Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
SESSION ID:
#RSAC
SBX1-R05
Mitigating Security & Privacy RisksIn an Interconnected World
Brian Witten, Symantec
#RSAC
2
Protection EmbeddedIn Over a Billion Connected Things
#RSACIoT betters our lives countless ways.
Already 20 Billion Microcontrollers (MCU) annually5 Billion Connected Today, 20 Billion by 2020
Smart Cities Consumer Electronics
Medical Devices Connected Cars Digital Factories
#RSAC
Quick History of Recent Events
Pipeline, Steel Mill, Critical Infrastructure, Power Grid, Cars,Hospotials
Quick History of Actual Events
Multi-KilotonPipeline Explosion
Steel Mill BlastFurnace Damaged
Cars: Digitally Stolen,Remotely Crashed
Hospitals Breachedvia Medical Devices
Large ScalePower Grids Crashed
Hundreds of CriticalInfrastructure Sites
#RSAC
5
Internet of Things (IoT) Cornerstones of Security
Protect the CommunicationsProtect the Device
Understand Your SystemManage DevicesCloud/Data
Center
Gateway
Devices& Sensors
#RSAC
$0.25
Can extremely constrained devices do serious security?
6
Early 80’s grade chip8 bit8 MHz2 k SRAM
25 seconds AA Battery: 20+ years
Leading 10 year old chips16 bit, 16 MHz30 k SRAM
3 seconds AA Battery: 20+ years
Current 32 bit chips32 bit, 84 MHz30+ k SRAM
150 ms AA: 20 years
Benchmark: ECC/ECDSA256
$0.50
#RSACProtect The Communications
7
Certificates: Over a Billion IoT devices chain to aworld class Certificate Authority (CA)
Roots of Trust: IoT “Roots of Trust” can helpidentify foreign devices
Devices& Sensors Hardware
OperatingSystems
EmbeddedSoftware
Protect theCommunicationsRequired: Authentication
Helpful: EncryptionNote: Signing “objects” can
avoid decrypt/re-encrypt burden
Crypto Libraries: Several good open-sourceand commercial options
What’s needed?
#RSAC
8
Internet of Things (IoT) Cornerstones of Security
Protect the CommunicationsProtect the Device
Security AnalyticsManage DevicesCloud/Data
Center
Gateway
Devices& Sensors
SESSION ID:
#RSAC
SBX1-R05
Internet of Everything orInternet of Evil Things?
Brian Witten, Symantec
#RSAC
10
Protection EmbeddedIn Over a Billion Connected Things
#RSACIoT betters our lives countless ways.
Already 20 Billion Microcontrollers (MCU) annually5 Billion Connected Today, 20 Billion by 2020
Smart Cities Consumer Electronics
Medical Devices Connected Cars Digital Factories
#RSAC
Quick History of Recent Events
Pipeline, Steel Mill, Critical Infrastructure, Power Grid, Cars,Hospotials
Quick History of Actual Events
Multi-KilotonPipeline Explosion
Steel Mill BlastFurnace Damaged
Cars: Digitally Stolen,Remotely Crashed
Hospitals Breachedvia Medical Devices
Large ScalePower Grids Crashed
Hundreds of CriticalInfrastructure Sites
#RSAC
Do Consumers care?
Accenture study as reported by Venture Beat: http://venturebeat.com/2016/01/04/mobile-device-sales-slow-customers-grow-wary-of-security-holes-in-connected-devices-survey-says/
(69 percent) said they know the products could potentially be hacked.
(24 percent) chose to postpone buying one as a result of security concerns.
(18 percent) said they have stopped using their IoT devices because of these concerns
#RSACWhat changed?
PC / Datacenter EraSecurity - most easily
delivered by diskor by download
IoT / Cloud EraSecurity - must be
integrated by designto be effective
#RSAC
15
Internet of Things (IoT) Cornerstones of Security
Protect the CommunicationsProtect the Device
Security AnalyticsManage DevicesCloud/Data
Center
Gateway
Devices& Sensors
#RSAC
$0.25
Can extremely constrained devices do serious security?
16
Early 80’s grade chip8 bit8 MHz2 k SRAM
25 seconds AA Battery: 20+ years
Leading 10 year old chips16 bit, 16 MHz30 k SRAM
3 seconds AA Battery: 20+ years
Current 32 bit chips32 bit, 84 MHz30+ k SRAM
150 ms AA: 20 years
Benchmark: ECC/ECDSA256
$0.50
#RSACProtect The Communications
17
Certificates: Over a Billion IoT devices chain to aworld class Certificate Authority (CA)
Roots of Trust: IoT “Roots of Trust” can helpidentify foreign devices
Devices& Sensors Hardware
OperatingSystems
EmbeddedSoftware
Protect theCommunicationsRequired: Authentication
Helpful: EncryptionNote: Signing “objects” can
avoid decrypt/re-encrypt burden
Crypto Libraries: Several good open-sourceand commercial options
What’s needed?
#RSACProtecting Devices (Boot Time)
18
Never run unsigned code.
