Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Ismi Abidi Himani Raina Omais Shafi Sonal Swarnima S. R. Sarangi In collaboration with Kyushu University, Japan Introduction What is the Internet of Things (IoT)? Interconnection and participation of everyday objects via the internet that enables these objects to collect and exchange data . In formal terms According to Ciccozzi et al. –“IoT is characterized by an unprecedented set of heterogeneous, distributed, and intelligent things such as simple actuators, sensors, and RFID tags, as well as more complex devices such as computers, self-driving vehicles, and autonomous robots.” 2 IoT World Home • Health • Entertainment • Utilities and appliances • Health • Security Users • Personal User • Doctors • Industrialists • Policy Makers Transport • Traffic • Parking • Highways • Emergency Services IoT (Anytime, Anything, Anywhere) Community • Smart Metering • Surveillance • Factory • Environment National • Utilities • Smart Grid • Remote Monitioring • Defense • Infrastructure 3 Motivation Key challenges in the IoT World Management of heterogeneous data Performance Potential threat to unauthorized use of consumer data. Rising security risks. Limitations of IoT devices–size and processing power– leads to reduction of encryption as well as other power dissipating security measures. 4 Security Concerns Possible Threats and Attacks: Sound waves used to trick accelerometer in IOT devices like Fitbit [Feng et al.]. Cyber attacks against Dyn, which provides DNS to Reddit, Twitter, were launched using IoT botnet, Mirai. Former US Vice President Dick Cheney’s doctors disabled his pacemaker’s wireless capabilities to thwart possible assassination attempts Insecure routers and webcams. Vulnerabilities in devices such as security cameras and digital video recorders. Exploitation of wireless communication for IP connected security systems, medical devices such as pacemakers, insulin pumps. 5 Securing IoT using virtualization • Introduction • Threat Model • Proposed Work Flow Performance Security Power Trade-off • Comparative analysis • Challenges • Proposed Methodology Secure Execution of Distributed Systems • Statement • Components • Architecture 6 Securing IoT devices using Virtualization 7 Virtualization- A solution Performance Maintenance Virtualization Concerns Security Cost 8 Virtualization- A solution Commercial solutions to secure hardware using virtualization ARM TrustZone Intel Trusted Execution Technology [Greene et al.]. Intel Software Guard Extension ARM TrustZone 9 VMI Trusting the hypervisor Protection from hypervisor Hypervisor hardening Static code, Control Flow, Non-control data Minimize TCB TCB reduction Moving to Hardware Complexity of Solutions Less Deployability Protection from the Admin VM Move components outside hypervisor Nested Virtualization Add another layer before hypervisor HW-assisted solutions Hypervisor secure virtualization at HW Root-of-trust & Remote attestation Protected Containers 10 Related Work Smartphone virtualization Solutions Cells, Condroid, Vdroid, Brahma Securing Mobile Devices AP virtualization, Offloading security from medical device to new additional PAN security device Trusted Execution Environment TrustZone Based solution for IoT edge devices, real systems, mission critical systems Sandboxing Accelarators, GPU, Android Runtime Analysis 11 Threat Models Threat Model [Sgandurra et al.] consists of: Threat Attacks- DDoS, privilege escalation, side channel attacks Security Assumptions Basis from which security control is enforced Trust Assumptions Level of trusts in system’s components Cloud providers, proofs, assessments 12 Threat Model Threats Security Assumptions Trust Assumptions 13 DoS, DDoS Buffer Flow Software Attacks Man-in-the middle-attack Bluetooth Jamming TCP/IP hijacking Threats Firmware modifications Attack via ethernet adapter Blue Pills Hardware Attacks Privilege Escalation TLB Splitting Side channel Attacks 14 Access and tempering of physical system Physical Level Malicious BIOS/ DMA Trusted Boot Known Hardware Specification Security Assumptions OS vulnerability Virtualization Level Untrusted OS Introspection enabled Configuration Interface protection 15 Nature of service provider Trust Assumptions Cloud level Cloud service model 16 Proposed Work Flow Collection of source code of small devices Simulation of attacks on devices Countermeasures 17 Starting pointLow power device EEMBC benchmarks Open source code for • Medical devices • Smart meters • Acceleromet er • Gyroscope • Gesture sensors Simulation of