iot security - cap'tronic · global connections, 2020 internet of things 23 billion m2m...
TRANSCRIPT
M2M overview
• What are IoT & M2M ?
• Main actors
• Market Segmentation
M2M Markets : Use Cases & Challenges
Deployment, operations & support of M2M solutions
Some actual MNO offers on M2M
What’s next ?
Seminaire Cybersécurité - Captronic 2 June 20, 2016
What is Internet of Things (IoT) ?
A possible definition of IoT
“The Internet of Things (IoT) is an environment in which objects, animals or people are
provided with unique identifiers and the ability to transfer data over a network without
requiring human-to-human or human-to-computer interaction. ” Source: http://whatis.techtarget.com/
Examples of IoT segments or solutions
Connected wearables iBeacon
Seminaire Cybersécurité - Captronic 3 June 20, 2016
What is Machine-to-Machine?
A possible definition of M2M
“We define machine to machine (M2M) as the concept of autonomous, two-way
communications between a modem or a wireless radio module and a server or computer“
More precisely… …using a device (such as a sensor or meter) to capture an event (such as temperature, inventory
level, location, etc.),
which is relayed through a network (wireless, wired or hybrid) to a SW application, that translates the captured event into meaningful information (for example, items need to be restocked).
M2M is a subset of IoT where the device embed the communication module
Connected cars are M2M solutions Shoe with sensors sending data on
mobile through Bluetooth is part of
IoT but not M2M
Seminaire Cybersécurité - Captronic 4 June 20, 2016
Few figures regarding the IoT forecasts…
SOURCES:
IDC, SCOTIABANK, BI INTELLIGENCE, GARTNER, FORRESTER, IHS TECHNOLOGY
Connected cars
BY 2020 – representing
75% of yearly passenger
car production
54 M
Number of Apple
watches shipped
last quarter
4 M
INDIVIDUAL
SMARTPHONE USERS BY
2019, REPRESENTING 59%
OF THE GLOBAL
POPULATION
3.5 BN
228 M
Connected wearables to be
shipped in 2020
Number of smart homes
next year
339 M
34BN
CONNECTED
‘THINGS’ BY 2020
5 June 20, 2016 Seminaire Cybersécurité - Captronic
…showing a significant revenue opportunity FOR MNO in
being able to connect them
6 June 20, 2016 Seminaire Cybersécurité - Captronic
Global connections, 2020
Internet
of
Things
23 billion
M2M
Source: GSMA Intelligence
Fixed network
Short-range
Powerline
Satellite etc.
LPWA
Cellular
1,4 billion
1 billion
~10 billion
Cisco predicts that the global IoT market
will reach USD 14.4 trillion by 2022[1]. Seminaire Cybersécurité - Captronic 7 June 20, 2016
9 Major M2M Markets
Remote
Monitoring and
Control
Fraud detection, remote configuration change, remote consumption reading
– Copier Industry
– Info displays and lighting
– Pumps and valves
Automotive Cars and intelligent traffic systems
– On-board diagnostic equipment
– Navigational devices
– Emergency and breakdown call
– Tolling and traffic control
Router/
Gateway / WLL
Wireless hub for data or voice, especially in regions with under-developed fixed-line infrastructure or behind firewalls
– Wireless access to data
– Fixed telephone substitution
Tracking and
Tracing
Combining GPS/ GSM receiver
– Insurers – “Pay as you drive”
– Container tracking
– Fleet mgmt
– Stolen vehicle tracking
– Person and wildlife tracking
Payment Payment transactions and verification
– Point of Sale devices
– Vending machines and cash registers
– Automated teller machines
– Parking meters
Metering Reading consumption remotely
– Electricity
– Gas
– Water
– District heating
– Grid control
Security Communication for automated alarm systems
– Alarm systems
– Video surveillance
– Car security
– Access control
– Landline backu
Health Care mHealth solutions with cellular connectivity
– Sleep Therapy Solutions
– Medication Compliance Monitoring
– Chronic Care Management
– Cardiac Care
– Independent Living
Mobile
Computing
Ruggedized and robust terminals for specialized applications
– Industrial PDAs
– Logistic Scanners
– Field Diagnostic Devices
Seminaire Cybersécurité - Captronic 8 June 20, 2016
Security By Design for IoT: a new set
of constraints
June 20, 2016 Seminaire Cybersécurité - Captronic 9
Authentication &
Privacy is Critical
Consumers and Enterprises
only want authorized entities
to have access to their devices
or data
Secure components and
solutions must be embedded
into “things” to protect data at
rest and data in motion
Hackers will take advantage,
