IOT Security.pdf

Full Transcript

Introduction to IoT Security
Lecture 1 Introduction to
Internet of Things
Ethical Hacking Statement
Training to become a cybersecurity specialist requires in depth understanding and
exposure to how cyber-attacks occur, as well as how they are detected and
prevented. These skills will naturally also include learning the techniques that threat
actors use to circumvent data, privacy, and computer and network security.
The hands-on training is performed in this environment so that students can gain
the necessary skills and knowledge needed to thwart these and future cyber-
attacks. Security holes and vulnerabilities that are created in this course should only
be used in an ethical manner and only in this “sandboxed” virtual environment.
Unauthorized access to data, computer, and network systems is a crime in many
jurisdictions and often is accompanied by severe consequences, regardless of the
perpetrator’s motivations. It is the learner’s responsibility, as the user of this
material, to be cognizant of and compliant with computer use laws.
Singapore Computer Misuse and Cybersecurity Act (2017)

The Singapore Computer Misuse and Cybersecurity Act (CMCA) is a law that
regulates the use of computer systems and networks in Singapore.
Under the CMCA, it is an offense to access computer material without
authorization or to access computer material with the intent to commit an
offense. The CMCA also criminalizes the act of interfering with or causing
damage to computer material without authorization.
Learning Objectives
Participants will understand the network fundamentals, including the X.200
OSI Reference Model, to establish a foundational understanding of IoT
architecture.
Participants will grasp security fundamentals, specifically the concepts of
Confidentiality, Integrity, and Availability (CIA), as well as Authentication,
Authorization, and Accounting (AAA) in the context of IoT security.
Network Fundamentals
What is Internet of Things?
BBC Tomorrow World – 1990 Singapore Edition
https://www.youtube.com/watch?v=yUmqzq3e2S4&t=960s
IDA – 2005
https://www.youtube.com/watch?v=QcUSAqUko8g&
What is a protocol?
Network protocols are a set of rules or conventions that define
how data is transmitted and received over a network.
These protocols enable communication between devices,
such as computers, servers, routers, and other networked devices,
by specifying the format and sequence of messages exchanged between them.
The purpose of network protocols is to ensure that data can be transmitted
reliably and efficiently across a network.
Network Fundamentals (Concepts)
(Open System Interconnection, Reference Model) OSI-RM X.200
Various Size of Network Various Network Topology
Personal Area Network (10m) Ring
Local Area Network (100m) Bus
Metropolitan Area Network (1km) Mesh
Wide Area Network (10km) Star
ITU-T vs IETF/IEEE
Access Network Fundamentals
Media Types
– Copper (Guided Transmission) – Unshielded Twisted Pair (UTP), Shielded Twisted Pair, Co-axial Cable
– Fiber – (Guided Transmission) - Single Mode, Multi Mode
– Wireless (Unguided Transmission) – Radio Wave, Microwave, Infra Red, Visual Light
Digital Modulation A [V] A
[V]

– Frequency Modulation (FM) t[s]
Repeater/Amplifier
– Amplitude Modulation (AM) Hub
– Phase Shift Key (PSK) ϕ f [Hz]
CSMA-CD (Ethernet) &
– Quadrature Amplitude Modulation (QAM) Q = M sin ϕ
CSMA-CA (Wi-Fi)
Spread Spectrum (Wireless Only)
ϕ – Carrier Sense Multiple Access
– Direct Sequence Spread Spectrum (Wi-Fi) I= M cos ϕ
Collision Detection / Avoidance
– Frequency Hopping Spread Spectrum (Bluetooth) Flow Control
Multiplexing – RTS, CTS, ACK
– Time Division Multiplex
– Frequency/Wave Division Multiplex (Fibre)
– Space Division Multiplex
– Code Division Multiplex
IETF Network Layer
Internet Protocol IPv4 & IPv6 Static Route
MAC Address (Physical - Fixed) Dynamic Route
IP Address (Logical - Dynamic) – Distance Vector (RIP)

