Lec03_24.pdf

Transcript

ELEC S348F
IoT Security

Lecture 3: IoT systems and
Architecture
Lecturer Tabitha Tao
Chapter 3 - Sections & Objectives
▪ 3.1 IoT Simplified Model
IoT Protocol Model
Application layer
Communication layer
Device layer
▪ 3.2 Overview of IoT Devices
IoT device hardware components.
IoT device software components.
3.1 IoT Protocol Model
IoT Protocol Model
IoT Simplified Model

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
IoT Protocol Model
IoT Simplified Model

Why traditional IT Cloud Computing Model can not be used in IoT?

⚫ Bandwidth in last-mile IoT networks is very limited.
⚫ Latency can be very high.
⚫ Network backhaul from the gateway can be unreliable
⚫ Storing and analyzing all sensor data in the cloud is impractical.
⚫ ….
IoT Protocol Model
IoT Simplified Model
▪ This course uses a combination of the
functional layers of the IoT simplified
model overlaid with the TCP/IP model.

▪ Application
ZigBee, Hypertext Transfer Protocol
(HTTP/HTTPS), Message Queuing
Telemetry Transport (MQTT),
Constrained Application Protocol
(CoAP)
▪ Communication
Thread, Transport Control Protocol
(TCP), UDP, RPL, IPv6
▪ Device
6LoWPAN, IEEE 802.15.4, Bluetooth
Low Energy (BLE), Wi-Fi, Near Field
Communication (NFC), Cellular
IoT Protocol Model
IoT Simplified Model
IoT Protocol Model

IoT protocol- Application

Zigbee – a suite of protocols and uses low-power digital
radios based on the IEEE 802.15.4 wireless standard.
Hypertext Transfer Protocol (HTTP/HTTPS) – These
are robust application protocols for getting and posting
data.
Message Queuing Telemetry Transport (MQTT) –
lightweight publish and subscribe messaging protocol
designed for resource-constrained devices that use TCP.
Constrained Application Protocol (CoAP) –
specialized application protocol designed for transmission
of data by constrained devices on M2M networks.
IoT Protocol Model

IoT protocol- Application

Zigbee

Zigbee includes a suite of IEEE 802.15.4-based specifications for
communication protocols enabling mesh low-power, wireless
personal area networks (WPANs) with multi-topology for point-to-
point and multi-point-to-point inter-device communication.

Up to 65,000 nodes per network
communicate with radio transceiver. The chip operates on the IEEE 802.15.4 protocol, over 2.4
GHz
Its low power consumption limits transmission distances to 10–100 meters
IoT Protocol Model

IoT protocol- Application

Mesh Network
▪ A network where multiple devices in the network take on the role of
a router, or repeater. Rather than only sending signals back to the
originator, they repeat signals and forward them to the other network
devices within range.
▪ Relay the signals further: 'signal-hopping' gives mesh networks more
range and more reliability than traditional 'star networks'.
▪ self-healing networks: multiple routers
IoT Protocol Model

IoT protocol- Application

Zigbee
Different roles:
- Coordinator, Router and End-Device
Coordinator: sets up the network,
one per network, central point of the
network.
Router: full function devices,
powered, non-battery,
repeat/forward signal
End-Device: reduced function,
battery powered, not repeat/forward
signals
Zigbee - Pros and Cons

Better Remotes need one hub

Secure
limited range
Stable Networks
Not every smart device supports
Multi-Device
Zigbee
Power-Efficient
Cost-Effective
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
IoT Protocol Model

IoT protocol- Application

Message Queuing Telemetry Transport (MQTT)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
IoT Protocol Model

IoT protocol- Application

Constrained Application Protocol (CoAP)

Open IETF standard since June 2014.
Based on web standards, easily integrates with HTTP. Is
not simply a compressed version of HTTP.
Built for small, constrained, imbedded, occasionally
sleeping devices.
Use on low power, low bandwidth, lossy networks.
Is not HTTP but is clearly based on REST.
IoT Protocol Mode
IoT Protocol Model

IoT protocol- Communication
Thread –a standard for home automation that uses Internet Protocol version 6
(IPv6) for routing on top of an IEEE 802.15.4 wireless network.
Transport Control Protocol (TCP) – a reliable transport protocol that
guarantees data delivery through a system of synchronization and
acknowledgment messages.
UDP – lightweight, unreliable transport protocol that has no mechanism for
guaranteed data delivery.
RPL – Routing Protocol for Low-Power and Lossy Networks that uses IPv6.
Lossy networks are classified as those with devices that typically have high loss
rates, low data rates, and instability.
IPv6 – 128-bit addressing space that provides 340 undecillion unique
addresses, which is more than enough for any conceivable number of IoT
devices.
6LoWPAN – Internet Engineering Task Force (IETF) standard for IPv6 Low-
power Wireless devices in a Personal Area Network that provides a way for
IPv6 to conform to the IEEE 802.15.4 standard. That is why 6LoWPAN is shown
as crossing between the Communications Network and Devices layers in the
figure.
IoT Protocol Model

IoT protocol- Communication

Thread
Simple network installation, start-up and operation
Secure: Devices do not join the network unless authorized, all communications are
encrypted and secure.

