auditing iot communications with tls rar
play

Auditing IoT Communications with TLS-RaR Judson Wilson, Henry - PowerPoint PPT Presentation

Dec 24, 2023 •314 likes •971 views

Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University Auditing Standard Devices MITM Used for: security audit automated exfiltration

  1. Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University

  2. Auditing Standard Devices MITM Used for: ● security audit ● automated exfiltration detection ● automated intrusion detection

  3. IoT is Different MITM

  4. Troubling Facts 1) We have no way to audit IoT communications, so we must trust companies to do what they claim.

  5. Troubling Facts 1) We have no way to audit IoT communications, so we must trust companies to do what they claim. 2) Respected Companies Have Misrepresented Their Actions Google “Google's iPhone Tracking, Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy.” WSJ, Feb. 17, 2012. Volkswagen “Volkswagen Admits to Cheating on U.S. Emissions Tests,” Bloomberg, Sept. 18, 2015 …

  6. MITM does have problems. Attack! Attack! MITM

  7. MITM does have problems. MITM

  8. Overview ● Setting ● Technical Problem ● Our Scheme: TLS RaR – Main Idea – Corner Cases ● Secure Key Release ● Clean Shutdown ● Evaluation ● Related Work ● Conclusions

  9. Different Parties, Different Concerns Potential concerns of IoT device company: ● Prevent tampering, back doors ● Prevent usage of device on other services ● Solution that is easy to incorporate. ● Protecting customer data Customer's concerns: ● Desire an accurate audit, as good as MITM ● Preserve privacy

  10. Compromise: Replace MITM with passive, read only auditors. Main Channel Enable: Audit Box ● security audit ● automated exfiltration Audit Box detection ● automated intrusion detection

  11. The Technical Problem: Create a method for passive, read only auditing of TLS-protected communication, to replace the man in the middle method. In other words: Remove the TLS barrier from a communications audit.

  12. Overview ● Setting ● Technical Problem ● Our Scheme: TLS RaR – Main Idea – Corner Cases ● Secure Key Release ● Clean Shutdown ● Evaluation ● Conclusions

  13. TLS-RaR: Rotate and Release

  14. Device to Cloud TLS Time Handshake AES-GCM Encrypted Session Begin TCP Connection Enter TLS Session

  15. Device to Cloud TLS Time Handshake Handshake AES-GCM AES-GCM Begin TCP Connection Enter TLS TLS 1.2: Renegotiate or Resume Session TLS 1.3: KeyUpdate

  16. Device to Cloud TLS With a Twist Time Rotate Keys Reconnect, Handshake AES-GCM AES-GCM Renegotiate, Resume or KeyUpdate Epoch 0 Epoch 1

  17. Device to Cloud TLS With a Twist Time Rotate Keys Reconnect, Handshake AES-GCM AES-GCM Renegotiate, Resume or KeyUpdate Epoch 0 Epoch 1 Release Previous Epoch (0) Key

  18. Nice Properties ● Audit box's decryption yields the same stream of data as endpoints' SSL_read() calls, but delayed ➔ Audit matches what was received

  19. Nice Properties ● Audit box's decryption yields the same stream of data as endpoints' SSL_read() calls, but delayed ➔ Audit matches what was received ● Format of TLS on the wire is not changed ➔ Easy to reason about security of the protocol ➔ Easy to adopt

  20. Nice Properties ● Audit box's decryption yields the same stream of data as endpoints' SSL_read() calls, but delayed ➔ Audit matches what was received ● Format of TLS on the wire is not changed ➔ Easy to reason about security of the protocol ➔ Easy to adopt ● For some existing servers no change is necessary ➔ Really easy to adopt

  21. Nice Properties ● Audit box's decryption yields the same stream of data as endpoints' SSL_read() calls, but delayed ➔ Audit matches what was received ● Format of TLS on the wire is not changed ➔ Easy to reason about security of the protocol ➔ Easy to adopt ● For some existing servers no change is necessary ➔ Really easy to adopt ● Minimal change to OpenSSL on the device ➔ Easy to reason about security of the implementation ➔ Easy to adopt

  22. Overview ● Setting ● Technical Problem ● Our Scheme: TLS RaR – Main Idea – Corner Cases ● Secure Key Release ● Clean Shutdown ● Evaluation ● Conclusions

  23. Key Release Procedure: Straw Man Device Audit Box A Audit Box C Audit Box B Device simply distributes key to Audit Boxes.