whenever there is a security
loophole
Seminaire Cybersécurité - Captronic 10
15 seconds
Time required by
a hacker to
backdoor a smart
thermostat device
75,000 spam emails sent
by an internet
connected fridge
during holiday
break
471,000 connected vehicles
found vulnerable to
cyber attacks
June 20, 2016
BIG DATA AT REST
DATA LIFECYCLE
DATA IN MOTION DATA IN MOTION
DATA AT REST IN THE DEVICE
DATA IN MOTION DATA IN MOTION
Influx of Data in Connected Ecosystems
Data is at rest in the device
and in the cloud
Or in motion between devices
and the cloud
The nature of data varies,
such as vehicle location data
or streamed media
Which requires different levels
of privacy and security
Seminaire Cybersécurité - Captronic 11 June 20, 2016
Seminaire Cybersécurité - Captronic 12
The Hacker Marks The Target
NEW-WORLD INTRUDER
Hack into cloud
infrastructure and
steal driver identity
By exploiting application
or data security holes
Sniff data from the network
By exploiting weak communication
encryption
Hack into car ICE (In-Car Entertainment) unit Through physical access to the vehicle
Hack into car
computer (ECU)
By remotely accessing the IP
address, and exploiting weak
authentication mechanisms
POSSIBLE ATTACK VECTORS – HOW AN INTRUDER COULD ATTACK A CONNECTED VEHICLE
June 20, 2016
Example 1: 2015 Charlie Miller’s Attack
13
Presented at Black Hat 2015 https://www.blackhat.com/us-15/briefings.html#remote-exploitation-of-
an-unaltered-passenger-vehicle
Present a remote exploitation on Jeep Cheerokee car Attacker is able to remotely take the control of the car
Done through GSM / 3G network
Based on a set of different vulnerabilities at different level Most of the important vulnerabilities will be covered in this training
Seminaire Cybersécurité - Captronic
Jeep Cheerokee Architecture
14
CAN-IHS
CAN-C
Renesas
v850
OMAP
DM3730
GATEWAY Applicative
Processor
Seminaire Cybersécurité - Captronic
Charlie Miller’s Attack
15
Identify Target Find the IP address of a target vehicle to attack
Exploit the OMAP chip of the head unit
Use some vulnerabilities existing on the chip in order to do remote control
Control the Uconnect System Flash the gateway controler with modified firmware
Flash the chip firmware in order to remove its control on CAN packets
Perform cyber physical actions
Send CAN messages to make physical things happen on the vehicle
Seminaire Cybersécurité - Captronic
Example 2: With a physical hardware access
16
Head Unit TCU Network Back-End Data
Seminaire Cybersécurité - Captronic
Schematic Identification
17
Attacker Objective Rebuild the schematic of a board and identify connectors and pads
First step can be done without equipement, just inspecting carefully the board Deeper analysis can be done thanks to X-Ray machine
available at low cost inside university labs
Seminaire Cybersécurité - Captronic
Schematic Identification
18
Example of a Flash memory pad identification
Seminaire Cybersécurité - Captronic
Schematic Identification
19
Combining X-Ray picture and component specification
One can retrieve the pads accessible directly on the board (rather than
trying to access the BGA pads)
This allows to spy the data exchanges between the flash memory and
the main chip
Ultimately we can dump the full flash content for offline analysis
Seminaire Cybersécurité - Captronic
Memory Content Extraction
20
Example of a flash unsoldering process using a dedicated machine
Seminaire Cybersécurité - Captronic
Memory Content Extraction
21
Unsoldered components can then be resoldered on dev board
Seminaire Cybersécurité - Captronic
Interfaces Identification: JTAG
22
Thanks to the schematic re-building, one can identify potential JTAG pads Using soldered wires, one can reuse a removed JTAG connection (connection for tests/debug)
Seminaire Cybersécurité - Captronic
Advanced JTAG probes are able to disassemble code in memory In the example hereunder, an attacker uses a JTAG probe to patch a syscall inside the kernel of a linux system He is then able to gain root privileges
Hardware Debugging: JTAG example
June 20, 2016 23 Seminaire Cybersécurité - Captronic
Interfaces Identification – OBD
24
Embedded in all today’s vehicles
Used for diagnosis and failures purposes
Allows to have direct access to the ECUs of the vehicle Example: communicating using CAN buses (or other technologies)
Is used to control several actions Example: Lights, window opening, acceleration, brake.