Never trust unsigned configuration data.
Never trust unsigned data. (Period.)
Provide run-time protection for each device.
F. Ne
twor
k M
onito
r
G. S
ettin
gs
E.Cr
ypto
Libr
arie
s
D. P
rimar
y Ap
p
A. Device Drivers
B. Network Stack
C. Operating System
Pre-boot Environment
Protect the Code that Drives IoT
#RSACProtecting Devices (Run Time)
19
Whitelisting Behaviors: SandboxingWhitelisting Behaviors: SandboxingTraditional Approach: Malware BlockingTraditional Approach: Malware Blocking
Ineffective on zero-day Effective on zero day
Ensures self-protection Protects OS critical resources
Customization or separate product Protects applications from each other
Large footprint Small footprint
Signature based Behavior / policy based
Internet access required No internet access required
Reactive Proactive
#RSAC
20
Internet of Things (IoT) Cornerstones of Security
Cloud/DataCenter
Gateway
Devices& Sensors
Protect the CommunicationsProtect the Device
Security AnalyticsManage Devices
Authentication
Run Time
Boot Time
#RSACSafely & Effectively Managing IoT Devices
21
Why update devices?Industrial Systems
19 years on average
Granular UpdatesSave Battery & Bandwidth
200 x =
2,000 x =
“Build it Right Once”(Use it for Both General & Security Management)
General & Security TelemetryFunctionality & Security UpdatesConfiguration ChangesDiagnostics & RemediationNetwork Access Control (NAC)Credentials/Permissions, Policies
3 daysVulnerability Discovery Rate (Linux)
… Build in Over The Air (OTA)updates from the start
#RSAC
22
Internet of Things (IoT) Cornerstones of Security
Cloud/DataCenter
Gateway
Devices& Sensors
Protect the CommunicationsProtect the Device
Security AnalyticsManage Devices
#RSACNetwork Operator Role & Opportunity
23
Requirements
MedicalDevices
IndustrialEquipment
Products
AutomotiveModules
Suppliers
Devices
Components
Buyers
Equipment Owners &Operators
Hospitals
Automakers
#RSAC
24
Thank [email protected]
Internet of Things (IoT)Security Reference Architecture:
www.symantec.com/iot
#RSAC
25
#RSAC
Copyright © 2014 Symantec Corporation 26
Automotive ThreatsA Quick Refresher
RTOS
GSM
TCU
RTOS
I V I
Copyright © 2015 Symantec Corporation
GWCBCMECU
xxMxxMBCM
OBD2 UBIGSMCAN1
CAN2
Cellular (IP & GSM)
Cellular (IP & GSM)Physical Tampering
Other Wireless ( BT & Wifi )
Other Wireless
Vulnerabilities Announced This Summer
Supply Chain
Unauthenticated CommandsUnauthenticated Connections
No IP Port/Protocol Restrictions
InadequateCode Signing
Potential MemoryCorruption Vulnerabilities
VulnerableBrowsers/Apps
VulnerableModems
UnauthenticatedBus
TCU: Telecommunications UnitIVI: In Vehicle InfotainmentRTOS: Real Time OSECU: Engine Control UnitBCM: Body Control ModulexxM: Other ModulesCAN: Controller Area NetworkCAN1/2: Hi, Med, Lo Speed CANGWC: “gateway chip”OBD2: On Board Diagnostics portUBI: Usage Based InsuranceGSM: Global System for MobileComm’s, aka "a modem”
(Architecture Simplified for Presentation)
#RSAC
27
Cornerstones of SecurityAutomotive Vehicles
Authenticate Comm’s Manage Devices
Protect Each Module Security Analytics
OMA DM, SCOMO
Embedded (in-vehicle), GlobalCode-Signing (Boot Time)
Host-Based (Run Time)Compiler Based (No-OS)
Business Constraints:-- Consumers won’t pay for security they “assume”-- OEM & Tier 1 Suppliers: extremely thin margins-- Security $ must be < “few %” of any car/module
TCU: Telecommunications UnitIVI: In Vehicle InfotainmentRTOS: Real Time OSECU: Engine Control UnitBCM: Body Control ModulexxM: Other ModulesCAN: Controller Area NetworkCAN1/2: Hi, Med, Lo Speed CANGWC: “gateway chip”OBD2: On Board Diagnostics portUBI: Usage Based InsuranceGSM: Global System for MobileComm’s, aka "a modem”
CAMP: Crash Avoidance MetricsProgramVSC3: Vehicle Safety Comm’sHIS: Hersteller Initiative SoftwareSHE: Secure Hardware ExtensionsEVITA: E-safety Vehicle IntrusionProtected ApplicationsHSM: Hardware Security Module
OMA DM: Open Mobile Alliance(OMA) Device Management (DM)SCOMO: Software ComponentManagement Object
CAMP VSC3, HIS SHE, EVITA HSM
Copyright © 2015 Symantec Corporation
RTOS
GSM
TCU
RTOS
I V I
GWCBCMECU
xxMxxMBCM
OBD2 UBIGSMCAN1
CAN2