Context Sensors and Security for Internet of Things
Sandhiprakash Bhide, Director of Innovation, Future
IOT Solutions
Application Ready Platforms Division, IOT Group
Intel Corporation
November 12-13, 2014 Photo Credit: http://www.lapalaparealty.com/wp-content/uploads/2013/01/SanDiego3.jpg
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
In the E2E IOT value chain, the sensor
node is the most vulnerable point of
attack
2
3
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
The Connected Home – 1980’s-1990’s
3
Credit of home slides: Raj Samani, McAfee/Intel
4
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Typical Connected Home, Year 2013
4
5
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Typical Connected Home, Year 2013
5
6
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Typical Connected Home, Year 2013
6
7
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Typical Connected Home, Year 2013
7
8
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Life with Desktop, Laptops, Tablets, and Phones
(~1.6B)
8
Internet
Consumer Devices
Malware
Denial of Service
Spoofing
Physical
Viruses
Worm
Trojan Horse
9
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
What would your life be with 1T sensors + 50B
devices?
9
Lighting
Entertainment
Energy
Security Cameras
Wearables
HVAC
Internet
Appliances
Sensors
Consumer Devices
Embedded Devices
Malware
Denial of Service
Spoofing
Physical
Viruses
Worm
Trojan Horse
10
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Most of the 50B devices will be unprotected and
open to getting hacked !! ↓
Loss of economic value & loss of innocence
(opt-in w/o knowing consequences) ↓
How many 20 pages of legal disclaimers will you
read? 10
11
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Hackers are already attacking the industrial world
Hackers break into networks of 3 big medical device makers (SF Chronicle, Feb 10, 2014)
Thousands of IoT control systems vulnerable: DHS Study (Info Week, Jan 11 2013)
Underground copper wire heist causes San Jose freeway flood (SJ Mercury News, Feb 28, 2014)
Target hackers broke in via HVAC company (CNBC, Feb 5, 2014)
How Hackers can take control of your Car (EE Times, Jul 8, 2013)
Attack on California substation fuels Grid Security debate (IEEE Spectrum, Feb 2014)
Shamoon [virus] was an external attack on Saudi Oil Production (Info Security magazine, Dec. 10, 2012))
World First Cyber hijack: Was missing Malaysia flight hacked by mobile phone? (Express, March 16, 2014)
12
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
New Security Threats to Personal IOT Devices
Fridge sending out spam after web attack compromised gadgets. One of > than 100K devices used in spam campaign. (BBC News. Jan 2014)
“Wearable Computing Equals New Security Risks”, (InformationWeek. 13 Jan 2013)
Medical Devices: We’re starting to attach medical devices to electronic health records, and they’re not secure.' (Healthcare IT News. May 2013)
Credit Card Information System: “Target Confirms Point-of-Sale Malware Was Used in Attack” (Security Week. 13 Jan 2014)
Baby Monitor: Hacker takes over baby monitor and shouts obscenities at sleeping child. (ABC News, 13 Aug 2013)
13
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Anonymized data may not be as anonymous as is believed. Or it may be now, but not in the future
How To Track Vehicles Using Speed Data
Alone
Carmakers keep data on drivers' locations
FTC Hearing IoT Privacy Concerns
Connected Home Invasion: The Methods
Car insurance companies reduce the cost of insurance by gathering data about a
customer's driving practices
Report finds automakers keeping info about driver’s location. Owners can’t demand that
info is destroyed
Anyone concerned about privacy would be well advised to weigh in on this before the
issue is taken over
No incentive to secure products. With resources better off spending on the features
that consumers want
14
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Access to Electrical Loading can pose a security
threat
14
15
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
User’s Perspective of Security
Depends end user and the app
15
Person remains
anonymous
unless opted-in
Privacy
Release of
sensitive/ personal
info without
consent
Safety Data Protection
Does not cause
any harm to
people
Data safe from
theft or alteration
Identity
TRUST
16
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Levels of Security Risks
1. Criticality: Potential for damage if system is breached.
Damage can be loss of life, financial loss, or
inconvenience
2. Value of target (to hackers): What will hackers go after?
Is it more valuable for the hacker to attack a thermostat
or a financial institution?
3. Value of market: What is the size of market? How much
would market be willing to pay for security?
17
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Security necessarily segments the IOT market
• Different usages require different security mechanisms
• Cost sensitivity implies different security controls for different IOT segments, i.e., smart meters
Three types of security technical issues for IOT devices
• How to secure communications?
• How to detect and recover from malware?
• How to defend the physical security of low cost devices?
IOT Security is important
18
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sensor Security Challenge #1
Software-based sensor attack rates rising
• Sensor data left unprotected:
1. By APIs;
2. In system memory (buffers)
• Once access to sensor data is obtained, information can
be directly or indirectly inferred
19
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sensor Security Challenge #2
• Users can’t tell if sensors are on/off and cannot control
use
• Sensor data can be faked -- not certified as authentic --
allowing attacks on sensor-data-based uses
20
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
1. How do we keep the credentials provisioned in IoT
devices secret from attackers with physical access to the
device?
