Security for the Internet of Things Dominique Bolignano
Transcript of Security for the Internet of Things Dominique Bolignano
![Page 1: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/1.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 1
77, avenue Niel, 75017 Paris, France
Security for the Internet of Things Dominique Bolignano
![Page 2: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/2.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 2
Our mission
• Help our customers resolve the security challenges linked to the deployment of
connected devices
Without security: • Impossible to deploy a network of connected devices • Impossible to scale the internet of things • Impossible to trust a system to keep data private & confiden;al
![Page 3: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/3.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 3
A few recent examples of vulnerabilities affecting the IoT@Home • 04/21/2014 - DSL router patch merely hides backdoor instead of closing it
• http://bit.ly/1jC5AAu
• 10/23/2014 - All VeraLite Home Gateways share a single SSH private key stored in ROM
• http://bit.ly/1uUXmb2
• 04/07/2015 - 6 common home gateways suffer from significant or very significant security issues
• http://bit.ly/1NRy4V5
• 04/18/2015 - An OTA software update bricks Wink Hubs • http://hubfix.wink.com
• 05/20/2015 - At least 700 000 routers given by customers to ISPs are vulnerable to remote hacking
• http://bit.ly/1Gw0wcO
![Page 4: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/4.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 4
A few recent examples of vulnerabilities affecting the IoT in Industrial & Smart City • 05/08/2014 – Vulnerability in traffic-lights management systems leaves them wide open to modifications by hackers
• http://bit.ly/QyPK0G
• 12/23/2014 – Cyber-attack on German steel mill inflicts serious damage
• http://bit.ly/1t1nWF1
• 03/12/2015 - US industrial control systems attacked 245 times in 12 months
• http://1.usa.gov/1DfWPdd
• 05/11/2015 – The Open Smart Grid crypto protocol used by 4 millions smart meters revealed as “extremely weak”
• http://bit.ly/1bJ62ic
![Page 5: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/5.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 5
A few recent examples of vulnerabilities affecting the IoT in the Automotive world • 07/21/2014 - Students hack Tesla Model S, make all its doors pop open IN MOTION
• http://bit.ly/1rE7OEJ
• 02/16/2015 - 2.2M BMW cars can be unlocked with a simple smartphone
• http://on.ft.com/1evJuUb
• 20/05/2015 – Thief use jammer to prevent entire car owners to lock their car over an entire car park
• http://bit.ly/1JH28Eg
![Page 6: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/6.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 6
A few recent examples of vulnerabilities affecting the IoT in Avionics • 04/15/2015 – Security researcher Chris Roberts arrested on suspicion of hacking flying planes
• http://bit.ly/1ILeoCT
• 05/01/2015 - Boeing 787 software bug can shut down planes' generators IN FLIGHT
• http://bit.ly/1DGP4HM
![Page 7: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/7.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 7
A few recent examples of vulnerabilities affecting the Mobiles • 05/22/2015 - Factory reset memory wipe FAILS in 500 million Android smartphones
• http://bit.ly/1JH28Eg
• 04/22/2015 – "Evil" WiFi signal crashes iPhones and iPads in range, even with WiFi turned off
• http://bit.ly/1G54eZ9
![Page 8: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/8.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 8
Security is a serious matter
• Many claim to achieve security • Just because they :
• encrypt, • sign, • use TLS, • a secure element, • or even just use a Java architecture, …
• But security is much more then that,
![Page 9: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/9.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 9
On the uses of formal methods for cybersecurity • Security chain:
• Cryptographic algorithms • Secure elements (e.g. smartcards) • Cryptographic protocols • Robustness of systems to logical attacks
• Issues with errors and vulnerabilities, particularly in operating systems:
• An already alarming situation which is still degrading (e.g. the NIST database statistics).