Address Resolution Protocol (ARP) Delivery Scheme
(MAC  IP) – Unicast
Switching vs Routing – Broadcast
– Multicast (Industrial IoT)
– MAC Table (Switch)
– Routing Table (Router)
Others: ICMP & IGMP
VLAN/SSID == 1 Subnet
Class A – 10.X.X.X (16,777,215 Host)
Class B – 172.16.X.X (65535 Host)
Class C – 192.168.X.X (255 Host)
IETF Transport Layer
Transmission Control Protocol (TCP) Port Number (IANA)
User Datagram Protocol (UDP) – Well Know Port (1-1023)
Quick UDP Internet Connections (QUIC) – Registered Port
– Dynamic Port
Connection Oriented vs Connectionless
- Reliability, Sequence, Flow Control IoT Camera System
Real Time Protocol (RTP)
TCP Setting up of Connection Real Time Stream Protocol
- 3-Way Handshake (RTSP)
IETF Application Layer
TCP Based UDP Based
Transport Layer Security (TLS) Dynamic Host Control Protocol
– Secure Socket Layer (SSL) – Link-Local Address : 169.254.X.X
Lightweight Directory Access Protocol – 4 Way Handshake
(LDAP) Domain Name Service
– DNS  IP address
Hypertext Transfer Protocol (HTTP) – Top Level Domain (TLC), ccTLD
File Transfer Protocol (FTP) Network Time Protocol (NTP)
Telnet/SSH
Simple Mail Transfer Protocol/Post Office TFTP (Firmware updates)
Protocol (SMTP/POP3)

MQTT/COAP/OPC-UA
IETF Protocols
Wide Area Network
Wired Network Mobile Network
Public Switch Telephony Network (PSTN) 2G – GSM 14.4kb/s (ISDN – D Rate)
2.5G – GPRS 171kb/s
‒ 56Kb/s V.92
800Mhz, 900Mhz, 1800Mhz, 1900Mhz
Integrated Service Digital Network (ISDN) 3G – WCDMA 2Mb/s
‒ B ==> Bearer 64kb/s 3.5G – HSPA 14Mb/s
‒ D ==> Data 16 Kb/s 2100Mhz
4G – LTE 50Mb/s
‒ 23B+D (T1) 1.544Mb/s (US)
4.5G – Adv LTE 300Mb/s
‒ 30B+2D (E1) 2048Mb/s (Europe) 900Mhz, 1800Mhz, 2600 Mhz
Asymmetric Digital Subscriber Line (ADSL) 5G – 1Gb/s
‒ 26 kHz – 137 kHz Upstream 1.3 Mb/s 3500Mhz
‒ 138 kHz –1104 kHz Downstream 8 Mb/s
Data Over Cable Service Interface
‒ Specification (DOCSIS v3)
‒ 200Mb/s Upstream /1Gb/s Downstream
Passive Optical Network (PON)
‒ GPON 1.244 Gbit/s
Local Area Network
Wired Network Wireless Network
IEEE 802.3 Ethernet IEEE 802.11 Wi-Fi
Bluetooth
RS-485
4-20ma (HART) ZigBee (Home Automation)
Modbus/DNP3
EtherCAT (Industry) LoRA
Sigfox
Control Area Network (Transport)
BACnet/LonTalk (Building)
DALI (Lighting)
Meter Bus (Public Service)
Field Bus (ISA 95 Standard)
Common Industrial Protocol
How to choose wireless protocol for IoT?
Security Fundamentals
McCumber Cube
Security Principles
Confidentiality
Integrity
Availability
Information States
Data-at-Rest
Data-in-Transit
Data-in-Use
Dimensions
Technology
Policies and Practice
People
Cybersecurity Tenets/Triads
Confidentiality
Confidentiality is one of the fundamental principles of information security, and encryption is a
crucial tool to achieve it. Both symmetric (single shared key - AES) and asymmetric encryption
(public/private key - RSA), along with X.509 certificates (public key infrastructure), play important
roles in ensuring the confidentiality of sensitive information.
Integrity
Integrity refers to the assurance that data remains unchanged and uncorrupted during storage,
transmission, or processing. Hash functions play a pivotal role in ensuring data integrity by
generating fixed-size hash values (Digital Signature) or checksums (Hash-Based Message
Authentication Codes HMAC) (Shadow/Password) unique to the content of a given dataset.
Availability
Availability is to ensure continuous and reliable access to resources. Role-Based Access Control
(RBAC) manages user permissions, limiting unauthorized access. Firewalls/Intrusion Prevention
Systems (IPS) filter network traffic, monitor and block suspicious. Anti-virus software detects and
removes malicious programs, enhancing system availability
Information State
Security Dimension
Technology
This dimension uses i) device layer security, a) hardware security module – example trusted platform
module (store keys, keys generations and encryption) b) secure boot - ensures only authenticated and
authorized firmware and software are executed during boot time;
ii) communication layer security - secure protocols using encryption/authentication;
iii) software /application layer security – best secure coding practise and multi-factor authentication.