  24. Key Release Procedure: Straw Man Device Evil Audit Box Audit Box C Audit Box B Src: IoT Device Dst: Server “SUSPICIOUS DATA”

  25. Sealed-History Key Release h = Hash(records) σ = Sign(epoch, key, h) Device h, σ h, σ h, σ Audit Box A Audit Box C Audit Box B Cryptographic Hashes and Signatures ensure integrity to the auditors.

  26. Overview ● Setting ● Technical Problem ● Our Scheme: TLS RaR – Main Idea – Corner Cases ● Secure Key Release ● Clean Shutdown ● Evaluation ● Conclusions

  27. Connection Shutdown: Straw Men 1) Device naively releases key after disconnecting

  28. Connection Shutdown: Straw Men 1) Device naively releases key after disconnecting Attack: Auditors use key to append data to IoT device-to-server stream.

  29. Connection Shutdown: Straw Men 1) Device naively releases key after disconnecting Attack: Auditors use key to append data to IoT device-to-server stream. 2) Device doesn't release key after disconnecting

  30. Connection Shutdown: Straw Men 1) Device naively releases key after disconnecting Attack: Auditors use key to append data to IoT device-to-server stream. 2) Device doesn't release key after disconnecting Problem: Auditor can't decrypt the last epoch.

  31. Clean Connection Shutdown Clean shutdown: IoT application ensures the last key encrypting data is not useful (e.g. authenticated acknowledgment), then securely releases the key. TLS's close_notify is probably good enough.

  32. Clean Connection Shutdown Clean shutdown: IoT application ensures the last key encrypting data is not useful (e.g. authenticated acknowledgment), then securely releases the key. TLS's close_notify is probably good enough. Unclean shutdown results in unauditable final epoch .

  33. Clean Connection Shutdown Clean shutdown: IoT application ensures the last key encrypting data is not useful (e.g. authenticated acknowledgment), then securely releases the key. TLS's close_notify is probably good enough. Unclean shutdown results in unauditable final epoch . Note: Unclean shutdown can be caused by hardware/network failure or actions by IoT device, cloud server, and unauthenticated third parties.

  34. Overview ● Setting ● Technical Problem ● Our Scheme: TLS RaR – Main Idea – Corner Cases ● Secure Key Release ● Clean Shutdown ● Evaluation ● Conclusions

  35. Alexa Top 1,000,000 Compatibility Survey Fraction of Servers* Rotation by Reconnect 54.2% Rotation by Renegotiation 12.2% Rotation by Resume (requires heartbeat) 0.5% *Includes only the ≈400,000 servers that support HTTPS and keep-alive, January, 2016.

  36. Performance Impact Completion time for 1000 simulated sequential downloads of a 100kB resource, over a 24 Mbps link with 100 ms latency: Takeaway : In the worst case scenario (unlikely in IoT), epoch lengths can be chosen for minimal impact.

  37. Overview ● Setting ● Technical Problem ● Our Scheme: TLS RaR – Main Idea – Corner Cases ● Secure Key Release ● Clean Shutdown ● Evaluation ● Conclusions

  38. Conclusions ● Auditing the IoT is important, but not presently possible.

  39. Conclusions ● Auditing the IoT is important, but not presently possible. ● Allowing a read only audit is a potential compromise.