![Page 10: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/10.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 10
The main challenge is to secure the software • Situation on the software side needs to be improved …
• For security, every default/bug in either of the architecture, design, configuration or implementation is a potential source of attack
• It is thus not possible to directly protect against attacks Oses such as iOS, Android, Linux, large RTOS ... There are issues with:
• Size of the software stack to secure • “Trusted Computing Base” (TCB) includes kernel whose size and complexity are too big
to build trust (and correctness of security properties) • A basic partial answer:
• Making weaknesses more difficult to exploit • Constraining the software
• Drawbacks: user experience and security level. • The global answer:
• Defining a security architecture with a well defined and reduced-in-scope TCB • Applying formal methods to this TCB
• Software development tools • Ability to get as close as possible to “Zero Bug”
• Ability to demonstrate security (proof and certification)
![Page 11: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/11.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 11
Prove & Run answer’s to the challenge
• ProvenTools: a patented software development tool that makes it possible to formally prove the correctness of a security component
• Specifically designed for handling complex security properties.
• Critical secure COTS ready for integration • ProvenCore : formally proven micro-kernel to protect the security of
devices at the highest level
• Proven Mobile Stack : bulletproof applicative framework to secure smartphones and tablets.
• Others: TEE, Hypervisor (ProvenVisor) and IoT solutions • Security Professional Services
• Help our customers to design/build/develop secure software and/or integrate our COTS
![Page 12: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/12.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 12
Cer;fied Secure
Administra;on (EAL7)
Prove & Run Bricks to secure IOT
ProvenVisor
S1
ARM TrustZone TM
ProvenVisor
ProvenCore
A1 A2 AN
S1 SN S1 S2 SN ProvenCore
A1 A2 AN
ProvenCore
A1 A2 AN
![Page 13: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/13.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 13
Connected devices
Isolation: Key to security architecture
CloudA
Gateways
Internet
C’1 CK
GB
Cloud B
C’K C1
GA
![Page 14: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/14.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 14
Use Cases
Android (or any rich OS) with its applica;ons
Freescale i.MX 6/i.MX 7
![Page 15: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/15.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 15
Use Cases
Android (or any rich OS) with its applica;ons
Freescale i.MX 6/i.MX 7
Infotainment Car gateway
![Page 16: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/16.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 16
Use Cases
Android (or any rich OS) with its applica;ons
Freescale i.MX 6/i.MX 7
Smart Metering
![Page 17: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/17.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 17
Use Cases
Android (or any rich OS) with its applica;ons
Freescale i.MX 6/i.MX 7
S Monitoring Maintenance
![Page 18: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/18.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 18
Use Cases
Android (or any rich OS) with its applica;ons
Freescale i.MX 6/i.MX 7
Home / Office Gateway
![Page 19: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/19.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 19
Use Cases
Android (or any rich OS) with its applica;ons
Freescale i.MX 6/i.MX 7
Industry 4.0
![Page 20: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/20.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 20
Use Cases
Android with its applica;ons
ARM TrustZone TM
ProvenCore
Linux FW/
NetFilter
FW
![Page 21: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/21.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 21
Use Cases
Android with its applica;ons
ARM TrustZone TM
ProvenCore
Linux
FW AM
Firmware update
FU
![Page 22: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/22.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 22
Android with its applica;ons
ARM TrustZone TM
ProvenCore
Linux
FW FU AM
Use Cases
Auth
![Page 23: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/23.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 23
Use Cases
Android with its applica;ons
ARM TrustZone TM
ProvenCore
Linux
FW A1 Ak
Trusted Computing Base
![Page 24: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/24.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 24
ARM TrustZone TM
Provencore
Linux
Android
Professionnal Applica;on
Personal Applica;on
Trusted Compu;ng Base
Proven Mobile Stack – Secure Smartphone (BYOD)
Personal World Professional World
Gouvernements
Fortune 500
Safety Personnel
![Page 25: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/25.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 25
Use Cases
Android (or any rich OS) with its applica;ons
HW
RTOS with its applica;ons
HW
![Page 26: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/26.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 26
Use Cases
Applica;ons
ProvenVisor
ProvenCore
RTOS
FW A1
Android with its applica;ons
Linux
HW
![Page 27: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/27.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 27
Microkernel modelling
(Stéphane Lescuyer – Vincent Siles – Benoit Montagu) Towards a Verified IsolaAon microkernel – Stéphane Lescuyer HIPEAC 01/2015
EE
![Page 28: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/28.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 28
Modelling a microkernel: Global approach
• An abstract layer recreating the behaviors of more concrete layers
• Formal properties expressed at the highest level
• Properties are more natural and simpler to understand
Abstract model
Concrete model
Proper;es
![Page 29: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/29.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 29
Modelling a microkernel: Links with security schemes
FSP
Source code
SPM
TDS
Security proper;es Security proper;es Main proper;es
✔ Proven
✔ Reviewed
✔
✔
✔
✔
✔
✔
✔
✔
![Page 30: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/30.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 30
Modelling a microkernel: Proving the source code
FSP
Source code
SPM
TDS
Security proper;es
![Page 31: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/31.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 31
Properties and Abstract Model
• Model must be as abstract as possible while capturing the desired property
• Paradigm: independent devices, each one using their own resources (code, data, memory, etc), while potentially communicating and/or sharing some resources such as memory pages, file systems, etc.
