Secure Internet of Things Project - Stanford Computer Forum · 2016-04-25 · Secure Internet of...

Secure Internet of Things Project

Philip Levis, Stanford

Computer Forum Internet of Things WorkshopApril 14, 2016

Stanford University

1

Secure Internet of Things Project (SITP)

The Internet of Things (IoT)

2


A Security Disaster

31http://fortifyprotect.com/HP_IoT_Research_Study.pdf

• HP conducted a security analysis of IoT devices1

▶ 80% had privacy concerns▶ 80% had poor passwords▶ 70% lacked encryption▶ 60% had vulnerabilities in UI▶ 60% had insecure updates


Securing the Internet of Things

• Secure Internet of Things Project▶ 5 year project (just started second year)▶ 12 faculty collaborators▶ 3 universities: Stanford, Berkeley, and Michigan

• Rethink IoT systems, software, and applications from the ground up

• Make a secure IoT application as easy as a modern web application

4


This Talk

• Technology trends: why today?• Security: why is it so hard?• Research: what we’re doing

▶ Architectural principles▶ A brief overview of talks today

5

Secure Internet of Things Project (SITP) 615.iii.2005 Stanford Interview Talk 2

The EmNets Vision•  “Information technology (IT) is on the verge of

another revolution… The use of EmNets [embedded networks] throughout society could well dwarf previous milestones.” 1

•  “The motes [EmNet nodes] preview a future pervaded by networks of wireless battery-powered sensors that monitor our environment, our machines, and even us.” 2

1 National Research Council. Embedded, Everywhere, 2001.2 MIT Technology Review. 10 Technologies That Will Change the World, 2003.


Two Game-Changers

7

• ARM Cortex M series▶ First released 2004▶ Ultra-low power 32-bit processor▶ 8-96kB of RAM, 64-512kB code flash▶ Sleep currents recently dropped <1µA

• Bluetooth Low Energy▶ First released in 2006▶ Send a 30 byte packet once per second,

last for a year on a coin cell battery▶ Support was weak until Apple

incorporated into iBeacon, now all major smartphones include it


Example Part: nRF51822

• Cortex M0+ with integrated 2.4GHz transceiver▶ Supports Bluetooth Low Energy▶ Two models: 32kB/256kB or 16kB/128kB

• DigiKey cost for 25,000: $1.99

8


This Talk



9


Secure Internet of Things 23

Obj-C/C++, Java, Swift, Javascript/HTML

embedded C(ARM, avr, msp430)

ZigBee,ZWave,

Bluetooth,WiFi

3G/4G,TCP/IP

Ruby/Rails,Python/Django,J2EE, PHP, Node.js

IoT Security is Hard

• Complex, distributed systems▶ 103-106 differences in resources across tiers▶ Many languages, OSes, and networks▶ Specialized hardware

• Just developing applications is hard• Securing them is even harder

▶ Enormous attack surface▶ Reasoning across hardware, software, languages, devices, etc.▶ What are the threats and attack models?

• Valuable data: personal, location, presence

• Rush to development + hard ➔ avoid, deal later10


This Talk



11


Architectural Principles

• Longevity: these systems will last for up to 20 years and their security must too.

• Transparency: we must be able to observe what our devices are saying about us.

• End-to-end: consider security holistically, from data generation to end-user display.

12






13

Secure Internet of Things Project (SITP) 14


1995: SSL 0.2

15


Flexible Crypto Hardware

• Devices need to be able to support ciphers that are used 20 years from now

• Add extensible cryptographic accelerator: silicon is cheap and BLE dominates the SoC

• Designing a 20-year crypto processor▶ Symmetric crypto: S-boxes and vectors, an instruction set▶ Public key crypto: several very different constructions▶ What if quantum computers are real in 20 years?

• There is often unused micro controller die area

16


CESEL

17

MCU Core(Cortex M)

Mem

ory bus

Vector arithmetic S-Boxes

Polynomial mult.

ECC co-processor

RNG/CTR

R-LWEProcessor

Fasthash function

Symmetric ciphers

ECC public-key operations Post-quantum public key

RNG, atomic counter SHA-2, SHA-3

11:20 - 11:40, Kevin Kiningham


Random Numbers

18

MCU Core(Cortex M)

Mem

ory bus

Vector arithmetic S-Boxes

Polynomial mult.

