ST Developers Conference 2016 - The Need for Security in IoT

1. October 4, 2016
Santa Clara Convention Center
Mission City Ballroom
The Need for Security In IoT
Who needs security anyway ?
Joe Pilozzi

2. The Rise of Connected Things 2
• ~33B connected devices by 2020
• $1.7 trillion in value added to the global economy in 2019
• 40% Compound Annual Growth Rate 2014–2020

3. The Connected Devices 3
Server Farms,
Server Clusters
Network Equipment
(routers, firewalls, ..)
PC/Laptop
Connected Media
Smart Phones, Tablets
Embedded Connected Devices
Smart Things

• Few Mu

• Tens of Mu

• ~ 1 Bu

• ~ 10 Bu

• ~ 10 Bu  20 Bu
 • ~ 30 Bu  50 Bu
Represents a very large
opportunity for business
and for mischief

4. Who Needs Security Anyway

5. Who Needs Security Anyway … 5
• It’s about protecting Assets
• Knowing the true value of those Assets you are
going to protect
• Assets are a wide range of items
• Consumers Personal Information
• Financial, Health, Location, Passwords, Accounts
• Your Product or Solution
• Processes, Services, Intellectual Property, Firmware, Brand
• Health and Safety
• Medical devices, Manufacturing Processes and Equipment, Transport and Vehicles
• The Work Place
• Production Equipment, Environmental and Access Controls
Assets
….. Your brand, your reputation
Photo source : Wired Magazine

6. Connected Device Are Subject to Attacks 6
• Hacking opportunities made significantly easier with devices
being connected to the internet
• Exploiting carelessly managed user private information, as in
the case of a connected SmartFridge
• Exploit flaws and genuine mistakes leading to weaknesses in
security
• Hacking opportunities come from a failure to correctly verify
the identity of devices on a network
• An attack may take an indirect route to an asset by targeting
the weakest link in a system, as in the case of a remotely
hacked vehicle
https://www.wired.com/2016/02/flaws-in-wireless-mice-and-keyboards-let-hackers-type-on-your-pc/

7. And More … 7

8. Threats and Vulnerabilities

9. General Threats To IoT Systems
9
• Access / misuse of services and networks
• Access / misuse of devices
• Theft of confidential data or identity
• Counterfeit devices or services

10. Threat Analysis 10
• Asset
• In general terms is information, a capability, an advantage, a feature, financial or technical
resource that may be damaged, lost or disrupted
• Assets may be digital (software sources), physical (a car or a server) or commercial (brand)
• Damage to an asset may affect the normal operation of the system as well as that of
individuals and organizations involved with the system
• Threat
• Threat is a specific scenario or a sequence of actions that exploits a set of vulnerabilities and
may cause damage to one or more of the system's Assets

11. Threat Analysis 11
• Vulnerabilities
• Is a weakness, limitation or a defect in one or more of the system's elements that can be
exploited to disrupt the normal operation of the system
• They may be in specific modules of the system, its architecture, its users and operators,
and/or in its associated regulations, operational and business procedures
• Countermeasures, "safeguards“ or Barriers
• Is a procedure, function, process, action or a means of mitigating a specific vulnerability
or several different vulnerabilities

12. Threat Analysis 12
Concepts and Relationships
Assets
Value Assets
Vulnerabilities
Threats
Wish to abuse
Exploit• Countermeasures mitigate Vulnerabilities and therefore
mitigate Threats and hence reduces Risk
Increases
Wish to minimize Risk
Value
Hence evaluate Attacks
To Protect
Countermeasures / Barriers
Mitigates
Develop
Reduces
• Threats exploit Vulnerabilities and to gain access to Assets
Customer
Owner

13. Threat Analysis 13
Smart Metering System
Gateway
Cloud Services
Network
Smart Meter
Threat
• Commercial and cyber crime
• Disruption of administration system
• Supply shut down – disruption of service
• Spread of wrong information (e.g. invoices)
Fake Service
• Commercial and cyber crime
• Identifying empty houses
• Invoice Fraud
• Manipulating meter readings
• Misuse of private customer data
Eavesdropper Data Corruption
• Identifying empty houses
• Manipulating meter readings
• Misuse of private customer data
• Invoice fraud
Compromised Device Data Corruption
• Distributed Denial-of-Service (DDoS)
• Malicious code
Counterfeit Device

14. Classes of Attacks 14
Invasive Product Attacks
With the case opened / removed
• Test / debug port access
• Inter device bus and IO probing
• Reset, clock attacks
• Power analysis
• Temperature / electrical attacks
Invasive Silicon Attacks
Device de-packaged
• Circuit analysis and probing
Non Invasive Attacks
Misuse of network protocols
• Exploit communication protocol errors
• Flaws in software design / implementation
Box Internet
The
Cloud
BOX

15. Invasive Silicon Attacks 15
• Silicon Reverse Engineering
• FLASH or ROM code retrieval
• Whole or partial gate net-list extraction
Prepared for probing
• Identification of Internal Structure of the Chip
• Layout analysis, feature, buses, …
• Find “good“ location for probing
• Buses and memory to obtain keys, data, code
• A Fault Injection Attack - Non or Semi-Invasive
• Disturb normal behavior
• Exploit unexpected behavior
• Sources
• Laser, UV, X-rays

16. Software Attacks 16
• >95% attacks today exploit software implementation flaws
• Heartbleed - wrong buffer size
• Apple IOS web authentication by-pass - software line duplicated
Human error contributes to
nearly all of these incidents