Range: Typical devices provide sufficient range to cover a normal home. For commercial
installations, the Thread Domain model allows multiple Thread networks to
communicate with each other over a backbone.
Low power: Devices efficiently communicate to deliver an enhanced user experience
with years of expected life under normal battery conditions
Cost-effective: Compatible chipsets and software stacks from multiple vendors
IoT Protocol Model

◼ Border Routers: provide connectivity from
the 802.15.4 network to adjacent networks
⚫ Leader: manage a registry of assigned
router IDs and accept request from router-
eligible end devices.
◆ Thread Router: provides routing services
Օ Router-eligible end Devices (REEDs):
do not relay
Օ Sleepy end devices(SEDs) :communicate
only through their Thread Router parent
and cannot relay messages
IoT Protocol Model

IoT protocol- Communication
RPL – Routing Protocol for Low-Power and Lossy
Networks
-Key ides: create a Destination Oriented
Directed Acyclic Graph (DODAG) that contains
a single path from each leaf node to the root.
The traffic of all nodes forwards to the root
node.
The root node decides to transfer a Destination
Advertisement Object (DAO) from a node to
communicate.
It also handles the requests for DODAG
Information Requests (DIS) from nodes wishing
to join the network.
RPL nodes can be stateless.
IoT Protocol Model

IoT protocol- Communication
6LoWPAN- stands for IPv6 Over Low-Power Wireless
Personal Area Network.
mostly used standard in this category.
It effectively encapsulates long IPv6 headers in small
IEEE802.15.4 packets that cannot exceed 128 bytes.
The specification supports addresses of different
lengths, low bandwidth, and different topologies,
power consumption, low cost, scalable networks,
mobility, unreliability, and extended downtime.
IoT Protocol Mode
IoT Protocol Model

IoT protocol- Device
IEEE 802.15.4 –Institute of Electrical and Electronic Engineers standard
for low-rate wireless personal area networks (LR-WPANs) that is meant to
be used by low-cost, low-speed devices.
Bluetooth Low Energy (BLE) –wireless personal area network (WPAN)
protocol that uses the 2.4 GHz radio frequency. The LE version provides
much-reduced power consumption without sacrificing range.
Wi-Fi –collection of IEEE 802.11 standards for wireless local area
networks (WLANs) that operate in the 2.4 GHz and 5 GHz frequencies.
Near Field Communication (NFC) –collection of protocols for device-to-
device communications when the devices are very close to one another
(within 4 cm or 1.6 inches).
Cellular –all the cellular technologies covered by the 3rd Generation
Partnership Project (3GPP) such as 4th generation (4G), LTE, and 5th
generation (5G).
LoRaWAN, Sigfox, NB-IoT - Low-power wide-area network (LPWAN)
protocols designed to carry small data payloads over long distances at low
transfer rates.
IoT Protocol Model

IoT protocol- Device

IEEE 802.15.4
IEEE 802.15.4 is a wireless networking technology that provides
the technical specifications for low-rate wireless personal area
networks (LR-WPANs), allowing networked devices to
communicate with one another in a variety of industrial and
commercial settings

Extremely low cost
Ease of implementation
Reliable data transfer
Short range operation
Very low power consumption
IoT Protocol Model

IoT protocol- Device
IEEE 802.15.4 Device Classes:

-Full function device (FFD) -Reduced function device (RFD)

◼ Any topology; Limited to star topology;

◼ Network coordinator capable; Cannot become a network
coordinator;
◼ Talks to any other device
Talks only to a network coordinator;
Very simple implementation
IEEE 802.15.4

Disadvantages

IEEE 802.15.4 causes interference and multipath fading.
doesn’t employ a frequency-hopping approach.
unbounded latency
interference susceptibility

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
IoT Protocol Model

IoT protocol- Device

Bluetooth Low Energy (BLE)

Other name: Bluetooth Smart, Bluetooth 4.0
Just like Bluetooth, BLE operates in the 2.4 GHz ISM band.
Unlike classic Bluetooth, however, BLE remains in sleep mode
constantly except for when a connection is initiated.
BLE is used for applications that do not need to exchange large
amounts of data.
IoT Protocol Model

