L7-IOT.pdf

Full Transcript

CSCI301 Contemporary Topics in Security IoT Security Subject Coordinator: A/Prof. Fuchun Guo School of Computing and Information Technology This slide is copyrighted. It must NOT be distributed without permission 1 Preliminaries This slide is copyrighted. It must NOT be distributed without permission 2 What is IoT? According to ZDNet “5G: WHAT IT MEANS FOR IOT” ØThe Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. ØThanks to the arrival of super-cheap computer chips and the ubiquity of wireless networks, it's possible to turn anything, from something as small as a pill to something as big as an aeroplane, into a part of the IoT. ØConnecting up all these different objects and adding sensors to them adds a level of digital intelligence to devices that would be otherwise dumb, enabling them to communicate real-time data without involving a human being. ØThe Internet of Things is making the fabric of the world around us more smarter and more responsive, merging the digital and physical universes. This slide is copyrighted. It must NOT be distributed without permission 3 Characteristics of IoT Entities ØHigh-end devices: laptop, smartphone ØLow-end devices: sensors, actuators ØPassive devices: barcodes, QR-codes, RFIDs Networks ØConnecting computers and devices with different operating systems and protocols in wired and wireless networks Highly personal (private) data ØIn many cases, data travelling through IoT networks contain private data This slide is copyrighted. It must NOT be distributed without permission 4 Node Constraints Node constraints on IoT, specified in RFC7228 ØConstraints on the maximum code complexity (ROM/Flash) can't understand complex codes ØConstraints on the size of state and buffers (RAM) limit on ram size ØConstraints on the amount of computation feasible in a period of time ("processing power") capability to perform tasks ØConstraints on the available power battery ØConstraints on user interface and accessibility in deployment (ability to set sophisticated user interfaces and deployment mechanisms, limiting their ability to receive software updates, keys, update software, etc.) lack configure settings, or perform maintenance tasks remotely Constrained nodes: IoT devices having the above characteristics are defined as “constrained nodes” This slide is copyrighted. It must NOT be distributed without permission 5 Network Constraints Network constraints on IoT, specified in RFC7228 ØLow achievable bit rate/throughput (including limits on duty cycle) slow internet speeds sending a text, but sometimes ØHigh packet loss and high variability of packet loss (delivery rate) Imagine parts of it just vanish into thin air. That's You know how some streets are busier going one kinda what happens with IoT devices than the other? IoT networks can be like that, ØHighly asymmetric link characteristics way where sending data one way is way faster than the other way around ØSevere penalties for using larger packets (e.g., high packet loss due to linklayer fragmentation) like trying to send a big mail but it gets split into smaller pieces and some of those pieces might get lost along the way ØLimits on reachability over time (a substantial number of devices may power off at any point in time but periodically "wake up" and can communicate for brief periods of time), phone goes into power-saving mode and stops getting notifications ØLack of (or severe constraints on) advanced services such as IP multicast don't have a lot of features like smart phones. they may not be able to send a message to multiple devices at once. This slide is copyrighted. It must NOT be distributed without permission 6 The Difference between the Traditional Internet and the IoT Data creation ØThe IoT devices (machines) can create pieces of information (data) about individual’s behaviours and analyse them while humans create them in the traditional internet. humans create data by posting on social media, IOT collect data automatically like a smart thermostat in your home might collect data on temperature levels. Content consumption ØThe content is consumed by pushing information and triggering actions in IoT while the content is consumed by requests in the traditional internet. users request for service and the server will do the request. E.g. websites, emails, video streaming. In IOT, receives pushed information or triggers that prompt action like motion sensors. This slide is copyrighted. It must NOT be distributed without permission 7 The Difference between the Traditional Internet and the IoT Content combining ØThe contents are combined in IoT through explicitly defined operations (like event-driven patterns), while they are combined by explicitly-defined links in the internet, when you're reading an article and it has links to other articles or videos related to the