Iot Sec in IP-IoT

[“Security Considerations in the IP-based Internet of Things,” Informational, Sep. 2013.
Security Considerations in the IP-based

Internet of Things
Contents
r Introduction
r The Thing Lifecycle and Architectural Considerations
m Threat Analysis
m Security Aspects
r State of the Art
r Challenges for a Secure Internet of Things
m Constraints and Heterogeneous Communications
m Bootstrapping of a Security Domain 자기 스스로 하는
m Operation
Security Considerations 1-1

[“Security Considerations in the IP-based Internet of Things,” Informational, Sep. 2013.]
Introduction
r Overview of security aspects of the envisioned
all-IP architecture as well as of the lifecycle of
an IoT device, a thing.
m interactions and relationships between an IoT application
and security
m challenges for a secure IoT in the specific context of the
lifecycle of a resource-constrained device.

The Thing Lifecycle and Architectural Considerations
r Interoperability as well as trust bootstrapping between

nodes of different vendors is important.
r The thing is installed and commissioned within a network
by an installer during the bootstrapping phase.
m The device identity and the secret keys used during normal
operation are provided to the device during this phase.
r After being bootstrapped, the device and the system of
things are in operational mode
r Occasional maintenance cycles may be required for
devices.

The Thing Lifecycle and Architectural Considerations (2)

Threats
r Cloning of things
m An untrusted manufacturer can easily clone the physical characteristics,
firmware/software, or security configuration of the things.
• cheaper price, degraded functionality, backdoor
r Malicious substitution of things

m A genuine thing may be substituted with a similar variant of lower quality
without being detected.
r Eavesdropping attack
m during the commissioning of a thing into network
m if the communication channel is not sufficiently protected
m in the event of session key compromise (due to a long period of usage without
key renewal or updates)
r Man-in-the-middle attack
r Firmware Replacement attack
r Extraction of security parameters

Threats (2)
r Routing attack
m Routing information in IoT can be spoofed, altered, or replayed.
m Other relevant routing attacks include
• Sinkhole attack (or blackhole attack)
• Selective forwarding
• Wormhole attack
• Sybil attack
r Privacy threat
r Denial-of-Service attack
m Things are typically vulnerable to resource exhaustion attack.

r Security Aspects
m Security bootstrapping denotes the process by which
a thing securely joins the IoT.
• Bootstrapping includes the authentication and authorization of
a device as well as the transfer of security parameters allowing
for its trusted operation in a given network.
m During the bootstrapping phase, each thing executes
the bootstrapping protocol, thus obtaining the
required device identities and the keying material.

State of the Art

r There exists a multitude of control protocols for IoT.
m For BAC systems, the ZigBee standard, BACNet, or BALI
play key roles.
m Recent trends focus on all-IP approach for system control.
r Protocols and procedures recently discussed
m IKEv2/IPsec, TLS, DTLS, HIP, PANA, and EAP
r Wireless Sensor Network Security and Beyond
m A variety of key agreement and privacy protection protocols
that are tailored to IoT scenarios have been introduced in
the literature.
for instance,
• random key pre-distribution schemes or SPINS for key establishment in
wireless sensor networks.
• ZigBee standard for sensor networks
m The Internet and the IoT domain do not fit together easily.

Challenges for a Secure Internet of Things

r Constraints and Heterogeneous Communication
m Tight resource constraints
m Denial-of-service resistance
m Protocol translation and End-to-End Security
r Bootstrapping of a Security Domain
r Operation

Constraints and Heterogeneous Communication
r Tight resource constraints

r Denial-of-service resistance
r Protocol translation and End-to-End Security

Constraints and Heterogeneous Communication (2)
r Tight resource constraints

m The IoT is a resource-constrained network that relies on
lossy and low-bandwidth channels for communication
between small nodes, regarding CPU, memory, and energy
budget.
m These characteristics directly impact the threats to and
the design of security protocols for the IoT domain.
• the use of small packets may result in fragmentation of larger packets
of security protocols.
– e.g., IEEE 802.15.4 supports 127-byte sized packets at the physical layer
– new attack vectors for state exhaustion DoS attacks
– lower performance due to fragment losses and retransmissions
• The size and number of messages should be minimized to reduce memory
requirements and optimize bandwidth usage.
• Small CPU and scare memory limit the usage of resource-expensive
cryptoprimitives such as public-key cryptography.

