anonymous individual integration for iot
TRANSCRIPT
Major Review
OAUTHING:Anonymous individual integration for IOTPaul Fremantle School of ComputingUniversity of Portsmouth
AgendaMotivation and backgroundPrevious iterationsModel and architecturePrototype and resultsComparison with related work and conclusions
Motivation
Growth of IoT devices
2016 Mirai620Gbps botnet attack based on IoT devices
5 minutesfrom On to Pwned
Problem statementToday many IoT devices are inherently tied to the manufacturerI want to share data under my own control with trustThreats include:Lack of individual credentialsHacking of data and passwordsTrust in the company to behave wellData sharing and privacyGoing out of business
Privacy By Design7 key principlesProactive not Reactive; Preventative not RemedialPrivacy as the Default SettingPrivacy Embedded into DesignFull Functionality Positive-Sum, not Zero-SumEnd-to-End Security Full Lifecycle ProtectionVisibility and Transparency Keep it OpenRespect for User Privacy Keep it User-Centric
Cavoukian, Ann, Scott Taylor, and Martin E. Abrams. "Privacy by Design: essential for organizational accountability and strong business practices."Identity in the Information Society3.2 (2010): 405-413.
Three layer privacy modelJoint SphereSpiekermann, Sarah, and Lorrie Faith Cranor. "Engineering privacy.IEEE Transactions on software engineering35.1 (2009): 67-82.
Overall approach and timelineFirst iteration: FIOTTokens on devices, user consent to data sharingFremantle, Paul, et al. "Federated identity and access management for the internet of things."Secure Internet of Things (SIoT), 2014 International Workshop on. IEEE, 2014.Second iteration - IGNITEUnique identifiers per device, Initial performance dataFremantle, Paul, Jacek Kopeck, and Benjamin Aziz. "Web API management meets the internet of things."European Semantic Web Conference. Springer International Publishing, 2015.Third iteration: OAUTHINGDevice and User Registration processesAnonymous identitiesCloud based personal middlewareImproved testing and performance dataCIOT
Contributions of this workOAuthing: a new model for federated identity, access control and data sharing in IoTA clear manufacturing and user registration process for OAuth2 credentials with IoT devicesAn approach for using anonymous identities in IoT while allowing users to share data effectivelyPersonal Cloud Middleware to ensure trust in the server modelA working prototype of the OAuthing modelExperimental results demonstrating scaling in a cloud environment
Model and Architecture
ScopingIn ScopeDirectly Internet-connected devices Sample device is based on ESP8266 with wifiIoT Hub (e.g. Smart Home gateway, Connected Car)Treat individual sensors as attached to the hubTreat the hub as a DeviceOut of scope in the current modelImplicit Data TransferPrivacy infringement through scanninge.g. MAC scanning attacks, ambient devicesDevices with multiple owners This may be extended in future researchDevices that are not directly connected to the InternetThis may be extended in future research
IoT today
The OAuthing Model
Device Identity Provider (DIdP)Provides secure anonymous identities to devices and issues tokens that authorize devices or services Allows users to register their devicesAllows users to consent to share data or commandsOffers the Identity Broker pattern
Personal Cloud Middleware (PCM)Each user has a server running on their behalfOriginally proposed in Webinos Personal Zone Hub (PZH) and Personal Zone Proxy (PZP)Webinos does not deal with running these in a cloud, locating them, etcA cloud shadow of the users devicesDoes not persistently store dataPerforms summarization and filtering*Only distributes data according to user consentEnhances Trust in the Cloud
* Not yet implemented!