topic, that's content the traditional internet. oncombining. Let's say you have a smart home setup with sensors for temperature, humidity, and motion. Content combining Value here might involve using data from these sensors to decide when to adjust the thermostat or turn on the lights. ØIn the IoT, action and timely information are valued while right answers for answers: searching for cats on google and it will show you the the queries are valued in the traditional internet.Right correct results. Action and timely: motion sensors caught something and notifies you immediately so that you can get live recording of it. Services provided by IoT applications offer a great benefit for human’s life, but they can come with a huge price considering the person’s privacy and security protection. This slide is copyrighted. It must NOT be distributed without permission 8 How it works This slide is copyrighted. It must NOT be distributed without permission 9 IoT Three-Layer Architecture Source: kitrum.com This slide is copyrighted. It must NOT be distributed without permission 10 IoT Three-Layer Architecture Perception Layer: ØIt is also known as the sensor layer, is implemented as the bottom layer in IoT architecture. ØThe perception layer interacts with physical devices and components through smart devices (RFID, sensors, actuators, etc.). ØIts main objectives are to connect things into IoT network, and to measure, collect, and process the state information associated with these things through deployed smart devices, transmitting the processed information into upper layer via layer interfaces. collects real life raw data and processes it into digital data that is understood by IOT This slide is copyrighted. It must NOT be distributed without permission 11 IoT Three-Layer Architecture Network Layer ØIt is also known as the transmission layer, is implemented as the middle layer in IoT architecture. ØThe network layer is used to receive the processed information provided by perception layer and determine the routes to transmit the data and information to the IoT hub, devices, and applications via integrated networks. ØThe network layer is the most important layer in IoT architecture, because various devices (hub, switching, gateway, cloud computing platform, etc.), and various communication technologies (Bluetooth, Wi-Fi, long-term evolution (LTE), 5G, etc.) are integrated in this layer. ØThe network layer should transmit data to or from different things or applications, through interfaces or gateways among heterogeneous networks, and using various communication technologies and protocols. This slide is copyrighted. It must NOT be distributed without permission 12 IoT Three-Layer Architecture Application Layer ØIt is also known as the business layer, which is implemented as the top layer in IoT architecture. ØThe application layer receives the data transmitted from network layer and uses the data to provide required services or operations.  For instance, the application layer can provide the storage service to backup received data into a database, or provide the analysis service by evaluating the received data. ØA number of applications exist in this layer, each having different requirements.  Examples include smart grid, smart transportation, smart cities, etc. This slide is copyrighted. It must NOT be distributed without permission 13 Enabling Technologies in Perception Layer RFID ØUsed to identify and track objects without contact. ØSupports data exchange via radio signals over a short distance. ØThe RFID-based system consists of RFID tag, RFID reader and antenna: üRFID tag: It is attached in an object and has its unique identification number. üRFID reader: It can identify an object and obtain the corresponding information by querying to the attached RFID tag through appropriate signals. üAntenna: It is used to transmit signals between RFID tag and RFID reader. This slide is copyrighted. It must NOT be distributed without permission 14 Enabling Technologies in Perception Layer ØRFID has the following benefits üFast scanning, durability, reusability, large storage, noncontact reading, small size, low cost, etc.. üBecause of these benefits, RFID can be useful in the perception layer of IoT to identify and track objects and exchange information. This slide is copyrighted. It must NOT be distributed without permission 15 Enabling Technologies in Perception Layer Wireless Sensor Networks (WSN) ØWireless sensor network (WSN) can monitor and track the status of devices, and transmit the status data to the control center or sink nodes via multiple hops. ØWSN can be considered as the further bridge between the real world and the cyber world. ØBenefits of WSN: Scalability, dynamic reconfiguration, reliability, small size, low cost, and low energy consumption. üAll these benefits help WSN to be