smart homes’ security: from theory to practice · 2016-03-21 · theory to practice jacques...
TRANSCRIPT
Smart Homes’ security : fromtheory to practice
Jacques FOURNIERMathieu GALLISSOT Christine HENNEBERTKarine ZUNINO
21/03/2016
2
ALTERNATIVE ENERGIES AND ATOMIC ENERGY COMMISSION
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 2
MilitaryApplications
Division (DAM)
Nuclear EnergyDivision (DEN)
TechnologicalResearch Division
(DRT)
Materials Sciences DivisionLife Sciences Division
Mission DAM : France’s national security independence
Mission DEN : France’s energy independence
Mission DRT : French business’ economic competitiveness
“ The World's Most Innovative Research Institution ” according
to a 2016 survey by Reuters
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
3
CEA TECH: FRANCE’S LEADER IN TECHNOLOGICAL RESEARCH
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 3
Solar
Laboratory of Electronics and
Information Technologies
Staff: 1800, Budget: €280 M
Laboratory of Integrated
Systems and Technologies
Staff: 700, Budget: €80 M
Laboratoty of Innovation for new
Technologies for Energy and
Nanomaterial
Staff: 1100, Budget: €180 M
CEA TechRégions
(2012)
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
4
CEA TECH’S ACTIVITIES IN IOT SECURITY FOR SMART HOME S
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 4
Technical solutions / bricks to address primary/fundamental
practical security issues
‘Near to real life’ integration and test environments
Pump Priming25%
(5-10 years)
Technology Transfer75%
(1-3 years)
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
5
CONNECTIVITY, THE GAME CHANGER
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 5
Early 80’s : no standardization of network protocols, fieldbus are adopted :- X10 on power line- X2D on bi-band RF- Batibus and EIB on two-wire bus
Mid 90’s : first standardization efforts- Bacnet adopted by ASHRAE- Batibus and EIB forms KNX- Microsoft releases UPnP (with lots of backdoors…)
No such thing as ‘the cloud’
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
6
EXAMPLE OF A ‘SUPER CONNECTED’ HOME
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 6
No such thing as ‘the cloud’
http://bwired.nlOnline since late 90’s
Individual weights in the family
Last person to use the bell
Last person to use the mailbox
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
7
VP
N
VPN
RESTful APIWeb Sockets
over https
IOT INFRASTRUCTURE FOR SMART HOMES
6LoWPANZigBeeUWBBLEWiFiNFC
Challenge:Secure Plug & Play bootstrap
Things Gateway Cloud Server Application
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 7
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
8
CHALLENGES & PARTICULARITIES…
1. The longevity of the objects � Update of the firmware
� Autonomy
� Easily accessible to hackers
2. The resources of the objects are constrained� memory, computing, energy, throughput
3. The objects are ‘headless’, i.e. no user interface � No keyboard, no mouse, no tactile screen… to perform authentication
4. The objects hold sensitive data� The personal data need to be protected
5. State of mind� The actors of the IoT don’t think as security experts
� The application is often deployed without security in its first version
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 8
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
9
AUTHENTICATION OF THE THINGS 1/2
Out-of-Band Channel
Use of a trusted intermediate element like a smartphone to:
� Generate the secure key
� Send the secure key to the devicethrough an out-of-band channel –i.e. light
� Send the secure key to the gateway through a secure channel – i.e. WiFi WPA2
Secure key sent via a light beam
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 9
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
10
AUTHENTICATION OF THE THINGS 2/2
In-Band Pairing
� The device embeds a True Random Number Generator –it is autonomous to generate its secret keys
� Bootstrap to the gateway through secure protocols using lightweight cryptography:
� Lightweight handshake DTLS
� Lightweight IKEv2
� Link-layer security
TRNG inside
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 10
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
11
PRESERVING THE PRIVACYIdentity of the Things
� Use of pseudonyms to mask the identity – address - of the things at the lowest levelAvoid the traffic analysis and the network topology reconstruction
� Use security to ensure the confidentiality of the data
Secure protocolData encryption
Use of pseudonym (over the air)to mask the identity of the things
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 11
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
12
HARDWARE & EMBEDDED SOFTWARE SECURITY
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 12
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
Are your secret/sensitive data
safe in there?
Is your program being correctly
executed?Can your hardware be trusted?
Characterisation Secure solutions
• State of the art characterisation benchs: EM, laser, Vcc, clock…
• State of the art analysis techniques against crypto algorithms (AES, Pairings…)
• Analysis of communication protocols (contactless, WLoPAN…)
• Software analysis tools
• CESTI: French ANSSI-accredited HW evaluation lab (Common Criteria, EMVCo…)
• Hardware and software countermeasures for secure implementations of crypto algorithms
• Shields, new technologies…
• Run-time countermeasures
Physically Unclonable Functions
• Robustness analyses
• Certification aspects
• Implementation of new structures
Integrity verification
• On chip sensor-based approach
• Off chip side-channel based approach
• IoT network integrity verification
• Node bootstrapping and key management protocols
• Secure transport layer security protocols
• IoT intrusion detection system
• Trust anchors for industrial systems
13
IN GRENOBLE: « LIMITED RESOURCES » PROJECT
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 13
• Goals• Identify daily usage behaviour of autonomous habitat occupants • Determine material environment adapted to Limited resources and Autonomous
Building context from resident point of view• Means
• Equip of a 5 persons composed family (with the support of Leti and Liten)• Conduct usage studies
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
14
IN CADARACHE: AN EXPERIMENTAL HOUSE PLATFORM ON EN ERGY EFFICIENCY IN SMART HOUSES
� Objective : providing of facilities to help industrial partners to innovate
� Research areas :� Summer comfort with thermal mass,
natural ventilation, thermal insulation, glazing, materials, natural lighting…
� Home automation/BMS� Predictive control� Neural network� Secure & trusted infrastructures� Uses: Integration of occupantsbehaviour and comfort concept
Climatic cells Experimental housesETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 14
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
15
IN CADARACHE: A FIRST EXPERIMENTAL HOUSE
� Uninhabited house, simulated inhabitants’ behaviour , life scenario implementation
� Highly instrumented houses with the implementation of a data acquisition system
� Control of active components:� Shades: roller blind, indoor/outdoor stores, sunshades� Openings: roof windows, roller bays� Heating� Domestic hot water production� Ventilation� Metrology
The house can be the support for other various projects
ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 15
• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments
Thank you for your attention