ECC co-processor

RNG/CTR

R-LWEProcessor

Fasthash function

Symmetric ciphers

ECC public-key operations Post-quantum public key

RNG, atomic counter SHA-2, SHA-3

11:40 - 12:00, Ben Lampert


Tock: A Secure, Embedded OS

• Written in Rust, a type-safe systems language▶ Microkernel design▶ Kernel has small trusted base of unsafe code▶ Applications can load safe kernel modules for drivers

• Applications can be written in any language▶ System call interface requires applications allocate memory for

kernel calls▶ Kernel can grant direct register access (CortexM MPU operates

at 32 byte granularity)

• Systems challenges▶ Concurrency models▶ Event-driven memory safety

19

Code

Memory Mapped I/O

Second App Memory

Kernel Stack

First App Memory

App code

App specificKernel memory

TRNG

low address

high address

11:00 - 11:20, Amit Levy






20


Model Today

21

• Transport-layer security (TLS) between devices and cloud services

• Internet applications: we control one end point▶ Can install new certificates, observe data

• IoT applications: we are a transit network▶ Can’t see or control what happens on either end


Intrusion Detection

• How do we build an intrusion detection system for our smart home?▶ Can’t see what data our devices are transmitting▶ They could be compromised and we’ll never know

• Enterprises solve this by installing new certificates on endpoints, allow IDS to look inside TLS, filter trojan horses from email, etc.▶ We don’t control these devices, can’t install new certificates

22


TLS - Rotate and Release

23

auditor

• Transport Layer Security - Rotate and Release

• A trusted auditor▶ can decrypt all traffic▶ but not forge traffic (hard part!)

• Four operating modes that together are compatible with all versions of TLS

10:00 - 10:20, Judson Wilson Keith Winstein






24


Applications!

• Applications drive and inform all this research

• Water conservation in a Stanford dorm▶ Holly Chiang, 2:30 - 2:50

• Wearable, smart technology in everyday objects▶ Joanne Lo, 2:50 - 3:10

• Personal telepresence in the home▶ Meghan Clark, 3:10 - 3:30

25

2:30 - 2:50, Holly Chiang

2:50 - 3:10, Joanne Lo

3:10 - 3:30, Meghan Clark


Ravel Framework• Write a distributed model view controller pipeline

▶ Models, views, controllers. transforms. and spaces

26

1:55 - 2:15, Laurynas Riliskis


Device Generation

• Applications involve software and hardware▶ Embedded devices are application specific

• Hardware/software boundary is difficult▶ Refining a design is easier than writing from scratch

• Idea: generate a prototype device from software specification, allow a programmer to tweak

• Two problems▶ How does one compile the embedded device?▶ Compiler must have a library of components to use:

where does it come from?

27

1:15 - 1:35, Rohit Ramesh 1:35 - 1:55, Luke Hsiao


Securing Middleboxes

• All networks today depend on middleboxes▶ Firewalls, optimizers, NATs, intrusion detection▶ The IoT will be no different

• Outsourcing this functionality into the cloud has many advantages▶ Simplicity, management, aggregation: network as a service

• Is it possible to securely outsource this functionality (perform it on encrypted data)?

28

10:20 - 10:40, Chang Lan


Day’s Schedule

29

8:30am - 9:30am welcome and check-in9:30am - 9:40am Introductions:The IoT Revolution and Our Research in IoT9:40am - 10:00am Secure Internet of Things Project10:00am - 10:20am Auditing IoT Communications with TLS-RaR10:20am - 10:40am Embark: Securely Outsourcing Middleboxes to the Cloud10:40am - 11:00am break11:00am - 11:20am Tock, a Secure Embedded Operating System11:20am - 11:40am Hardware Support for Long-Term Cryptographic Flexibility11:40am - Noon A Fast, Cheap, High-Entropy Source for IoT DevicesNoon - 1:15pm lunch1:15pm - 1:35pm Embedded Device Generation: Turning Software into Hardware1:35pm - 1:55pm Automatically Building a Component Library from Datasheets1:55pm - 2:15pm Programming IoT Applications with Ravel2:15pm - 2:30pm break2:30pm - 2:50pm An Energy-Harvesting and Reliable Water Flow Sensor2:50pm - 3:10pm Incognito Wearables: Seamlessly Incorporating Fashion and Function3:10pm ; 3:30pm The Haunted House: Virtual Shared Living over a Home-to-Home

Network, 3:30pm - 3:45pm break3:45pm - 4:15pm Innovation in a Post Moore's Law World: Another View of IoT4:15pm - 6:00pm reception

overviewnetworks

systems

programs

applications

looking forward


Why Now?

• Technology has just reached the tipping point▶ BLE, iBeacon▶ Cortex M series▶ Sensors▶ Harvesting circuits

• We've been waiting▶ Leaders in prototyping, cryptographic computation, IoT

networking, secure systems, analytics, and hardware design▶ What are the threats? Application attackers?

• But it's still early enough▶ Most big applications haven't been thought of yet▶ Let's not repeat the web (as good as it is for publications)

30


Thank you!

31

SystemX Alliance

State Farm

Secure Internet of Things Project - Stanford Computer Forum · 2016-04-25 · Secure Internet of...

Documents

Transcript of Secure Internet of Things Project - Stanford Computer Forum · 2016-04-25 · Secure Internet of...