• Important for infrastructure IoT devices but perhaps not
for personal devices
2. How do we detect IOT Device being tampered?
• Most IoT designs today assume device functionality is
immutable
3. What market segments require device hardening from
physical attack (e.g., will vandalism be common in
infrastructure devices)?
Sensor Security Challenge #3
21
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
21
22
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Security by creating a Context around Sensors
Soft Sensors Calendar
Preferences
Interests
Location
Local Services
Physical Sensors Gyro
GPS
Accelerometer
Health
Ultrasonic
Temp/Humidity
CO/CO2/NOx
Toxic Gases/HC
Pressure
Proximity
Touch
Light/IR
Audio/Video
Higher
Level of
Security
Sensor 1 Sensor 2 Sensor 3 Sensor 4
Sensor Collaboration
23
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Security, Identity, Privacy, and Safety from the
Source to all levels
In-memory
Sensor Data
Sensor Data
in the Storage
Protected
Execution
Environment
Sensor Data
Comms
1. Only Legitimate/Authorized
Users can access
2. Easy to use environment
with policies to control
sensor data processing and
use
3. Scalable platforms and
sensor types
4. Keeping sensor credentials
secret
Sensor Physical Protection
24
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
In the E2E IOT value chain, the sensor node is the
most vulnerable point of attack
24
Thank you
Photo Credit: https://www.optumhealthsandiego.com/portal/server.pt/gateway/PTARGS_0_84133_2503_436_70295_43/http%3B/upsprodtools -e.uhc.com%3B7087/publishedcontent/publish/ubhp/sandiego/cmscontent/san_diego.jpg
26
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Backup
26
27
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Glossary of Terms
1. Hacker Attacks: Indicates attacks that are not automated by programs such as viruses, worms, or Trojan
horse programs. There are various forms that exploit weaknesses in security. Many of these may cause
loss of service or system crashes.
2. IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it
is not actually from. There are various forms and results to this attack. The attack may be directed to a
specific computer addressed as though it is from that same computer. This may make the computer think
that it is talking to itself. This may cause some operating systems such as Windows to crash or lock up.
Gaining access through source routing. Hackers may be able to break through other friendly but less
secure networks and get access to your network using this method.
3. Session Hijacking - An attacker may watch a session open on a network. Once authentication is
complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client
who was just authenticated and steal the session. This attack can be prevented if the two legitimate
systems share a secret which is checked periodically during the session.
4. Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the
clear) authentication from the client. The attacker will run this utility while acting like the server while the
user attempts to login. If the client is tricked into sending LANMAN authentication, the attacker can read
their username and password from the network packets sent.
5. DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the
right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS
information which can cause traffic to be diverted. The DNS information can be falsified since name
servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false
DNS reply with additional bogus information which the requesting DNS server may cache. This attack can
be used to divert users from a correct webserver such as a bank and capture information from customers
when they attempt to logon.
27
28
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Glossary of Terms
1. Password cracking - Used to get the password of a user or administrator on a network and gain
unauthorized access.
2. Viruses - This type of malicious code requires you to actually do something before it infects your
computer. This action could be opening an email attachment or going to a particular web page. It
reproduces itself by attaching to other executable files.
3. Worms - Worms propagate without your doing anything. They typically start by exploiting a software
vulnerability (a flaw that allows the software's intended security policy to be violated). Then once the victim
computer has been infected, the worm will attempt to find and infect other computers. Similar to viruses,
worms can propagate via email, web sites, or network-based software. The automated self-propagation of
worms distinguishes them from viruses. Self-reproducing program. Creates copies of itself. Worms that
spread using e-mail address books are often called viruses.
4. Trojan horses - A Trojan horse program is software that claims to do one thing while, in fact, doing
something different behind the scenes. For example, a program that claims it will speed up your computer
may actually be sending your confidential information to an intruder.
5. Spyware - This sneaky software rides its way onto computers when you download screensavers, games,
music, and other applications. Spyware sends information about what you're doing on the Internet to a
third-party, usually to target you with pop-up ads. Browsers enable you to block pop-ups. You can also
install anti-spyware to stop this threat to your privacy.
6. DoS- Denial of Service
7. Logic Bomb - Dormant until an event triggers it (Date, user action, random trigger, etc.).
28
29
Sandhi Bhide – Intel Corporation, TSensors Summit, San Diego, CA. Nov. 12-13, 2014. © 2014 Intel Corporation, OK for Non-NDA Disclosure
Legal Stuff
Intel Copyright Notice © 2014 Intel Corporation
Confidentiality Notice: OK for Non-NDA Disclosure
Trademark Notice
Intel and the Intel logo, are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands
may be claimed as the property of others.
See Trademarks on intel.com for full list of Intel trademarks.
Intel Product/Roadmap forecast info
All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest
Intel product specifications and roadmaps.
Intel Business forecast info
Statements in this document that refer to Intel’s plans and expectations for the quarter, the year, and the future, are
forward-looking statements that involve a number of risks and uncertainties. A detailed discussion of the factors that
could affect Intel’s results and plans is included in Intel’s SEC filings, including the annual report on Form 10-K.
Intel Business Requirements forecast info
Any forecasts of goods and services needed for Intel’s operations are provided for discussion purposes only. Intel will
have no liability to make any purchase in connection with forecasts published in this document.