alljoyn
play

AllJoyn Greg Zaverucha Software Engineer, Microsoft 10 November - PowerPoint PPT Presentation

Sep 26, 2022 •420 likes •740 views

Cryptography in AllJoyn Greg Zaverucha Software Engineer, Microsoft 10 November 2015 AllSeen Alliance 1 Agenda 1. Review of AllJoyn security features 2. Authentication and security protocols 3. Comparison to Internet protocols 4. Leveraging

  1. Cryptography in AllJoyn Greg Zaverucha Software Engineer, Microsoft 10 November 2015 AllSeen Alliance 1

  2. Agenda 1. Review of AllJoyn security features 2. Authentication and security protocols 3. Comparison to Internet protocols 4. Leveraging AllJoyn crypto Talking about versions 15.04, 15.09 10 November 2015 AllSeen Alliance 2

  3. Motivation This talk will not argue that AllJoyn/IoT needs security – given. Why is AllJoyn crypto important? It’s necessary for security. Should be the “strongest link”. 10 November 2015 AllSeen Alliance 3

  4. Review of AllJoyn Security Features 4

  5. Threat Model Image source: https://allseenalliance.org/sites/default/files/developers/learn 10 November 2015 AllSeen Alliance 5

  6. Threat Model Image source: https://allseenalliance.org/sites/default/files/developers/learn 10 November 2015 AllSeen Alliance 6

  7. Threat Model • Attacker on the local network is able to interact with AllJoyn devices • Can intercept and modify packets in transit (man-in-the-middle) • Can drop and replay packets • Can compromise some of the AllJoyn devices on the network • Examples – Malware on the WiFi access point – Malicious smartphone application – Malicious device on the network • Attackers could be physically nearby or choose to telecommute 10 November 2015 AllSeen Alliance 7

  8. Security Goals • Authentication/Integrity; apps know who they are talking to and that messages are received as sent • Confidentiality; message contents are kept private • DoS resistance; attacker should not able to easily deny service • Perfect forward secrecy; compromise of an endpoint does not compromise past sessions • Security 1.0 Example • Security 2.0 Example 10 November 2015 AllSeen Alliance 8

  9. Security 1.0 Example Establish Master Secret AJ app on Derive Session Key Door Lock phone Encrypt data • Bootstrap authentication with a shared credential: password, key – Alternatively: Trust a certificate on first use, then pin it • Credential type will dictate the authentication mechanism that AllJoyn will use • Once a master secret is established, session keys are derived from it 10 November 2015 AllSeen Alliance 9

  10. Security 2.0 Example • New AllJoyn devices are in Security “claimable” state when they Manager join the network • The security manager claims Security 1.0 Protocols them and provisions certificates and policies • Certificates are used for Door Lock Phone identity and membership in security groups • Bootstrapping only required between security manager and apps 10 November 2015 AllSeen Alliance 10

  11. Authentication Mechanisms and Crypto Algorithms 11

  12. Authentication and Key Exchange Protocol Establish a secure channel in three main steps 1. Exchange GUIDs – Do we know each other? If so, do we share a master secret? (that hasn’t expired) 2. [Key Exchange] Authenticate the peer and establish the master secret Store master secret in the key store 3. Derive Session key Derive a session key from nonces and master secret 10 November 2015 AllSeen Alliance 12

  13. Key Exchange • ECDHE: Elliptic Curve Diffie-Hellman (Ephemeral) – Long term credential used for authentication only – Fresh key pair generated for each exchange • Multiple ways to authenticate key exchange – NULL: no authentication. Vulnerable to active MITM attacks – PSK: authentication by pre-shared key (PSK). Secure if PSK has high entropy (128 bits or greater) – ECDSA: authenticated with an ECDSA signature. Certificates exchanged and validated • SRP (SC only, deprecated) – Similar use cases as ECHDE_PSK, but secure with low-entropy secrets 10 November 2015 AllSeen Alliance 13

  14. Key Exchange Crypto Algorithms AllJoyn uses standard algorithms and parameters • ECDHE – As specified in SP800-56A • ECDSA – As specified in FIPS 186-4, ANSI X9.62 – Only signature algorithm in key exchange protocol and certificates • Elliptic curve parameters – EC parameters are not negotiated – Fixed to one set, the 256- bit NIST curve “P256” – Balance between performance and security 10 November 2015 AllSeen Alliance 14

  15. Certificates • Standard X.509 v3 certificates (RFC 5280) – Signature algorithm is always ECDSA – Curve parameters are always P256 – Hash algorithm is always SHA-256 – Supports PEM encoded certificates created with common tools • AllJoyn specific EKU fields indicate the certificate type – In Security 2.0 usage, there are identity and membership types • Chains typically have length two: – The security manager is the issuer/root and the app is the end-entity • Revocation is not implemented – Security manager can use policy to deny access 10 November 2015 AllSeen Alliance 15

