9:30am - 9:40am
9:40am - 10:00am
10:00am - 10:20am
10:20am - 10:40am
10:40am - 11:00am
11:00am - 11:20am
11:20am - 11:40am
11:40am - Noon
Noon - 1:15pm
1:15pm - 1:35pm
1:35pm - 1:55pm
1:55pm - 2:15pm
2:15pm - 2:30pm
2:30pm - 2:50pm
2:50pm - 3:10pm
3:10pm ; 3:30pm
3:30pm - 3:45pm
3:45pm - 4:15pm
4:15pm - 6:00pm
welcome and check-in
Introductions:The IoT Revolution and Our Research in IoT
Secure Internet of Things Project
Auditing IoT Communications with TLS-RaR
Embark: Securely Outsourcing Middleboxes to the Cloud
break
Tock, a Secure Embedded Operating System
Hardware Support for Long-Term Cryptographic Flexibility
A Fast, Cheap, High-Entropy Source for IoT Devices
lunch
Embedded Device Generation: Turning Software into Hardware
Automatically Building a Component Library from Datasheets
Programming IoT Applications with Ravel
break
An Energy-Harvesting and Reliable Water Flow Sensor
Incognito Wearables: Seamlessly Incorporating Fashion and Function
The Haunted House:Virtual Shared Living over a Home-to-Home
Network,
break
Innovation in a Post Moore's Law World: Another View of IoT
reception
overview
networks
systems
programs
applications
looking forward
29
Why Now?
• Technology has just reached the tipping point
▶
▶
▶
▶
BLE, iBeacon
Cortex M series
Sensors
Harvesting circuits
• We've been waiting
▶
▶
Leaders in prototyping, cryptographic computation, IoT
networking, secure systems, analytics, and hardware design
What are the threats? Application attackers?
• But it's still early enough
▶
▶
Most big applications haven't been thought of yet
Let's not repeat the web (as good as it is for publications)
30
Thank you!
State Farm
SystemX Alliance
31

Secure Internet of Things Project

Transcription

Similar documents

Internet of Things. A recent visit to CES:

Internet of Things Security Implications v1.4

Web of Objects Project Results at a Glance

Why connected?

DNS-The glue in IoT 12/10/2014

the transformative power of internet infrastructure

Smart-Home!

Wireless Networks in Geophysical Monitoring

protint 751 update