attacks Identify security and trust assumptions Analyze and find backdoors in the source code Reverse engineer data flow and control flow Countermeasures API virtualization Lightweight paravirtualiztion Locked communication between two devices Virtualizing binary translation Machine Learning 18 Solution using Trap to hardware System call Binary Editor Trap to Hardware Network Comm. Source Code Device Instrumentation Log files Analyzer Efficient Remote Attestation Intelligent Hashing Check Modification in source code Power efficient technique App App App VM1 App VM2 Power Efficient Remote Attestation Hypervisor Hardware Implementation Features Security Performance Portability Transparency Limitations Power – Performance Security Trade-off 22 High Power vs Low Power Devices Issue/Feature Server Systems IOT devices Device Power High Low Resource constrained No Yes Use case Homogeneous OSs Heterogeneous OSs Hard Real time capability No Yes Major Hardware ISA Intel ARM Security Power Performance Challenges Cost Power Performance Security Encryption Mechanisms Cryptographic algorithms Throughput Security (Encryption/Decr yption) (MB/s) Power AES 4.17/6.45 Highly Secure High DES 4.01/6.35 Medium High 3DES 3.45/5.66 Medium High Blowfish 25.89/18.72 Highly Secure Low RC2 3.24/4.98 Low High RC6 7.19/7.43 Medium Medium Comparison of various Cryptographic Algorithms 25 20 MB/s 15 Encryption 10 Decryption 5 AES DES 3DES Blowfish RC2 RC6 0 Throughput Analysis 4 3.5 3 2.5 2 1.5 1 0.5 0 Power(µJo ule/Byte) AES DES 3DES Blowfish RC2 RC6 30 Power Analysis IoTSim IoTSim is capable of modelling the behaviour of a network of IoT nodes embedded with sensors and actuators, integrated with a centralised cloud. Cloud Smart Gateway Se Sensor and Actuator network Components of IoT simulator Overall simulator design Cloud Switches VM Storage Hosts Cloud Scheduling Allocation policies policies Smart Gateway IoT Node Sensor and Actuator network Actuators Sensors Processor IoT Node Cloud Repeater Sensor network Applications of IoTSim Simulate a scenario of smart homes or smart cities, which are gaining momentum in today’s world. Simulate a smart parking space and choose the best configuration of all types of devices for actual physical deployment. Proposed Work Flow Characterize an IoT job Run jobs on IoTSim Study power, perf., and security Secure Exexcution in Distributed Systems 32 Hacking of License Manager CPU emulators can be used for dynamically analyzing a binary’s execution Strategies to spoof a valid run: Control Flow Deviation Analysis: Ascertain the difference in the control flow of the application with a valid license key and an invalid one. Call Graph Alteration: Analyse the call stack of the application. Try to skip a correct function or flip a correct branch 33 Control Flow Deviation Analysis Execution when wrong license file is given Initialize Application License Validation Execute Application EXIT Execution when correct license file is given SKIP THE LICENSE CHECK Call Graph Alteration (CGA) 1. 2. 3. 4. 5. 6. … func1() … … … licenseCheck () 7. … 8. func2() 9. … Region of interest Jump leads to crash 1. 2. 3. 4. 5. 6. … … foo() … … bar() 1. … 2. … 3. crc_check() 4. … 5. … 7. … 8. … Instructions to be executed in future Skipping multiple instructions Skipping a single instruction Secure Execution Securing the control flow of a program (e.g. license manager) Ensure integrity of a binary, data and execution irrespective of OS/ CPU emulators/ VMM Generic software based approach to create secure sandboxes for program execution Avoid the high overhead of the hardware based techniques Ability to mark parts of software as secure/ non-secure 36 Secure Execution – Components Management Protocols • Attestation for code integrity Root of Trust • H/W coupled secure boot of application Secure Program Execution Secure IO • Secure communication (IPC/ Socket), Exception Memory Protection • Hardware supported Execution aware security 37 Secure Execution – Components Management Protocols Local attestation of application to ensure code integrity over time Root Of Trust Hardware driven (circuit derived) cryptographic key to ensure secure installation and execution Memory Protection Execution Aware memory protection - Modules with security guarantees enforced, independent of OS/ VMM Secure IO Secure communication between secure code running on same host or different hosts 38 Secure Execution – Architecture Secure Memory Secure Comm. Attester Secure Application Normal Application RTOS/ VMM Secure Install Key Manager MPU CPU 39 Thank You 40