  16. Encryption of Data in Transit • Once a session key is established, data is encrypted and authenticated • Data is protected with is AES in CCM mode (Counter with CBC- MAC, RFC 3610) – Authenticated encryption mode – Uses one key, 128-bits long, authentication tags are 128-bits as well – 112-bit IV: 32-bit counter + 96 random bits 10 November 2015 AllSeen Alliance 16

  17. Hashing and Key Derivation • All hashing is done with SHA-256 – With the exception of SRP, which uses SHA-1 • Signing & certificates • Conversation hash – A hash of all authentication protocol messages ensures integrity of the authentication conversation • Key derivation is done using the “TLS PRF” (RFC 5246, Section 5) 10 November 2015 AllSeen Alliance 17

  18. Security Level • Overall the collection of AllJoyn crypto algorithms is expected to meet the 128-bit security level – 128-bit encryption keys and authentication tags – 256-bit hash digests and elliptic curve parameters – Assuming random number generation has the same security level • Complexity of attacks should be around 2 128 operations – NIST (SP800-57) and ANSSI guidance: good until 2030 and beyond – ECRYPT: 2015 to 2040 – BSI: 2017-2021 at least (no guidance beyond 2021) – Summary of recommendations at www.keylength.com 10 November 2015 AllSeen Alliance 18

  19. Comparison to TLS and the Web 19

  20. Differences AllJoyn TLS Fixed ciphersuite Negotiate ciphersuite One set of curve parameters Negotiated One certificate signature Flexible. RSA signatures are algorithm, params. most common No protocol extensions Well-defined extension mech. New, less security review Highly scrutinized 10 November 2015 AllSeen Alliance 20

  21. Differences ( con’t ) AllJoyn TLS Static relationships with fewer Variable duration, diverse peers peers Typically a local PKI Typically global PKI (web) Mutual auth. always Typically server auth. only Renegotiation used a lot Less use of renegotiation 10 November 2015 AllSeen Alliance 21

  22. Similarities Many crypto-level similarities with TLS (as commonly deployed) Data from SSLLabs.com (September 2015) • ECDHE use with TLS on the rise – About 70% of TLS servers support ciphersuites with PFS • Use of SHA-256 for certificates preferred in TLS (71%) • Authenticated encryption modes preferred in TLS 1.3 – More AES use now that RC4 is being turned off • PRF is the same • Both use X.509 certificates • AllJoyn’s use of a master secret is similar to renegotiation in TLS 10 November 2015 AllSeen Alliance 22

  23. Leveraging AllJoyn Crypto 23

  24. Crypto Considerations when Using AllJoyn Security • AllJoyn apps shouldn’t need to design security protocols • Leverage core protocols to simplify application security design • Security 1.0 apps must – Choose the authentication mechanisms to support – Decide how to bootstrap authentication and provision credentials • Security 2.0 apps must – Have a security manager to work with – Choose between NULL and PSK auth. for first contact with security manager • Security manager should probably accept both • Apps (esp. devices) should prefer PSK 10 November 2015 AllSeen Alliance 24

  25. Certificate Validation • Security 1.0 applications must validate certificate chains with a callback – The AllJoyn core doesn’t know who the app trusts – Requires care to do well – Some API support and sample code is available • Security 2.0 uses certificates after bootstrapping and has enough information to validate certificates – The security manager installs the necessary root certificates – Applications don’t have to worry about cert validation 10 November 2015 AllSeen Alliance 25

  26. Secure Key Storage • The core library keeps cryptographic keys in a keystore • By default it lacks strong protections, since these are platform specific, e.g., – Available hardware for secure storage differs across devices – An app may rely on the platform to isolate its storage from other apps on the system • Especially important to protect the security manager keystore in Security 2.0 deployments – Security manager root key can add devices and policies to the network and grant access arbitrarily 10 November 2015 AllSeen Alliance 26

  27. Crypto Implementation Details • Standard client (SC) apps shouldn’t have to implement any crypto – Authenticated, secure channels can be established with the core library – Leverages platform crypto where possible (CNG and OpenSSL) – Also has a “built - in” option that has no dependencies 10 November 2015 AllSeen Alliance 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AllJoyn Node AllJoyn Thin Client Other Proximal or Cloud Devices 72 Device System Bridge

AllJoyn Node AllJoyn Thin Client Other Proximal or Cloud Devices 72 Device System Bridge

Any questions please contact winhectpe@microsoft.com AllJoyn Node AllJoyn Thin Client Other Proximal or Cloud Devices 72 Device System Bridge AllJoyn Common Interface Others OSS Z-Wave example Bridge Adapter