integrated in various areas with diverse requirements. This slide is copyrighted. It must NOT be distributed without permission 16 Enabling Technologies in Perception Layer ØBoth RFID and WSN can be used for data acquisition in IoT but the difference is that RFID is mainly used for object identification, while WSN can be used for the perception of real-world physical parameters associated with the surrounding environment. Wireless Sensor Networks to Control Radiation Levels by David Gascón, Figure from Marcos Yarza This slide is copyrighted. It must NOT be distributed without permission 17 Enabling Technologies in Perception Layer A typical microchip spec for a sensor: ATmega328 by Atmel Parameter Value CPU-type 8-bit AVR Performance 20 MIPS at 20 MHz Flash Memory 32 kB SRAM 2 kB EEPROM 1 kB Note: MIPS: Million Instructions Per Second. The current Intel Core i5 7300U provides 53,840 MIPS at 2.6 GHz. This slide is copyrighted. It must NOT be distributed without permission 18 Enabling Technologies in Perception Layer Others ØBarcodes ü 1D or 2D ØSmartcards ØThe information included in the barcode can be read by a machine that scans the barcode with an infrared beam. This slide is copyrighted. It must NOT be distributed without permission 19 Enabling Technologies in Network Layer IEEE 802.15.4 ØA protocol designed for the physical layer and the MAC layer in wireless personal area networks (WPANs). ØThe goal of IEEE 802.15.4 is to focus on low-rate WPANs, providing the low rate connections of all things in a personal area with low energy consumption, low rate transmission, and low cost. WPAN This slide is copyrighted. It must NOT be distributed without permission Figure from http://www.rfidc.com/docs/introductiontowirele ss_standards.htm 20 Enabling Technologies in Network Layer ØIEEE 802.15.4 can support bands of 868/915MHz and 2.4 GHz, and the data transmission rate on these bands can achieve 20, 40, and 250 Kb/s, respectively. ØIEEE 802.15.4 is a basis for many wireless communication technologies and protocols, such as ZigBee and 6LoWPAN. This slide is copyrighted. It must NOT be distributed without permission 21 Enabling Technologies in Network Layer 6LoWPAN ØLow-power WPANs (LoWPANs) are organized by a large number of low-cost devices connected via wireless communications. ØIn comparison with other types of networks, LoWPAN has a number of advantages like small packet sizes, low power, low bandwidth, etc. ØAs an enhancement, 6LoWPAN protocol was designed by combining IPv6 and LoWPAN  IPv6 packets can be transmitted over IEEE 802.15.4 networks This slide is copyrighted. It must NOT be distributed without permission 22 Enabling Technologies in Network Layer ØDue to the low cost and low energy consumption, 6LoWPAN is suitable to IoT, where a large number of low cost devices are included. Ø6LoWPAN have several advantages, including a great connectivity and compatibility with legacy architectures, lowenergy consumption, ad-hoc self-organization, etc. This slide is copyrighted. It must NOT be distributed without permission 23 Enabling Technologies in Network Layer ZigBee ØA wireless network technology, designed for short-term communication with low-energy consumption. ØThe advantages of ZigBee networks include low energy consumption, low cost, low data rate, low complexity, reliability, and security. ØZigBee network can support multiple topologies, including star, tree, and mesh topologies. This slide is copyrighted. It must NOT be distributed without permission 24 Enabling Technologies in Network Layer 6LoWPAN vs ZigBee 6LoWPAN ZigBee Interoperability IPv4 & IPv6 IEEE802.15.4 Packet Size 30kB 90kB Security AES-128 AES-128 Availability Getting popular Well-established This slide is copyrighted. It must NOT be distributed without permission 25 Enabling Technologies in Network Layer 5G Network ØEnhanced mobile broadband (eMBB): 5G allow extremely fast data speeds. 5G is approximately 20 times faster than 4G in terms of a peak speed. ØMassive machine-type communications (mMTC): Compared to the 4G LTE, it will be able to embrace up to 100 times more connected devices per unit area. ØUltra-reliable low-latency communications (URLLC): 5G also means latency of a mere 1 millisecond. How 5G helps IoT? Ø5G promises a more IoT friendly ecosystem, with vast improvements over the current capabilities of the 4G (LTE). ØThe continuous exchange of data puts a strain on the network and the battery life of the devices. The new wireless network will see a 90% reduction in network energy usage, with up to 10 years worth of battery life for low power IoT devices. This slide is copyrighted. It must NOT be distributed without permission 26 Enabling Technologies in Network Layer Three design principles of 5G network ØFlexibility: Flexible design is necessary for addressing wide range of carrier frequencies (sub 1 GHz to 100 GHz), different deployment types (macro, micro, pico cells), and diverse use cases. ØForward compatibility: 3GPP is taking a phased approach for New Radio (NR) standardization, that is globally standardized radio access technology. It is likely that NR will continue to evolve beyond 2020, with a sequence of releases including additional features and functionalities. Since NR must support a wide range of use cases – many of which are not yet defined – forward compatibility is required. ØUltra-lean design: Cellular networks transmit certain signals at regular intervals even when there is no data to transmit to any user. Reference signals, synchronization signals, and system broadcast information are examples of such transmissions. Ultralean design refers to minimizing these “always on” transmissions. Network should transmit signals only when it is necessary. This slide is copyrighted. It must NOT be distributed without permission 27 Enabling Technologies in Application Layer Constrained Application Protocol (CoAP) ØMessaging protocol in the application layer. ØBecause HTTP is too complex to be used in IoT applications, CoAP was proposed to modify some HTTP functions to meet the requirements of IoT. ØThe group communication and push notification are supported by CoAP, but broadcasting is not. This slide is copyrighted. It must NOT be distributed without permission 28 Enabling Technologies in Application Layer Message Queuing Telemetry Transport (MQTT) ØMQTT is designed to be a very lightweight protocol consuming low bandwidth and power so that it is suitable for IoT systems. Due to this, almost all IoT systems support MQTT. ØIt is based on a publish-subscribe paradigm, which means that one, a publisher, publishes a message and the others, subscribers, will receive the message. ØTo support the publish-subscribe paradigm, the MQTT broker takes a key role that receives messages from a publisher and dispatches the messages to the subscribers. ØThe access control of a publish-subscribe system is based on the topic. The subscriber is waiting for a message to be published under a specific topic. Once, a publisher sends a message with that topic, the message can be received via MQTT broker. This slide is copyrighted. It must NOT be distributed without permission 29 Threats This slide is copyrighted. It must NOT be distributed without permission 30 Lesson-Learnt from past security breaches Selected attacks to illustrate security problems: ØMissing Key Management ØInsecure default settings and passwords ØMissing communication security ØPhysical attacks ØDOS attack This slide is copyrighted. It must NOT be distributed without permission 31 Missing Key Management LIFX: Internet connected light bulb ØThe same global AES key is shared among bulbs to encrypt traffic.  Capturing only one node (bulb) will reveal the global key. Master bulb ü More info: https://www.contextis.com/blog/hacking-into-internet-connected-light-bulbs This slide is copyrighted. It must NOT be distributed without permission 32 Insecure Default Settings and Passwords Web cameras from Foscam, Linksys and Panasonic were found to be vulnerable ØInsecure default credentials: admin, root ØDefault passwords: 12345 Foscam used hard-coded credentials/password in the firmware. ü More info: https://arstechnica.com/informationtechnology/2017/06/internet-cameras-expose-private-videofeeds-and-remote-controls/ This slide is copyrighted. It must NOT be distributed without permission 33 Missing Communication Security Vulnerabilities found in a networked traffic signal system in US ØWireless communications are not encrypted ØThe radio uses the default username/password ØController settings can be configured remotely ØFTP connection to write configuration files ü More info: https://www.usenix.org/system/files/conference/w oot14/woot14-ghena.pdf (Green Lights Forever: Analyzing the Security of Traffic Infrastructure) Malfunction Management Unit This slide is copyrighted. It must NOT be distributed without permission 34 Physical Attacks Attack vectors ØExtract keys, configuration data, firmware images. ØUse of debug/test interfaces & sniffing on inter-bus communication interfaces like Serial Peripheral Interface (SPI) or Inter-Integrated Circuit (I2C). ØKey extraction with in a trusted execution environment using power analysis or fault injection attacks. This slide is copyrighted. It must NOT be distributed without permission 35 DOS Attack Mirai malware ØA piece of malware that targets IP Cameras and home routers, which turn into bots.  