protecting the internet of micro-thingscomsec.spb.ru/imctcpa16/03.01.bourgeoisj.pdf · protecting...
TRANSCRIPT
Protecting the internet of micro-things
Julien BOURGEOIS
Institut FEMTO-ST - UMR CNRS 6174
Univ. Bourgogne Franche-Comté
International scientific school
"Incident management and countering targeted cyber-physical attacks in distributed large-scale
critical systems (IM&CTCPA 2016)"
SPIIRAS, St. Petersburg
31 Oct. - 02 Nov. 2016
Work funded by:ANR/RGC (ANR-12-IS02-0004-01 and 3-ZG1F),ANR (ANR-06-ROBO-0009),ANR (ANR-2011-BS03-005) 1
• University Bourgogne Franche-Comté (UBFC)
• University of Franche-Comté (UFC)
• FEMTO-ST Institute, UMR CNRS
– Collegium Smyle with EPFL
2
Where do I come from?
Montbéliard(Peugeot car home city)
• CMU– Seth Copen Goldstein, Flavio Cruz, Frank Pfenning, Emre Karagozler, Michael Ashley-
Rollman, Brian Kirby
• FEMTO-ST/OMNI– Benoit Piranda, Eugen Dedu, Hakim Mabed, Dominique Dhoutaut, André Naz, Nicolas
Boillot, Hicham Lakhlef, Pierre Thalamy, Haithem Skima
• FEMTO-ST/AS2M– Guillaume Laurent, Nadine Piat, Christophe Varnier, Kamal Medjaher
• FEMTO-ST/MN2S– Jean-François Manceau, Réda Yahiaoui
• LAAS/CNRS– Didier El Baz
• LIMMS/University of Tokyo– Hiroyuki Fujita, Yoshio Mita, Dominique Collard, Manabu Ataka, Julien Malapert
• PolyU– Jiannong Cao, Junbin Liang, Tao Li
3/65
Acknowledgments
Outline
• A definition of IoT
• The Internet of Things at the micro-scale
• Examples of projects
• A complete environment for micro-IoT
• Protecting the micro-IoT
• Conclusion
• Do not expect a presentation on cybersecurity, you will be disappointed!
4/60
• From ubiquitous computing (Weiser, 1991) to internet of things(Ashton, 1999)
• IoT is embedding computing in everyday objects and connect themto the internet (Internet FOR things?)*
• IoT objective is to give computer sensing and actuation capabilities
• IoT begun with a lipstick and a RFID chip
* BBC, May 2015
5/82
A definition of IoT
• Using the internet to interconnect things
• OR
• Using a new network to interconnect things?
• Connecting all things to the internet
+ Standard network architecture
+ access to most computing ressources and humans
– Internet connection is not energy-friendly
– High hacking risk
– No roaming (until IPv6 may be in the next century… )
6/82
IoT or IfT?
• Interconnecting all things using a new network
– Via a dedicated low-energy wireless WAN
• SIGFox nationwide wireless network
• FastPrk in Moscow
– 11,000 sensors for parking places
7/82
IoT or IfT?
• Interconnecting all things using a new network
– Via a direct connection
• 4G Long-Term Evolution (LTE) direct (500m range)
8/82
My bet: Location-based service will be replaced by LTE
IoT or IfT?
9/82
Internet
Low-energyInternet of Things
3G, 4G, 5G networks
Local connexion networks
Things
Things
ThingsCommunication Things ThingsCommunication
Things
Things
Co
m.
Will things still need Internet?
• Internet of Things or Internet for Things?
• Connecting all things to the internet or interconnecting things all together?
• Both are good depending on – The location of the device
• Plugged or not
• Accessible or not (example, parking place sensing)
– The kind of thing• Decent computing power/memory or not
• Mobile or not
– The kind of interroperability• Asynchronous or synchronous
• One way or two ways
10/82
IoT or IfT?
