Lec02_24.pdf
Transcript
ELEC S348F IoT Security Lecture 2: IoT Systems and Architectures Lecturer Tabitha Tao Chapter 2 - Sections & Objectives ▪ 2.1 Models of IoT Systems OSI and TCP/IP Models IoT Reference Model ETSI M2M Standardized Architecture Other IoT Models ▪ 2.2 A Model for IoT Security Io...
ELEC S348F IoT Security Lecture 2: IoT Systems and Architectures Lecturer Tabitha Tao Chapter 2 - Sections & Objectives ▪ 2.1 Models of IoT Systems OSI and TCP/IP Models IoT Reference Model ETSI M2M Standardized Architecture Other IoT Models ▪ 2.2 A Model for IoT Security IoT Simplified Model ▪ 2.3 IoT Threat Modeling NICE Cybersecurity Workforce Framework Threat Model Analysis 2.1 Models of IoT Systems Networking Models OSI and TCP/IP Models ▪ Layered models: data communication occurs from end to end. ▪ Benefits assist in protocol design. foster competition - products from different vendors can work together. prevent changes in one layer from affecting other layers. provide a common language to describe networking functions and capabilities. ▪ OSI - Open Systems Interconnection. ▪ TCP/IP - Transport Control Protocol/Internet Protocol IoT Models OSI and TCP/IP Models IoT Models OSI Model IoT Models TCP/IP Model IoT Models OSI and TCP/IP Models IoT World Forum(IoTWF) Standardized Architecture 7-layer IoT architectural reference model Led by Cisco,IBM, Rockwell Automation and others IoT Models IoT Reference Model © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Layer 1: Physical Devices and Controllers Layer This layer is home to the “things” in the IoT,including various endpoint devices & sensors Size of these “things” can range from almost tiny sensors to huge machines in factory Function: generating data and being capable of being controlled over network Layer 2: Connectivity Layer Functions: Communications between Layer 1 Devices Reliable Delivery of Information Across the Network Switching and Routing Translation Between protocols Network Level Security Layer 3: Edge Computing Layer Functions: ❖ Evaluate and reformat data for Processing at Higher Levels ❖ Filter data to reduce traffic higher level processing ❖ Access data for alerting, notification, or other actions. Upper Layers: Layers 4 to 7 IoT Reference Model Layer Functions Layer 4: Data - Captures data and stores it so it is usable by applications when accumulation necessary. layer - Converts event-based data to query-based processing Layer 5: Data -Reconciles multiple data formats and ensures consistent semantics abstraction layer from various sources. -Confirms data set is complete and consolidates data into one place or multiple data stores using virtualization Layer 6: -Interprets data using software applications. Application layer -monitor,control, and provide reports based on the analysis of the data Layer 7: -Consumes and shares the application information. Collaboration and -This layer can change business processes and delivers the benefits of © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 processes layer IoT. IoT Models Security in the IoT Reference Model ▪ Security measures include: Securing each device connected to the IoT network. Security for all the processes. Securing between each level. ETSI M2M Standardized Architecture ETSI: European Telecommunications Standards Institute M2M: Machine to(2) Machine IoT Models ETSI M2M Standardized Architecture Purpose of the model : common framework for understanding the placement of standards and protocols. Model includes three domains: Application Domain Network Domain M2M Device Domain © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 IoT Models ETSI M2M Standardized Architecture Model includes three domains: Application Domain - management functions can occur such as data analytics, connectivity management, smart energy management, fleet management, or others. Network Domain - where data exits on the local network and is transported to the Application Domain using wired and wireless protocols. M2M Device Domain - where end devices, such as sensors, actuators, and controllers, connect to the network through M2M gateways. IoT Models Other IoT Models ▪ Purdue Model for Control Hierarchy ▪ Industrial Internet Reference Architecture (IIRA) ▪ Internet of Things - Architecture (IoT-A) IoT Models Other IoT Models -manufacturing industry segments devices and equipment into hierarchical functions. It has been incorporated into many other models and standards in the industry. i.e. Cisco incorporates this model into its Converged Plantwide Ethernet (CPwE) solution. IoT Models Other IoT Models ▪ Industrial Internet Reference Architecture (IIRA) by the Industrial Internet Consortium (IIC) standards-based framework used by system architects to design industrial systems. ▪ Internet of Things - Architecture (IoT-A) formally known as the Architectural Reference Model (ARM) for the Internet of Things. maintained by the IoT Forum 2.2 A Model for IoT Security IoT Security Layers IoT Simplified Model Here, we convert domains to Application, Communication, and Device layers, as shown in the figure. Case study:Smart Irrigation(灌溉) System © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 IoT Security Layers A Simple IoT Model ▪ Domains - Application, Communication, and Device layers. Device layer sprinkler heads, moisture sensors, temperature sensors, and actuators. Communication layer [Access network & transport] devices connected to a local irrigation control panel that monitors the state of the system. Application layer [Analytics & Control applications] control panel connected to a remote data center Aggregate all the control panels IoT Security Layers A Simple IoT Model ▪ For data