source framework for io iot
play

Source Framework for Io IoT Greg Zaverucha Microsoft Real World - PowerPoint PPT Presentation

Nov 25, 2022 •602 likes •937 views

Cry ryptography in in AllJ llJoyn, an Open Source Framework for Io IoT Greg Zaverucha Microsoft Real World Cryptography Conference 2016 Internet of Things Things are devices that have one or more sensors/functions and network connectivity

  1. Cry ryptography in in AllJ llJoyn, an Open Source Framework for Io IoT Greg Zaverucha Microsoft Real World Cryptography Conference 2016

  2. Internet of Things Things are devices that have one or more sensors/functions and network connectivity Wearables (e.g., heart rate monitors) Industrial Sensors (e.g., Things on oil pipelines) Building automation (e.g., HVAC, CO2 detectors, etc.) Smart appliances (e.g., TVs, washing machines) Home automation (e.g., security system, lighting) Marketing people call everything IoT

  3. Lots of IoT-Related Technology Multiple industry efforts to standardize protocols for “Things” Multiple radios/transports 802.15.4, BTLE, WiFi, ZigBee, Zwave, 6lowpan Protocols for discovery, routing, security AllJoyn, Thread, MQTT, IoTivity, CoAP Multiple ecosystems Protocol bridges Many scenarios require things to talk to each other E.g., thermostat using the home security system’s motion sensors Gateways Connectivity to the cloud “Hub” model seems to be common

  4. Lots of IoT-Related Technology Multiple industry efforts to standardize protocols for “Things” Multiple radios/transports 802.15.4, BTLE, WiFi, ZigBee, Zwave, 6lowpan Protocols for discovery, routing, security AllJoyn, Thread, MQTT, IoTivity, CoAP Multiple ecosystems Protocol bridges Many scenarios require things to talk to each other E.g., thermostat using the home security system’s motion sensors Gateways Connectivity to the cloud “Hub” model seems to be common

  5. Outline What is the Internet of Things (IoT)? What is AllJoyn? Overview of security features in AllJoyn Details of secure channel establishment Quick overview of device management features

  6. AllJoyn

  7. Linux Foundation Collaborative Project AllSeen Alliance Industry-wide open source effort 170 member companies Microsoft, Qualcomm, Panasonic, Haier, LG, Sony, IBM, Cisco, Lenovo, AT&T, Netgear, Honeywell, D-Link, ADT, ZTE, HTC, Symantec, Vodafone, ASUS (Unofficial) focus on home automation & WiFi networks 10+ Microsoft employees involved, some here at RWC  Kevin Kane (committer) Dan Shumow (contributor) Tim Ruffing (contributor, MS intern 2015)

  8. Source: Overview of the AllSeen Alliance https://allseenalliance.org/sites/default/files/resources/intro_to_alliance_9.4.15.pdf

  9. Source: Overview of the AllSeen Alliance https://allseenalliance.org/sites/default/files/resources/intro_to_alliance_9.4.15.pdf

  10. Source: Overview of the AllSeen Alliance https://allseenalliance.org/sites/default/files/resources/intro_to_alliance_9.4.15.pdf

  11. AllJoyn Support in Windows 10 Built-in router Windows API support AllJoyn Studio plug-in for Visual studio Code samples: https:// github.com / ms - iot

  12. AllJoyn Security

  13. AllJoyn Security Evolution Security 1.0 : AllJoyn framework can establish a secure channel. Apps must determine and manage trust relationships. Security 2.0 : AllJoyn supports trust domains (e.g., a household). AllJoyn can handle device provisioning and security management.