IoT protocol- Device
Near Field Communication (NFC)

A technology based on RFID
Range: much faster
data rates than UART or I2C.
communicating with devices on the same board
or other devices located as much as a few feet
away.

attack surface: -the same problems exist for SPI
as the other serial communication.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
-Extracting sensitive information.
 Joint Test Action Group (JTAG)

Joint Test Action Group (JTAG) – a
protocol to be used for testing and
debugging.
Attacker: - reverse engineer the logic for
the microcontroller.
- extract the firmware and possibly
even load malicious firmware on the device.
There are specialized boards available to
assist with the process after access to the
JTAG pins has been gained.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
IoT Device Software Components
Embedded Systems -designed for a specific function within a larger system.
▪ Example: Home security devices

All operations are controlled by a microcontroller
Microcontroller can be programmed for the sensors unique to the installation.
Sensors :
smoke, motion, gas, and temperature sensors
trigger an alarm if something exceeds the thresholds set for the particular sensor.
Microcontroller:
display information on a screen
communicate with other computer equipment for monitoring.
IoT Device Software Components
Embedded Systems (Cont.)
▪ embedded systems with microprocessors:
A microprocessor and microcontroller may have the same CPU embedded.
The microcontroller-based system is self-contained and could include flash memory, RAM, serial
communications, and other peripherals within the integrated circuit.
▪ Operating System :

▪ embedded operating system / be programmed directly using the machine code for the CPU.

i.e. stripped down versions of Linux are used.
▪ Debug: different than typical PC software debugging.
PC: -software is developed on the same processor that the program will run on.
-use built-in tools to debug for potential program error
embedded system: -software is built outside the environment.

-use the JTAG port to track down software issues.
IoT Device Software Components
Compiled or Interpreted Code
Developers have a choice as to the type of programming language.

Compiled Code Interpreted Code
Source code is written in a format that is Each instruction is executed one after another.
readable with a text editor and then converted The interpreter translates the instruction into a form of
(compiled) into machine code that is read and machine code that can be performed by the processor. If an
executed by the processor. error occurs, the program will stop at that point and
The developer must complete the compilation corrections can be made.
process before the program is useable. If Examples: Python, JavaScript, Perl, and PHP.
changes are necessary, the text code is
changed and then recompiled prior to being
used.
Examples include C, C++, Rust and Visual
Basic.
IoT Device Software Components
Compiled or Interpreted Code (Cont.)

Question：
Compiled or Interpreted Code, Which one is more
vulnerable? why?
▪ Interpreted code is easy to modify by an attacker because it is stored in a text
format.
▪ Compiled code could be altered by an attacker using a debugger and replacing
machine code instructions with malicious code.
▪ With compiled code, it is possible to digitally sign the binary executable to verify
that it has not been altered.
IoT Device Software Components
Debug/Boot Mode
In case the system encounters a problem.

▪ Sometimes can be accessed using a keystroke combination.
▪ if attackers have access to the device board. They may be able to use the JTAG port.

▪ When operating in debug/boot mode -> authentication could be bypassed.

▪ i.e. If attackers can gain access to the debug/boot mode, it would be possible for
them to make other changes to the system or even install a backdoor. This would
provide access to the system, if the system is available on a network.
IoT Device Software Components
Common IoT Operating Systems
▪ IoT devices typically use a trimmed down version of
an operating system.

▪ Developers can choose from open source and
commercial options.

▪ Busybox - open source and uses a Linux kernel.
Provides a set of programs that can be executed from
the command line
Developer should disable the unnecessary programs
during compilation. Example: Telnet
▪ Android Embedded - lightweight Linux version primarily used in mobile devices, but can be used for
IoT devices.
Designed to reduce power consumption and works with the common processors used in IoT devices.

▪ Commercial options - products such as VxWorks, Windows 10 IoT, and ARM Mbed are available.
Hardware Security
Lab – Investigate the FCC Database
3.4 Chapter Summary
Chapter Summary
Summary
▪ IoT device hardware components
OWASP has compiled a list of vulnerabilities that should be addressed for each attack surface within the IoT
system.
Where communication is available it is unlikely that encryption is implemented due to the limited processing
power of constrained devices, particularly the Class 0 devices.
In IoT devices, the CPU, memory, and physical ports have the potential to be compromised by threat actors.
▪ IoT device software components.
Embedded systems may use an embedded operating system or be programmed directly using the machine
code for the CPU.
Interpreted code is easy to modify because it is generally stored in a text format.
Even compiled code could be altered by an attacker using a debugger and replacing machine code
instructions with malicious code.
If an attacker can gain access to the debug/boot mode it would be possible for them to make other changes
to the system or even install a backdoor.