Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
TerraSwarmTerraSwarm
SponsoredbytheTerraSwarmResearchCenter,oneofsixcentersadministeredbytheSTARnetphaseoftheFocusCenterResearchProgram(FCRP)aSemiconductorResearchCorporationprogramsponsoredbyMARCOandDARPA.
AToolkitforConstructionofAuthorizationServiceInfrastructurefor
theInternetofThings(IoT)HokeunKim1,Eunsuk Kang1,EdwardA.Lee1,DavidBroman2
IoTDI 2017,Pittsburgh,PAApril19,2017
1UniversityofCalifornia,Berkeley2KTHRoyalInstituteofTechnology
Overview– IoT &Authorization
TerraSwarm Research Center 2
Privatedata
Control
• InternetofThings • Authorization(accesscontrol)– Criticalforcomputersecurity
Benefits,butalsochallenges
• Existingsecuritysolutions?– Mayworkwellforsomepartsof
theIoT,butnotfortheentireIoT!
• Proposedapproach– SST– SST:SecureSwarmToolkit– Anopen-sourcetoolkitforbuilding
authorizationinfrastructurefortheIoT– ToaddressIoT securitychallenges
Motivation• ChallengesinIoT security[1]
TerraSwarm Research Center 3[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Heterogeneity• Securityrequirements&resourceavailability• Connectivity(wiredconnectionsvs.mobiledevices)• Systemmanagement
Motivation(cont'd)
TerraSwarm Research Center 4
• ChallengesinIoT security[1]
[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Operationinanopen(orhostile)Environment• Physicalaccess & wirelessaccesstoIoT devices• Higherriskofbeingcompromised• MustbeabletorevokeaccessofcompromisedIoT devices
Motivation(cont'd)
TerraSwarm Research Center 5
• ChallengesinIoTsecurity[1]
[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Sources:"Ericsson MobilityReport",June2016/"CiscoGlobalCloudIndex:ForecastandMethodology,2015–2020",Publishedin2016
Scalability• 28billionconnecteddevicesin2021• 15.3ZBdatatrafficin2020
– 1ZB(Zetta byte)=109 TB(Terrabytes)
Background:Authorization&IoT
• Authorization– Accesscontrol• "CanIentertheEECSbuilding?"
– Allowing/denyingaccesstoresources– Revokingaccess(e.g.,lostIDcard)
TerraSwarm Research Center 6
• Authentication– Identifyingsomeone/something• "MemberofEECS?"
– Essentialforauthorization
Background(cont'd)
• ManyIoT platformsuseTLS(orDTLS[2])forauthentication/authorization– E.g.,AmazonAWSIoT,OpenIoT[3],OSCAR[4],etc.
TerraSwarm Research Center 7
• TLS(TransportLayerSecurity,alsocalledSSL/TLS)– UnderlyingsecurityprotocolforHTTPS–Widelyused,verysuccessfulforweb
[1]VariantofTLSoverUDP,2012"DatagramTransportLayerSecurityVersion1.2.RFC6347"[2]JohnSoldatos etal.,2015."OpenIoT:OpenSourceInternet-of-ThingsintheCloud"[3]Vucinic etal.,2015."OSCAR:ObjectsecurityarchitecturefortheInternetofThings"
Background(cont'd)
TerraSwarm Research Center 8[1]Mutton,"Certificaterevocation:WhybrowsersremainaffectedbyHeartbleed",Netcraft,April,2014[2]Duncan,"How certificate revocation (doesn’t)work inpractice",Netcraft,May,2013
• ChallengeswithusingTLSfortheentireIoT– Energyoverheadofpublic-keycrypto&certificates– Scalability(managingcertificatesfor~28billiondevices)– Revocationofcertificatescanbeproblematic[1,2]
– Limitedsupportforone-to-manycommunication
• TLSbasedonadigitalcertificate
EncryptedSecurechannel
CertificateissuedbyCA
BrowserWebServer
CertificateAuthority(CA)
Certificate Public-keycryptography
Background(cont'd)
TerraSwarm Research Center 9
– Kerberos[1]• Advantagesforaccessrevocation• Requiresstableconnection• Centralizedarchitecture
– Securitysolutionsfor"Things"• E.g.,WSN,MANETorswarmdevices• Assumehomogeneousenvironments• NotdesignedforInternetscale[2]
[1]C.Neuman etal.,2005."TheKerberosNetworkAuthenticationService(V5)".RFC4120[2]Alcaraz etal.,2010."Wirelesssensornetworksandtheinternetofthings:Doweneedacompleteintegration?"