  14. Threat Model Image source: https://allseenalliance.org/sites/default/files/developers/learn

  15. Threat Model Image source: https://allseenalliance.org/sites/default/files/developers/learn

  16. Threat Model Attacker on the local network is able to interact with AllJoyn devices Can intercept and modify packets in transit (man-in-the-middle) Can drop and replay packets Can compromise some of the AllJoyn devices on the network Examples Malware on the WiFi access point Malicious smartphone application Malicious device on the network Attackers could be physically nearby or remote Security goal is secure channel establishment

  17. (D)TLS? AllJoyn design is intended to be transport agnostic Protocol is defined in terms of messages Transport is not necessarily IP (e.g., Bluetooth) Having security above the transport layer ensures equal security regardless of transport TLS could probably be used with TCP transport option And DTLS with UDP With significant cost in terms of development and compatibility AllJoyn security protocols are derived from TLS, similar But with far fewer options/extensions

  18. Key Exchange Authentication Mechanisms ECDHE: Elliptic Curve Diffie-Hellman (Ephemeral) Fresh key pair generated for each exchange Long term credential used for authentication only Always mutual authentication Multiple ways to authenticate key exchange NULL: no authentication. Vulnerable to active MITM attacks PSK: authentication by pre-shared key (PSK). Secure if PSK has high entropy ECSPEKE: password-based authentication. To be added in 16.04 release ECDSA: authenticated with an ECDSA signature. Certificates exchanged and validated

  19. Key Exchange Authentication Mechanisms Security 1.0 provides all options to apps, they decide which mechanisms to support, and which to require Security 2.0 uses only ECDHE_ECDSA after setup EC-SPEKE will replace PSK as the preferred way to secure setup Easier to use (password vs. PSK entropy) The protocol is a profile of SPEKE from IEEE 1363.2 Protocol-wise, almost as simple as replacing the base point in ECDHE_NULL Design document on Core WG wiki (wiki.allseenalliance.org)

  20. Parameters and Algorithms Algorithms and parameters are fixed per authentication version Primitives are all from existing standards, 128-bit security level Key exchange: ECDH (SP800-56A) Signatures: ECDSA (FIPS186-4) Curve parameters: NIST P256 (FIPS186-4) Data encryption & authentication: AES CCM Hashing: SHA-256 Key derivation: the “TLS PRF” from RFC 5246 Certificates are X.509 (RFC 5280) + AllJoyn EKUs and extension

  21. AllJoyn Key Exchange Overview Exchange GUIDs & Auth Version Exchange Suites Key Exchange Key Authentication/Confirmation Store master secret Generate Session Key

  22. Session Resumption Exchange GUIDs & Auth Version Exchange Suites Key Exchange Key Authentication/Confirmation Retrieve stored master secret Generate Session Key

  23. AllJoyn Key Exchange Overview Exchange GUIDs & Auth Version Exchange Suites Key Exchange Different for each auth mechanism Key Authentication/Confirmation Store master secret Generate Session Key

  24. ECDHE_ECDSA Key Exchange Exchange GUIDs, Auth Version, Auth Suites ⋮ Key Exchange Generate (𝑅 𝐵 , 𝑡 𝐵 ) 𝑅 𝐵 Generate (𝑅 𝐶 , 𝑡 𝐶 ) Compute 𝑨 = ECDH (𝑅 𝐵 , 𝑡 𝐶 ) Compute 𝑁 𝐶 = PRF(SHA-256( 𝑨 ), "master secret") 𝑅 𝐶 Compute 𝑨 = ECDH (𝑅 𝐶 , 𝑡 𝐵 ) Compute 𝑁 𝐵 = PRF(SHA-256( 𝑨 ), "master secret")