Intelligent Gateway (IG)Validates tokens against the DIdPRoutes requests based on anonymous identitiesApplies dynamic authorization policies As consented by usersInstantiates PCMs in Docker
Device
Device Lifecycleand BootloaderThe device bootloader implements a well-defined lifecycle
Secure device identity is embedded at manufacture time
User registration process based on QR codes
@startumlstart:**Manufacture**(the device is created);:**Client Registration**(the device is registered with OAuThingas a OAuth2 client);:**Purchase**(the device is physicallyin the hands of a user);repeat
:**User Registration**(the user takes ownership of thedevice and allocates it permissions);:**Use**(the device is now publishing data andacting on user commands);
repeat while (reset ownership)@enduml20
Information sharing matrix
User ProfileMACHW IDDevice IDDevice SecretPseudo-nymBearerTokenDevice DataUIdPDIdPManu-facturerDeviceIGDataRecipient
Analysis of the sharing matrixIn order to steal data an attacker needs to attack both the DIdP and IG/PCMThe DIdP doesnt see any device dataThe IG/PCM do not see any real identities Third-party services dont inherently know any identitiesUsers may leak it in other waysThe manufacturer and other services only see data that has consent to shareAll third-party services / data recipients are equal
Addressing the security and privacy problems of IoT Default passwordsEach device is configured at manufacturing with a secure idUser controlClear user registration and ownership modelUsers choice of providerPersonal middlewareFingerprinting and identificationAnonymous IdentitiesDevice/User shadow protects metadata Summarising and filtering ConsentNo data is shared without consent
Implementation
ImplementationOAuthing (DIdP)OAuth2 support, onbound support for popular UIdPs (Google, FB, Twitter), embedded MQTT brokerIGNITE (IG)Performant MQTT gateway, with pluggable intermediation, launching of PCMs in Docker, OAuth2 scope validationRSMB Docker (PCM) Lightweight containers running in DockerDevice Bootloader and Sample DeviceBased on ESP8266 low-cost device chip, implementsMQTT/TLS, Device and User registration flowsThird-Party App (TPA)Simple application to demonstrate consent-based data sharing using MQTT / WebSockets / TLShttps://github.com/pzfreo/oauthinghttps://github.com/pzfreo/ignite
Digital Ocean LON1 region
Device IdP:
OAuthing
DIdP Database:
Cassandraoauthing.io2Gb Droplet
Cloud Service Provider:
IGNITEDockerController: dproxyignite-iot.net2Gb DropletPersonalRSMBBrokersPersonalRSMBBrokersPersonalRSMBBrokersPersonalRSMBBrokersPersonalRSMBBrokersPersonalRSMBBrokersPersonalZone Hub:
RSMB
MQTT collectorTest Manager4Gb DropletStats analyser
Test Load Driver4Gb Droplet50 virtualclientsUp to 10 TLDsper testKey
Datacenter
Droplet/cloudinstanceDocker Container
Test Environment and Harness
Live demo?
2 minute demonstration video
Individual anonymous integrationOn a 2Gb Digital Ocean droplet400 MQTT brokersHandling 10 messages / second eachBased on pseudonymsWith OAuth2 based consent
Memory and code usageon ESP8266
One Second Client results
Stress test results
Introspection performance
Connect latency
Analysis of resultsThe model can be implemented effectively
The additional latency on data messages is ~1msNot noticeable compared to average mobile Internet latencies of 100-1000ms
The first connect performance is also acceptable (it takes the device 3-10 secs to associate to Wifi)
The additional memory usage of the bootloader on the device is acceptable
400 PZH servers can be run on a $20/month cloud server$0.60/year/user cost can be further reduced with optimizationSupporting each user with 100 devices each communicating every 10 seconds
Potential Use CasesWide: Supporting the EU GDPREnsuring full consent for all IoT data sharingSpecific: Connected Medical DevicesOnly sharing specific data or averagesAvoiding sharing all data with the manufacturerBetter compliance with regulatory systemsSpecific: Industrial IoTHigh security and privacy required around smart production lines
Comparison with related workOAuth for DevicesPrevious work offers OAuth2 models for devices:FIOT [8], IGNITE [9], IOT-OAS [1], COMPOSE[14], OAuth1 for MQTT[13], IBM Watson, AWS IoTNone of these provide:Anonymous IdentitiesClear automated registration processes or Personal Cloud MiddlewareWebinosConcept of Personal Zone Hub personal middlewareDoes not address usability of PZH, how to configure and run in a cloudDoes not support federated identity to the deviceIoT@Work [16]A model for anonymous identities for IoTNo separation of identity management and data sharing systemsNo federated identity models[n] References refer to the bibliography in the paper
Further WorkFormal models In one of CSP/Event-B/TamarinImplementation of updated model OAuthing 2Detailed threat analysis and threat modelingIntersection with Blockchains and Distributed LedgersUse of blockchain to validate identity, ownership, manage consent, provide an audit trail of IoT lifecycles
Questions?