getting from nothing to something
play

Getting from Nothing to Something AKA: Bootstrapping, Commissioning, - PowerPoint PPT Presentation

Apr 03, 2023 •240 likes •356 views

Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen Jennings, PhD Cisco Smart Object Security Workshop March 2012 Friday, March 23, 12 Goal So Cisco sold me this super constrained, super smart, super

  1. Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen Jennings, PhD Cisco Smart Object Security Workshop March 2012 Friday, March 23, 12

  2. Goal • So Cisco sold me this super constrained, super smart, super thing! Good grief, now what ? • “support highly constrained devices that are cheap to manufacture and simple enough for the average skilled person to install” - Paul Chilton • At installation, there is is not relation between the light and the switch, how do we get to the point where we can apply standard COMSEC Friday, March 23, 12

  3. Constraint Space At installation: • UI: Button, LED, digit display, nothing • Power at installation time: scavenger, none • Replacement: disposable vs cloneable, transferable • Network: broadcast support, none Friday, March 23, 12

  4. Solution: Push Buttons • Controller is put in promiscuous mode • Device has button pressed to enroll • Devices broadcasts and finds the controller • Range of broadcast is proximity limited • If attacker is in proximity during enrollment, this is unlikely to end up secure • Caveat: the DH with RF trick is cool Friday, March 23, 12

  5. Code Display • Like pushbutton but both sides display a code that a human need to verify matches • In practice code are not verified (see bluetooth “0000” in C. Bran paper) • Code is typically done after enrollment making it difficult for no power installations Friday, March 23, 12

  6. Device Label Solutions • Device has a label with some secret that a human helps transfer from the device to the controller • Label can be digits, barcode, RFID, blinking light, etc. • PAKE allows for short labels • Major problem is label interception by attacker Friday, March 23, 12

  7. A specific label example Phones ... Web Server Manufacture CA Barcode Scanner Customer CA Manufacture Cert Customer Cert Phones Mutual TLS PBX Friday, March 23, 12

  8. A New Label Example • Each device has a label with a one-time key encoded as a QR code • smart phone serves as a trusted label reader/ introducer • Manufacturer web server (mother ship) coordinates device/base station introduction process Friday, March 23, 12

  9. MotherShip Web Server (Web Server) 2 OTP+ Controller ID Controller ID 3 Introducer (iPhone) Device ID 1 OTP Device 4 Controller (Light bulb) Friday, March 23, 12

  10. Characteristics • Mothership detects and fails intercepted labels • Grandma can enroll a light bulb (do you believe this?) • Installer can enroll all lights in building before power or network is installed • Low cost to manufacture • Randy can find the 16th device - even if it’s asleep • Can provide credentials for TLS-PSK systems • Does not require anyone to do anything they have no incentive to do • Only enrollment hardware is standard smart phone Friday, March 23, 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M.

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M.

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, J. Crowcroft MIT & University of Cambridge Can we use 3 transmissions to send traffic? 2 1 3 4 Can we use 3 transmissions to send

827 views • 25 slides
Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model

Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model

TM Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model Free/rx/tx descriptor queues into guest Packet demux and tx enforcement Validation of frag descriptors TX QoS CSUM offload / TSO / LRO

714 views • 7 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
NETI@home : A Distributed Approach to NETI@home Collecting End-to-End Network Performance

NETI@home : A Distributed Approach to NETI@home Collecting End-to-End Network Performance

NETI@home : A Distributed Approach to NETI@home Collecting End-to-End Network Performance Measurements Charles Robert Simpson, Jr. Dr. George F. Riley Georgia Institute of Technology Atlanta, GA, USA Presented to PAM 2004 The 5th Passive

634 views • 15 slides
Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

270 views • 26 slides
Traffic Monitoring : Experience

Traffic Monitoring : Experience

Traffic Monitoring : Experience

1.27k views • 31 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis January 20, 2009 CHAPTER 4

Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis January 20, 2009 CHAPTER 4

Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis January 20, 2009 CHAPTER 4 - WIRELESS NETWORK PROGRAMMING 2 Section 4.1 - Structure of information Address representation ifconfig command iwconfig command

825 views • 33 slides
Linux rootkits & TTY Hijacking Antonio Prez Prez <antonio.perez.perez@cern.ch> CERN

Linux rootkits & TTY Hijacking Antonio Prez Prez <antonio.perez.perez@cern.ch> CERN

Linux rootkits & TTY Hijacking Antonio Prez Prez <antonio.perez.perez@cern.ch> CERN Computer Security Team EGI Technical Forum 2011, Lyon, France Outline Rootkits: Introduction Linux rootkits History Detection and monitoring

423 views • 26 slides
Research Unit VIII: Network Architectures Computer Science Department, Technische Universitt

Research Unit VIII: Network Architectures Computer Science Department, Technische Universitt

Research Unit VIII: Network Architectures Computer Science Department, Technische Universitt Mnchen SEP Packet Capturing Using the Linux Netfilter Framework Ivan Pronchev pronchev@in.tum.de Research Unit VIII: Network Architectures

546 views • 21 slides
Building Trustworthy Intrusion Detection Through Virtual Machine Introspection Fabrizio Baiardi 1

Building Trustworthy Intrusion Detection Through Virtual Machine Introspection Fabrizio Baiardi 1

Problem Overall Architecture Evaluation Conclusion Building Trustworthy Intrusion Detection Through Virtual Machine Introspection Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa 2 Department of Computer

472 views • 20 slides
Prompt and Parametric LTL Games Martin Zimmermann RWTH Aachen University September 17th, 2009

Prompt and Parametric LTL Games Martin Zimmermann RWTH Aachen University September 17th, 2009

Prompt and Parametric LTL Games Martin Zimmermann RWTH Aachen University September 17th, 2009 Games Workshop 2009 Udine, Italy Martin Zimmermann RWTH Aachen University Prompt and Parametric LTL Games 1/12 Outline 1. Introduction 2.

