The TTN volioti - ISC)2 · 2018-02-21 · 2013 Information Security Management 2014 Computer...
Transcript of The TTN volioti - ISC)2 · 2018-02-21 · 2013 Information Security Management 2014 Computer...
Heinrich Wilhelm Klöpping, MSc CISSP CCSP SCI
The TTN volioti
Is the TTN voliotithe new
móðuharðindin?And what has Hedy Lamarr to do with all that?
� 2013 Information Security Management
� 2014 Computer Security Introduction to Cryptography
� 2015 Network Security
� 2016 Digital Forensics Cybercrime
� 2017 Dissertation title: "Investigating information security for a volunteer driven IoT infrastructure", viva voce on May 11th, 2017. Passed with distinction on July 13th 2017. Top-ranking project and elected to be presented at the Distant Learning weekend in London.
5 years of study
My tips for my fellow studentsScratch your itch Seek advice from others Do your own thinking Research the technology Experiment Use what you were taught Engage with the real world Know when to stop researchingKnow when to start writing
Tip #1Scratch your itch
About my millMolen van de Groote Polder
Built in 1783.
The volcano Laki in Iceland begins an 8-month eruption starting the chain of natural disasters known as
the Móðuharðindin, killing
tens of thousands throughout Europe. .
● A third of the population of iceland dies
● horrible deaths in all Europe due to suAocation.
● Red skies, famine and the French Revolution
● UK acknowledges the US
1783 - MóðuharðindinTerrible consequences!
1783 - Móðuharðindin
The Dag of my municipality
Red skies, the beast and Ere!
Farmers selling their souls to the devil with terrible consequences!
What would infosec specialists have said?
1783 - Móðuharðindin
These farmers should have done
proper risk analysis!... or perhaps they did?
2016 - MolenOpenApp● Facilitating visitors● Map on website
shows our mills● Millers have a web
based app● Very simple interface
(red/green)● Mill status changes
(turns wings)
MolenOpenApp fails
●Miller has no smartphone
●Miller forgot to bring his phone
●Miller forgets to use the App
●Out of reach of GSM network
●Simply not simple enough..
Alternatives
●Install a lock with a switch
●Door open – switch triggers
●Message is sent to central host●Status is updated
●Door close – status update
Sending messages..
●Smack in the middle of nowhere..
●No WiFi or GSM may be available
●WiFI / GSM / SMS .. expensive
●No power may be available
Tip #2Seek advice from
others
Help!Hey Henk, check out
● a global community of (August 2017) 21980 people over 89 countries building a FREE global Internet of Things data network.
● origins of the network can be traced back to June 2015 at a Hackerspace in Amsterdam
● uses a long range and low power radio frequency protocol called LoRaWAN
● no WiFi codes and no mobile subscriptions
● limited bandwidth, (very) long range (800 km!)
2015 - The Things Network
The Things Network
application
application
application
backend
InternetInternet
The Things Network
InternetGateway East
Gateway West
= node
Gateway South
The Things Network
Node broadcast LoRaWAN messages over the LoRa radio protocol.
Gateway forwards radio transmissions to the backend.
Router manages gateway's status and schedules transmissions.
Brokers map a device to an application, forward down- and uplink messages
Network Server is LoRaWAN speciEc, handles OTAA etc.
Handler handles the data of one or more applications
The Things Network
The Things Network – NO!
●Realtime data - you can only send small packets every couple of minutes
●Phone calls - you can do that with GPRS/3G/LTE
●Controlling lights - check out ZigBee or Bluetooth
●Sending photos, NetDix - check out WiFi
●Triangulation – later, not now
The Things Network – YES!
●Long range - multiple kilometers
●Low power - can last months (or even years) on a battery
●Low cost - less than 20€ CAPEX per node, almost no OPEX
●Low bandwidth - something like 400 bytes per hour
●Coverage everywhere – install yourself..
The Things Network – Maybe
Secure?TTN has this on their “yes” list.
“128bit end-to-end encrypted”
OTAA and ABP
Devices (nodes) need an address. Over The Air Activated
“dhcp”
or
Activated By Personalisation
(because not all nodes can receive!)
