Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Track 5 session 1 - st dev con 2016 - need for security for iot

ST_World
ST_World

- The document discusses the need for security in IoT devices as the number of connected devices grows exponentially to over 30 billion by 2020. - It outlines the various types of connected devices and assets that need protection including personal information, products, infrastructure and more. - The main threats to IoT systems are discussed as access to services and networks, device access, data theft and counterfeiting. Specific attacks like hacking exposed data and exploiting vulnerabilities are also covered. - The presentation recommends using cryptography, authentication, secure boot processes and other countermeasures to protect assets by mitigating vulnerabilities and reducing threats and risk. It emphasizes the importance of a layered security approach and managing risk for different asset values.

1 of 36
Download to read offline
October 4, 2016 Santa Clara Convention Center Mission City Ballroom The Need for Security In IoT Who needs security anyway ? Joe Pilozzi
The Rise of Connected Things 2 • ~33B connected devices by 2020 • $1.7 trillion in value added to the global economy in 2019 • 40% Compound Annual Growth Rate 2014–2020
The Connected Devices 3 Server Farms, Server Clusters Network Equipment (routers, firewalls, ..) PC/Laptop Connected Media Smart Phones, Tablets Embedded Connected Devices Smart Things  • Few Mu  • Tens of Mu  • ~ 1 Bu  • ~ 10 Bu  • ~ 10 Bu  20 Bu  • ~ 30 Bu  50 Bu Represents a very large opportunity for business and for mischief
Who Needs Security Anyway
Who Needs Security Anyway … 5 • It’s about protecting Assets • Knowing the true value of those Assets you are going to protect • Assets are a wide range of items • Consumers Personal Information • Financial, Health, Location, Passwords, Accounts • Your Product or Solution • Processes, Services, Intellectual Property, Firmware, Brand • Health and Safety • Medical devices, Manufacturing Processes and Equipment, Transport and Vehicles • The Work Place • Production Equipment, Environmental and Access Controls Assets ….. Your brand, your reputation Photo source : Wired Magazine
Connected Device Are Subject to Attacks 6 • Hacking opportunities made significantly easier with devices being connected to the internet • Exploiting carelessly managed user private information, as in the case of a connected SmartFridge • Exploit flaws and genuine mistakes leading to weaknesses in security • Hacking opportunities come from a failure to correctly verify the identity of devices on a network • An attack may take an indirect route to an asset by targeting the weakest link in a system, as in the case of a remotely hacked vehicle https://www.wired.com/2016/02/flaws-in-wireless-mice-and-keyboards-let-hackers-type-on-your-pc/
And More … 7
Threats and Vulnerabilities
General Threats To IoT Systems 9 • Access / misuse of services and networks • Access / misuse of devices • Theft of confidential data or identity • Counterfeit devices or services
Threat Analysis 10 • Asset • In general terms is information, a capability, an advantage, a feature, financial or technical resource that may be damaged, lost or disrupted • Assets may be digital (software sources), physical (a car or a server) or commercial (brand) • Damage to an asset may affect the normal operation of the system as well as that of individuals and organizations involved with the system • Threat • Threat is a specific scenario or a sequence of actions that exploits a set of vulnerabilities and may cause damage to one or more of the system's Assets
Threat Analysis 11 • Vulnerabilities • Is a weakness, limitation or a defect in one or more of the system's elements that can be exploited to disrupt the normal operation of the system • They may be in specific modules of the system, its architecture, its users and operators, and/or in its associated regulations, operational and business procedures • Countermeasures, "safeguards“ or Barriers • Is a procedure, function, process, action or a means of mitigating a specific vulnerability or several different vulnerabilities
Threat Analysis 12 Concepts and Relationships Assets Value Assets Vulnerabilities Threats Wish to abuse Exploit• Countermeasures mitigate Vulnerabilities and therefore mitigate Threats and hence reduces Risk Increases Wish to minimize Risk Value Hence evaluate Attacks To Protect Countermeasures / Barriers Mitigates Develop Reduces • Threats exploit Vulnerabilities and to gain access to Assets Customer Owner