Seminaire Cybersécurité - Captronic
Interfaces Identification – USB Port
25
Example of a modem providing TCP/IP over USB
If no security is used to ensure authentication of the devices, it is
easy to spoof one of the device of the chain Just plug a rogue device on the USB bridge and shutdown the target
device to the spoofing attack
Spoofing of the modem: allows to redirect all traffic to a completely
controlled network
Spoofing of the device using the modem: abuse of the network
bandwidth,
Seminaire Cybersécurité - Captronic
Bus Data Interception – Wire Soldering
26
Once basic schematics have been identified, attacker can solder
wires to probe bus between components Probe serial link between two controllers
Seminaire Cybersécurité - Captronic
Bus Data Interception - Analysis
27
Thanks to an oscilloscope or a logical analyzer, it is possible then
to analyse the protocol passing through the bus
Seminaire Cybersécurité - Captronic
Security By Design: implementation
June 20, 2016 Seminaire Cybersécurité - Captronic 28
IoT Endpoints have specific challenges
Characteristics
Low power
consumption
Low cost
Long lived
Physically
accessible
Simple Endpoint
Complex Endpoint
Gateway or Hub
June 20, 2016 Seminaire Cybersécurité - Captronic 29
IoT ecosystem
Seminaire Cybersécurité - Captronic 30
Devices Gateways IoT Cloud / Apps
June 20, 2016
Route to Safeguarding Trust in IoT
Gemalto’s approach to security
closes the loop, managing the
complete security lifecycle of
the connected object together
with data at rest and in motion
from the network to the cloud.
Seminaire Cybersécurité - Captronic 31
> Software Activation & Licensing
> Dynamic Key Management
(for Authentication & Encryption)
> Secure Provisioning of
Key Credentials & Tokens
> Big Data Encryption
> Server Protection
> Cloud Application Security
> Secure Device Access
> Sensitive Data Security
> Communication Encryption
> Protect Software Integrity
IOT SECURITY
CONSULTING &
CERTIFICATION
SERVICES
SECURITY
LIFECYCLE
MANAGEMENT
SECURE
THE DEVICE
SECURE
THE CLOUD
June 20, 2016
Protect a connected vehicle’s
software integrity and
Intellectual Property
Download of car firmware
upgrades through validated
source
Sentinel
Securely lock/unlock a vehicle
through a smartphone,
safeguarding car keys inside a
Secure Element
Encrypt sensitive car telematic
data, in motion or at rest
Secure Element
Use an embedded SIM (eSIM)
for secure transmission of data
over cellular networks and
connectivity flexibility
Use a Secure Element for
LPWAN (LoRa Device)
eSIM
Secure the device
Seminaire Cybersécurité - Captronic 32
SECURE
THE DEVICE
SECURE DEVICE
ACCESS
SENSITIVE DATA
SECURITY
COMMUNICATION
ENCRYPTION
PROTECT
SOFTWARE
INTEGRITY
June 20, 2016
Ensure security of data
transmission from one enterprise
business application to the other.