Encryption
●Node – network: NwkSKey (hash)
●Node – handler (you): AppSKey
●AppKey: used for OTAA (~“DHCP”)
Replay attacks!?
Ah, no, we thought of that too!
Frame counter!
The Things Network is
Secure!“128bit end-to-end encrypted”
is suUcient after all
Tip #3Do your own
thinking
What if..● hooligans cut your cable● the better half decides to vacuum clean ● they detonate a bomb using your gateway● the routers are hacked● you are made responsible for traUc you relayed● your ISP is not amused you're using his network● an emergency call is not relayed● LI takes place● etc ...
Tip #4Research the technology
Spread spectrum
Spread spectrumSpread spectrum is a means of transmission in which the signal occupies a bandwidth in excess of the mini-mum necessary to send the information; the band spread is accomplished by means of “a code” which is independent of the data, and a synchronized reception with the code at the receiver is used for despreading and subsequent data recovery.
Code: e.g. frequency hopping, time hopping, or both.
Spread spectrumThe code used with LoRa is a “chirp” - a frequency that rises, then falls etc.Synchronisation between sender and receiver is done by sending unmodulated (preamble) chirps. Note that this can be done without having a key so this is NOT a
security control. It brings advantages: anti-interference and long range, though at relatively low data rates.
TTN data rate●Band width
●Duty cycle
●Spread factor
●Adaptive data rate (ADR)
Band width● Dictated by EU regulations
● For the 868 Mhz band, depending on channel in use
either 125 or 250 Khz
● Higher bandwidth normally corresponds to a higher
data transmission speed
Duty cycle● Dictated by EU regulations
● For the 868 Mhz band, depending on channel in use
either 0.1% or 1% of available time per node / gateway
● So: at best1 14.4 minutes transmission each day..
1) gateways might use 2 timeslots and a frequency with 10% duty cycle
Spread factor● How many bits are sent per second
● You could compare this to two people taking in a noisy
place (a bar for example). If you're far from each other,
you have to talk slow (SF10), but if you're close, you
can talk faster (SF7)
Spread factor
ADR● Nodes closer to the gateway can use less power
● Nodes closer to the gateway can transmit higher bps
● Nodes farther away use more power and longer bursts
● Rate calculated by network over last 20 transmissions
● Only for static nodes (of course..)
● Can hence be set on or oA by the node (bit in frame)
Tip #5Experiment
Gateways
Slochteren Gateway
Old and new
Lonely gateway (still)https://www.thethingsnetwork.org/map
Recap TTN
LoRaWAN features a raw maximum data rate of 27 kbps (SF=7). Depending on the SF in use, LoRaWAN data rate ranges from 0.3 kbps to 27 kbps. Duty cycle is an additional limitation. For instance, the
maximum duty-cycle of the EU 868 ISM band is 1% and it results in a maximum transmission time of 36 sec/hour in each sub-band for each end-device.
Large spreadfactors allow for longer ranges, but increase the time on air hence the mandatory silence.
Recap TTN● In practice: “only” 1-10 km
(interference, objects) ● can use adaptive data rates (ADR)
to accomodate varying signal
strengths● In EU: 868 Mhz - free frequency,
but at best 1% duty cycle. ● best used for appliances with
limited data requirements e.g.
hourly temperature
measurements, on/oA signalling,
moisture sensors etc.● cheap/quick to deploy: Greater
Amsterdam 19 gateways.
Tip #6Use what you were taught
The Things NetworkHas anybody even taken a look at stuA like:
ISO27001:2013 - ISO27002:2013 – ISO27005:2011 - ISO31000:2009 - ISO31010:2011 – ISO20922:2016 -GSMA Guidelines DHS Strategic Principles -Volunteer Management Health Check Guide -.or what is said in the Law (and whose Law) - or what the community itself might teach us?
The Things NetworkGreiners' theory on
organisational
growth.
TTN is hardly a classical company and still in its infancy
Tip #7Engage with the
real world
Meetups
Meet the management● Conversations with Laurens Slats● Met founder Wienke Giezeman● Interesting conversation
My conclusion..
Awareness?
no
Observation: encryption is not enough. And life may be at stake!
