Internet of Things Security A Survey by Avi Webberman Outline What - - PowerPoint PPT Presentation

internet of things security
SMART_READER_LITE
LIVE PREVIEW

Internet of Things Security A Survey by Avi Webberman Outline What - - PowerPoint PPT Presentation

Dec 30, 2022 36 likes •180 views

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

slide-1
SLIDE 1

Internet of Things Security

A Survey by Avi Webberman

slide-2
SLIDE 2

Outline

  • What is the Internet of Things (IoT)?
  • Why is IoT Security so Important?
  • Dyn DDOS Attack
  • What are the security challenges of an IoT network?
  • A Proposed Taxonomy for IoT Security
  • Black SDN Architecture (potential security solution)
  • RFID Security
  • Final Thoughts
slide-3
SLIDE 3

What is the Internet of Things (IoT)?

  • A collection of smart devices (RFID tags, sensors, actuators, etc.) that

communicate with each other to accomplish a goal

  • Why so important?

○ Healthcare ○ Supply-Chain ○ Transportation ○ Resource Management ○ Home Automation ○ Environmental Monitoring

slide-4
SLIDE 4

Why is IoT Security so Important?

  • Large-scale leads to greater risk
  • Potential for controlling actuation rather than just data
  • Shares concerns of traditional networks
  • Need security for widespread Internet of Things implementation
slide-5
SLIDE 5

Dyn DDOS Attack

  • Series of DDOS attacks on DNS provider DYN in 2016
  • Attack performed using IoT botnet created by Mirai malware
  • Mirai malware scans internet for IP addresses of devices that are

protected by common factory default passwords

  • Used approximately 100,000 devices
  • Numerous services such as Netflix, Spotify, Twitter, and Paypal disrupted
  • DYN lost 8% of customer base immediately following attack
slide-6
SLIDE 6

What are the security challenges/needs of an IoT network?

  • IoT devices have limited computing power and storage → lightweight protocols
  • Large scale deployment → scalable
  • Heterogeneous Devices (ex. RFID tag vs Google Home) → flexible
  • Devices are mostly wireless which tend to be less secure
slide-7
SLIDE 7

A Proposed Taxonomy - High Level Approach

  • Goal is to achieve modular/reusable security solutions
slide-8
SLIDE 8

Black SDN Architecture

  • Both header and payload encrypted at Link Layer and Network Layer
  • Uses Grain-128a cipher to encrypt header and payload into single block

○ Hardware-efficient stream cipher (a type of symmetric key cipher) with 128-bit key ○ Uses 96-bit Initialization Vector (IV) to prevent patterns in encryption ○ Generates Message Authentication Code (improvement from Grain-128)

slide-9
SLIDE 9

Frame Control Seq # Destination Address Source Address Auxiliary Security Header Payload CRC

Frame Control field is set to indicate that frame is black (encrypted)

Frame Control Initialization Vector Encrypted Message MIC CRC

Black SDN - 802.15.4 Link Layer Encryption

Encrypted with Grain-128a Cipher

slide-10
SLIDE 10

Black SDN - “SDN” Component

  • Encryption of header leads to routing problems → solve with SDN
  • Software Defined Network (SDN)

○ Separate control plane from data plane ○ Uses centralized SDN controller that manages routing by sending ‘Flow Tables’ to nodes

  • ver OpenFlow protocol
  • Cannot be supported by resource constrained nodes in large, complex

network

○ Sensor OpenFlow for wireless sensors networks ■ Simple flow tables, duty cycle handling ○ Ubiflow for large, heterogenous networks (ex. Smart cities) ■ Distributed SDN controllers

  • Centralized controller opens access to entire network which could be bad

if unauthorized person gains access

slide-11
SLIDE 11

RFID Security

  • Basic RFID Tags

○ Privacy (clandestine tracking/inventorying) ■ “Killing” and “Sleeping” ■ Rotating Pseudonyms ■ Distance Measurement ○ Authentication (unwanted cloning of tags) ■ Not really a lot of options right now ■ Can store evidence that two tags scanned simultaneously ■ Use “Kill” PIN to authenticate tag to reader

slide-12
SLIDE 12

RFID Security

  • Symmetric Key Tags

○ Privacy ■ Key search

1. Tag sends encrypted nonce 2. Reader searches through all keys to find one that returns nonce

○ Authentication ■ Challenge-response protocol (Tag Ti and key Ki)

1. Tag identifies itself by transmitting Ti 2. Reader generates random nonce (R) and transmits to tag 3. Tag computes hash H = h(Ki, R) and transmits H 4. Reader verifies that H = h(Ki,R)

■ Still issue of relay attacks

slide-13
SLIDE 13

Final Thoughts

  • IoT is broad, thus security solutions/risks vary greatly by application

context

  • Some simple solutions (like not using common factory default passwords)

could prevent serious attacks

  • Important to have reusable solutions, but “proposed taxonomy” not very

helpful

  • Black SDN could be good solution to complex IoT networks, but “SDN”

part needs more exploration

  • Cost is a major limiting factor for RFID security (more powerful tags are

more expensive) along with risk of relay attacks

slide-14
SLIDE 14

My Rough Taxonomy Idea

Application Security Risks Security Challenges Security Vulnerabilities