Threat Analysis 13 Smart Metering System Gateway Cloud Services Network Smart Meter Threat • Commercial and cyber crime • Disruption of administration system • Supply shut down – disruption of service • Spread of wrong information (e.g. invoices) Fake Service • Commercial and cyber crime • Identifying empty houses • Invoice Fraud • Manipulating meter readings • Misuse of private customer data Eavesdropper Data Corruption • Identifying empty houses • Manipulating meter readings • Misuse of private customer data • Invoice fraud Compromised Device Data Corruption • Distributed Denial-of-Service (DDoS) • Malicious code Counterfeit Device
Classes of Attacks 14 Invasive Product Attacks With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks Invasive Silicon Attacks Device de-packaged • Circuit analysis and probing Non Invasive Attacks Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Box Internet The Cloud BOX
Invasive Silicon Attacks 15 • Silicon Reverse Engineering • FLASH or ROM code retrieval • Whole or partial gate net-list extraction Prepared for probing • Identification of Internal Structure of the Chip • Layout analysis, feature, buses, … • Find “good“ location for probing • Buses and memory to obtain keys, data, code • A Fault Injection Attack - Non or Semi-Invasive • Disturb normal behavior • Exploit unexpected behavior • Sources • Laser, UV, X-rays
Software Attacks 16 • >95% attacks today exploit software implementation flaws • Heartbleed - wrong buffer size • Apple IOS web authentication by-pass - software line duplicated Human error contributes to nearly all of these incidents
Cost / Effort Relative Cost Of Attacks 17 Software Attacks • Stack overflow • Malware • Virus • Trojans Invasive Silicon Attacks • Reverse Engineering • Probing • Fault Injection ( Laser, X-Ray, VU) Invasive Product Attacks • Physical access ( JTAG, IOs) • Environment Perturbation • Side Channel Attacks (SPA, DPA, DEMA) Today 95 % attacks Complexity
Fortifying an IoT Device Countermeasures
An IoT Device’s Security Needs 19 Prevent device misuse Prevent device or server counterfeiting Resistance against hacking, cloning Authentication • Device to device • Device to server Service and network access corruption Prevent device misuse Integrity and Availability • Secure Boot • Secure firmware upgrade • Trusted processing Data privacy Prevent data collection or corruption Confidentiality • Data / identity protection • Secure communications • Secure storage Upgradability Secure Communications • Secure firmware upgrade Prevent device misuse Need Solution
Countermeasures 20 • Cryptography algorithms are used to protect data and establish trust Cryptography Authentication • Challenge – Response • TLS/DTLS protocols challenge response Authentication Process Availability Service protection • Secure Boot • Secure Firmware Upgrade • Trusted Processing Data Integrity • Data with Signature - using RSA / ECC • Cryptography ciphers (AES, DES, ECC, RSA) are public • Protecting keys is the key to success Confidentiality Data encryption • Symmetric DES / AES • Asymmetric RSA / ECC
Countermeasures 21 • Smaller silicon geometries the better – more difficult to probe • Layout flattening – just a sea-of-gates • Easier to hide busses and critical signal routing • More difficult to identify functions / features • Camouflage to prevent reverse engineering Physical Design Techniques Standard routing Camouflaged routing
Managing Risk
Cost Managing Risk 23 • Always seek better level of security/integrity • Use the integrity and cryptographic tools offered • Seek out advise for best practices Risk Robustness Security Optimal Government Mandated Security Fort KnoxPoor Always seek better Increase due to Hacking Vulnerable
Invasive Product Attacks With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks Non Invasive Attacks Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Invasive Silicon Attacks Device de-packaged • Circuit analysis and probing • Fault injection Solutions 24 Box Internet The Cloud BOX Add a Secure Element • Much Better Tamper Resistant • Trusted Crypto Services • Secure Storage • Independently Certified A Better Solution Use an MCU’s security features • Unique Device IDs • Memory Protection • Firewall • Tamper Detection • Crypto Hardware • AES, T-RNG • Debug Port Protection Solution SOLUTIONS