What say us infosec specialists?
2018 - Móðuharðindin again?
CIA
These cowboys should have done
proper risk analysis!
Tip #8Know when to
stop..researching and widening your scope
Tip #9Know when to
start..writing your dissertation
Volunteer driven Internet of Things infrastructure
.. a bit much, right..hence
volioti
Dissertation stuUng..
Can best practices as listed in international standards, guidelines and the Law be employed to improve the security of information in the emerging volunteer driven, decentralised, technocrat-anarchistic Internet of Things infrastructure?
Main research question
Is the TTN voliotithe new
móðuharðindin?
So, can we help TTN?
According to me: yes.
● install Risk Analysis Committee for TTN (RACOM)
● have RACOM educate itself and others on InfoSec● work on a sector speciEc standard for IoT● experiment with tools and techniques● continue search for IoT speciEc controls
● establish a clear line of command
So, can we help TTN?
According to me: yes.
● I found 391 controls that might be considered
● some of them unusual (Volunteer Health Check)
● some very standard (ISO27K)
● some brand new and very relevant (GSMA)
SpinoA
Mix and match methodHow to determine the suitability of RA devices?
● E.g. Annex B of ISO 31010:2010 contains a list of 31 risk analysis related tools, techniques and methods that might be used to (help) perform risk analysis.
● should “be justiEable and appropriate to the situation or organization under consideration”
Mix and match methodHow do we 'measure' the devices on how well they Et
(which) requirements?
Our stakeholders are mostly ignorant of the world of information security, we also appreciate that it might require hours, possibly days of education to discuss the use of just one tool, technique, methodology or standard.
SpinoA
Mix and match Method
Using the descriptions in the standard itself I established 11 overarching qualities - 'generic qualities'.
They are: easy to use, inexpensive, eUcient, Dexible, thorough / structural, capable of handling complexity, exact, scalable, stimulate imagination and creativity, provide balanced insights, and stimulate ownership.
The 31 RA devices have been rated for their support of these generic qualities using a two step semi-quantitative method inspired by risk indices (B28) and the consequence / probability matrix (B29)
Mix and match Method
● for the part in scope (organisation, department):
● one assessor assesses how well an RA device provides a generic quality (the PQ assessor),
● another assesses how well the RA device is required to provide a generic quality to classify as suitable the RQ assessor.
Mix and match Method
For each generic quality the PQ assessor determines how well a generic quality is provided by the RA-device, using a semi-quantitative scale: “well” (represents a value of 3), “somewhat” (a value of 1) or “(almost) not” (a value of 0). This value is put in the column 'class'.
Mix and match Method
Then, per class, a rank within that class is provided (rank): the quality that is best provided by the RA device gets n points (where n is the number of entries for that class) down to the quality that is less well provided by the RA device which gets 1 point. This value is put in the column 'rank'
Mix and match Method
By multiplying the class and rank, a value PQ (provided quality) per RA device is produced, which is put in the column PQ.
Mix and match Method
By multiplying the class and rank, a value PQ (provided quality) per RA device is produced, which is put in the column PQ.
Mix and match Method
Similarly we determine the EQ (probably by another assessor).
First we rate (determine class).
Then we rank within the class.
Then we multiply and hence End EQ.
Mix and match Method
● By multiplying the Provided Quality (PQ) with the Required Quality (RQ) we end up with the “Total Quality” (TQ) for a RA device.
● Sort the devices on their TQ, this provides a table of RA devices ordered by suitability for the part in scope.
Mix and match MethodMix and match Method
Mix and match MethodMix and match Method
.. and so down to..
ISO27009● Standard on how to create a sector speciEc “ISO27K”
● Statement of the obvious.. somewhat ridiculous.
● Harshly commented
ISO27009
However!
A group of volioti related volunteers could use this standard to draft a speciEc standard for their segment. This might well be a use case for the ISO 27009 standard.
And of course...
they might use my dissertation as a starting point.
Tip #10
Tips for your projectScratch your itch Seek advice from others Do your own thinking Research the technology Experiment Use what you were taught Engage with the real world Know when to stop researchingKnow when to start writing