17. Cost /
Effort
Relative Cost Of Attacks 17
Software Attacks
• Stack overflow
• Malware
• Virus
• Trojans
Invasive
Silicon Attacks
• Reverse Engineering
• Probing
• Fault Injection ( Laser, X-Ray, VU)
Invasive
Product Attacks
• Physical access ( JTAG, IOs)
• Environment Perturbation
• Side Channel Attacks
(SPA, DPA, DEMA)
Today
95 % attacks
Complexity

18. Fortifying an IoT Device
Countermeasures

19. An IoT Device’s Security Needs 19
Prevent device misuse
Prevent device or server counterfeiting
Resistance against
hacking, cloning
Authentication
• Device to device
• Device to server
Service and network access corruption
Prevent device
misuse
Integrity and Availability
• Secure Boot
• Secure firmware upgrade
• Trusted processing
Data privacy
Prevent data collection or corruption
Confidentiality
• Data / identity protection
• Secure communications
• Secure storage
Upgradability
Secure Communications
• Secure firmware upgrade
Prevent device misuse
Need Solution

20. Countermeasures 20
• Cryptography algorithms are used to protect data and establish trust
Cryptography
Authentication
• Challenge – Response
• TLS/DTLS protocols
challenge
response
Authentication Process
Availability
Service protection
• Secure Boot
• Secure Firmware Upgrade
• Trusted Processing
Data Integrity
• Data with Signature
- using RSA / ECC
• Cryptography ciphers (AES, DES, ECC, RSA) are public
• Protecting keys is the key to success
Confidentiality
Data encryption
• Symmetric DES / AES
• Asymmetric RSA / ECC

21. Countermeasures 21
• Smaller silicon geometries the better – more difficult to probe
• Layout flattening – just a sea-of-gates
• Easier to hide busses and critical signal routing
• More difficult to identify functions / features
• Camouflage to prevent reverse engineering
Physical Design Techniques
Standard routing Camouflaged routing

22. Managing Risk

23. Cost
Managing Risk 23
• Always seek better level of security/integrity
• Use the integrity and cryptographic tools offered
• Seek out advise for best practices
Risk
Robustness
Security
Optimal
Government
Mandated
Security
Fort KnoxPoor
Always seek better
Increase
due to
Hacking
Vulnerable

24. Invasive Product Attacks
With the case opened / removed
• Test / debug port access
• Inter device bus and IO probing
• Reset, clock attacks
• Power analysis
• Temperature / electrical attacks
Non Invasive Attacks
Misuse of network protocols
• Exploit communication protocol errors
• Flaws in software design / implementation
Invasive Silicon Attacks
Device de-packaged
• Circuit analysis and probing
• Fault injection
Solutions 24
Box Internet
The
Cloud
BOX
Add a Secure Element
• Much Better Tamper Resistant
• Trusted Crypto Services
• Secure Storage
• Independently Certified
A Better
Solution
Use an MCU’s security features
• Unique Device IDs
• Memory Protection
• Firewall
• Tamper Detection
• Crypto Hardware
• AES, T-RNG
• Debug Port Protection
Solution
SOLUTIONS

25. Layers of Security Services 25
• Security services should be handled
independently in silo’ed processes
System Layers
Application / Cloud
• Access control and right management
• Feature and product management
Data / Transport Layer
• TLS/DTLS, HTTPS etc
Link Layer / Physical Layer
• Network physical layer security
• e.g. WiFi – WPA2, 802.11i
Device Security Services
• Secure Boot

26. Cybercriminals 26
• Cybercriminals are motivated by various factors
• Financial gain, brand damage, political or terrorism, or plain old mischief making
• Todays cybercriminals are increasingly well funded criminal organizations
• Cybercriminals don’t necessarily target the final asset directly, but target less
secure devices connected to the same network
Never Underestimate …..
• Minimize your vulnerabilities or “attack surface”
• Seek out advise on threat analysis

27. Risk Management 27
• Understand the value of the Assets you are going to protect
• Understand your Threats and Vulnerabilities
• Develop a security strategy to reduce Risk
• At the right level of security for the value of the Assets being
protected
• Make use of the microcontrollers integrity and hardware based
cryptography tools available
• Crypto libraries, crypto accelerators
• Robustness features like debug port protection, memory
partitioning, firewall and tamper detection
Fortified Solutions
• A well Fortified Solution makes use of these features
• Don’t make it easy for a cybercriminal!

28. Is Your Product Secure ?

29. Is Your Product Secure … 29
• Device Integrity
• Can you determine if the product is authentic and can it be trusted?
• Security of Communications
• Is private data being transferred confidentially and with integrity?
• Security of Stored Information
• Is private data being stored in a protected manner ?
A Simple Check List

30. Security of Connected Devices Does Matter 30
Even our election could be a risk ..
Source: Engadget

31. Conclusion

32. Conclusion 32
Work with ST, your experienced partner
• Internet of Things presents a wealth of opportunities, a growth for commerce and an increased
risk of theft, mischief and damage or loss of life
• Understand the value of Assets in your system or product
• Perform threat analysis to better understand your Risks
• Reduce risk by designing and managing secure products well fortified against threats
• Design and manage your products using good design practices
• Design products and systems resilient against threats throughout their life-cycle
• A robust product is achieved through the use of security features and tools
• Most of the software attacks today can be thwarted by good firmware development practices

33. Demos

34. ST Solutions for Security in IoT 34
Smart City Solution
for IoT Node

35. 35

36. Thank You