track 5 session 2 - st dev con 2016 - security iot best practices
TRANSCRIPT
October 4, 2016
Santa Clara Convention Center
Mission City Ballroom
IoT Security Good Practices
Joe Pilozzi
In the News2
Invasive Product AttacksWith the case opened / removed
• Test / debug port access
• Inter device bus and IO probing
• Reset, clock attacks
• Power analysis
• Temperature / electrical attacks
Non Invasive AttacksMisuse of network protocols
• Exploit communication protocol errors
• Flaws in software design / implementation
Invasive Silicon AttacksDevice de-packaged
• Circuit analysis and probing
• Fault injection
Solutions 3
Box InternetThe
Cloud
BOXAdd a Secure Element• Much Better Tamper Resistant
• Trusted Crypto Services
• Secure Storage
• Independently Certified
A Better
Solution
Use an MCU’s security features• Unique Device IDs
• Memory Protection
• Firewall
• Tamper Detection
• Crypto Hardware
• AES, T-RNG
• Debug Port Protection
Solution
SOLUTIONS
It’s All About Risk Management 4
• Understand the value of the Assets you are going
to protect, taking into account all stake holders
• Understand your Threats and Vulnerabilities
• Develop a security strategy to reduce Risk, using
right level of security for the value of the Assets
being protected
• Make use of the integrity and cryptographic tools
available
Fortified Solutions
Fortifying an IoT Device
Example Of A Simple IoT Device 6
Sensor MCU
Communications
Device
STM32
Communication
Device
Sensor
MCU Secure
Element
STSAFE
Secure Element
An IoT Device’s Security Needs 7
Prevent device misuse
Prevent device or server counterfeiting
Resistance against
hacking, cloning
Authentication• Device to device
• Device to server
Service and network access corruption
Prevent device
misuse
Integrity and Availability• Secure Boot
• Secure firmware upgrade
• Trusted processing
Data privacy
Prevent data collection or corruption
Confidentiality• Data / identity protection
• Secure communications
• Secure storage
UpgradabilitySecure Communications• Secure firmware upgrade
Prevent device misuse
Need Solution
Product Integrity and Cryptography
• Cryptographic methods are used to:
• Protect the Confidentially and Integrity of data / information
• Ensure a chain of trust through Authentication
• Product integrity, availability and resistance against attacks
• Uses cryptography and stateful processes to ensure correct operation
• Uses hardware to enforce rules and countermeasures
• Uses tamper proof methods to mitigate attacks
8
Cryptography
CryptographyThe art of hiding things
• Cryptographic ciphers have been used for centuries to protect
information between communicating parties
• Cryptographic processes are mathematical algorithms that provide:-
• Encryption to keep information Confidential during communications
• Authentication to validate information, identities and trust individual items
• Underpins a platforms Integrity processes, like Secure Boot
10
Secret Key
Cryptography
(Symmetric)
CryptographyOne Key or Two ?
11
Data File Data FileData File
Clear Text Clear Text
Cipher Text
Encryption Decryption
Sender ReceiverCommunications
Channel
Public Key
Cryptography
(Asymmetric)
Data File Data FileData File
Clear Text Clear Text
Cipher Text
Encryption Decryption
PrivatePublic
CryptographyCharacteristics
• Symmetric – or single (or secret) key
• Use fewer compute resources and are faster
• Used to protect data - during communications or while at rest
• Issue with sharing and managing keys
• Algorithms like AES and TDES
• Asymmetric – (a key pair - public key + private key)
• Provides easier key sharing and management using a Public Key Infrastructure (PKI)
• Algorithms are more complex, hence compute intensive, thus lower performance
• Used for authentication, key exchange, digital signatures and certificates
• Algorithms like RSA and ECC (Elliptic Curve Cryptography)
12
CryptographySize Matters
• NIST recommended key sizes
13
Symmetric RSA ECC
56 512 112
80 1024 160
112 2048 224
128 3072 256
192 7680 384
256 15360 521
• Bigger is better - stronger
• ECC uses a smaller key for the same strength
as RSA
Str
en
gth
STRONG
CryptographySize Matters
• Just a thought …
… that’s one small key in a huge hay-stack !