  25. ECDHE_ECDSA Key Authentication Exchange GUIDs, Auth Version, Auth Suites, Key Exchange ⋮ Key Authentication ℎ 𝐵 ≔ SHA-256(all msgs) 𝑀 := “server finished” 𝑊 𝐵 = PRF( 𝑁 𝐵 , ℎ 𝐵 , 𝑀 ) 𝑇𝑗𝑕 𝐵 , 𝐷𝑓𝑠𝑢 𝐵 𝑇𝑗𝑕 𝐵 = ECDSASign (…, 𝑊 𝐵 ) Validate 𝐷𝑓𝑠𝑢 𝐵 ℎ 𝐶 := SHA-256(all msgs) Re-compute 𝑊 𝐵 using 𝑁 𝐶 and ℎ 𝐶 ECDSAVerify( 𝐷𝑓𝑠𝑢 𝐵 , 𝑇𝑗𝑕 𝐵 , 𝑊 𝐵 ) 𝑀 := “client finished” 𝑊 𝐶 = PRF( 𝑁 𝐶 , ℎ 𝐶 , 𝑀 ) ECDSASign (…, 𝑊 𝐶 ) Validate 𝐷𝑓𝑠𝑢 𝐶 𝑇𝑗𝑕 𝐶 , 𝐷𝑓𝑠𝑢 𝐶 Re-compute 𝑊 𝐶 using 𝑁 𝐵 and ℎ 𝐵 Store 𝑁 𝐶 ECDSAVerify( 𝐷𝑓𝑠𝑢 𝐶 , 𝑇𝑗𝑕 𝐶 , 𝑊 𝐶 ) Store 𝑁 𝐵

  26. ECDHE_ECDSA Generate Session Key Exchange GUIDs, Auth Version, Auth Suites, Key Exchange, Key Authentication ⋮ Generate Session Key Choose nonce 𝑂 𝐵 𝑂 𝐵 Choose nonce 𝑂 𝐶 𝐿 𝐶𝐵 ||𝑊 𝐶 := PRF( 𝑁 𝐶 , 𝑂 𝐵 ||𝑂 𝐶 || ”session key”) 𝑂 𝐶 , 𝑊 𝐶 𝐿 𝐵𝐶 ||𝑊 𝐶 ’ := PRF( 𝑁 𝐵 , 𝑂 𝐵 ||𝑂 𝐶 || ”session key”) Ensure 𝑊 𝐶 == 𝑊 𝐶 ’ Start using 𝐿 𝐵𝐶

  27. Security 2.0 Overview

  28. Trust Model Changes With Security 1.0, apps were responsible for Provisioning credentials Establishing trust with other apps Implementing access control on certain interfaces, if required Doesn’t scale to the household scenario Devices made by different manufacturers More than one user, guest access, … Security 2.0 adds a security manager , per trust domain E.g., one per household

  29. Security 2.0 Overview Security New AllJoyn devices/apps are in Manager “claimable” state when they join the network Security 1.0 Protocols The security manager claims them and provisions certificates and policy Door Lock Phone Certificates are used for identity and membership in security groups Bootstrapping only required between security manager and apps

  30. Security 2.0: Policy Apps that produce interfaces have access control policies Interface and method level granularity Can refer to security groups or individual apps E.g., only allow members of the ADMIN group to access the PinCodeChange interface on the door E.g., only allow Alice and Bob’s phones to open the garage door

  31. Security 2.0: Manifests Manifests: apps list the interfaces they consume, the list is approved and certified by the security manager, then enforced by producers. Failed manifest check will deny access even if allowed by policy Similar to mobile apps requesting API access E.g., A lighting control panel app’s manifest lists lighting interfaces. The alarm system will deny access to the motion sensor interfaces.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

-Abhijit Mahajan Django web Framework is an open source Web 2.0 application framework

-Abhijit Mahajan Django web Framework is an open source Web 2.0 application framework

-Abhijit Mahajan Django web Framework is an open source Web 2.0 application framework written in Python which follows the model-view-controller architectural pattern. It was originally developed to manage several news-oriented

462 views • 35 slides
The European Location Framework (ELF) Project One Source for Reference Geo Information for

The European Location Framework (ELF) Project One Source for Reference Geo Information for

The European Location Framework (ELF) Project One Source for Reference Geo Information for Europe Presentation to: ICC Dresden By: Antti Jakobsson, Technical Coordinator Date: 28 th August 2013 the Competitiveness and Innovation framework