management, interested in when and where data is processed. Mist layer close to the ground where things are connected to the network. Fog layer on a local device that has more power, such as irrigation system’s control panel. Cloud layer Supervisor can remotely override the autonomous actions of the control panel using a mobile or desktop application in the Cloud IoT Security Layers IoT Security Model ▪ This course uses a combination of the functional layers of the IoT simplified model overlaid with the TCP/IP model. ▪ Application ZigBee, Hypertext Transfer Protocol (HTTP/HTTPS), Message Queuing Telemetry Transport (MQTT), Constrained Application Protocol (CoAP) ▪ Communication Thread, Transport Control Protocol (TCP), UDP, RPL, IPv6 ▪ Device 6LoWPAN, IEEE 802.15.4, Bluetooth Low Energy (BLE), Wi-Fi, Near Field Communication (NFC), Cellular 2.3 IoT Threat Modeling NICE and IoT Systems NICE Cybersecurity Workforce Framework ▪ National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework ▪ Purpose: how to identify, recruit, develop and retain cybersecurity talent ▪ The work roles are divided into seven categories. ▪ For this course, we are interested in the Securely Provision category and the Protect and Defend category. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 NICE and IoT Systems Securely Provision responsible for conceptualizing, designing, procuring, and implementing secure information technology (IT) systems. Includes all the processes necessary to assure that existing and new IT systems meet the organization's cybersecurity and risk requirements. ▪ Security Control Assessor (安全控制評估人員)- conduct comprehensive assessments of the management, operational, and technical security controls to determine their overall effectiveness. NICE and IoT Systems Protect and Defend ▪ identifying, analyzing, and mitigating threats to IT systems. conducting assessments of threats and vulnerabilities… Vulnerability Assessment Analyst(漏洞評估分析師) - perform assessments of IT systems and identify where those systems deviate from acceptable configurations or policy. Class Activity: Cyber Career Pathways Tool https://niccs.cisa.gov/workforce-development/cyber- career-pathways © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Threat Model Analysis Threat Model Analysis for an IoT System ▪ Threat modeling - conduct tasks for risk management and vulnerability assessments. an adaption of Microsoft’s Threat Model Analysis and applies it to an IoT system. Threat Modeling Process for Vulnerability Assessment (5 steps) Threat Model Analysis Step 1: Identify Security Objectives ▪ Use the following categories to determine the security objectives for the IoT system: Identity Financial i.e. the financial risk of losing a controller > losing one of the sensors that report to the controller. Reputation Privacy and Regulation i.e. the data from a temperature sensor in an irrigation system may not have any privacy or regulatory concerns. Availability Guarantees i.e. the tolerance for downtime to an industrial control system may be very low and require the implementation of significant security measures and system redundancies. Safety Threat Model Analysis Step 2: Document the IoT System Architecture ▪ Create documents that describe the IoT system architecture including: Components of the IoT system at the application, communication, and device layers The flow of data between components and between layers The technologies, protocols, and standards used to implement the IoT system Threat Model Analysis Step 3: Decompose the IoT System ▪ During this step, gather information about the IoT system using the following tasks: Identify trust boundaries between trusted components and untrusted components. Identify data flow between devices, the communications network, and the applications. Identify entry points where data is input into the system. Identify sensitive data within the IoT system where secure resources are stored and manipulated. Document the security profile to include approaches to input validation, authentication, authorization, configuration, and any other areas of the IoT system that are vulnerable. Threat Model Analysis Step 4: Identify and Rate Threats ▪ In this course, use two tools to identify and rate the threats and vulnerabilities. STRIDE : identify the threats Spoofing Identity, Tampering with Data, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege DREAD : rate the threats quantify, compare, and prioritize the amount of risk in each threat: DREAD Risk Rating = (Damage + Reproducibility + Exploitability + Affected Users + Discoverability)/5 Threat Model Analysis Step 5: Recommend Mitigations Techniques and Technologies ▪ determine the mitigation techniques for each threat ▪ select the most appropriate technology reduce or eliminate the threat ▪ What makes sense from a business perspective, including existing policies within your organization. 2.4 Chapter Summary Chapter Summary Summary ▪ benefits to using a layered model to explain protocols and operations. ▪ IoT reference model Security must permeate throughout all the levels in the IoT Reference Model. ETSI model includes three domains: M2M device, network, and application. Other IoT models include the Purdue Model for Control Hierarch, IIRA, and IoT-A. ▪ IoT security layers in a simplified IoT model consist of device, network, and application layers. ▪ Threat model analysis: Step 1 is to identify security objectives, step 2 is to document the IoT system architecture, step 3 is to decompose the IoT system, step 4 is to identify and rate threats, and step 5 is to recommend mitigation. In step 4, STRIDE is used to identify threats and DREAD is used to rate threats.
