Upload File

iot security and mesh networks - viktoria swedish … · iot security and mesh networks ... ›...

  • Home
  • Documents
  • IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)
24
IoT SECURITY and MESH NETWORKS Christoffer Jerkeby Ericsson Platform Security Research 2015

Upload: votruc

Post on 12-May-2018

222 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 70 pt

CAPITALS

Slide subtitle minimum 30 pt

IoT SECURITY and MESH NETWORKS

Christoffer Jerkeby Ericsson Platform Security Research 2015

Page 2: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 2

› Works at Ericsson Platform Security Research › Active in Global Platform

– In Trusted Execution environment specification working group ›  A secure environment for devices with high security

requirements that can host Applications and Certificates

› Active in Bluetooth Special Interest Group (SIG) – In Bluetooth Smart Mesh

›  An IoT carrier based on Mesh distribution of nodes with Bluetooth as a carrier

› Researching security vulnerabilities in network protocols and implementations.

About me

Page 3: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 3

How things used to be

Page 4: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 4

Valdemar Atterdag

Page 5: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 5

› One key to the kingdom › Just like WPA2, WPA or WEP › But there are larger gardens than Wi-Fi › Nation wide and global communication networks

– SS7, Blue-ray & DVD,

› A multitude of IoT solutions › Secret keys built in to devices leaks

– Let me show you some ways!

Walled garden

Page 6: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 6

› UARTS – Command prompts

› JTAGS – Binary extraction

› MMC’s – Editable boot loaders

› Targets are keys in all things – Modems, VoIP boxes, Lamps, Locks, TV’s etc.

Hardware attacks

Page 7: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 7

› Evil-grading – Apps – Firmware – Libraries

› Web interfaces – False sense of firewalling – Cross site scripting (XSS) – Browser attacks – Default passwords

› Radio snooping – Wi-Fi WPS/WPA(2)/WEP cracking – Bluetooth Low Energy 4.0 Cracking

Remote attacks

Page 8: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 8

1.  Only store unique asymmetric keys on devices 1.  Public Private keys 2.  Negotiate for temporary symmetric session keys

2.  Only break the first rule of IoT security when there are no other options but do apply these rules:

1.  Only use one symmetric key per node 1.  Do not share one symmetric authentication key!

2.  Only use one symmetric key once 1.  For bootstrapping.

3.  Use secure storage like a Trusted Execution Environment - Secure Storage or Secure Element (SIM)

Rules of IoT security

Page 9: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 9

Mesh networks

H

K B

I

AG

J

C

D

E

F

Page 10: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 10

› Distributed nodes › Multiple relays to reach a destination › Who to trust?

– The Walled Garden? – Public Key Infrastructures?

›  Centralized on remote and vulnerable Certificate Authorities – Secure Device Management

›  Key infrastructure ›  Address management ›  Software management ›  Device Identity management

– Multiple authorities based on real device owners ›  Persons can have a web of trust

TRUST in Mesh networks

Page 11: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 11

› We want to create domains where the user is the authority › We wan to minimize the damage to the domain caused if one node is compromised

› We want to keep the node keys available in the domain regardless of the availability of one given node

– No single point of failure

› We want the domain to be accessible regardless of the carrier

– Type, latency, power profile and sleepiness

Autonomous domains

Page 12: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 12

› A method for distributing authentication, authorization and message integrity verification on a network of nodes

› Can maintain multiple points of authority › Can verify other nodes participation in a domain › Can relay packets in a domain

– authenticating the packet origin and integrity

› Can establish end to end encryption between two nodes – Using Datagram Transport Layer Security (DTLS 1.2)

Distributed Authority

Page 13: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 13

› A well known method to share information on multiple nodes

– Invented in relation to file sharing protocols

› We are using it to – Distribute management knowledge

›  Key management ›  Address translation ›  Service announcement

– Use redundancy to prevent single point of failure – Synchronize changes in management

Distributed Hash Tables rfc7363

Page 14: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 14

› All nodes in DHT has a routing table of known good nodes. – A good node has given a accurate reply within a given time period – A node is also good if it ever has replied and has sent us a query in

the minimum timespan – After timespan nodes become questionable. – A node that fails to reply to multiple queries becomes bad.

› ping – Ask for a nodes availability

›  find_node – Ask for a target node and get node id back or the 8 closest good

nodes (known as a bucket of nodes) in reply

› announce_peer (could be put_data) – Announce a service or data available from a given peer

› get_peers (could be get_data) – Ask for nodes that have access to a given data or data type.