1.02k views • 33 slides
Building Internet of Things Devices with AllJoyn Ivan R. Judson @irjudson

Building Internet of Things Devices with AllJoyn Ivan R. Judson @irjudson

Building Internet of Things Devices with AllJoyn Ivan R. Judson @irjudson ivan.judson@microsoft.com IoT Service Architecture IoT Mapping Skills What's Missing? What is AllJoyn? AllJoyn is... a system that allows devices to advertise

368 views • 25 slides
The medium to enable AllJoyn applications to communicate via published APIs

The medium to enable AllJoyn applications to communicate via published APIs

Any questions please contact winhectpe@microsoft.com The medium to enable AllJoyn applications to communicate via published APIs Communication is via messages that map directly to APIs in high-level programming languages Based on

588 views • 30 slides
Privacy, AllJoyn, IoT: Why proximal networks are better JAMES KANE Co-Founder, Two Bulls 24

Privacy, AllJoyn, IoT: Why proximal networks are better JAMES KANE Co-Founder, Two Bulls 24

Privacy, AllJoyn, IoT: Why proximal networks are better JAMES KANE Co-Founder, Two Bulls 24 September 2014 AllSeen Alliance 1 Privacy concerns the information that we allow people to access and how they are allowed to use it. Security

481 views • 37 slides
Surveillance & Home Automation for the Smart Home AllJoyn and Kalay Integration Yuping

Surveillance & Home Automation for the Smart Home AllJoyn and Kalay Integration Yuping

Surveillance & Home Automation for the Smart Home AllJoyn and Kalay Integration Yuping Tseng Chief Technology Officer ThroughTek Co., Ltd. 10/15/2015 AllSeen Alliance 1 Agenda 1. Introduction About ThroughTek 2. Kalay Platform &

258 views • 25 slides
BOF: AllSeen Alliance, AllJoyn and OCF, IoTivity - Will We Find One Common Language for Open IOT?

BOF: AllSeen Alliance, AllJoyn and OCF, IoTivity - Will We Find One Common Language for Open IOT?

BOF: AllSeen Alliance, AllJoyn and OCF, IoTivity - Will We Find One Common Language for Open IOT? Art Lancaster, CTO, Affinegy http://affinegy.com @affinegyart alancaster@affinegy.com Board member, AllSeen Alliance and Chair of the Gateway

267 views • 14 slides
AllJoyn Studio accelerates development for Windows UWP Samples Universal Windows Apps are built

AllJoyn Studio accelerates development for Windows UWP Samples Universal Windows Apps are built

Servicing, reduced code size Optimized performance, full integration Reduced code size, integrated with Windows SDK AllJoyn Studio accelerates development for Windows UWP Samples Universal Windows Apps are built on the Universal Windows

577 views • 30 slides
biot Information Pipelines in IoT-Clouds Emmanuel Frcon - emmanuel@sics.se Follow us

biot Information Pipelines in IoT-Clouds Emmanuel Frcon - emmanuel@sics.se Follow us

biot Information Pipelines in IoT-Clouds Emmanuel Frcon - emmanuel@sics.se Follow us @SICS_SwedishICT Vendor Lock-in WS, API, REST, SOA Threads, AllJoyn, WoT, IoTivity CoAP, MQTT, XMPP, MQ, LWM2M Z-Wave, 6LoWPAN, ZigBee, BT(LE) IEEE

435 views • 11 slides
Device System Bridge Torsten Stein, Sr. Program Manager Artem Zhurid, Principal Development Lead

Device System Bridge Torsten Stein, Sr. Program Manager Artem Zhurid, Principal Development Lead

Device System Bridge Torsten Stein, Sr. Program Manager Artem Zhurid, Principal Development Lead Microsoft 17 October 2015 AllSeen Alliance 1 Scattered Ecosystem Challenge AllJoyn solves the technical challenge of enabling devices to

568 views • 13 slides
1 What%is%User%Authen.ca.on? 2 3 User%Authen+ca+on

1 What%is%User%Authen.ca.on? 2 3 User%Authen+ca+on

1 What%is%User%Authen.ca.on? 2 3 User%Authen+ca+on the%process%of%valida1ng%a%users%creden1als%against% what%is%saved%in%the%database Does%the%password%match%what%is%saved%in%the% database?