Policies and Practice
This dimension involves establishing security standards (help to maintain consistency throughout the
network), guidelines (provide flexibility to fit with scenario and temporal needs), and procedures
(incident response plans) for information security governance. These provide a strategic foundation,
defining rules and practices to guide security efforts within an organization, ensuring a cohesive and
compliant security posture.

People
This dimension Involves human factors, roles, and awareness; focuses on training, responsibilities, and
user behaviours in information security.
Principle of Least Privilege
The Principle of Least Privilege (PoLP) is a security principle that
states that a user or process should be given only the minimum
privileges necessary to perform its job functions. This principle is also
known as the principle of minimal privilege or the principle of least
authority.
In computer terms privileges at least cover the following
Read
Write
Execute
! 
Access Denied
Access Granted
What is AAA?
AAA is a security framework that manage user access to computer
systems, networks, and applications.
One of the possible way to implement PoLP
It stands for

Authentications Authorization Accounting
 Authentication
Authentication is the process of verifying the identity of
a user, device, or entity attempting to access a
resource.
The authentication process typically involves the user Authentication
providing some form of identification, such as a
username and password, or using biometric factors
such as fingerprints or facial recognition to gain
access to a network.
Authentication ensures that only authorized users
have access to sensitive data or network resources.
Authorization
Authorization is the process of determining whether a
user or entity is allowed to access a particular resource
or perform a specific action.
Once a user has been authenticated, the authorization Authorization
process checks their privileges and permissions to
ensure they are authorized to perform the requested
action or access the desired resource.
Authorization mechanisms typically involve granting or
denying access based on the user's role or group
membership.
 Accounting
Accounting is the process of recording and tracking
the activities of users and entities on a network.
Accounting enables administrators to monitor resource
usage, track user activity, and generate reports on Accounting
network usage.
This information is used for billing, auditing, and
compliance purposes, and can be used to identify
suspicious or malicious activities on the network.
Authentications

Authorization

Accounting 31
 Components of AAA
There are 3 main components of AAA
They are:

Supplicant Authenticator Authentication Server
Modern Implementation of AAA
Summary
Network Fundamental includes Protocols, Layers, Encryption, OSI 7
Layers concept, IETF TCP/IP concept and Access Network
fundamentals and examples
Security Fundamental includes: McCumber Cube, Security Principles
(CIA), Information State, Security Dimensions, AAA as well as its
components.
Lecture 2 Embedded Device
Security
Learning Objectives
Participants will acquire knowledge about computing fundamentals, focusing
on the Von Neumann architecture, to comprehend the structure of
embedded devices.
Participants will gain insights into the role of sensors (transducers) and
actuators in IoT systems, along with an understanding of security measures
related to these components.
OWASP Hardware Vulnerability Components
 Hardware Sensors  Device Firmware
Environment manipulation Backdoor Accounts
Tampering Hardcoded credentials
Damage Encryption keys
 Device Memory Firmware version display
Default username and password Firmware version last update date
Sensitive data Vulnerable services
Plaintext usernames and passwords Security related function API exposure
Encryption keys  Firmware Update Mechanism
 Device Physical Interfaces Update sent without encryption
Removal of storage media Updates not signed
Reset to insecure state Update location writable
Device ID/Serial number Update verification and authentication
Serial interface connections Malicious update
User and Administrative access Missing update mechanism
Privilege escalation No manual update mechanism
Compute Fundamentals
CPU Architecture
Memory Management Unit Primary Storage
CPU / DSP
Multiply Accumulate RAM
BIOS/Bootloader Secondary Storage
Watchdog Timer ROM/HD

Input Process Output

Memory
Von Neumann Vs Harvard Architecture
IoT CPU Types
Major CPU types used in the IoT are ARM (Mobile Phone), MIPS (Home
Router) and x86 (Notebook, Personal Computer).
Two main categories: Reduced Instruction Set Computing (RISC) and Complex
Instruction Set Computing (CISC).
RISC processors -
ARM (Advanced RISC Machine), MIPS (Microprocessor without Interlocked Pipeline
Stages), AVR (Alf and Vegard's RISC processor), RISC-V, Xtensa
CISC processors –
Intel and Advanced Micro Devices (AMD).
big.LITTLE Computing -
big.LITTLE technology uses different Performance/Efficiency processors (cores) with
differing processing capabilities and power requirements.
IoT CPU Types (Cont)
Heterogeneous Computing Accelerator–
Flynn's taxonomy (1972) Single instruction, multiple data (SIMD) same
operation on multiple data points simultaneously
Examples: Intel (MMX/SSE/AVX), ARM (NEON), MIPS (MSA), Nvidia GPU
Digital Signal Processor (DSP)’s (Multiply Accumulate) a