E.g sharing sensitive vehicle
diagnostic data securely over the
cloud
SafeNet ProtectApp
Use web-based entitlement to
grant access only to authorized
users, devices and applications
Sentinel EMS
Ensure protection of intellectual
property of your software in the
cloud
Securely enable multiple and
flexible business models such as
“product as a service”
Sentinel Cloud
Secure instances of virtual
machines in the cloud for your
enterprise or partner servers
SafeNet ProtectV
Encrypt all your Data at rest in
the cloud using Data Protection
solutions, such as sensitive
vehicle engine data, media files
or vehicle tracking history
SafeNet Data Encryption
SECURE
THE CLOUD
Secure the cloud
Seminaire Cybersécurité - Captronic 33
BIG DATA
ENCRYPTION
SERVER
PROTECTION
CLOUD
APPLICATION
SECURITY
June 20, 2016
Manage and secure encryption
keys for different components
within the infrastructure,
including databases, file
servers, application servers, and
hardware security modules
Manage lifecycle of tokens
SafeNet Crypto
Management
Manage the lifecycle of licenses
on the cloud or device
Flexibly manage evolving
business models
Securely manage connected
devices’ features remotely
Sentinel Software
Monetization
Manage the lifecycle of
encryption and authentication
keys of multiple devices: LoRa
Trusted Key Manager
Ensure secure provisioning and
administration of keys on the
device
Allynis Trusted
Services Hub
Security Lifecycle Management
Seminaire Cybersécurité - Captronic 34
SOFTWARE
ACTIVATION
& LICENSING
DYNAMIC KEY
MANAGEMENT
SECURE
PROVISIONING
OF KEY
CREDENTIALS
& TOKENS
SECURITY
LIFECYCLE
MANAGEMENT
June 20, 2016
> Out-of-the-box
connectivity
> Multiple form factors
> Quality of Service
> Subscription Management
Seminaire Cybersécurité - Captronic 35
How Gemalto brings trust to IoT
> Secure the device
> Secure the cloud
> Security lifecycle
management
Monetize Connect
Secure
> Flexible monetization
> Licensing and entitlement
software
> IoT application upgrades
> Application Development
June 20, 2016
Building a Secure IoT E2E Security
Seminaire Cybersécurité - Captronic 36
Assess the security needs of the infrastructure
through a risk evaluation Security by design
Secure the breaches from the edge to the core
• Each component is uniquely identified
• Encrypt data
• Store and manage keys
• Control user access
Make your security evolving
• Life cycle management of security credential
• Control new entrant in the eco-system
1
2
3
June 20, 2016
How to deliver security?
Protect the data at rest and in motion
Seminaire Cybersécurité - Captronic 37
Devices Gateways IoT Cloud / Apps
June 20, 2016
How to deliver security?
E2E Authentication and device identification
Seminaire Cybersécurité - Captronic 38
Devices Gateways IoT Cloud / Apps
June 20, 2016
Protected environment Trusted users Direct access to data
Where security matters most?
Unprotected environment
Non trusted users
No direct access to data
Tamper resistant devices
Seminaire Cybersécurité - Captronic 39
Software Hardware
June 20, 2016
Gemalto Embedded Security Choices
Seminaire Cybersécurité - Captronic
Tamper resistant hardware on dedicated chip.
Dedicated hardware on generic
processor
Software
based
Software
TEE
Hardware
TEE
Dedicated
Secure
Element
+
0 on BOM ++
0 on BOM
Dedicated software on
processor
+++
BOM
impact
++++
BOM
impact
Security
Difficulty &
costs
Minimum
security on
generic
processor
40
TEE: Trusted Execution
Environment
BOM: Bill Of Materials
LOGO
LOGO IN BLACK
LOGO COLOR VERSIONS
LOGO ON BLACK
GTO
June 20, 2016
What’s inside a secure element (secure computing
environment)?
Seminaire Cybersécurité - Captronic 41
Client software embedded in a secure element protects the identity of the user/device and
the authentication process
Identity certificates of the user/device
Cryptographic keys for online data exchange
-Data exchange ciphering
-Verifies the authenticity of a credential
-Performs user/device authentication
-Checks server identity
Application and cryptographic software that
checks the ID and communicates externally
Provides Root of Trust for external communication
June 20, 2016
42
What is a HSM?
