iot security
play

IOT SECURITY ERIK TEWS <E.TEWS@UTWENTEL.NL> THE INTERNET OF - PowerPoint PPT Presentation

Jun 11, 2023 •438 likes •922 views

IOT SECURITY ERIK TEWS <E.TEWS@UTWENTEL.NL> THE INTERNET OF THINGS (cc) https://www.flickr.com/photos/wilgengebroed/8249565455/ Systems Security IoT Security 2 30.04.2018 A NEW WORLD (cc)

  1. IOT SECURITY ERIK TEWS <E.TEWS@UTWENTEL.NL>

  2. THE INTERNET OF THINGS (cc) https://www.flickr.com/photos/wilgengebroed/8249565455/ Systems Security – IoT Security 2 30.04.2018

  3. A NEW WORLD (cc) https://en.wikipedia.org/wiki/Laptop#/media/File:Lenovo_G500s_laptop-2905.jpg (cc) https://commons.wikimedia.org/wiki/File:CERN_Server.jpg Systems Security – IoT Security 3 30.04.2018

  4. POWER! (OR POWERLESS) Powerful Powerless Systems Security – IoT Security 4 30.04.2018

  5. WHAT IS RUNNING THERE Linux / custom OS Real Time OS / custom OS Systems Security – IoT Security 5 30.04.2018

  6. COMMUNICATION Wired Wireless Systems Security – IoT Security 6 30.04.2018

  7. NONE IP COMMUNICATION ▪ Bluetooth(LE) ▪ ZigBee ▪ Zwave ▪ LoRa(WAN) ▪ Sigfox ▪ NFC Systems Security – IoT Security 7 30.04.2018

  8. LPWAN Haidine, Abdelfatteh & El Hassani, Sanae & Aqqal, Abdelhak & El Hannani, Asmaa. (2016). The Role of Communication Technologies in Building Future Smart Cities. 10.5772/64732. Systems Security – IoT Security 8 30.04.2018

  9. EXAMPLE: SIGFOX Systems Security – IoT Security 9 30.04.2018

  10. COMMUNICATION PARTNERS ▪ Mobile devices ▪ Cloud services ▪ Local infrastructure Systems Security – IoT Security 10 30.04.2018

  11. SMART LIGHTS Systems Security – IoT Security 11 30.04.2018

  12. ASSIGNMENT 1 ▪ Listen to the network traffic of this device ▪ Find out how the command for on an off looks like ▪ Is there any protection in the network protocol? Systems Security – IoT Security 12 30.04.2018

  13. WHERE DO WE FIND THAT? Systems Security – IoT Security 13 30.04.2018

  14. VENDORS Systems Security – IoT Security 14 30.04.2018

  15. DEVELOPMENT LIVECYCLE Architecture OEM branded product Chip Reference product Software development Reference board framework Systems Security – IoT Security 15 30.04.2018

  16. HOW STUFF BREAKS Systems Security – IoT Security 16 30.04.2018

  17. WHAT TO WORRY ABOUT ▪ Lifecycle Security ▪ production, take ownership ▪ data flow and storage, device management ▪ Communication Security ▪ Application layer protocols, TLS, wireless security ▪ Device Security ▪ Embedded operating system, secure storage, anti tampering ▪ Cloud Security (not covered here) Systems Security – IoT Security 17 30.04.2018

  18. WHAT MAKES IT HARD ▪ Very often, there is no one locally responsible for the device ▪ Limited resources on the devices (CPU, RAM, ROM, Power) ▪ Very fast development lifecycle ▪ Many security features known from „full“ operating systems are missing ▪ Developers are from a different domain Systems Security – IoT Security 18 30.04.2018

  19. WHAT MAKES IT EASY ▪ Full control over the device ▪ Often full control of the backend service ▪ Often no legacy support ▪ Sometimes, two security zones on a device are possible Systems Security – IoT Security 19 30.04.2018

  20. A SMART PLUG Systems Security – IoT Security 20 30.04.2018

  21. TWO SECURITY ZONES Web Interface Main Alexa Integration 0 Functionality On/Off Mobile App Systems Security – IoT Security 21 30.04.2018

  22. BACK TO THE SMART PLUG Systems Security – IoT Security 22 30.04.2018

  23. ASSIGNMENT 2 ▪ Again, we provide an access point to monitor the network traffic ▪ This device uses encryption ▪ Find a way to see what‘s in the connection ▪ Submit the plaintext of what is transmitted between the cloud and the device when it connects Systems Security – IoT Security 23 30.04.2018