503 views • 18 slides
AN OPEN-SOURCE FRAMEWORK FOR INTEGRATING MULTI-SOURCE LAYOUT AND TEXT RECOGNITION TOOLS INTO

AN OPEN-SOURCE FRAMEWORK FOR INTEGRATING MULTI-SOURCE LAYOUT AND TEXT RECOGNITION TOOLS INTO

AN OPEN-SOURCE FRAMEWORK FOR INTEGRATING MULTI-SOURCE LAYOUT AND TEXT RECOGNITION TOOLS INTO SCALABLE OCR WORKFLOWS KAY-MICHAEL WRZNER KONSTANTIN BAIERER 1 . 1 Bibliotheca Baltica 2018 Rostock 2018-10-05 OVERVIEW 1. Why OCR-D 2. The

776 views • 48 slides
Source:

Source:

We are Here Source: Max Pixel Source: David Dixon Source: Google Earth Source: Arpingstone Source: Lee Cannon Source: Richard Drdul Source: Nicolas Nova

467 views • 20 slides
PRGA: An Open-source Framework for Building and Using Custom FPGAs Ang Li, David Wentzlaff

PRGA: An Open-source Framework for Building and Using Custom FPGAs Ang Li, David Wentzlaff

PRGA: An Open-source Framework for Building and Using Custom FPGAs Ang Li, David Wentzlaff Princeton University github.com/PrincetonUniversity/prga 1 The Era of Open-Source Hardware NVDLA MIAOW OpenRISC PULP Ariane

776 views • 25 slides
XaLib Open Source C++ Applica4on Framework by XAllegro

XaLib Open Source C++ Applica4on Framework by XAllegro

XaLib Open Source C++ Applica4on Framework by XAllegro TechItalians MeetUp London 24.06.2015 Who we are So#ware house Start-Up in UK

490 views • 9 slides
DEVELOPMENT OF A USER FRIENDLY FRAMEWORK FOR GEOSPATIAL IDENTIFICATION OF POTENTIAL PFAS SOURCE

DEVELOPMENT OF A USER FRIENDLY FRAMEWORK FOR GEOSPATIAL IDENTIFICATION OF POTENTIAL PFAS SOURCE

DEVELOPMENT OF A USER FRIENDLY FRAMEWORK FOR GEOSPATIAL IDENTIFICATION OF POTENTIAL PFAS SOURCE ZONES Jennifer Guelfo, PhD June 12, 2017 1 PRESENTATION OVERVIEW PFAS PFAS in U.S. Source Zone Overview Drinking H 2 O EvaluaJon

246 views • 21 slides
ACCEPT: We Built an Open-Source Approximation Compiler Framework So You Don't Have To Adrian

ACCEPT: We Built an Open-Source Approximation Compiler Framework So You Don't Have To Adrian

ACCEPT: We Built an Open-Source Approximation Compiler Framework So You Don't Have To Adrian Sampson Andr Baixo Benjamin Ransford Thierry Moreau Joshua Yip Luis Ceze Mark Oskin sa pa University of Washington http:// accept.rocks

570 views • 19 slides
and Retrieval Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H.

and Retrieval Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H.

Semantic Image Indexing and Retrieval Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Source: H. Jegou Outline State of the nation Early description methods

2.13k views • 130 slides
Outline Background & Motivation Reserve Modeling Framework Types of improvements

Outline Background & Motivation Reserve Modeling Framework Types of improvements

Outline Background & Motivation Reserve Modeling Framework Types of improvements COMPETES simulations Results Challenges Arising from Wind Quack! Source: Flexibility in 21st Century Power Systems, NREL Report Source:

612 views • 36 slides
An Open Source Framework for Standardized Comparisons of Face Recognition Algorithms Manuel G

An Open Source Framework for Standardized Comparisons of Face Recognition Algorithms Manuel G

Introduction The FaceRecLib Example runs Conclusion An Open Source Framework for Standardized Comparisons of Face Recognition Algorithms Manuel G unther, Roy Wallace, S ebastien Marcel Idiap Research Institute CH - 1920 Martigny

523 views • 20 slides
ModGrasp : an Open-Source Rapid-Prototyping Framework for Designing Low-Cost Sensorised Modular

