Embed Size (px)
Citation preview
1
Leveraging on core MNOs’ assets to provide IoT Security Services IoT Security Foundation Conference 2018 Vicente Segura Gualde (vicente.seguragualde@telefónica.com)
2
IoT Security is an end to end challenge, although devices are what is new and brings new challenges
SmartM2
Communication networks IoT Service Ecosystem
Endpoint Ecosystem
User interface
Apps
Partner APIs
* Based on GSMA IoT model
Traditional IT security Known field although requires doing properly
IoT specific security challenges Must address the IoT scale and limitations
3
Key security challenges that IoT devices bring
Heterogeneity
No one size fits all solutions
Resources
Constrained devices
Dispersion
Devices can be distant and exposed to physical attacks
Long-life cycles
Devices can be working up to 15-20
years
Unclear liability
Who is liable for incidents affecting
third parties?
4
Physically
Endpoint ecosystems threats Devices threat surfaces classification
Local bus communications
Chip access
IoT Service Ecosystem
Apps
Partner APIs
Network communications
Accessible network services
Remotely
Console Access
Console Access
5
Key security requirements (and IoT security services to meet them)
Secure Credentials
Device identification
Can the device be uniquely identified and his identity verified?
IoT Threats Detection
Proper device behaviour
Is the device doing what it is supposed to do?
¿ ?
6
Comm. Module
IoT Application Endpoint
IoT Device
Secure Communications
IoT Application
IoT Service Platform
The IoT Device Authentication Challenge (over cellular connectivity)
Cellular Network
Application Layer Authentication (e.g. using Transport Layer Security (D/TLS))
Comm. Layer Authentication Comm. Layer Authentication
• Mutual authentication between device and network
• Strong OTA encryption (128 bits key AES-like in LTE) and integrity assurance
• Temporary identity to avoid device tracking • Trusted hardware (SIM)
• IPSec or MPLS VPNs • Strong encryption • Isolated from the Internet
MAIN CHALLENGE: HOW TO PROVISION, PROTECT AND MANAGE THE APPLICATION LAYER
SECURITY
UICC
Secure Credentials
7
Comm. Layer Authentication
Credentials Broker
MQTT, HTTP over TLS
Authentication Authentication
Certificates are loaded on the SIM card during device on-boarding process
Certificate signing request
Cellular Network
Comm. Module
IoT Application Endpoint
IoT Device
UICC
Secure Communications
IoT Application
IoT Service Platform
Secure Credentials: “Simplifying the management of IoT device credentials leveraging on MNO core assets”
Comm. Layer Authentication
Secure Credentials
8
Comm. Module
IoT Application Endpoint
IoT Device
Secure Communications
IoT Application
IoT Service Platform
IoT Devices are exposed to physical and remote attacks that make them act in an unexpected way
Cellular Network
UICC
IoT Threats Detection
Internet and other networks
9
IoT Honeypots IoT Honeypots
IoT Threats Detection: “Leveraging on the network to detect anomalies and protect devices from threats”
Comm. Module
IoT Application Endpoint
IoT Device
Secure Communications
IoT Application
IoT Service Platform
Cellular Network
UICC
Internet and other networks
IoT Threats Detection
IoT Honeypots
Network traffic
Cyberintelligence Device profiling
Anomaly detection
Threat Detection
IoT Threats Detection
10
Key takeaways
IoT Security requires an E2E approach in which service platforms are the conventional component (but must not be forgotten) and devices are boxes of surprises
Risk analysis is a key preliminary tool for identifying the security requirements in a sector in which of use cases and the lack of IoT device platforms consolidation prevails
Cellular networks play a central role in IoT connectivity that can be extended to overcome device limitations and to complete what is missing in the service platforms
11
Q&A
Q A
13
Icons from www.flaticon.com: Wifi free icon, Car free icon, Pressure free icon made by Vectors Market Smoke detector made by mynamepong Id card, Like free icon, Time free, Hacker free icon made by Smashicons Wifi free icon made by Alfredo Hernandez Maps and Flags, Mallet made by Freepik Anonymous by free icon
Image Credits