278 views • 24 slides
How do I put together a keyword search? #1 The use of parentheses, the asterisk, and

How do I put together a keyword search? #1 The use of parentheses, the asterisk, and

How do I put together a keyword search? #1 The use of parentheses, the asterisk, and the exclamation point. #2 Using Boolean terms #3 Searching! Lets say we are researching the rise of attention to European

347 views • 9 slides
Fea eature Preview: : Use ser-Prompts in DocumentsCorePack for Dynamics 365 User-Prompts:

Fea eature Preview: : Use ser-Prompts in DocumentsCorePack for Dynamics 365 User-Prompts:

Fea eature Preview: : Use ser-Prompts in DocumentsCorePack for Dynamics 365 User-Prompts: Incorporate user-input into generated documents Requirement Solution Use Cases Sol olution on Pop Popula lar Use e Ca Cases ses

313 views • 5 slides
6/12/2018 Teaching New Behaviors: Objectives Important Considerations Participants will be

6/12/2018 Teaching New Behaviors: Objectives Important Considerations Participants will be

6/12/2018 Teaching New Behaviors: Objectives Important Considerations Participants will be able to define the following Instructional programs must be based on assessment measures. These should be used Systematic Instruction:

392 views • 15 slides
Benjamin Weinert Indiana University US LUA November 11 13, 2015 Interest in Di-J/

Benjamin Weinert Indiana University US LUA November 11 13, 2015 Interest in Di-J/

Benjamin Weinert Indiana University US LUA November 11 13, 2015 Interest in Di-J/ Single Parton Scattering (SPS). Color Singlet Model (CSM), Color Octet Model (COM), and SPS Color Evaporation Model (CEM). Importance/effects of

362 views • 15 slides
Systematics of prompt black-hole formation in neutron star mergers Mathematical and Computational

Systematics of prompt black-hole formation in neutron star mergers Mathematical and Computational

Supported by ERC through Starting Grant no. 759253 Systematics of prompt black-hole formation in neutron star mergers Mathematical and Computational Approaches for the Einstein Field Equations with Matter Fields ICERM, virtual, 29/10/2020

715 views • 39 slides
CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof. Stephen Checkoway 1 What is the shell? Text-based interface to the operating system and to the file system User enters commands The shell runs the

425 views • 25 slides
Guile-Emacs BT Templeton <bpt@hcoop.net> . . . . . . Guile-Elisp Status Nil

Guile-Emacs BT Templeton <bpt@hcoop.net> . . . . . . Guile-Elisp Status Nil

. . . . . . Guile-Emacs BT Templeton <bpt@hcoop.net> . . . . . . Guile-Elisp Status Nil Lisp-2 Lexical and dynamic binding Lexical declarations Control flow Variable and function aliases ERT tests

156 views • 4 slides
Dear Educator, In this preview, you will find: T eacher instructions (to the right) 4

Dear Educator, In this preview, you will find: T eacher instructions (to the right) 4

Dear Educator, In this preview, you will find: T eacher instructions (to the right) 4 Full size slides Thumbnails of all slides included. Edit able PowerPoint Slides

331 views • 9 slides
Form Design Guidelines Software Engineering CSCI-3321 Dr. Tom Hicks Computer Science Department

Form Design Guidelines Software Engineering CSCI-3321 Dr. Tom Hicks Computer Science Department

Form Design Guidelines Software Engineering CSCI-3321 Dr. Tom Hicks Computer Science Department 1 Learning About Good Forms By Examining Some Really Bad Prototype Forms 2 About Data-Entry Forms Guideline # 1 1. Select a form

799 views • 78 slides
AE-705: Introduction to Flight Range and Endurance Subham Panda PEC University of Technology

AE-705: Introduction to Flight Range and Endurance Subham Panda PEC University of Technology

AE-705: Introduction to Flight Range and Endurance Subham Panda PEC University of Technology Chandigarh AE-705 Introduction to Flight Chapter-09 Lecture No. 17 Range & Endurance RANGE Total distance on a tank of fuel

895 views • 44 slides
Ontological Product Modeling for Collaborative Design Conrad Bock, Xuan Zha Hyowon Suh, Jeahyun

Ontological Product Modeling for Collaborative Design Conrad Bock, Xuan Zha Hyowon Suh, Jeahyun

Ontological Product Modeling for Collaborative Design Conrad Bock, Xuan Zha Hyowon Suh, Jeahyun Lee December 11, 2008 1 Overview Goals and approach. Desired capabilities. Background Ontology modeling Modeling

636 views • 50 slides
Group Discussions Notes from slides of discussions that took place at the Digital Music Research

Group Discussions Notes from slides of discussions that took place at the Digital Music Research

Group Discussions Notes from slides of discussions that took place at the Digital Music Research Network Workshop: The Future of Digital Music Research? Queen Mary, University of London 22 December 2004 Ambrose Fields Group Notes

634 views • 11 slides

More recommend