SafeNet Network HSM (Luna SA)
(1700 & 7000)
Network Attached and Scalable
SafeNet PCIe HSM
(Luna PCI-E)
(1700 & 7000)
High Performance Cryptographic Processor
SafeNet USB HSM
(Luna G5)
Offline Key Archive/Starter
HSM
Seminaire Cybersécurité - Captronic June 20, 2016
Detailed study:
LoRa Security Mechanism
June 20, 2016 Seminaire Cybersécurité - Captronic 43
Seminaire Cybersécurité - Captronic
LoRaWAN architecture
Devices Gateways LoRa network
server Application
servers
June 20, 2016 44
Seminaire Cybersécurité - Captronic
LoRaWAN security
Devices Gateways LoRa network
server Application
servers
Each device is provisioned with a unique AES 128 key : AppKey
June 20, 2016 45
Seminaire Cybersécurité - Captronic
LoRaWAN security: network connection
Devices Gateways LoRa network
server Application
servers
Joint request (DevEUI,…, MIC)
A cryptogram (MIC) is computed with AppKey
June 20, 2016 46
Seminaire Cybersécurité - Captronic
LoRaWAN security: network connection
Devices Gateways LoRa network
server Application
servers
Joint accept (…, MIC)
A cryptogram (MIC) is also computed with AppKey
June 20, 2016 47
Seminaire Cybersécurité - Captronic
LoRaWAN security: network connection
Devices Gateways LoRa network
server Application
servers
AppSKey
NwkSKey
Two session keys are derived : AppSKey and NwkSKey
June 20, 2016 48
Seminaire Cybersécurité - Captronic
LoRaWAN security: network connection
Devices Gateways LoRa network
server Application
servers
NwkSkey is used for network layer security
June 20, 2016 49
Seminaire Cybersécurité - Captronic
LoRaWAN security: network connection
Devices Gateways LoRa network
server Application
servers
AppSkey is used for application layer end to end security
& confidentiality
June 20, 2016 50
June 20, 2016 Seminaire Cybersécurité - Captronic 51
Background links for security deployment Switching to logical view
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
Join Server
June 20, 2016 Seminaire Cybersécurité - Captronic 52
Device provisioning
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
AppKey generation Join Server
June 20, 2016 Seminaire Cybersécurité - Captronic 53
Device provisioning
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
Join Server
June 20, 2016 Seminaire Cybersécurité - Captronic 54
Network connection
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
Joint request (…, MIC)
Joint request (…, MIC) Joint accept (…, MIC)
Joint accept (…, MIC)
Join Server
June 20, 2016 Seminaire Cybersécurité - Captronic 55
Key derivation
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
Join Server
June 20, 2016 Seminaire Cybersécurité - Captronic 56
Key distribution
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
Join Server
June 20, 2016 Seminaire Cybersécurité - Captronic 57
Deployment example 1
Device
manufacturers Gateways LoRa network
server
Application
servers
Devices
Join
server
Device
manufacturers
Devices Gateways Network
server
Application
servers
Join
server
Join
server
June 20, 2016 Seminaire Cybersécurité - Captronic 58
Deployment example 2
June 20, 2016 Seminaire Cybersécurité - Captronic 59
Deployment example 3
Device
manufacturers
Devices Gateways Network
server Application
servers
Join
server Join
server
Device
manufacturers
Devices Gateways Network
server
Application
servers
Join
server
Join
server
June 20, 2016 Seminaire Cybersécurité - Captronic 60
Deployment example 4
June 20, 2016 Seminaire Cybersécurité - Captronic 61
Secure Element Provisioning
Device
manufacturers
Devices Gateways Network
server
Application
servers
Join
server
Key provisionning
SE manufacturer
CPU
EEPROM RO
M
RA
M
A Tamper resistance at chip level
Blocks can be easily identified No shield No glue logic Buses clearly visible
Shield Glue logic No Buses visible Memories and buses encryption Sensors
• Single-component chip design
• Active shielding
• Glue logic design – mixed functional blocks on silicon
• Encrypted buses and memories
• Layered production – buried buses, scrambled memories
• Reduced power signal and electromagnetic emissions
• Analogical Sensors – monitor environment variations (voltage, frequency,
light, temperature)
• Logical sensors – detection of inconsistent processing
• Error correction code and memory integrity
SE
TPM TEE
62 Seminaire Cybersécurité - Captronic June 20, 2016
SE MCU Radio
LoRa module
Architecture
LoRa device
63 Seminaire Cybersécurité - Captronic 17/06/2016
Java Card VM
Operating System
Java Card API 3.0.1
LoR
a
apple
t
Oth
er
apple
t
Glo
bal P
latfo
rm
2.2
APDU
Secure Element
MCU
Secure Chip
LoRa Secure Element
64 Seminaire Cybersécurité - Captronic 17/06/2016
LoRa SE functionalities
Stores DevEUI, AppEUI and AppKey
MIC generation
MIC check
Session key generation (AppSKey, NwkSKey)
Payload encryption / decryption
65 Seminaire Cybersécurité - Captronic 17/06/2016
Thanks for your attention!
June 20, 2016 66 Seminaire Cybersécurité - Captronic