  24. WHAT IS IN THERE Systems Security – IoT Security 24 30.04.2018

  25. THE ESP8266 FAMILY ▪ Rather low power microchip ▪ Not running Linux (usually some kind of RTOS) ▪ 0,5 – 4 MB flash memory ▪ 64+96 KB RAM ▪ Integrated WiFi ▪ Excellent developer support (Lua, Python, C/C++) ▪ Development board including shipping for less than 3€! ▪ New version (ESP32) also support BluetoothLE Systems Security – IoT Security 25 30.04.2018

  26. ASSIGNMENT 3 (BONUS) ▪ We provide you with an ESP8266 development board ▪ You write a more secure firmware for the plug ▪ Later on, you can add a relay shield to the board ▪ And finally, you might flash your own firmware on the real plug Systems Security – IoT Security 26 30.04.2018

  27. WHY WE USE THE DEVELOPMENT BOARD https://github.com/arendst/Sonoff-Tasmota/wiki/Hardware-Preparation Systems Security – IoT Security 27 30.04.2018

  28. Prepare to react The text on this slide will instruct your audience on how to post. This Internet 1 text will only appear once you start a free or a credit session. 2 Please note that the text and appearance of this slide (font, size, color, etc.) cannot be changed. TXT 1 2 30.04.2018 Posting messages is anonymous

  29. Your favorite language A. Python B. Lua C. C The question will open when you start your session and slideshow. Close d Internet This text box will be used to describe the different message sending methods. # Votes: 0 TXT TXT The applicable explanations will be inserted after you have started a session.

  30. Your favorite language We will set these example results to zero once A. Python you've started your session and your slide show. 33.3% In the meantime, feel free to change the looks of your results (e.g. the colors). B. Lua 66.7% C. C 100.0% Close d Internet This text box will be used to describe the different message sending methods. TXT TXT The applicable explanations will be inserted after you have started a session.

  31. HARDWARE (TO PLAY AROUND WITH) ▪ Many wireless routers (OpenWRT/LEDE) ▪ Great for high end hardware ▪ ESP8266/32 based boards ▪ Medium range hardware ▪ Great for communication with WiFi and BLE ▪ Arduino family ▪ Suitable for ultra low power devices (but not all of them) ▪ Intel CPUs are not that wide spread Systems Security – IoT Security 31 30.04.2018

  32. HOW TO APPROACH AN IOT DEVICE ▪ From the network side ▪ From the firmware side ▪ From the corresponding cloud service side/mobile app ▪ From the PCB Systems Security – IoT Security 32 30.04.2018

  33. THE NETWORK SIDE ▪ Wireshark ▪ Nmap ▪ Mitmproxy ▪ Other proxies such as the burp suite Systems Security – IoT Security 33 30.04.2018

  34. WIRESHARK ▪ Great network sniffer ▪ Works best with you as a gateway or a mirroring device ▪ Can be extended with custom dissectors Systems Security – IoT Security 34 30.04.2018

  35. NMAP ▪ Generic port scanner ▪ Fingerprinting ▪ Can also do service discovery Systems Security – IoT Security 35 30.04.2018

  36. MITMPROXY ▪ Generic SSL/TLS proxy ▪ Works with plain HTTP too ▪ May log plain text of sessions ▪ Automatic rewriting of requets Systems Security – IoT Security 36 30.04.2018

  37. BURP SUITE ▪ Generic web proxy ▪ Useful to prepare attacks ▪ Works best when the device has an HTTP server Systems Security – IoT Security 37 30.04.2018

  38. FROM THE FIRMWARE SIDE ▪ First you need to get the firmware ▪ Either extract it from the device ▪ Or get it from the update service ▪ Then analyse it ▪ Either use a decompiler ▪ Or maybe even boot it on a similar development board Systems Security – IoT Security 38 30.04.2018

  39. GETTING THE FIRMWARE FROM THE DEVICE ▪ External flash is great ▪ When it‘s connected via SPI, connect a second device with an SPI interface (ESP8266/Arduino) ▪ Sometimes there is a debugging port ▪ Use it to dump the memory of the device Systems Security – IoT Security 39 30.04.2018

  40. GETTING THE FIRMWARE VIA THE NETWORK ▪ Your network results might indicate an auto update service ▪ Try to trigger a firmware update and capture the new firmware with your proxy ▪ Alternatively, you may edit the traffic (burb/mitmproxy) to act like you are running an older firmware ▪ And you might still just google for it when you find some useful strings in the network traffic ▪ Alternatively the mobile app is a good source for URL patterns Systems Security – IoT Security 40 30.04.2018