• Partly the same as for MANET…
• …With some new features:
– Can be used as attacking resource
• Friday 10/21/16 Dyn DNS DDoS attack, using Mirai IoT botnet
• Appears to be the work of script kiddies rather than hackers
– Can cause damage in real-world devices
• More psychological impact
• See Philip K. Dick, Ubik, 1969
– If wisely used, peak throughput can be huge
• High number of devices
11/82
Security challenges in IoT
Outline
• A definition of IoT
• The Internet of Things at the micro-scale
• Examples of projects
• A complete environment for micro-IoT
• Protecting the micro-IoT
• Conclusion
12/60
IoT at the micro-scale
• Microtechnology is now a mature technology
• Micro-electro-mechanical Systems (MEMS)
• MEMS can be produced by thousands units
• Applications:
STMicro LIS331DLH
Accelerometers
13/65
Talk from Jamal Deen, yesterday
IoT at the micro-scale
• Microtechnology is now a mature technology
• MEMS can be produced by thousands units
• Applications:
TI
Digital Micromirror Device
14/65
Flow of information
DistributedMEMS
Sensor MEMS
Static topologyDynamictopology
Actuator MEMS
Static topologyDynamictopology
Sensor/ActuatorMEMS
Static topologyDynamictopology
Output only Input only Input/Output
Scalability issue
Distributed Intelligent MEMS 15/65
16/65
Computer science Big DataOptimizationMachine Learning …
NetworkingProtocolAd hoc, P2P, etc.…
Schematic view of software in DiMEMS
Distributed computingIoT, UCSecurity/Privacy/trustSHM/PHM…
Introduction
• Microtechnology is now a mature technology
• MEMS can be produced by thousands units
• Integrating intelligence within the matter
• New challenges:
– Coordination needs distribution paradigm• Communication
• Programming
• Control
– Smooth integration of different technologies
• Scalability up to millions!
– 1 m3 of micro-robots -> internet on your table!
17/65
Internet of things at the micro-scale
18/65
Com ComCom
Smart Surface
Claytronics
IoT
Mic
ro-I
oT
Monolithic intelligent objects Distributed intelligent MEMS objects
Com Com
Com Com
Com Com
J. Bourgeois, S.C. Goldstein, the Internet of micro-things, Keynote at iThings 2011
J. Bourgeois, S.C. Goldstein, Distributed Intelligent MEMS: Progresses and Perspectives. IEEE Systems Journal 9(3): 1057-1068 (2015)
Com Com
Com Com
Com Com
19/65
Smart Surface
Claytronics
Mac
ro Io
TM
icro
IoT
Monolithicintel. obj.
Distributed intelligent MEMS objectsLow density of communicationFew communicating objectsSingle point of contact
High density of communicationHigh number of communicating objectsNo point of contact by default
Internet of things at the micro-scale
Communication Communication
J. Bourgeois and S.C. Goldstein, the Internet of micro-things, Keynote at iThings 2011
J. Bourgeois and S.C. Goldstein. Distributed Intelligent MEMS: Progresses and Perspectives. IEEE Systems Journal, PP(99):1--12, 2015.
Internet of things at the micro-scale
20/65
Com ComCom
Smart Surface
Claytronics
IoT
Mic
ro-I
oT
Monolithic intelligent objects Distributed intelligent MEMS objects
Com Com
Com Com
Com Com
J. Bourgeois and S.C. Goldstein, the Internet of micro-things, Keynote at iThings 2011
J. Bourgeois and S.C. Goldstein. Distributed Intelligent MEMS: Progresses and Perspectives. IEEE Systems Journal, PP(99):1--12, October 2013.
Outline
• The Internet of Things at the micro-scale
• Examples of projects
• A complete environment for micro-IoT
• Protecting the micro-IoT
• Conclusion
21/65
22/82
Google[X] nanoparticles projects
• Functionalize nanoparticules– Coating the surface with the right antibodies
• Concentrate nanoparticules – Choosing the right number of particles to inject to have meaningful results
• Query nanoparticules– Interrogating their status, using a magnetic field with will shake the
particles
– If a particle does not shake normally, it is then attached to a biggerelement (a cell), has to be detected by the sensing device
• Baseline settings to avoid false positives detection– Being sure of the detection and counting
All of this has already being tested and is working (so they say)!
