October 4, 2016

Santa Clara Convention Center

Mission City Ballroom

The Need for Security In IoT

Who needs security anyway ?

Joe Pilozzi

The Rise of Connected Things 2

• ~33B connected devices by 2020

• $1.7 trillion in value added to the global economy in 2019

• 40% Compound Annual Growth Rate 2014–2020

The Connected Devices 3

Server Farms, Server Clusters

Network Equipment (routers, firewalls, ..)

PC/LaptopConnected Media

Smart Phones, Tablets

Embedded Connected Devices

Smart Things

• Few Mu

• Tens of Mu

• ~ 1 Bu

• ~ 10 Bu

• ~ 10 Bu 20 Bu

• ~ 30 Bu 50 Bu

Represents a very large

opportunity for business

and for mischief

Who Needs Security Anyway

Who Needs Security Anyway … 5

• It’s about protecting Assets

• Knowing the true value of those Assets you are

going to protect

• Assets are a wide range of items

• Consumers Personal Information

• Financial, Health, Location, Passwords, Accounts

• Your Product or Solution

• Processes, Services, Intellectual Property, Firmware, Brand

• Health and Safety

• Medical devices, Manufacturing Processes and Equipment, Transport and Vehicles

• The Work Place

• Production Equipment, Environmental and Access Controls

Assets

….. Your brand, your reputation

Photo source : Wired Magazine

Connected Device Are Subject to Attacks 6

• Hacking opportunities made significantly easier with devices

being connected to the internet

• Exploiting carelessly managed user private information, as in

the case of a connected SmartFridge

• Exploit flaws and genuine mistakes leading to weaknesses in

security

• Hacking opportunities come from a failure to correctly verify

the identity of devices on a network

• An attack may take an indirect route to an asset by targeting

the weakest link in a system, as in the case of a remotely

hacked vehicle

https://www.wired.com/2016/02/flaws-in-wireless-mice-and-keyboards-let-hackers-type-on-your-pc/

And More …7

Threats and Vulnerabilities

General Threats To IoT Systems9

• Access / misuse of services and networks

• Access / misuse of devices

• Theft of confidential data or identity

• Counterfeit devices or services

Threat Analysis 10

• Asset

• In general terms is information, a capability, an advantage, a feature, financial or technical

resource that may be damaged, lost or disrupted

• Assets may be digital (software sources), physical (a car or a server) or commercial (brand)

• Damage to an asset may affect the normal operation of the system as well as that of

individuals and organizations involved with the system

• Threat

• Threat is a specific scenario or a sequence of actions that exploits a set of vulnerabilities and

may cause damage to one or more of the system's Assets

Threat Analysis 11

• Vulnerabilities

• Is a weakness, limitation or a defect in one or more of the system's elements that can be

exploited to disrupt the normal operation of the system

• They may be in specific modules of the system, its architecture, its users and operators,

and/or in its associated regulations, operational and business procedures

• Countermeasures, "safeguards“ or Barriers

• Is a procedure, function, process, action or a means of mitigating a specific vulnerability

or several different vulnerabilities

Threat Analysis 12

Concepts and Relationships

Assets

Value Assets

Vulnerabilities

Threats

Wish to abuse

Exploit• Countermeasures mitigate Vulnerabilities and therefore

mitigate Threats and hence reduces RiskIncreases

Wish to minimize Risk

Value

Hence evaluate Attacks

To Protect

Countermeasures / Barriers

Mitigates

Develop

Reduces

• Threats exploit Vulnerabilities and to gain access to Assets

Customer

Owner

Threat Analysis 13

Smart Metering System

Gateway

Cloud Services

Network

Smart Meter

Threat

• Commercial and cyber crime

• Disruption of administration system

• Supply shut down – disruption of service

• Spread of wrong information (e.g. invoices)

Fake Service

• Commercial and cyber crime

• Identifying empty houses

• Invoice Fraud

• Manipulating meter readings

• Misuse of private customer data

Eavesdropper Data Corruption

• Identifying empty houses

• Manipulating meter readings

• Misuse of private customer data

• Invoice fraud

Compromised Device Data Corruption

• Distributed Denial-of-Service (DDoS)

• Malicious code

Counterfeit Device

Classes of Attacks 14

Invasive Product AttacksWith the case opened / removed

• Test / debug port access

• Inter device bus and IO probing

• Reset, clock attacks

• Power analysis

• Temperature / electrical attacks

Invasive Silicon AttacksDevice de-packaged

• Circuit analysis and probing

Non Invasive AttacksMisuse of network protocols

• Exploit communication protocol errors

• Flaws in software design / implementationBox Internet

The

Cloud

BOX

Invasive Silicon Attacks 15

• Silicon Reverse Engineering

• FLASH or ROM code retrieval

• Whole or partial gate net-list extraction

Prepared for probing

• Identification of Internal Structure of the Chip

• Layout analysis, feature, buses, …

• Find “good“ location for probing

• Buses and memory to obtain keys, data, code

• A Fault Injection Attack - Non or Semi-Invasive

• Disturb normal behavior

• Exploit unexpected behavior

• Sources

• Laser, UV, X-rays

Software Attacks 16

• >95% attacks today exploit software implementation flaws

• Heartbleed - wrong buffer size

• Apple IOS web authentication by-pass - software line duplicated

Human error contributes to

nearly all of these incidents

Cost /

Effort

Relative Cost Of Attacks 17

Software Attacks

• Stack overflow

• Malware

• Virus

• Trojans

Invasive

Silicon Attacks

• Reverse Engineering

• Probing

• Fault Injection ( Laser, X-Ray, VU) Invasive

Product Attacks

• Physical access ( JTAG, IOs)