  40. Conclusions ● Auditing the IoT is important, but not presently possible. ● Allowing a read only audit is a potential compromise. ● TLS RaR is a technical solution with these nice properties: – SSL_read() returns same data for all trusted viewers – format of TLS on the wire is not changed – no changes for some servers – minimal change to OpenSSL on the device

  41. Conclusions ● Auditing the IoT is important, but not presently possible. ● Allowing a read only audit is a potential compromise. ● TLS RaR is a technical solution with these nice properties: – SSL_read() returns same data for all trusted viewers – format of TLS on the wire is not changed – no changes for some servers – minimal change to OpenSSL on the device Questions? Judson Wilson judsonw@stanford.edu

  42. Backup Slides

  43. Security Properties ● Present-Moment Integrity ➔ Main channel's end-to-end integrity is preserved ● Present-Moment Secrecy ➔ Auditors can't decrypt traffic until after a key release.

  44. Security Properties ● Present-Moment Integrity ➔ Main channel's end-to-end integrity is preserved ● Present-Moment Secrecy ➔ Auditors can't decrypt traffic until after a key release. ● Past Auditability ➔ Auditors can decrypt previously observed records for which they have the key, or return “fail.”

  45. Security Properties ● Present-Moment Integrity ➔ Main channel's end-to-end integrity is preserved ● Present-Moment Secrecy ➔ Auditors can't decrypt traffic until after a key release. ● Past Auditability ➔ Auditors can decrypt previously observed records for which they have the key, or return “fail.” ● Audit Robustness ➔ Auditors cannot be convinced that a forgery (possibly from another auditor) came from one of the endpoints.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Auditing Communications Act, Accounting, & NFFS Requirements O ffice of I nspector G eneral

Auditing Communications Act, Accounting, & NFFS Requirements O ffice of I nspector G eneral

Auditing Communications Act, Accounting, & NFFS Requirements O ffice of I nspector G eneral PMBA Presentation May 2016 Background Station audits routinely identify non-compliance issues with Communications Act, accounting, & Non-Federal

318 views • 17 slides
Remarks on Auditing, Regulatory Auditing and Regulatory Auditing Strategy Prof. Dr. Horst

Remarks on Auditing, Regulatory Auditing and Regulatory Auditing Strategy Prof. Dr. Horst

Remarks on Auditing, Regulatory Auditing and Regulatory Auditing Strategy Prof. Dr. Horst Frankenberger University of Applied Sciences Lbeck SG 4: Auditing - Lbeck 16.09.2002 1 Remarks on Auditing, Regulatory Auditing and Regulatory

305 views • 16 slides
DANFOSS AUDITING SYSTEM May15-02 Responsibilities Jamie Countryman (SE) - Team Lead Zach

DANFOSS AUDITING SYSTEM May15-02 Responsibilities Jamie Countryman (SE) - Team Lead Zach

DANFOSS AUDITING SYSTEM May15-02 Responsibilities Jamie Countryman (SE) - Team Lead Zach Carlson (SE) - Web Master, Key Concept Holder Mitch Valenta (CPRE) - Communications May 15-02 Problem Auditing done on paper

578 views • 26 slides
Auditing Chapter 25 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 25-1

Auditing Chapter 25 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 25-1

Auditing Chapter 25 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 25-1 Outline Overview What is auditing? What does an audit system look like? How do you design an auditing system? Auditing mechanisms

1.4k views • 88 slides
THE AUDITING OF SOCIAL ACCOUNTS SOME GENERAL CONSIDERATIONS INDEPENDENT AUDITING (with

THE AUDITING OF SOCIAL ACCOUNTS SOME GENERAL CONSIDERATIONS INDEPENDENT AUDITING (with

16/11/2012 THE AUDITING OF SOCIAL ACCOUNTS SOME GENERAL CONSIDERATIONS INDEPENDENT AUDITING (with certification) OF SOCIAL ACCOUNTS A DEBATE (CONSIDERING IN THIS CASE ONLY ITALY): A) ONLY VOLUNTARY B) COMPULSORY BY LAW 1

322 views • 7 slides
Auditing in the Public Interest Auditing in the Public Interest Victorian Government

Auditing in the Public Interest Auditing in the Public Interest Victorian Government

Victorian Auditor-Generals Office Auditing in the Public Interest Auditing in the Public Interest Victorian Government Solicitors Office Seminar 30 May 2007 Des Pearson - Auditor-General 1 Auditing in the Public Interest Personal