It is called “Mirai Botnet”. ØInfected devices were used to launch DDOS (Distributed Denial of Service) attacks. üInfected devices by Mirai continuously scanned the IP addresses of other devices to identify vulnerable devices. üIt then loggged into them using default usernames/passwords. üThe infected devices conducted DDOS attacks on high-profile websites like GitHub, Twitter, Netflix, Airbnb and etc. This slide is copyrighted. It must NOT be distributed without permission 36 Recommended Practices Always encrypt communications to avoid pervasive monitoring/eavesdropping Follow key length recommendation ØUse at least 112-bit symmetric key equivalent. Support automatic key management ØWhere appropriate, consider to use public key encryption or identity-based encryption. Automatic software update mechanism ØUsers tend not to pay attention to. This slide is copyrighted. It must NOT be distributed without permission 37 Recommended Practices Adopt communication channel security (DTLS/TLS). Adopt authentication and authorization solution. Reduce physical attack surface: ØCrypto implementations that consider side channel attacks ØDisabled debug facilities before launching product ØHardware-based crypto support ØMemory protection unit (MPU) integration This slide is copyrighted. It must NOT be distributed without permission 38 Threats on Perception Layer Node capture attack ØThe adversary can capture and control the node or device in IoT via physically replacing the entire node, or tampering with the hardware of the node or device. ØIf a node is compromised by this attack, the important information (group communication key, radio key, matching key, etc.) can be exposed to the adversary. ØThe adversary can also copy the important information associated with the captured node to a malicious node, and then fake the malicious node as an authorized node to connect to the IoT network or system. ØA node capture attack can incur a serious impact on the network. Defense Ø Effective schemes to monitor and detect malicious nodes. This slide is copyrighted. It must NOT be distributed without permission 39 Threats on Perception Layer Malicious code injection attacks ØThe adversary can control a node or a device in IoT by injecting malicious code into the memory of the node or device. ØThe injected malicious code not only can perform specific functions, but can also grant the adversary access into the IoT system, and even gain the full control of the IoT system. Defense ØEffective code authentication schemes. This slide is copyrighted. It must NOT be distributed without permission 40 Threats on Perception Layer False data injection attacks ØThe adversary can inject false data in place of normal data measured by the captured node or device, and transmit the false data to IoT applications. ØAfter receiving the false data, IoT applications can return erroneous feedback commands or provide wrong services, which further affect the effectiveness of IoT applications and networks. Defense ØFalse data filtering schemes, which can efficiently detect and drop the false data before the data is received by the IoT applications. This slide is copyrighted. It must NOT be distributed without permission 41 Threats on Perception Layer Cryptanalysis attacks and side channel attacks ØA cryptanalysis attack can use the obtained ciphertext or plaintext to infer the encryption key being used in the encryption algorithm. Ø To improve the efficiency, the side channel attacks, can be introduced by the adversary. ØOne of the typical side channel attacks is the Power Analysis, in which the adversary can obtain the encryption key by analyzing the power consumption information required to execute the encryption algorithm. Defense ØEfficient and secure encryption algorithms and key management schemes need to be developed in IoT. This slide is copyrighted. It must NOT be distributed without permission 42 Threats on Perception Layer Power Analysis Attack Simple Power Analysis Attack Differential Power Analysis Attack This slide is copyrighted. It must NOT be distributed without permission 43 Threats on Perception Layer Eavesdropping and interference ØBecause most of devices in IoT will communicate via wireless networks, vulnerability lies in the fact that information delivered in wireless links can be eavesdropped by non-authorized users. ØThe adversary can also send noise data or signal to interfere with the information delivered in wireless links. Defense ØSecure encryption algorithms and key management schemes. ØEffective secure noise filtering schemes (to ensure the accuracy and timely delivery of data). This slide is copyrighted. It must NOT be distributed without permission 44 Threats on Perception Layer Sleep deprivation attacks ØIn IoT, most devices or nodes have low power ability. ØTo extend the life cycle of the devices and nodes, devices or nodes are programmed to follow a sleep routine to reduce the power consumption. ØThe sleep deprivation attack can break the programmed sleep routines and keep device or nodes awake all the time until they are shut down. Defense: ØThe energy harvest scheme, in which