Addressing the threats of IoT Hans de Jong Technology Lead for - - PowerPoint PPT Presentation
Addressing the threats of IoT Hans de Jong Technology Lead for Security Innovation & Fellow Head of NXP Product Security Incident Response Team (NXP PSIRT) NXP Semiconductors, Eindhoven # dSymp dcypher Symposium 2017 | Oct 4th Media Plaza
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
Hans de Jong Technology Lead for Security Innovation & Fellow Head of NXP Product Security Incident Response Team (NXP PSIRT) NXP Semiconductors, Eindhoven
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
– Otherwise people will not trust it and not buy it
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
Logical attacks = rem ote attacks? Make use of software errors in the IoT device Physical attacks = local attacks? Make use of physical vulnerabilities in the IoT device
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
Logical attacks = rem ote attacks? Make use of software errors in the IoT device Physical attacks = local attacks? Make use of physical vulnerabilities in the IoT device
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
Aim to protect against any remote attack (logical & physical).
Reason: they can be scripted and executed by laymen.
Aim to protect against any local logical attack if an attacker can have local access. Same reason.
(Only needed if attacks can do more harm than to the attacker alone)
Make a trade-off between investment in the attack and value to be gained / damage done (at any point during the lifetime)
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
that may give attacker full control over the device.
– Boot protection – Lifecycle protection (avoid getting back to debug mode) – Protection of keys – Protection of usage of the keys (access control)
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
– See previous slides
– Without a truck-roll whenever possible.
– Use diversified keys (different keys per device and per purpose): breaking one device does not break the system. – Limit the bandwidth for DNS requests
* The last two require a secure anchor in the device.
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
– Run keys, crypto and essential functions on a different core.
– Plan for enough capabilities (e.g. memory, crypto, processing) during the foreseen lifetime.
provided and the support lifetime is stated in the contract.
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
Security certification – WHY?
Product A Product B Product A Product B
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
banking cards), there is Common Criteria certification
– Security lab evaluates the product for weeks and gives points for any attack found (e.g. for time, knowledge and equipment needed). – Attack with the lowest amount of points determines the security of the product. – When above a threshold, a Certification Body will issue a certificate.
– With fast product life cycles. – With many security updates during its life time.
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
What does Common Criteria as a standard say?
Lab Cert Body CC for smartcards Lab Cert Body What CC allows What CC allows Private Cert Body CC for smartcards Public Cert Body
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
What does Common Criteria as Standard Say?
CC for smartcards What CC allows Interviews / Workshops What CC allows Very formal documentation CC for smartcards
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
What does Common Criteria as Standard Say?
CC for smartcards Waterfall Approach What CC allows Agile Approach
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
that cannot deal well with product updates.
– Set up of a commercial Certification Body
– For IoT, keep the product assessment by an independent lab, but let the paradigm of a static “one time assessment only” shift towards assurance via continuous oversight
– Reduction of evaluation formalisms and tedious documentation
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
– When code can be taken from one device, it can sooner lead to finding remotely exploitable vulnerabilities. – Also consider brand damage and IP theft.
– Note that the key has to be on the device – So it is obfuscation – Makes attacks more difficult
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
principle, …
but Kerchhoff did not consider millions of devices with fixed ROM code in the field which are not updatable.
– There always has to be some code in ROM
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge
– Some always, some depending on value to protect – Scope: the entire life time of the device
– An update service for security patches – A minimum period that devices will be maintained – Certified devices
# dSymp dcypher Symposium 2017 | Oct 4th Media Plaza Utrecht | connects cybersecurity knowledge