ModGrasp : an Open-Source Rapid-Prototyping Framework for Designing Low-Cost Sensorised Modular

Introduction ModGrasp architecture and communication protocol Case study: a three-fingered modular manipulator Experimental results, conclusion and future work ModGrasp : an Open-Source Rapid-Prototyping Framework for Designing Low-Cost

185 views • 17 slides
Phil Sturgeon Framework Interoperability Advocate How to successfully release an open-source PHP

Phil Sturgeon Framework Interoperability Advocate How to successfully release an open-source PHP

Phil Sturgeon Framework Interoperability Advocate How to successfully release an open-source PHP package (and become a better developer for it) The goods 1. Make 2. Market 3. Maintain Things to consider before you start Why you should and

757 views • 75 slides
An Open Source Framework for Photo-Realistic Render of Synthetic Elements in Captured Panoramas

An Open Source Framework for Photo-Realistic Render of Synthetic Elements in Captured Panoramas

An Open Source Framework for Photo-Realistic Render of Synthetic Elements in Captured Panoramas Dalai Felinto , Aldo Zang and Luiz Velho Fisheries Centre, UBC - Vancouver, Canada Visgraf Laboratory, IMPA - Rio De Janeiro, Brazil

813 views • 60 slides
RESource: A Framework for Online Matching of Assembly with Open Source Code Ashkan Rahimian*,

RESource: A Framework for Online Matching of Assembly with Open Source Code Ashkan Rahimian*,

RESource: A Framework for Online Matching of Assembly with Open Source Code Ashkan Rahimian*, Philippe Charland**, Stere Preda*, and Mourad Debbabi* *Computer Security Laboratory, CIISE Concordia University, Montreal, Quebec, Canada **Mission

649 views • 25 slides
only source of topology information for ARGO Alessandro Paolini www.egi.eu This work by EGI.eu

only source of topology information for ARGO Alessandro Paolini www.egi.eu This work by EGI.eu

Proposal to use GOC-DB as the only source of topology information for ARGO Alessandro Paolini www.egi.eu This work by EGI.eu is licensed under a Creative Commons Attribution 4.0 International License. The ARGO framework The ARGO framework

394 views • 7 slides
Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 31, 2011 Todays Lecture Applying crypto technology in

695 views • 51 slides
IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security Requirements Vidya Narayanan (vidyan@qualcomm.com vidyan@qualcomm.com) ) Vidya Narayanan ( Lakshminath Dondeti (ldondeti@qualcomm.com

413 views • 37 slides
Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of

Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of

Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of Genoa 1 Before starting . Take you time to answer these question, w.r.t. your everyday use of smartphones and tablets: 1. How long do you

952 views • 61 slides
PL-LAB: Polish initiative to develop laboratory infrastructure for testing Future Internet

PL-LAB: Polish initiative to develop laboratory infrastructure for testing Future Internet

PL-LAB: Polish initiative to develop laboratory infrastructure for testing Future Internet solutions J. Sliwinski, J. Mongay Batalla (National Institute of Telecommunication) W.Burakowski, A.Beben, H.Tarasiuk (Warsaw University of Technology)

641 views • 27 slides
Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense e Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell Presented by Surya Mani Content u Motivation u Related Work u

262 views • 23 slides
Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois

Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois

CS 563 - Advanced Computer Security: Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Discuss two recent studies that use measurement methods

925 views • 54 slides
Public Safety Working Group Update 20 October 2020 Speakers: Laureen Kapin , Federal Trade

Public Safety Working Group Update 20 October 2020 Speakers: Laureen Kapin , Federal Trade

Public Safety Working Group Update 20 October 2020 Speakers: Laureen Kapin , Federal Trade Commission, United States - PSWG Co-chair Chris Lewis-Evans , National Crime Agency, UK ICANN69 PSWG Work Plan Reminder: PSWG Terms of Reference (June

601 views • 11 slides
Network Control CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula,

Network Control CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula,

Network Control CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca Portnoff, Nate

880 views • 69 slides

More recommend