• Environment Perturbation

• Side Channel Attacks

(SPA, DPA, DEMA)

Today

95 % attacks

Complexity

Fortifying an IoT Device

Countermeasures

An IoT Device’s Security Needs 19

Prevent device misuse

Prevent device or server counterfeiting

Resistance against

hacking, cloning

Authentication• Device to device

• Device to server

Service and network access corruption

Prevent device

misuse

Integrity and Availability• Secure Boot

• Secure firmware upgrade

• Trusted processing

Data privacy

Prevent data collection or corruption

Confidentiality• Data / identity protection

• Secure communications

• Secure storage

UpgradabilitySecure Communications• Secure firmware upgrade

Prevent device misuse

Need Solution

Countermeasures 20

• Cryptography algorithms are used to protect data and establish trust

Cryptography

Authentication • Challenge – Response

• TLS/DTLS protocols

challengeresponse

Authentication Process

AvailabilityService protection

• Secure Boot

• Secure Firmware Upgrade

• Trusted Processing

Data Integrity• Data with Signature

- using RSA / ECC

• Cryptography ciphers (AES, DES, ECC, RSA) are public

• Protecting keys is the key to success

ConfidentialityData encryption

• Symmetric DES / AES

• Asymmetric RSA / ECC

Countermeasures 21

• Smaller silicon geometries the better – more difficult to probe

• Layout flattening – just a sea-of-gates

• Easier to hide busses and critical signal routing

• More difficult to identify functions / features

• Camouflage to prevent reverse engineering

Physical Design Techniques

Standard routing Camouflaged routing

Managing Risk

Cost

Managing Risk 23

• Always seek better level of security/integrity

• Use the integrity and cryptographic tools offered

• Seek out advise for best practices

Risk

Robustness

Security

OptimalGovernment

Mandated

Security

Fort KnoxPoor

Always seek better

Increase

due to

Hacking

Vulnerable

Invasive Product AttacksWith the case opened / removed

• Test / debug port access

• Inter device bus and IO probing

• Reset, clock attacks

• Power analysis

• Temperature / electrical attacks

Non Invasive AttacksMisuse of network protocols

• Exploit communication protocol errors

• Flaws in software design / implementation

Invasive Silicon AttacksDevice de-packaged

• Circuit analysis and probing

• Fault injection

Solutions 24

Box InternetThe

Cloud

BOXAdd a Secure Element• Much Better Tamper Resistant

• Trusted Crypto Services

• Secure Storage

• Independently Certified

A Better

Solution

Use an MCU’s security features• Unique Device IDs

• Memory Protection

• Firewall

• Tamper Detection

• Crypto Hardware

• AES, T-RNG

• Debug Port Protection

Solution

SOLUTIONS

Layers of Security Services 25

• Security services should be handled

independently in silo’ed processes

System Layers

Application / Cloud• Access control and right management

• Feature and product management

Data / Transport Layer• TLS/DTLS, HTTPS etc

Link Layer / Physical Layer• Network physical layer security

• e.g. WiFi – WPA2, 802.11i

Device Security Services

• Secure Boot

Cybercriminals 26

• Cybercriminals are motivated by various factors

• Financial gain, brand damage, political or terrorism, or plain old mischief making

• Todays cybercriminals are increasingly well funded criminal organizations

• Cybercriminals don’t necessarily target the final asset directly, but target less

secure devices connected to the same network

Never Underestimate …..

• Minimize your vulnerabilities or “attack surface”

• Seek out advise on threat analysis

Risk Management 27

• Understand the value of the Assets you are going to protect

• Understand your Threats and Vulnerabilities

• Develop a security strategy to reduce Risk

• At the right level of security for the value of the Assets being

protected

• Make use of the microcontrollers integrity and hardware based

cryptography tools available

• Crypto libraries, crypto accelerators

• Robustness features like debug port protection, memory

partitioning, firewall and tamper detection

Fortified Solutions

• A well Fortified Solution makes use of these features

• Don’t make it easy for a cybercriminal!

Is Your Product Secure ?

Is Your Product Secure … 29

• Device Integrity

• Can you determine if the product is authentic and can it be trusted?

• Security of Communications

• Is private data being transferred confidentially and with integrity?

• Security of Stored Information

• Is private data being stored in a protected manner ?

A Simple Check List

Security of Connected Devices Does Matter 30

Even our election could be a risk ..

Source: Engadget

Conclusion

Conclusion 32

Work with ST, your experienced partner

• Internet of Things presents a wealth of opportunities, a growth for commerce and an increased

risk of theft, mischief and damage or loss of life

• Understand the value of Assets in your system or product

• Perform threat analysis to better understand your Risks

• Reduce risk by designing and managing secure products well fortified against threats

• Design and manage your products using good design practices

• Design products and systems resilient against threats throughout their life-cycle

• A robust product is achieved through the use of security features and tools

• Most of the software attacks today can be thwarted by good firmware development practices

Demos

ST Solutions for Security in IoT 34

Smart City Solution

for IoT Node

35

Thank You