Distributed Hash Tables

Page 15: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 15

› Use commonly used addressing schemes – IPv6 (RFC2460)

› Derive remote node addresses from public keys – Cryptographically Generated Addresses (CGA RFC3972)

› Can be routed – Ad hoc On-Demand Distance Vector Routing (AODV RFC3561)

Addressing

Page 16: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 16

– Locate QR Code (or pin) and scan it with the Manager Device – The QR Code is a representation of the Devices pre-programmed

Personal Public Key – The Devices public key is temporarily saved on the Manager Device

Unboxing a THING

NEW

Add device MegaSmart 1 Public key: 1A2b3C4D5E6F Device type: Smart Light Smart Company

ADD

Page 17: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 17

› When joining a domain the Manager › node public keys are installed on the new node

› The Manager signs the node key › The Manager distributes the node key using DHT

Joining the DOMAIN

B A

B.ID:[B.PUB, SIGN]

C.ID:[C.PUB, SIGN]

D.ID:[D.PUB, SIGN]

E.ID:[E.PUB, SIGN]

DMPK, nonce

sign(DMPK, nonce)

Add A.ID:[A.PUB, SIGN(A.PUB)]

to its own DHT bucket

Page 18: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 18

Key distribution in the DOMAIN

MA

NA

GE

R

sign( )

B.ID[B.PUB, SIGN]

C.ID[C.PUB, SIGN]

D.ID[D.PUB, SIGN]

E.ID[E.PUB, SIGN]

DB.ID[B.PUB, SIGN] C.ID[C.PUB, SIGN] D.ID[D.PUB, SIGN]

CB.ID[B.PUB, SIGN] C.ID[C.PUB, SIGN] D.ID[D.PUB, SIGN] E.ID[E.PUB, SIGN]

E B.ID[B.PUB, SIGN]

C.ID[C.PUB, SIGN]

E.ID[E.PUB, SIGN]

A

Page 19: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 19

› Needed to make keys and messages shorter but as secure › Requires processing power and some storage

– Different curves require different processing power and time

Elliptic Curve Crypto

Platform  Author of implementation   Curve   ms  

Micro Joule   Clock   Instruciton Set  

ARM7TDMI   MIRACL   P-192   38r   182.4e   80Mhz   ARM 32bit  

ARM7TDMI   MIRACL   P-224   53r   254.4e   80Mhz   ARM 32bit  

ATMega128L   Aranha et al.   K-163   320r   9600e   7,37Mhz   Avr 8bit  

ATMega128L   Karglet al   167-bitb   763r   24840e   8Mhz   Avr 8bit  

ATMega128L   Aranha et al.   K-233   730r   21900e   7,37Mhz   Avr 8bit  

Cortex-M0+   Ruan de Clercq   sect233kl   39.70f   20.63m   40Mhz   ARM 32bit  

Cortex-M0+   Ruan de Clercq   sect233kl   59.18r   34.16m   40Mhz   ARM 32bit  

Cortex-M0+   Relic kP   K-233   115.7r   69.48m   40Mhz   ARM 32bit  

Cortex-M0+   Relic KG   K-233   117.1f   70.26m   40Mhz   ARM 32bit  

MSP430F1611   NanoECC   P-160   720f   8847m   8.192Mhz   MSP430 16bit  

MSP430F1611   NanoECC   K-163   1040f   12780m   8.192Mhz   MSP430 16bit  

f=fixed point

m=measurment

r=random point

e=estimated

Page 20: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 20

› A node can be residing – on the local carrier

›  ZigBee, Bluetooth, or Wi-Fi –  on a remote carrier

›  Any topology – in a cloud entity – or as an actor in a (distributed) runtime

A domain beyond the mesh

A

B

C

Page 21: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 21

Manual upgrades?

Page 22: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 22

› Lightweight Machine To Machine protocol (LWM2M) – OMA-TS-LightweightM2M-V1

› The LWM2M upgrade server can act as a node in the domain

› Uses DTLS for End to End encrypted channels › Supports Secure Channel Protocol from Global Platform to derive node bootstrap keys from a Secure Element

› Makes attacks like BEAST, POODLE and HEARTBLEED short-lived

› Retrieve seamless upgrades from a trusted remote upgrade server node

Secure Upgrades

Page 23: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

Slide title 44 pt

Text and bullet level 1 minimum 24 pt

Bullets level 2-5 minimum 20 pt

Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl

ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨΩΪΫΌΎΏ

ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐəәǽẀẁẂẃẄẅỲỳ№

Do not add objects or text in the footer area

Public | © Ericsson AB 2015 | 2015-05-13 | Page 23

Availability

Page 24: IoT SECURITY and MESH NETWORKS - Viktoria Swedish … · IoT SECURITY and MESH NETWORKS ... › Works at Ericsson Platform Security Research ... – Cross site scripting (XSS)

IoT Security - COIT · IoT Security Protect Your IoT Devices and Keep your Business Running ©2018 Check Point Software Technologies Ltd. 2 IoT Security Represent a New Frontier The