Layers of Security Services 25 • Security services should be handled independently in silo’ed processes System Layers Application / Cloud • Access control and right management • Feature and product management Data / Transport Layer • TLS/DTLS, HTTPS etc Link Layer / Physical Layer • Network physical layer security • e.g. WiFi – WPA2, 802.11i Device Security Services • Secure Boot
Cybercriminals 26 • Cybercriminals are motivated by various factors • Financial gain, brand damage, political or terrorism, or plain old mischief making • Todays cybercriminals are increasingly well funded criminal organizations • Cybercriminals don’t necessarily target the final asset directly, but target less secure devices connected to the same network Never Underestimate ….. • Minimize your vulnerabilities or “attack surface” • Seek out advise on threat analysis
Risk Management 27 • Understand the value of the Assets you are going to protect • Understand your Threats and Vulnerabilities • Develop a security strategy to reduce Risk • At the right level of security for the value of the Assets being protected • Make use of the microcontrollers integrity and hardware based cryptography tools available • Crypto libraries, crypto accelerators • Robustness features like debug port protection, memory partitioning, firewall and tamper detection Fortified Solutions • A well Fortified Solution makes use of these features • Don’t make it easy for a cybercriminal!
Is Your Product Secure ?
Is Your Product Secure … 29 • Device Integrity • Can you determine if the product is authentic and can it be trusted? • Security of Communications • Is private data being transferred confidentially and with integrity? • Security of Stored Information • Is private data being stored in a protected manner ? A Simple Check List
Security of Connected Devices Does Matter 30 Even our election could be a risk .. Source: Engadget
Conclusion
Conclusion 32 Work with ST, your experienced partner • Internet of Things presents a wealth of opportunities, a growth for commerce and an increased risk of theft, mischief and damage or loss of life • Understand the value of Assets in your system or product • Perform threat analysis to better understand your Risks • Reduce risk by designing and managing secure products well fortified against threats • Design and manage your products using good design practices • Design products and systems resilient against threats throughout their life-cycle • A robust product is achieved through the use of security features and tools • Most of the software attacks today can be thwarted by good firmware development practices
Demos
ST Solutions for Security in IoT 34 Smart City Solution for IoT Node
35
Thank You

More Related Content

Track 5 session 1 - st dev con 2016 - need for security for iot

  • 1. October 4, 2016 Santa Clara Convention Center Mission City Ballroom The Need for Security In IoT Who needs security anyway ? Joe Pilozzi
  • 2. The Rise of Connected Things 2 • ~33B connected devices by 2020 • $1.7 trillion in value added to the global economy in 2019 • 40% Compound Annual Growth Rate 2014–2020
  • 3. The Connected Devices 3 Server Farms, Server Clusters Network Equipment (routers, firewalls, ..) PC/Laptop Connected Media Smart Phones, Tablets Embedded Connected Devices Smart Things  • Few Mu  • Tens of Mu  • ~ 1 Bu  • ~ 10 Bu  • ~ 10 Bu  20 Bu  • ~ 30 Bu  50 Bu Represents a very large opportunity for business and for mischief
  • 5. Who Needs Security Anyway … 5 • It’s about protecting Assets • Knowing the true value of those Assets you are going to protect • Assets are a wide range of items • Consumers Personal Information • Financial, Health, Location, Passwords, Accounts • Your Product or Solution • Processes, Services, Intellectual Property, Firmware, Brand • Health and Safety • Medical devices, Manufacturing Processes and Equipment, Transport and Vehicles • The Work Place • Production Equipment, Environmental and Access Controls Assets ….. Your brand, your reputation Photo source : Wired Magazine
  • 6. Connected Device Are Subject to Attacks 6 • Hacking opportunities made significantly easier with devices being connected to the internet • Exploiting carelessly managed user private information, as in the case of a connected SmartFridge • Exploit flaws and genuine mistakes leading to weaknesses in security • Hacking opportunities come from a failure to correctly verify the identity of devices on a network • An attack may take an indirect route to an asset by targeting the weakest link in a system, as in the case of a remotely hacked vehicle https://www.wired.com/2016/02/flaws-in-wireless-mice-and-keyboards-let-hackers-type-on-your-pc/