![Page 32: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/32.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 32
Separation
Sensi;ve Applicaion
TCB
EE
SPM - Stéphane Lescuyer
![Page 33: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/33.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 33
SMART development toolchain
P&R Intermediate
Language: SMIL
Source Code § Compilable § C, Java, etc.
Development environment: Eclipse plugin
Automated
CerAficaAon DocumentaAon
§ CC § DO-178 § etc.
Prover: Eclipse plugin
Generator (source code and documentation):
Eclipse plugin
![Page 34: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/34.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 34
TCB security and identification
![Page 35: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/35.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 35
Requirements identification process - Applied strategy (1/2) • Gathering experience and knowledge, step by step
• Using many formal approaches on real life use cases over many years
• Each time in a context where justifying applicability and usefulness of the project was mandatory
• Strategy (1/2): • Choose the cases where the benefit/cost ratio is favorable and the
market is representative • Cost reduction (microkernel, etc.)
• Identify or improve the TCB's definition • Reuse benefits
• Facilitate maintainability • Make Formal Methods easier to use in order to allow software
developers to use them by themselves
![Page 36: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/36.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 36
Components
q Building complex systems by composing a small number of types of components is essential for any engineering discipline.
q This confers numerous advantages such as mastering complexity, enhanced productivity and correctness through reuse
q Component composition orchestrates interactions between components. It lies at the heart of the system integration challenge.
Joseph Sifakis – Turing Award – Gérard Berry Seminar – 4th of March 2015
![Page 37: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/37.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 37
Composition
![Page 38: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/38.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 38
![Page 39: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/39.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 39
Requirements identification process - Applied strategy (1/2) • Gathering experience and knowledge, step by step
• Using many formal approaches on real life use cases over many years
• Each time in a context where justifying applicability and usefulness of the project was mandatory
• Strategy (1/2): • Choose the cases where the benefit/cost ratio is favorable and the
market is representative • Cost reduction (microkernel, etc.)
• Identify or improve the TCB's definition • Reuse benefits
• Facilitate maintainability • Make Formal Methods easier to use in order to allow software
developers to use them by themselves
![Page 40: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/40.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 40
Requirements identification process Applied strategy (2/2) • Strategy (2/2):
• Maximize benefits by targeting areas where reliability is key • Mobile security • Aeronautics • Automobile (increasing role of computers, connected cars, driverless
cars) • Smart Grids, • Industry 4.0 • Home automation • Office management • Medical systems • etc.
• Enable certification
![Page 41: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/41.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 41
Conclusions
• A very limited number of proven COTS can make it possible to increase the security level in a very significant way,
• Everything can't be modelled nor proven (hypotheses, resistance to physical attacks, properties appropriateness, unsuitable architectures, human chain, etc.) but it doesn't mean that Formal Methods is not THE right answer to the security and trust challenges of emerging open architectures
![Page 42: Security for the Internet of Things Dominique Bolignano](https://reader031.fdocuments.net/reader031/viewer/2022022220/6214e53e40e0930be235e399/html5/thumbnails/42.jpg)
Prove & Run – Security for the Internet of Things - Freescale Technology Forum 42
THANK YOU FOR YOUR TIME QUESTIONS? Prove & Run S.A.S. [email protected] 77, avenue Niel, 75017 Paris, FRANCE