IoT Security - UC Berkeley Sutardja Centerscet.berkeley.edu/wp-content/uploads/IoT-Security-Overview-Final.pdf · Importance of Security to IoT Security is both a barrier to widespread

Security in Wireless Mesh Networks

IoT SAFE: Robust IoT security at scale

IoT Cybersecurity - IoT Alliance Australia: Security Workstream

Security Challenges inEmerging Technologies IoT &Wearablessecurity.ingrammicro.com/security/media/Security-Media-Library/... · Security Challenges in Emerging Technologies IoT &

of THINGS (IoT) - FlipsCloud · 2017-09-18 · Title: Internet of Things (IoT) security and privacy issues Author: Flipscloud Inc Subject: IoT security Keywords: IoT security,Internet

The IoT Hacker’s Toolkit - Security, CTFs, HackingGoals of IoT Security Researcher Understand IoT Devices Functions Security Properties Find Vulnerabilities Improve Security CVEs

Stainless steel security mesh

Addressing IoT Challenges - Cisco › assets › sol › dc › day_two_close.pdf7 Thursday AM: Addressing IoT Challenges • Security, security, security: Appropriate levels of security

Demystifying IoT Security: An Exhaustive Survey on IoT ...eng.usf.edu/~nghani/papers/ieee_cst2019_2.pdfDemystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a

IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

Firmware Version: IoT Mesh v4.3

Global Wire Mesh Security Part

IoT security patterns

Future-Proof Security & Privacy in IoT - ETSI...layers in IoT ecosystems are prerequisites to make security in IoT Future-Proof. Challenges & Opportunities in Security in IoT A. NXP:

IoT security: real problems and solutions Introductionfiles.informatandm.com/uploads/2017/5/IoT_Security...IoT security: real problems and solutions Introduction “IoT security”

IoT SECURITY CHAMPIONS - IoT News - IoT Business News€¦ · IoT SECURITY CHAMPIoNS: Building trust into the iot IOT SECURITY ChAMPIOnS: Building Trust into the IoT p.3 \ Source

IOT SECURITY: CHALLENGES, SOLUTIONS & FUTURE PROSPECTS · 2021. 2. 27. · This article considers IoT security challenges, security requirements for IoT architecture, current security

IOT SECURITY MARKET REPORT 2017-2022 · IOT SECURITY MARKET REPORT 2017-2022 IOT SECURITY MARKET REPORT ... 1 IoT Security Overview 7 ... 5.5.1 Security by design best practices and

Getting started with IoT security · IoT devices. The IoT Security Foundation has prepared an IoT Security Compliance Framework to provide pragmatic guidance to businesses developing

Exium Intelligent Cyber Security Mesh

IoT - Big Data & Security · IoT - Big Data & Security MWC Smart Cities Seminar Telefónica Global IoT Group Feb 2017. IoT Big Data and IoT Security in Smart Cities IoT Security IoT

The security challenge in IoT - ETSI · 2018-10-22 · The security challenge in IoT Scott Cadzow, for STF547 Challenging IoT Security ... There are lots of security standards IoT

octoScope Addresses Wireless Mesh and IoT Test Methods ...€¦ · wireless testbeds, today announced its new Wireless Mesh and IoT Test Methods training seminar, to be held at its

Sensors in IoT STM32WB overview Radio stacks and security · smartphones and other wireless devices BLE Mesh / 802.15.4 Home automation with Mesh network need. No matter what! Make

SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK ...€¦ · IoT Security of Things Event / 19th October ... SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK, MARKETING MANAGER

Floodgate IoT Security Toolkit - Nohaunohau.eu/wp-content/uploads/IconLabs.pdf · The Floodgate IoT Security Toolkit provides engineers developing IoT devices a comprehensive security

SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Document Version: 1.7 Firmware Version: IoT Mesh v4.3

IOT SECURITY - Internet of Things news...1 IOT SECURITY The Key Ingredients for Success 1. Securing the IoT: Understanding the Landscape 1.1 Introduction: The Importance of IoT Security

Document Version: 1.4 Firmware Version: IoT Mesh v4.3€¦ · 1 / 76 LG01 LoRa Gateway User Manual Document Version: 1.4 Firmware Version: IoT Mesh v4.3.3 Version Description Date

IoT: Implementeumarede Mesh de sensoressemfio · © 2018 Microchip Technology Incorporated. All Rights Reserved. Class Number + Prefix Slide 1 IoT: Implementeumarede Mesh de sensoressemfio

Exploring IoT Security

IoT Security Testing - Deloitte United States · IoT Security Testing Benefits of IoT Security Testing Despite a complex IoT product architecture, IoT security testing (IST) is beneficial