  • 9. General Threats To IoT Systems 9 • Access / misuse of services and networks • Access / misuse of devices • Theft of confidential data or identity • Counterfeit devices or services
  • 10. Threat Analysis 10 • Asset • In general terms is information, a capability, an advantage, a feature, financial or technical resource that may be damaged, lost or disrupted • Assets may be digital (software sources), physical (a car or a server) or commercial (brand) • Damage to an asset may affect the normal operation of the system as well as that of individuals and organizations involved with the system • Threat • Threat is a specific scenario or a sequence of actions that exploits a set of vulnerabilities and may cause damage to one or more of the system's Assets
  • 11. Threat Analysis 11 • Vulnerabilities • Is a weakness, limitation or a defect in one or more of the system's elements that can be exploited to disrupt the normal operation of the system • They may be in specific modules of the system, its architecture, its users and operators, and/or in its associated regulations, operational and business procedures • Countermeasures, "safeguards“ or Barriers • Is a procedure, function, process, action or a means of mitigating a specific vulnerability or several different vulnerabilities
  • 12. Threat Analysis 12 Concepts and Relationships Assets Value Assets Vulnerabilities Threats Wish to abuse Exploit• Countermeasures mitigate Vulnerabilities and therefore mitigate Threats and hence reduces Risk Increases Wish to minimize Risk Value Hence evaluate Attacks To Protect Countermeasures / Barriers Mitigates Develop Reduces • Threats exploit Vulnerabilities and to gain access to Assets Customer Owner
  • 13. Threat Analysis 13 Smart Metering System Gateway Cloud Services Network Smart Meter Threat • Commercial and cyber crime • Disruption of administration system • Supply shut down – disruption of service • Spread of wrong information (e.g. invoices) Fake Service • Commercial and cyber crime • Identifying empty houses • Invoice Fraud • Manipulating meter readings • Misuse of private customer data Eavesdropper Data Corruption • Identifying empty houses • Manipulating meter readings • Misuse of private customer data • Invoice fraud Compromised Device Data Corruption • Distributed Denial-of-Service (DDoS) • Malicious code Counterfeit Device
  • 14. Classes of Attacks 14 Invasive Product Attacks With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks Invasive Silicon Attacks Device de-packaged • Circuit analysis and probing Non Invasive Attacks Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Box Internet The Cloud BOX
  • 15. Invasive Silicon Attacks 15 • Silicon Reverse Engineering • FLASH or ROM code retrieval • Whole or partial gate net-list extraction Prepared for probing • Identification of Internal Structure of the Chip • Layout analysis, feature, buses, … • Find “good“ location for probing • Buses and memory to obtain keys, data, code • A Fault Injection Attack - Non or Semi-Invasive • Disturb normal behavior • Exploit unexpected behavior • Sources • Laser, UV, X-rays
  • 16. Software Attacks 16 • >95% attacks today exploit software implementation flaws • Heartbleed - wrong buffer size • Apple IOS web authentication by-pass - software line duplicated Human error contributes to nearly all of these incidents
  • 17. Cost / Effort Relative Cost Of Attacks 17 Software Attacks • Stack overflow • Malware • Virus • Trojans Invasive Silicon Attacks • Reverse Engineering • Probing • Fault Injection ( Laser, X-Ray, VU) Invasive Product Attacks • Physical access ( JTAG, IOs) • Environment Perturbation • Side Channel Attacks (SPA, DPA, DEMA) Today 95 % attacks Complexity
  • 18. Fortifying an IoT Device Countermeasures
  • 19. An IoT Device’s Security Needs 19 Prevent device misuse Prevent device or server counterfeiting Resistance against hacking, cloning Authentication • Device to device • Device to server Service and network access corruption Prevent device misuse Integrity and Availability • Secure Boot • Secure firmware upgrade • Trusted processing Data privacy Prevent data collection or corruption Confidentiality • Data / identity protection • Secure communications • Secure storage Upgradability Secure Communications • Secure firmware upgrade Prevent device misuse Need Solution