23/65
Google[X] nanoparticles projects
Future work?
• Nanoparticles can only monitor one disease at a time
• Multi-diseases detection would need a differenciation sensing
– Kind of RFID?
• Toxicity of nanoparticles?
• Many teams around the world are working on this subject but cannot compete with Google[X]
– Ask questions about how academic research is working
– Multi-disciplinary teams are needed
– Academic researchers spend more and more time looking for funding, writing report, doing administrative tasks, instead of doing their corejob: doing research
24/65
25/65
Microgrippers for biologic tissue samplingJohn Hopkins University
Evin Gultepe, Sumitaka Yamanaka, Kate E. Laflin, Sachin Kadam, YooSun Shim, Alexandru V. Olaru, Berkeley Limketkai, Mouen A.
Khashab, Anthony N. Kalloo, David H. Gracias, Florin M. Selaru, Biologic Tissue Sampling With Untethered Microgrippers,
Gastroenterology, Volume 144, Issue 4, April 2013, Pages 691-693, ISSN 0016-5085
Microgrippers
26/65
Swimming Micro-Scallops
Max Planck Institute for Intelligent Systems (Germany)Team of Prof. Peer Fischer
Qiu, Tian, Tung-Chun Lee, Andrew G. Mark, Konstantin I. Morozov, Raphael Münster, Otto Mierka, Stefan Turek, Alexander M. Leshansky, and Peer Fischer. "Swimming by reciprocalmotion at low Reynolds number." Nature communications 5 (2014).
27/65
From
JDRF
Juvenile Diabetes Research Foundation
Illustration: James Provost
Robo-pancreas
Outline
• A definition of IoT
• The Internet of Things at the micro-scale
• Examples of projects
• A complete environment for micro-IoT
• Protecting the micro-IoT
• Conclusion
28/65
C App.Meld App.
C, C++, Java App.
29/60
Distributed applications
Meld VM
Simulation and debugging with
VisibleSim
Simulator API Blinky Blocks API
Firmware
Smart BlocksBlinky Blocks
Catoms
Real hardwareSimulated hardware
Micro-IoT/DiMEMS environment
C App.Meld App.
C, C++, Java App.
Hardware models
Wired, Wireless,Nanowireless (THz)
30/60
Distributed applications
Meld VM
Simulation and debugging with
VisibleSim
Simulator API Blinky Blocks API
Firmware
Smart BlocksBlinky Blocks
Catoms
Programmable matterMEMS-based distributed conveyor
Two projects in micro-IoT/DiMEMS
using
Micro-IoT/DiMEMS environment
C App.Meld App.
C, C++, Java App.
Hardware models
Wired, Wireless,Nanowireless (THz)
31/60
Distributed applications
Meld VM
Simulation and debugging with
VisibleSim
Simulator API Blinky Blocks API
Firmware
Smart BlocksBlinky Blocks
Catoms
Programmable matterMEMS-based distributed conveyor
Two projects in micro-IoT/DiMEMS
using
www.cs.cmu.edu/~claytronics
Claytronics
32/65
33/65
CATOM = Claytonic Atom
~meters (2006)
~decimeters (2007)
~centimeters (2007)
~millimeters (2012)
Claytronics
Shell
Chip
Catom
Catom: a rolling cylinder.
Shell
Chip
Shell: SiO2 film + Aluminum
Chip: HV SOI CMOS die
34/65
Hardware
35/65
The Smart Blocks project
• A MEMS-based modular and self-reconfigurable surface for fast conveying of fragile objects and medicinal products
36/65
The hardware
BlinkyBlocks
37/65
Micro-IoT/DiMEMS environment
C App.Meld App.
C, C++, Java App.