14
Estimated number of 1050 atoms
166 bit
Symmetric Key
≈With ~10^50
combinations
CryptographyHash Algorithms
• Cryptographic Hash
• An easy to compute, one-way cryptographic function that generates a result which for all
intents and purposes is unique for any given message or file :-
• Unalterable (practically impossible to modify the original file or message without causing the result
to be altered)
• The resultant hash value is always the same length irrespective of the size of the message or file
• Used in many processes like authentication, secure boot, secure firmware down-loads
• NIST (Secure Hashing Algorithm) SHA-1, SHA-2, SHA-3
15
Cryptographic Hash FunctionData FileCode File
Clear Text
Hash Value
One Way Function
Hash function has no key, and the
clear text can not be recovered from
the hash value
CryptographySignatures
• Digital Signatures
• Used to check the authenticity of information, code, files, messages, and Public Keys in the case of
Digital Certificates
16
Sign / Encrypt
Code Signing Code File
Clear Text
Hash Hash Value
Private
Using RSA
Verify / Decrypt
Code Authentication
Public
Hash Value
Code File
Clear Text
Hash Calculated Hash Value
Compare If the Hash values are
equal the code is authentic
Using RSA
Random Number Generator (RNG)• Random Number Generators are typically used :-
• To generate a challenge during authentication process, a seed for keys, digital signatures
17
http://www.random.org/bitmapsPHP rand() on Windows
http://boallen.com/random-numbers.html
http://en.wikipedia.org/wiki/Random_number_generator_attack
• A source of entropy (randomness)
for the crypto math
• Statistical properties of the RNG’s
output is used to evaluate level of
randomness
• A non random or predictable output
is a source weakness
Random Number Generator (RNG)
• A Pseudo Random Generator uses a software algorithm to generate
numbers
• A True Random Generator makes use of the unpredictable physical
properties of silicon to generate its numbers
• Use RNG’s complying with NIST FIPS 140-2 Annex C
18
• Always make use of a True Random Generator
Cryptography 19
• Not all crypto libraries are the same …
• Is it from a reputable source ? or is it freeware ? open source ?
• Does it come with any warranties or certifications ?
• Do you know its history, is it maintained?
• Does it have a track record of fixing security issues ?
• Silicon vendor libraries specifically make use of hardware accelerators or
are designed to execute in a secure partition or environment
Libraries
• Take care where you obtain cryptographic libraries from
• Use libraries that come from reputable sources
• Use libraries that make use of hardware accelerators or are partitioned to
execute in a secure manner
Cryptographic Accelerators
• Cryptographic accelerators are specific hardware engines that off-load
cryptographic functions from the CPU
• Providing higher data through-put performance, and lower power
• Greater integrity – more resilient against system and board level software attacks
• Often supporting secure key ladders, secure key stores or caches
• The cryptographic functions are intrinsically bound to the device
• Functions typically performed
• AES, TDES, SHA, RSA, ECC, SHA-1, SHA-2, SHA-3
20
• Use hardware Cryptographic Accelerators
when available
Integrity and AvailabilityResilience to Attacks
Root of Trust
• An anchor point for cryptographic services bound with a device
• It may be embedded in the Microcontroller or a Secure Element
• Performs stateful, trusted, cryptographic processes
• Is the first process to start after reset
• Often ROM (locked Flash) based as integrity is important
• May use hardened logic design that is tamper resistant
• Performs code authentication; acts as the First Stage in a Secure Boot
process
22
Secure Boot
• To ensure a products integrity code should be authenticated before it is run
• Secure boot uses cryptographic functions to confirm the authenticity of a
code image before allowing it to execute
• A multi-stage secure boot process, is one where each stage authenticates
the next, hence a chain of trust
23
First Stage
Code
Cert.Reset
Chain of Trust
Second stage
Loader
CodeCert.
Authenticates
Trusted
Third Stage
RTOS
CodeCert.
Authenticates
Application
Authenticates
Secure Boot
• The Secure Boot process
• Performed after a reset, using a Public key stored in the device
• It is a stateful process for predictable behavior
• Its code should be stored in ROM or locked Flash
• A Root-of-Trust may be used to performed this process
24
State based process
Reset
Trusted
Verify / Decrypt
Code Authentication
Public
Hash Value
File
Code Image
Hash
Calculated Hash Value
Compare
OK
NOK
Reload
Run Code
• Code images may also
be encrypted
• Protect your private
signing key!
Protect Assets and Keys 25
• Sensitive data should be encrypted when not being used
• Sensitive applications data, confidentiality, privacy, customer financial and health info.