  • 20. Countermeasures 20 • Cryptography algorithms are used to protect data and establish trust Cryptography Authentication • Challenge – Response • TLS/DTLS protocols challenge response Authentication Process Availability Service protection • Secure Boot • Secure Firmware Upgrade • Trusted Processing Data Integrity • Data with Signature - using RSA / ECC • Cryptography ciphers (AES, DES, ECC, RSA) are public • Protecting keys is the key to success Confidentiality Data encryption • Symmetric DES / AES • Asymmetric RSA / ECC
  • 21. Countermeasures 21 • Smaller silicon geometries the better – more difficult to probe • Layout flattening – just a sea-of-gates • Easier to hide busses and critical signal routing • More difficult to identify functions / features • Camouflage to prevent reverse engineering Physical Design Techniques Standard routing Camouflaged routing
  • 23. Cost Managing Risk 23 • Always seek better level of security/integrity • Use the integrity and cryptographic tools offered • Seek out advise for best practices Risk Robustness Security Optimal Government Mandated Security Fort KnoxPoor Always seek better Increase due to Hacking Vulnerable
  • 24. Invasive Product Attacks With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks Non Invasive Attacks Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Invasive Silicon Attacks Device de-packaged • Circuit analysis and probing • Fault injection Solutions 24 Box Internet The Cloud BOX Add a Secure Element • Much Better Tamper Resistant • Trusted Crypto Services • Secure Storage • Independently Certified A Better Solution Use an MCU’s security features • Unique Device IDs • Memory Protection • Firewall • Tamper Detection • Crypto Hardware • AES, T-RNG • Debug Port Protection Solution SOLUTIONS
  • 25. Layers of Security Services 25 • Security services should be handled independently in silo’ed processes System Layers Application / Cloud • Access control and right management • Feature and product management Data / Transport Layer • TLS/DTLS, HTTPS etc Link Layer / Physical Layer • Network physical layer security • e.g. WiFi – WPA2, 802.11i Device Security Services • Secure Boot
  • 26. Cybercriminals 26 • Cybercriminals are motivated by various factors • Financial gain, brand damage, political or terrorism, or plain old mischief making • Todays cybercriminals are increasingly well funded criminal organizations • Cybercriminals don’t necessarily target the final asset directly, but target less secure devices connected to the same network Never Underestimate ….. • Minimize your vulnerabilities or “attack surface” • Seek out advise on threat analysis
  • 27. Risk Management 27 • Understand the value of the Assets you are going to protect • Understand your Threats and Vulnerabilities • Develop a security strategy to reduce Risk • At the right level of security for the value of the Assets being protected • Make use of the microcontrollers integrity and hardware based cryptography tools available • Crypto libraries, crypto accelerators • Robustness features like debug port protection, memory partitioning, firewall and tamper detection Fortified Solutions • A well Fortified Solution makes use of these features • Don’t make it easy for a cybercriminal!
  • 28. Is Your Product Secure ?
  • 29. Is Your Product Secure … 29 • Device Integrity • Can you determine if the product is authentic and can it be trusted? • Security of Communications • Is private data being transferred confidentially and with integrity? • Security of Stored Information • Is private data being stored in a protected manner ? A Simple Check List
  • 30. Security of Connected Devices Does Matter 30 Even our election could be a risk .. Source: Engadget
  • 32. Conclusion 32 Work with ST, your experienced partner • Internet of Things presents a wealth of opportunities, a growth for commerce and an increased risk of theft, mischief and damage or loss of life • Understand the value of Assets in your system or product • Perform threat analysis to better understand your Risks • Reduce risk by designing and managing secure products well fortified against threats • Design and manage your products using good design practices • Design products and systems resilient against threats throughout their life-cycle • A robust product is achieved through the use of security features and tools • Most of the software attacks today can be thwarted by good firmware development practices
  • 33. Demos
  • 34. ST Solutions for Security in IoT 34 Smart City Solution for IoT Node
  • 35. 35