devices and nodes can harvest energy from the external environment (like solar energy). ØSecured duty-cycle mechanism. This slide is copyrighted. It must NOT be distributed without permission 45 Threats on Network Layer DoS attacks ØDoS attacks can consume all of the available resources in IoT by attacking network protocols or bombarding the IoT network with massive traffic, rendering the services of IoT systems unavailable. ØThe DoS attack is considered to be one of the most common attacks, and represents an attack category, which can result in the services of IoT systems being unavailable. ØExamples include Ping of Death, TearDrop, UDP flood, SYN flood, Land Attack, etc. Defense: ØInvestigating attacking schemes carefully to design efficient defensive schemes. This slide is copyrighted. It must NOT be distributed without permission 46 Threats on Network Layer Sinkhole attacks / Wormhole attacks ØSinkhole attacks: A compromised device or node claims exceptional capabilities of power, computation, and communication, such that more neighboring devices or nodes will select the compromised device or node as the forwarding node in data routing process because of the appealing capabilities. ØWormhole attacks: Launched by two cooperative malicious devices or nodes in IoT, in which the one or two malicious devices in different locations can exchange routing information with private links to achieve a false reduced hop transmission between them, even if they are located far away from each other. This slide is copyrighted. It must NOT be distributed without permission 47 Threats on Network Layer Wormhole attacks ØThrough this attack, the compromised devices or nodes can increase the amount of data obtained before it is delivered in the IoT system. ØIt not only can break the confidentiality of delivered data, but also can be a fundamental step to launch additional attacks (DoS attack, etc.). Origin Destination Defense: ØModifying the routing protocols to enhance the security in the route selection process. ØDeploying secure hardware (GPS, directed antenna, etc.). Malicious node Malicious node Wormhole Attack This slide is copyrighted. It must NOT be distributed without permission 48 Threats on Network Layer Man in the middle attack (MITM) ØA malicious device controlled by the adversary can be virtually located between two communicating devices in IoT (MITM is also one example of on-path threat). ØBy stealing the identity information of the two normal devices, the malicious device can be a middle device to store and forward all data, which is communicated between these two normal devices, while the two normal devices cannot detect the existence of the malicious device, and instead believe that they directly communicate with each other. This slide is copyrighted. It must NOT be distributed without permission 49 Threats on Network Layer ØThe man in the middle attack can violate the confidentiality, integrity, and privacy of restricted data in IoT through monitoring, eavesdropping, tampering, and controlling the communication between the two normal devices. ØUnlike malicious node capture attacks that need to physically tamper with the hardware of devices, the man in middle attack can be launched by only relying on the communication protocols used in IoT networks. Defense: Secure communication protocols and key management schemes (End-to-end encryption + authentication) This slide is copyrighted. It must NOT be distributed without permission 50 Threats on Network Layer Sybil attacks ØA malicious device, namely a sybil device, can claim several legitimate identities and impersonate them in IoT systems. ØBecause a sybil device has several legitimate identities, false data sent by the sybil device can be easily accepted by their benign neighboring devices. ØAlso, routes that select sybil devices as forwarding nodes may consider that several different intersected paths are determined, but, in fact only one path is determined and all transmitted data needs to go through the sybil device, in which jamming and DoS can be used. Defense: Secure identification and authentication This slide is copyrighted. It must NOT be distributed without permission 51 Threats on Application Layer Phishing attack ØThe adversary can obtain the confidential data of users, such as identification and passwords, by spoofing the authentication credentials of users via the infected e-mails and phishing websites. ØThis attack involves human-machine interaction in IoT. Defense: ØSecure authorization access, identification and authentication. Øthe most efficient way is for users themselves to always be vigilant while surfing online but IoT settings may make this impossible. This slide is copyrighted. It must NOT be distributed without permission 52 END This slide is copyrighted. It must NOT be distributed without permission 53