towards an architecture for trusted edge iot security …...towards an architecture for trusted edge...
TRANSCRIPT
![Page 1: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/1.jpg)
Towards an Architecture for Trusted Edge IoT Security Gateways
Matt McCormack, Amit Vasudevan, Guyue Liu, Sebastián Echeverría, Kyle O’Meara, Grace Lewis, Vyas Sekar
![Page 2: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/2.jpg)
IoT Insecurity is Growing
2
krebsonsecurity.com
iotsecurityfoundation.org
wired.com
washingtonpost.com
![Page 3: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/3.jpg)
Prior Work: “Bolt-on” Security Gateways
3[Yu et al., HotNets 15], [Ko and Mickens, ANRW 18]
Advantages: practical, deployable, agile
Edge Gateway
ControllerPolicy
Control PlaneData Plane Device-specific NFs
![Page 4: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/4.jpg)
Problem: Edge Gateways are Insecure
4
Edge Gateway
Controller1. Alter NF
3. Alter security policy
2. Bypass NF
Policy
![Page 5: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/5.jpg)
Our Vision: Trusted “Bolt-on” Security
5
Edge Gateway
Controller Policy
1. Cannot alter NFs
2. Cannot alter paths
3. Cannot alter policy
![Page 6: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/6.jpg)
Requirements Contributions
6
Holistic Coverage–Data plane–Control plane
Aligns with “Bolt-on” Security Gateways
–General– Legacy compatible–Performant
Key security properties of a trusted gateway
Trusted gateway architecture built on a micro-hypervisor
![Page 7: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/7.jpg)
Foundational Security Properties
7
Software Integrity
Secure Data Channel
Secure Control Channel
Data Isolation & Mediation
![Page 8: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/8.jpg)
Background: Extensible Micro-Hypervisor
8
micro-hypervisor
Hardware
OS
Extension
App 1 App n…
General
Legacy compatible
Performant
[Vasudevan et al., IEEE SP 13, USENIX Security 16, IEEE EuroSP 18]
Security Foundation
![Page 9: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/9.jpg)
Edge Gateway
Controller1. Alter NF
Trusted Data Plane Approach
9
Edge Gateway
micro-hypervisorvTPM
1. Detect altered NFs: Periodically attest
![Page 10: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/10.jpg)
Edge Gateway
Controller
2. Bypass NFs
Trusted Data Plane Approach
10
Edge Gateway
micro-hypervisorPacket Signing
2. Enforce path: per-hop
authentication
![Page 11: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/11.jpg)
Promising Preliminary Results
11
Data plane: Packet Signing Extension–OVS & Docker: +13% latency
Control plane: Policy Extension–Custom controller: +17% latency
Prototype on Raspberry Pi 3–Micro-hypervisor: uberXMHF
(https://uberxmhf.org)
![Page 12: Towards an Architecture for Trusted Edge IoT Security …...Towards an Architecture for Trusted Edge IoT Security Gateways Matt McCormack, Amit Vasudevan, GuyueLiu, Sebastián Echeverría,](https://reader036.vdocuments.us/reader036/viewer/2022071217/604cd7f97cd91a50f52a9956/html5/thumbnails/12.jpg)
Conclusions
12
• Edge gateways offer hope for IoT security–Currently these gateways lack trust
• Vision for trusting edge IoT security gateways–Defined a holistic adversary model to derive our
foundational trust properties–High-level architecture for trusted data and
control plane built on top of a micro-hypervisor
• Thank you! – Contact: [email protected]