• Trusted root keys (symmetric keys or asymmetric Private keys)
• Access to this data must be carefully controlled and restricted to authorized
persons and processes
• Lock down Public keys and certificates
• They don’t need to be encrypted only immovable - locked to the platform
• Only allow replacement through a cryptographic process
Secure Storage – Data at Rest
• The key to success is to protect your keys
• Don’t allow unauthorized access to keys
Secure Communications 26
• The IoT ecosystem relies on confidential and trusted communications
• Use a cryptographic authentication process to establish trust
All devices should be uniquely identified and able to verify the identity and authenticity of other
communicating devices
• Public Key Infrastructure (PKI) standards
• RSA, ECC
• Use end-to-end encryption
• Ciphers: AES, TDES
Data in Motion
• Make use of established secure communication protocol standards
• Secure Socket Layer/Transport Layer Security (SSL/TLS),
• Datagram TLS (DTLS)
Application Data 27
• Handle confidential and sensitive data securely when being used
• Segmented processing
• Uses memory protection or firewall mechanisms to segment memory and code execution into secure
and non secure zones
• Requires a clear understanding of software and hardware to develop a partitioned solution
• Dual mode CPU’s – Trusted processing
• Provide context switching between “trusted” and “untrusted” processing
• Simplifies the partitioning and development of secure processes
• Secure Processing using a Secure Processor, like ST’s STSAFE
• Provides the highest level tamper resistance for protecting cryptographic services and keys
Data In Use
Layers of Security Services 28
• Security services should be handled
independently in silo’ed processes
System Layers
Application / Cloud• Access control and right management
• Feature and product management
Data / Transport Layer• TLS/DTLS, HTTPS etc
Link Layer / Physical Layer• Network physical layer security
• e.g. WiFi – WPA2, 802.11i
Device Security Services
• Secure Boot
Debug Ports
• Debug ports, like JTAG, represent any easy access route for hackers
• Remove test headers, debug access points from the board
• Remove from code any debug processes as these could be exploited
• This includes potential boot-loader paths (UART, SPI, I2C, USB, etc.)
• Restricted access to production keys
• Only use test or dummy keys while the product is in debug mode
29
• If the device has a lockable debug port – don’t forget to lock it!
Life Cycle
Product Life Cycle 31
Definition
Design
Development
Prototype / Test
Decommissioning
Product Launch
Maintenance
• Define the product and identify the
Assets you plan to protect
• Design the product based on the
correct level of security
• Develop methods and processes
to protect those Assets over the
entire life-cycle
• Develop secure processes to
handle firmware throughout the
products life-cycle
• Product security should be factored
in from day-one
Do Verify Your Implementation
• Today’s largest threats are through software based attacks
• Used defensive coding practices and tools to detect possible vulnerabilities
• Review carefully the trustworthiness of code coming from external sources
• Check that all the latest security patches are being used
• Analyze code to remove debug and native firmware loading interface capabilities
• Use code integrity checking techniques like Secure Boot, Secure Firmware Update
• Rigorously test and support interoperability workshops
• You may also use Security Assessment Services
• Provide independent security assessment of products and ecosystems
• Support standards compliance evaluation and certification
32
Security Partnerships
• Use trusted partners throughout your value chain – protect your
products, services and brand
• Use partners equally committed to security and integrity
• Select partner provided schemes, processes and solutions that allow
you to securely provision and update your products firmware in
untrusted environments
33
Conclusions / Recommendations
Trusted IoT Platforms Do Matter ! 35
Who’s Watching your loved ones !
Source Engadget
Recommendations 36
• Internet of Things presents a wealth of opportunities and growth for business. It also represents
increased opportunity for theft, mischief and damage or even loss of life
• Reduce risk by designing and managing products fortified against attacks
• Hackers will go after the weakest links in a system not necessarily directly to their target
• Understand the value of assets for all the stake holders in your solution
• Perform a Threat analysis to better understand your Risks
• Remember Confidentially, Availability and Integrity are key
• Using these good design practices to develop and maintain secure products
• Design a products resilient against attacks through out its whole life-cycle
• Products robust can achieved through use of security features and tools
• Work with trusted and experienced partners throughput your value chain
Work with ST,
your experienced
partner
Demos
ST Solutions for Security in IoT 38
Smart City Solution
for IoT Node
39
Thank You