• ChallengeswithapplyingothersecuritysolutionsKerberos
AuthenticationServer
ServiceServerClient
*Ticket:temporarytokenforaccessingservice
*
*
Source:http://www.yuden.co.jp/ut/solutions/wsn/
ProposedApproach• SST– SecureSwarmToolkit
TerraSwarm Research Center 10
– Anopen-sourcetoolkitforauthentication/authorizationoftheIoT (availableonhttps://github.com/iotauth)
ProposedApproach(Cont'd)
• SpecificgoalsofSST
TerraSwarm Research Center 11
Heterogeneity
OpenEnvironment(AccessRevocation)
Scalability
Integrationofexistingsecuritysolutions(notinventingnewones)
Locallycentralizedandgloballydistributedarchitecture
Easeofdeploymentbylocaldomainexpertsatalargescale
SST’sDesignandImplementation
• Auth[1]– Locallycentralized,globallydistributedauthentication/authorizationentity(software)
– Javaprogramtobedeployedonedgedevices[2] (e.g.,IntelIoT gateways)
TerraSwarm Research Center 12
[1]AprototypeofAuth hasbeenproposedinKimetal.,2016."ASecureNetworkArchitecturefortheInternetofThingsBasedonLocalAuthorizationEntities"[2]Lopezetal.,2015."Edge-centricComputing:VisionandChallenges”
AuthAuth
Auth
Auth
Auth
Auth
ElectricVehicle
SmartHome
Auth
Auth
Auth
Auth
MedicalCenter
SmartPowerGrid
Auth
Internet
ConferenceRoom
Factory
PersonalArea
Network
DesignandImplementation(cont'd)
• Securecommunicationaccessors
TerraSwarm Research Center 13
– Softwarebuildingblocks forsecurelyaccessingAuth andtheIoT services
– Encapsulatecryptokeys&operations– HelpIoT developerswhoarenot
securityexperts
– Formoreinformation,seehttps://accessors.org– We'restillatastartingpointandworkingonmoreaccessors!
IoT Application(Actor-orientedProgramModel)
Secure Comm Accessor
IoT ServiceAuth
CryptoKey
Encrypt&authenticate
Decrypt&verify
Message
Message
GenerateMessage
ProcessMessage
Message
– Currentlyavailableaccessors(inJavaScript)
DesignandImplementation(cont'd)
TerraSwarm Research Center 14
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
AuthSessionKeyIwanttouse
IoT Service!
EncryptedwithDistributionKeybetweenAuth andClient
• Example:HowSST(Auth andaccessors)works
DesignandImplementation(cont'd)
TerraSwarm Research Center 15
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-response
Challenge-response[1] tocheckwhetherIoT ServerhasthesameSessionKey
[1]SimilartoTLSPSKextensionbyEronen andTschofenig.2005.Pre-SharedKeyCiphersuites forTLS.RFC4279.
• Example:HowSST(Auth andaccessors)works
DesignandImplementation(cont'd)
TerraSwarm Research Center 16
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-response
SessionKey
EncryptedwithDistributionKeybetweenAuth andIoT Server
• Example:HowSST(Auth andaccessors)worksOK,Clientcanaccess
thisIoT Service.