Hardware models
Wired, Wireless,Nanowireless (THz)
38/60
Distributed applications
Meld VM
Simulation and debugging with
VisibleSim
Simulator API Blinky Blocks API
Firmware
Smart BlocksBlinky Blocks
Catoms
Programmable matterMEMS-based distributed conveyor
Two projects in micro-IoT/DiMEMS
using
• Vouivre (FEMTO-ST, https://nao.pu-pm.univ-fcomte.fr/vouivre/)– Nanowireless simulator
• VisibleSim (FEMTO-ST, http://projects.femto-st.fr/projet-visiblesim/)– Multi-targets (Blinky Blocks, Smart Blocks, Robot Blocks, Claytronics)
– Multi-languages (C/C++, Meld, Java)
– Interactive
– Include physics
– Include debugging
– Available in your web browser online at: • http://ceram.pu-pm.univ-fcomte.fr:5015/visiblesim/
– First MSR simulator on the web thanks to WebGL!
• One ambition: make VisibleSim the reference simulator for modular robots and distributed programming initiation
39/65
Simulation environment
• Smart Blocks
40/65
Smart Blocks, Robot Blocks and Blinky Blocks
• Robot Blocks • Blinky Blocks
• 3D catoms
41/65
Catoms
• 2D catoms
42/60
Distributed debugging
Outline
• A definition of IoT
• The Internet of Things at the micro-scale
• Examples of projects
• A complete environment for micro-IoT
• Protecting the micro-IoT
• Conclusion
43/65
Micro-IoT/DiMEMS environment
C App.Meld App.
C, C++, Java App.
Hardware models
Wired, Wireless,Nanowireless (THz)
44/60
Distributed applications
Meld VM
Simulation and debugging with
VisibleSim
Simulator API Blinky Blocks API
Firmware
Smart BlocksBlinky Blocks
Catoms
Security in micro-IoT
• VERY scarce resources
– CPU, memory, energy
• HUGE number of elements
– Millions of communicating thing in a very small space
– 1 m3 can hold 1 billion (109) micro-robots
• Network connectivity is dynamic
– Moving elements
• Potentially CRITICAL applications
– As they can sense and act on real world
• Applications are simple
– Easier to secure
45/65
Specifities of micro-IoT
• Attack definition and modelling– Done in the context of MANET for AODV/OLSR
– Must target very specific attacks
• Device identification– Do not have a single id inside an ensemble
– Can be built, but can be faked…
– How to deal with it?
• Trust– Done in the context of MANET using confidence interval to detect liars
– Can use obsevable behavior (One transportation cell isn’t acting the way itshould)
• Very lightweight IDS– Done in the context of MANET with LIDR
46/65
Protecting the micro-IoT
• Programmable matter
– Protecting reprogramming
• Use of traditionnal lightweight authentication method?
• Or need for a new one?
– Protecting the spanning tree
• Can be a single point of failure if the attacker is the root of the tree
• Can harm lots of nodes
– Network connectivity is neighbor-to-neighbor
• Can be used to detect source of infection
• Can be used to contain the intrusion to a certain neighborhood
– Micro-robots are moving
• Connexion and deconnexion, how to identify movement from new connexions?
47/65
Protecting the micro-IoT: example
• MEMS Conveyor
– Moving elements are bigger and traditional methods can be used
– Cells depends on the block
• Security management can be done in the block
– Cells do not move
• Easier to identify
• No security feature but rather prognostic
health monitoring (PHM) -> failure
• Cells can observe the behavior of the object
Being transported and deduce if an actuator
Is not working the way it should
48/65
Protecting the micro-IoT: example
Outline
• A definition of IoT
• The Internet of Things at the micro-scale
• Examples of projects
• A complete environment for micro-IoT
• Protecting the micro-IoT
• Conclusion
49/65
Conclusion
• First software and hardware environment for micro-things has been proposed
• Intelligence is more and more integrated insidethe matter
• Many challenges still need to be solved in diverse areas ranging from hardware to software– Energy harvesting/zero-energy processing
– Lightweight security/trust/privacy
– Mm to sub-mm location location
– SHM/PHM of MEMS
50/65
Conclusion
• Paradox
– Security is mandatory but has not been addressedyet!
• First necessity: having something that works!
• Security is viewed as luxury
• Same old way to design: Internet, IoT
• Need to be changed!
• We need experts in security, we need you!
51/65
52/60