wireless security and the internet of things nick hunn
Post on 12-Apr-2017
500 Views
Preview:
TRANSCRIPT
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Wireless Security and the Internet of Things
Nick Hunn WiFore Consulting
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The Legal Requirement
https://www.gov.uk/government/consultations/radio-equipment-directive-proposal#download http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0584:FIN:EN:PDF
In the EU proposal for the revision of the R&TTE directive, it states that:
Article 3 Radio equipment shall be so constructed that it complies with the following essential requirements: (c) radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected;
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Some examples of what has been hacked
• Pacemakers • Insulin Pumps • Weir Gates • Set Top Boxes • Fitness Monitors • Smart Meters
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The Consequences of Hacking
• People know where you are. • People know where you aren’t. • People know who you’re with. • People know what you’re doing. • People think you’re someone else. • Your lights go out. • Your bills go up. • Things stop working. • Things start working differently. • Your business fails.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
What is the Internet of Things?
Some are born with Sensors,
Some acquire sensors, and
Some have sensors thrust upon them.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Machine to Machine (M2M)
Many current M2M deployments are cellular
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Appcessories and The Quantified Self
Consumer growth is most likely to come from the world of Appcessories.
Find out more about Appcessories at http://www.nickhunn.com/2ubiquity
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The Smart Home
It will take time coming, but homes will get monitored.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
To 40 billion and Beyond
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The missing 25 billion may be “Desirable”
Annual Sales of Appcessories
-
2,000
4,000
6,000
8,000
10,000
12,000
14,000
2014 2015 2016 2017 2018 2019 2020
Mill
ions
Source: WiFore Consulting
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Which gives 40 billion opportunities to steal or corrupt someone’s data.
Every second of every day
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Addressing Security
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The Topology of the Internet of Things
Sensors
dB & App
Where cellular is Integrated with sensors it will remove some steps in the chain.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Sensor Gateway
PCT Boiler Switch
Router
PC
Customer Supplied
The Simple Case of the Smart Thermostat
Installer Supplied
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Router
PC
I/O Manager dB
Application & Analysis
Web Interface
Phon
e
Device Manager
Security Manager
External Service Provider
The Backend Environment
Service Provision
3rd Party Data MDMS, etc.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
And don’t forget the Weak Link…
PC
Phon
e
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
“Elements of Security”
• Most IoT architectures consist of a collection of separate, connected elements, each of which may have their own security.
• Systems composed of “Off the Shelf” components generally have different levels of security, which need to be stitched into a whole. This can be trickier than designing from scratch.
• The order of installation can be critical. But guaranteeing the correct order may be impossible.
• Existing security of wireless may be a false security.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
“But I’m using Wi-Fi / Bluetooth / ZigBee. That’s got security built in.
Why do I need to do anything else?”
The AES128 Datasheet Misconception
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Practical Considerations
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
• You MUST develop a complete end-to-end security model. Just implementing Wireless security is not enough.
• Write an RMADS as soon as you’ve done your first draft of system architecture, and then reiterate both until they work and are consistent.
• Consider device management, end to end authentication and link key management.
Build a Security Model
dB & App
BTS / WPA2 TLS
Encryption / Authentication
TLS / PW
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Design for Autonomous Operation
dB & App
X X
X X
Think about what happens when: • Internal or external comms links or the web service fail • The mobile phone goes out of the house • The gateway / router fails or is replaced • The consumer moves home
The consumer expects their HVAC and lights to continue working
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Security & Usability
• No security makes getting to 40 billion devices easy. • High security makes it very difficult.
But…
• Major security failures scare customers and may kill the
market altogether.
If the reaction to new security threats is simplistically to add even stronger protection, then the costs of that additional security will result in M2M solutions that are not economically viable.
Beecham Research 2013 www.beechamresearch.com
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
And…
• Pairing remains the biggest problem for most wireless products, both in terms of usability and security.
• Many of these IoT & M2M products will have much longer lives than current consumer products. That means that new components will be added to the system and existing ones replaced. That is a security challenge.
• More security = more processing = shorter battery life. • Make sure that firmware updates don’t compromise the
security. Or that the security model doesn’t prevent them being deployed.
• Remember that many of these devices may have NO user interface.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
But…
Annual Sales of Appcessories
-
2,000
4,000
6,000
8,000
10,000
12,000
14,000
2014 2015 2016 2017 2018 2019 2020
Mill
ions
If we get it right, the market is five times bigger than the mobile phone market. It’s worth getting it right.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Questions?
www.wireless-book.com
Nick Hunn CTO
mob: +44 7768 890 148 email: nick@wifore.com web: www.wifore.com
Creative Connectivity Blog: www.nickhunn.com
top related