718 views • 14 slides
Outline CPSC 418/MATH 318 Introduction to Cryptography Recap: Authentication 1 Cryptography in

Outline CPSC 418/MATH 318 Introduction to Cryptography Recap: Authentication 1 Cryptography in

Outline CPSC 418/MATH 318 Introduction to Cryptography Recap: Authentication 1 Cryptography in Practice: Entity Authentication, SSH Entity Authentication 2 Kerberos 5 Renate Scheidler Station-to-Station protocol Department of Mathematics

297 views • 8 slides
Eduardo Barasal Morales Tiago Jun Nakamura Natal, RN | 23/08/17 IPv6 on the last mile with PPPoE

Eduardo Barasal Morales Tiago Jun Nakamura Natal, RN | 23/08/17 IPv6 on the last mile with PPPoE

Eduardo Barasal Morales Tiago Jun Nakamura Natal, RN | 23/08/17 IPv6 on the last mile with PPPoE - tutorial Agenda Motivation PPPoE SLAAC DHCPv6-PD Experiment Motivation IPv4 address exhaustion Improve the

625 views • 29 slides
WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication

519 views • 24 slides
The Making of a Secure Open Source Password Keeper from the electronics to the high-level

The Making of a Secure Open Source Password Keeper from the electronics to the high-level

The Making of a Secure Open Source Password Keeper from the electronics to the high-level software Mathieu Stephan Hello! I am Mathieu Stephan - Embedded systems engineer - Former writer for Hackaday - www.limpkin.fr - Mooltipass

913 views • 51 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Schema-Based Security in Neo4j 4.0 Louise Sderstrm About me Cypher and security

Schema-Based Security in Neo4j 4.0 Louise Sderstrm About me Cypher and security

Schema-Based Security in Neo4j 4.0 Louise Sderstrm About me Cypher and security developer @ Neo4j since 2017 Was born in the early 90s in Linkping, Sweden Engineer in Mathematics Involved in Pink Programming

782 views • 22 slides
A Mixed-Initiative System for Building Mixed-Initiative Systems Craig A. Knoblock, Pedro

A Mixed-Initiative System for Building Mixed-Initiative Systems Craig A. Knoblock, Pedro

A Mixed-Initiative System for Building Mixed-Initiative Systems Craig A. Knoblock, Pedro Szekely, and Rattapoom Tuchinda Information Science Institute University of Southern California BiddingForTravel.com Priceline ? Map Orbitz Heracles

574 views • 29 slides
SQL Introduction CS 377: Database Systems Recap: Last Two Weeks Requirement analysis

SQL Introduction CS 377: Database Systems Recap: Last Two Weeks Requirement analysis

SQL Introduction CS 377: Database Systems Recap: Last Two Weeks Requirement analysis Requirement specification Conceptual design Conceptual data model ( ER Model ) Logical design Representation data model ( Relational Model ) Physical

769 views • 42 slides
Group Lending and Enforcement October 2007 () Group lending October 2007 1 / 26 Group Lending

Group Lending and Enforcement October 2007 () Group lending October 2007 1 / 26 Group Lending

Group Lending and Enforcement October 2007 () Group lending October 2007 1 / 26 Group Lending in Theory Grameen I ("classic") 2:2:1 staggering at 4-6 week intervals 1 loan cycle = a year joint liability: formal sanctions in case

837 views • 26 slides
Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead

Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead

Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead Mark is the lead maintainer of Guardr, a suite of modules predicated around Drupal security. He is passionate about architecting systems to solve

812 views • 38 slides
Data and Process Modelling 3. Object-Role Modeling - CSDP Step 6 Marco Montali KRDB Research

Data and Process Modelling 3. Object-Role Modeling - CSDP Step 6 Marco Montali KRDB Research

Data and Process Modelling 3. Object-Role Modeling - CSDP Step 6 Marco Montali KRDB Research Centre for Knowledge and Data Faculty of Computer Science Free University of Bozen-Bolzano A.Y. 2014/2015 Marco Montali (unibz) DPM - 3.CDSP-6 A.Y.

257 views • 4 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris

Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris

Automatic Worm Defense (I) Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris worm (1988) Infected 6000 machines (10% of Internet) $10M for downtime & cleanup Whats a worm?

512 views • 13 slides
Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting applications against malicious / unauthorized actions Desktop What kind of code is executed by the application, on the client machine? Where

702 views • 33 slides
Positive TAGED with a Bounded Number of Constraints P.-C. Ham, Vincent Hugot, O. Kouchnarenko

Positive TAGED with a Bounded Number of Constraints P.-C. Ham, Vincent Hugot, O. Kouchnarenko

On Positive TAGED with a Bounded Number of Constraints P.-C. Ham, Vincent Hugot, O. Kouchnarenko {pheam,vhugot,okouchna}@femto-st.fr University of Franche-Comt DGA & INRIA/CASSIS & FEMTO-ST (DISC) July 2, 2013 Introduction

758 views • 71 slides

More recommend