  41. ANALYZING THE FIRMWARE ▪ Unpacking might be hard -> http://www.firmware.re/ ▪ Decompile it ▪ Unfortunately the best tool is expensive: IdaPro ▪ Radare2 for the rescue: https://github.com/radare/radare2 ▪ Run it ▪ Try a development board that is not so different ▪ Finally, „strings“ is a powerful tool Systems Security – IoT Security 41 30.04.2018

  42. CLOUD AND MOBILE APP ▪ Have a look at the mobile app ▪ Android is in general not so hard to reverse engineer ▪ Might reveal a lot of strings and additional API endpoints ▪ Also there might be some hidden features in there ▪ Then look at the cloud service ▪ The burp suite might be a good friend ▪ And python is often handy to implement an open source client Systems Security – IoT Security 42 30.04.2018

  43. FINALLY THE PCB ▪ Try to find out what is on there ▪ Sniffing internal communication can be interesting ▪ Side channels can be used for reverse engineering Systems Security – IoT Security 43 30.04.2018

  44. A GOOD START FOR THE SOFTWARE TOOLS ▪ Use KALI Linux ▪ https://www.kali.org/ Systems Security – IoT Security 44 30.04.2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann &amp; Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday &amp; Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Governance Body In-Person Meeting January 24 25, 2018 The Task Force for Global Health

Governance Body In-Person Meeting January 24 25, 2018 The Task Force for Global Health

Governance Body In-Person Meeting January 24 25, 2018 The Task Force for Global Health (Decatur, GA) Warm-up 1. Stand up. 2. Find the person with the other half of your proverb. 3. Introduce yourselves: name and first rock concert. 4.

1.13k views • 95 slides
Action Item List 20 March 2001 Status 21 February 2001 AIRS Science Team meeting D1. Dave Tobin:

Action Item List 20 March 2001 Status 21 February 2001 AIRS Science Team meeting D1. Dave Tobin:

Action Item List 20 March 2001 Status 21 February 2001 AIRS Science Team meeting D1. Dave Tobin: check availability of the UW ground-track/slant path prediction program. Needs to be exportable to support AIRS ground campaigns.

399 views • 4 slides
Studying jerks on the Internet: A Data-Driven Approach Emiliano De Cristofaro (Thanks to Jeremy

Studying jerks on the Internet: A Data-Driven Approach Emiliano De Cristofaro (Thanks to Jeremy

Studying jerks on the Internet: A Data-Driven Approach Emiliano De Cristofaro (Thanks to Jeremy Blackburn and Savvas Zannettou for most of the slides) Outline 1. Hate on and raids from fringe communities like 4chan [ICWSM 2017] 2.

868 views • 57 slides
The Web Centipede: Understanding How Web Communities Influence Each Other Through the Lens of

The Web Centipede: Understanding How Web Communities Influence Each Other Through the Lens of

The Web Centipede: Understanding How Web Communities Influence Each Other Through the Lens of Mainstream and Alternative News Sources Savvas Zannettou , Tristan Caulfield, Emiliano De Cristofaro, Nicolas Kourtellis, Ilias Leontiadis, Michael

670 views • 29 slides
Stegobot: a covert social-network botnet Shishir Nagaraja Network and Distributed Systems

Stegobot: a covert social-network botnet Shishir Nagaraja Network and Distributed Systems

Stegobot: a covert social-network botnet Shishir Nagaraja Network and Distributed Systems Security Group IIIT Delhi, India http://www.hatswitch.org/~sn275 IH 2011 nagaraja@iiitd.ac.in Shishir, Vijit (IIIT) Amir, Nikita (UIUC) Botnets

747 views • 16 slides
How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k )

How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k )

How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k ) K Secure Communiation Enc ( K , m ) c Dec (K, c ) m Alice Bob Eve Encryption 3 Gen ( 1 k ) K Secure Storage Enc (

1.42k views • 84 slides
Deployed Anonymity Networks: A brief history Nick Mathewson &lt;nickm@freehaven.net&gt; The

Deployed Anonymity Networks: A brief history Nick Mathewson &lt;nickm@freehaven.net&gt; The

Deployed Anonymity Networks: A brief history Nick Mathewson &lt;nickm@freehaven.net&gt; The Free Haven Project This presentation About me Introduction to anonymous communication High-latency networks Low-latency networks

792 views • 39 slides
Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net Our Goals Fix holes in Mixmaster (Type-II) remailers Conservative design Working implementation; deployed network Our Adversary

447 views • 9 slides

More recommend