352 views • 20 slides
INNOVATIVE SOLUTIONS MEETING EXPECTATIONS Locations & Projects Auditing Auditing

INNOVATIVE SOLUTIONS MEETING EXPECTATIONS Locations & Projects Auditing Auditing

INNOVATIVE SOLUTIONS MEETING EXPECTATIONS Locations & Projects Auditing Auditing and assurance plays a crucial part of ensuring the safety and integrity of any diving system as well as ensuring safe and efficient diving

185 views • 14 slides
Why Data Auditing is Important Arizona State Public Health Laboratory April 2019 Objectives

Why Data Auditing is Important Arizona State Public Health Laboratory April 2019 Objectives

Why Data Auditing is Important Arizona State Public Health Laboratory April 2019 Objectives Define data auditing Explain the importance of data auditing Data Auditing What does data mean to you? What is data auditing? When

648 views • 33 slides
Auditing : the good, the bad and the ugly A. Feinberg 14 Sep 2017 1 I must pay a debt of

Auditing : the good, the bad and the ugly A. Feinberg 14 Sep 2017 1 I must pay a debt of

Auditing : the good, the bad and the ugly A. Feinberg 14 Sep 2017 1 I must pay a debt of gratitude to DeWitt Beeler, who in an article published in the 1999 May Issue of Quality Progress provided me with a fresh look at auditing and

557 views • 41 slides
How would the emerging technology affect the future of auditing? AC4342 Auditing S01 Group 4

How would the emerging technology affect the future of auditing? AC4342 Auditing S01 Group 4

How would the emerging technology affect the future of auditing? AC4342 Auditing S01 Group 4 54818800 CHAN Shu Wah 54791726 IP Sunny 54814013 WAN Chun Fai 54808805 YIU Ho Fung How would the emerging technology affect the future of

672 views • 54 slides
Auditing large-scale medical terminologies, with a focus on SNOMED CT Ronald Cornet PhD Dept.

Auditing large-scale medical terminologies, with a focus on SNOMED CT Ronald Cornet PhD Dept.

Auditing large-scale medical terminologies, with a focus on SNOMED CT Ronald Cornet PhD Dept. of Medical Informatics Academic Medical Center University of Amsterdam Outline Background Types of Auditing Logic-based Auditing

245 views • 21 slides
School Equipment Auditing System(SEAS) Mr.Anuwat Shutanaruk 5522800556 Mr.Thanapon Areewattana

School Equipment Auditing System(SEAS) Mr.Anuwat Shutanaruk 5522800556 Mr.Thanapon Areewattana

School Equipment Auditing System(SEAS) Mr.Anuwat Shutanaruk 5522800556 Mr.Thanapon Areewattana 5522791896 Objective To make auditing system more efficient we develop the new auditing system version. Motivation Old style of search or tracking

852 views • 8 slides
1 State Single Audit Requirements In accordance with federal requirements, beginning in

1 State Single Audit Requirements In accordance with federal requirements, beginning in

Compliance Auditing Update Compliance Auditing Update NC Local Government Auditing, Reporting and Review NC Local Government Auditing, Reporting and Review June 14, 2016 June 14, 2016 Uniform Guidance Overview Course Objectives- Uniform

435 views • 25 slides
Auditing SDGs SUSTAINABLE DEVELOPMENT GOALS What value do SAIs add to the implementation of

Auditing SDGs SUSTAINABLE DEVELOPMENT GOALS What value do SAIs add to the implementation of

SAIs making a difference by AUDITING Auditing SDGs SUSTAINABLE DEVELOPMENT GOALS What value do SAIs add to the implementation of Agenda 2030 ? Urge national governments into action if there isnt any. Independent oversight on the

203 views • 17 slides
Auditing the European room Auditing the European room air- conditioning systems and potential

Auditing the European room Auditing the European room air- conditioning systems and potential

Auditing the European room Auditing the European room air- conditioning systems and potential air- conditioning systems and potential energy savings energy savings Daniela Bory Centre for energy and process Mines de Paris - France ECEEE

351 views • 19 slides
Standards on Auditing (SAs) Presented By C.A. Abhijit Sanzgiri 22/12/2018 CA Abhijit Sanzgiri