DesignandImplementation(cont'd)
TerraSwarm Research Center 17
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-responseFinishchallenge-response
Protectedcommunicationchannelusingsessionkeyandstandardcryptography[2]
• Example:HowSST(Auth andaccessors)works
Securecommunication
[2]FollowedTLS1.2’sstandard,includingsequencenumber,encrypt-then-MAC
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
SSTforHeterogeneity
• SST’sconfigurationalternatives
TerraSwarm Research Center 18
Heterogeneity
OpenEnv.
Scalability
Moresecurityguarantees
Lessenergyoverhead
Effectofknobswillbeshownthroughexperiments!
SSTforOpenEnvironment
TerraSwarm Research Center 19
– SST'sdesigntotimelyrevoke keys(session&distributionkeys)• MustalwaysbeauthorizedbyAuth• Revocationtakeseffectimmediately
• Limitingdamagefromcompromisedentities
Heterogeneity
OpenEnv.
Scalability
– EvenwhenClientwithavalidsessionkeyiscompromised,Auth canpreventitsaccesstoIoT Server!
Client
SecureCommClient
AccessReceivedMessage
MessageToSend
Auth SessionKey
ProcessReceivedMessage
RespondToClient
SecureCommServer
IoT Service
Initiatechallenge-response
Client
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 20
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
Heterogeneity
OpenEnv.
Scalability
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 21
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
Heterogeneity
OpenEnv.
Scalability
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 22
SecurePublisherMessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
MessageBroker
Message
Message
Message Message
ThroughMQTT(publish-subscribeprotocol)
Heterogeneity
OpenEnv.
Scalability
Auth
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 23
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
UDPbroadcastoveralocalnetworkMessage
Heterogeneity
OpenEnv.
Scalability
Object(data)security(e.g.,forinformation-centricnetworks)
SSTforScalability(cont'd)
• GloballydistributedAuths (toscalewith#IoT devices)– Trustrelationshipswithoutacentralizedauthority
TerraSwarm Research Center 24
Auth Auth
Client IoT Service
Heterogeneity
OpenEnv.
Scalability
Auth
Auth Auth
Auth
AuthAuth
Auth
AuthAuthTrustrelationshipbetweenAuths
Secure communication
Evaluation:SecurityAnalysis
TerraSwarm Research Center 25
DesiredSecurityProperties• Confidentiality(ofdata)• Messageauthenticity• Dataintegrity
ThreatModel• Networkattackers
• Eavesdroporinjectpackets• CompromisedIoT Entities
• Trytobreaksecurityofothers• NocompromisedAuths
FormalSecurityModelofSST[1]• ModeledinAlloy[2] (Modelcheckingtool&language)• IncludesmodelsforAuths,entitiesandcommunicationmessages
Result:Formallyproventosatisfythesecurityproperties![1]https://github.com/iotauth/security_analysis[2]http://alloy.mit.edu/alloy/
Evaluation:ScalabilityAnalysis• Auth’s authorizationtasksinclude– CommunicationwithIoT entities andAuths– Cryptographicoperations– AccessingAuth’s database (keys,accesspolicy,etc.)
TerraSwarm Research Center 26
Accessactivityperentity↑
AuthAuth
AuthAuth
AuthAuth AuthAuth
AuthAuth
AuthAuth
NumberofIoT entities↑
Authorizationworkload↑
• Scalabilityanalysisresult:– EachAuth’s workloadisalinearfunctionof“numberofentitiesperAuth”, not
“totalnumberofentitiesinthesystem”,assumingaccessactivityperentityisfixed– Intheory,wecanalwaysscalewithincreasingentitiesbyaddingAuths accordingly
Experiments&Results
• Effectofvariousconfigurationalternatives– Estimatedenergyconsumptionforsettingupsecureconnections betweenIoT clients&IoT servers• Loggedcryptooperationsandcapturedpackets• UsedenergynumbersfromUAB[1]andSICS[2]
TerraSwarm Research Center 27
[1]UAB(UniversitatAutònomadeBarcelona),Rifa-PousandHerrera-Joancomarti.2011[2]SICS(SwedishInstituteofComputerScience),FeeneyandNilsson.2001
Client
IoT Server
Client
Client
ClientClient
Energyoverhead?