Standards on Auditing (SAs) Presented By C.A. Abhijit Sanzgiri 22/12/2018 CA Abhijit Sanzgiri

Documentation requirements under Standards on Auditing (SAs) Presented By C.A. Abhijit Sanzgiri 22/12/2018 CA Abhijit Sanzgiri Standards on Auditing Ensures information in FS is of high quality & acceptable worldwide Formulated by AASB

1.15k views • 89 slides
Computational Semantics: More Calculus -calculus Recap NLTK semantics operations Scott

Computational Semantics: More Calculus -calculus Recap NLTK semantics operations Scott

Computational Semantics: More Calculus Scott Farrar CLMA, University of Washington far- rar@u.washington.edu Computational Semantics: More Calculus -calculus Recap NLTK semantics operations Scott Farrar Type theory CLMA,

893 views • 71 slides
Earley algorithm Earley: introduction Example of Earley algorithm Scott Farrar CLMA,

Earley algorithm Earley: introduction Example of Earley algorithm Scott Farrar CLMA,

Earley algorithm Scott Farrar CLMA, University of Washington far- rar@u.washington.edu Earley algorithm Earley algorithm Earley: introduction Example of Earley algorithm Scott Farrar CLMA, University of Washington farrar@u.washington.edu

1.18k views • 88 slides
HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

BlackHat Europe 2010, Barcelona BlackHat Europe 2010, Barcelona Mario Vuksan, Tomislav Pericin & Brian Karney HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda Introduction to steganography in

696 views • 43 slides
When Iterative Optimization Meets the Polyhedral Model: One-Dimensional Date Louis-Nol Pouchet

When Iterative Optimization Meets the Polyhedral Model: One-Dimensional Date Louis-Nol Pouchet

When Iterative Optimization Meets the Polyhedral Model: One-Dimensional Date Louis-Nol Pouchet ALCHEMY, LRI - INRIA Futurs Under the direction of A. Cohen & C. Bastoul October 9, 2006 EPITA final internship defense, CSI 2006 Situation:

802 views • 59 slides
OSCA: An Online-Model Based Cache Allocation Scheme in Cloud Block Storage Systems Yu Zhang ,

OSCA: An Online-Model Based Cache Allocation Scheme in Cloud Block Storage Systems Yu Zhang ,

OSCA: An Online-Model Based Cache Allocation Scheme in Cloud Block Storage Systems Yu Zhang , Ping Huang , Ke Zhou , Hua Wang , Jianying Hu , Yongguang Ji , Bin Cheng Huazhong University of Science and Technology

623 views • 24 slides
Property Taxes and the Gallagher Amendment Colorado Legislative Council Staff Property Taxes in

Property Taxes and the Gallagher Amendment Colorado Legislative Council Staff Property Taxes in

Property Taxes and the Gallagher Amendment Colorado Legislative Council Staff Property Taxes in Colorado Total - $8.1 billion in 2016 Counties - $1.7 billion General Fund - $1.64b Other - $0.09b Source: Division of Property Taxation, 2016

519 views • 19 slides
Repair Assessment Reporting RAR Randy Michaud Stay - TreatJuly 16, 2015 What is it?

Repair Assessment Reporting RAR Randy Michaud Stay - TreatJuly 16, 2015 What is it?

Repair Assessment Reporting RAR Randy Michaud Stay - TreatJuly 16, 2015 What is it? Pre-2010, referred to as Escalation Report 7/27/2015 2 Who is it? Repair Assessment Committee (RAC) RAR Re-enactment: Not an actual event. Brian

254 views • 8 slides
Disclosures None Surveillance after Endovascular Intervention: When to Re-Intervene and

Disclosures None Surveillance after Endovascular Intervention: When to Re-Intervene and

4/17/2015 Disclosures None Surveillance after Endovascular Intervention: When to Re-Intervene and Whats the Evidence 2015 UCSF Vascular Symposium Warren Gasper, MD Assistant Professor of Surgery UCSF Division of Vascular Surgery

446 views • 5 slides

More recommend