495
417
312
259
227
225
120
67 35985
642
424
327
259 45
1232
135
671967
1093
650
461
324
901
458
270
133
0200400600800
100012001400160018002000
1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞
TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP
Updated Permanent Updated Permanent Updated Permanent
TLS SST TLS SST TLS SST
16Clients 32Clients 64Clients
Energy(m
J)
Estimatedenergyconsumptionofresource-constrainedserver
Public-keycryptoSym.crypto&MACNetworkcomm.
Numberofallowedcachedsessionkeys
UnderlyingProtocolDistribution keymanagement
Numberofclients
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
Experiments&Results(cont'd)
TerraSwarm Research Center 28
• Moreresultsinourpaper!(forIoT clients)
EstimatedenergyforanIoT serverconnectedby16,32,and64clients
Moresecurityguarantees
Lessenergyoverhead
Tradeoffsforheterogeneity!
Note:TLSwasusedasareferenceandwedonotclaimthatSSTisbetterthanTLS
32
1
1
23
Experiments&Results(cont'd)
• Asenderandmultiplereceiverswithdifferentsettings
TerraSwarm Research Center 29
(1)ConnectionswithSSL/TLS (2)SharedKey+secureconnectionsbySST
(3)Sharedkey+MQTTmessagebroker
Sender
ReceiverReceiver
ReceiverSSL/TLS
Sender
ReceiverReceiver
ReceiverUDPbroadcast
ReceiverReceiver
ReceiverBrokerSender TCPTCP
Sender
ReceiverReceiver
ReceiverSSTsecureconnection
(4)Sharedkey+UDPbroadcast
:SharedsessionkeydistributedbyAuth
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
54.0
48.6
3.4
3.0
108.1
96.9
3.4
3.0
216.2
193.5
3.4
3.0
0
50
100
150
200
250
TLS ISC MB UB TLS ISC MB UB TLS ISC MB UB
16Receivers 32Receivers 64Receivers
Energy(m
J)
Estimatedenergyforsending1KBmessage
Sym.crypto&MACNetworkcomm.
Net.Setting
#receivers
Experiments&Results(cont'd)
TerraSwarm Research Center 30
Estimatedenergyforasendertosenda1KB-messagetoreceivers
TLS: (1)SSL/TLSISC:(2)IndividualSSTConnections+sharedkeyMB:(3)MQTTMessagebrokerUB:(4)UDPbroadcast
TradeoffexampleAsensornode(500mAh/1.5Vbattery)sending1KBperminuteto64receivers
Expectedbatterylife<10dayswithISC(secureconnectionsbySST)625dayswithUB(UDPbroadcast)
Image:DevDuino SensorNodeV1.3
• Moreresultsinourpaper!(forsenderinitialization)
Conclusions
• BenefitsofSST:SecureSwarmToolkit– AuthorizationforawiderangeofIoT fromsensornodestosafety-critical systems
– EnableInternet-scaledeployment withincreasingconnecteddevicesandtraffic
– HelpdeploymentofIoT securitysolutionsbysystemdesignerswithmoderateknowledgeinsecurity
– Possibleintegration withotherIoT-relatedefforts(e.g.,securingCoAP[1])
TerraSwarm Research Center 31[1]Shelbyetal.,2014."TheConstrainedApplicationProtocol(CoAP)".RFC6347
Conclusions(cont'd)
• Futurework–Mitigationagainstavailabilityattacks (e.g.,Denial-of-Serviceattacks)
– DetectionofmaliciousbehaviorofcompromisedIoT entitiesorAuth
– FurtherstudiesonusabilityofSST– EfficientinitialsetupofSST(e.g.,registeringIoTdeviceswithAuth)
• Forfurtherinformation– https://github.com/iotauth
TerraSwarm Research Center 32