r Denial-of-service resistance
m The tight memory and processing constraints of things alleviate
resource exhaustion attacks.
m DoS countermeasure: return routability checks, puzzle
mechanism (details to be discussed later)
• return routability check: to delay the establishment of state at the
responding host until the address of the initiating host is verified.
– implemented in DTLS, IKEv2, HIP, Diet HIP
• puzzle mechanism: to force the initiator of a connection (and
potential attacker) to solve cryptographic puzzles with variable
difficulties.
– a viable option for sheltering IoT devices against unintended overload
– implemented in HIP


r Protocol translation and End-to-End Security
m 6LoWPAN and CoAP progress towards reducing the gap
between Internet protocols and the IoT
m More or less subtle differences between IoT protocols and
Internet protocols will remain.
m While these differences can easily be bridged with protocol
translators at gateways, they become major obstacles if
end-to-end security measures (between IoT devices and
Internet hosts) are used.
m Future work is required to ensure security, performance and
interoperability between IoT and the Internet
• details to be discussed later


m Distributed vs. Centralized Architecture and Operation
m Bootstrapping a thing’s identity and keying material
m Privacy-aware Identification
r Operation

Bootstrapping of a Security Domain
r Distributed vs. Centralized Architecture and Operation

r Bootstrapping a thing’s identity and keying material
r Privacy-aware Identification

Bootstrapping of a Security Domain (2)

r Distributed vs. Centralized Architecture and Operation
m In today’s IoT, most common architectures are fully
centralized in the sense that all the security relationships
are handled by a central party.
• In ZigBee standard, this entity is the trust center.
• Current proposal for 6LoWPAN/CoRE identify the 6LoWPAN
Border Router (6LBR) as such a device

Bootstrapping of a Security Domain (3)

r Bootstrapping a thing’s identity and keying material (1)
m Bootstrapping refers to the process by which a device is
associated to another one, to a network, or to a system.
m In a distributed approach, a Diffie-Hellman type of
handshake can allow two peers to agree on a common secret.
• In general, IKEv2, HIP, TLS, DTLS can perform key exchanges
and the setup of security associations without online
connections to a trust center.
m In a centralized architecture, preconfigured keys or
certificates held by a thing can be used for the distribution
of operational keys.
• A current proposal refers to the use of PANA for the
transport of EAP messages between the PANA client and the
PANA Authentication Agent (PAA), the 6LBR.
• EAP is thereby used to authenticate the identity of the joining
Protocol for Carrying Authentication
thing. and Network Access
• After the successful authentication, the PANA PAA provide

the joining thing with fresh network and security parameters.


r Operation
m end-to-end security

Operation (details to be discussed later)
After the bootstrapping phase, the system enters the

operational phase.
r End-to-End Security
m Providing end-to-end security is of great importance to
address and secure individual T2T or H2T communication.
m Protocol translation by intermediary nodes may invalidate
end-to-end protection measures.
skip r Group Membership and Security
m Group key negotiation is an important security service for
the T2Ts and Ts2T communication patterns
• as efficient local broadcast and multicast relies on symmetric
skip group keys
r Mobility and IP Network Dynamics

Iot Sec in IP-IoT

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iot Sec in IP-IoT

Uploaded by

Copyright:

Available Formats

[“Security Considerations in the IP-based Internet of Things,” Informational, Sep. 2013.

Security Considerations in the IP-based

Security Considerations 1-1

Security Considerations 1-2

The Thing Lifecycle and Architectural Considerations

r Interoperability as well as trust bootstrapping between

Security Considerations 1-3

The Thing Lifecycle and Architectural Considerations (2)

Security Considerations 1-4

The Thing Lifecycle and Architectural Considerations (3)

r Malicious substitution of things

Security Considerations 1-5

The Thing Lifecycle and Architectural Considerations (4)

Security Considerations 1-6

The Thing Lifecycle and Architectural Considerations (6)

Security Considerations 1-7

State of the Art

Security Considerations 1-8

Challenges for a Secure Internet of Things

Security Considerations 1-9

Constraints and Heterogeneous Communication

r Tight resource constraints

Security Considerations 1-10

Constraints and Heterogeneous Communication (2)

r Tight resource constraints

Security Considerations 1-11

Constraints and Heterogeneous Communication (3)

Security Considerations 1-12

Constraints and Heterogeneous Communication (4)

Security Considerations 1-13

Challenges for a Secure Internet of Things

r Constraints and Heterogeneous Communication

Security Considerations 1-14

Bootstrapping of a Security Domain

r Distributed vs. Centralized Architecture and Operation

Security Considerations 1-15

Bootstrapping of a Security Domain (2)

Security Considerations 1-16

Bootstrapping of a Security Domain (3)

• After the successful authentication, the PANA PAA provide

Security Considerations 1-17

Challenges for a Secure Internet of Things

r Constraints and Heterogeneous Communication

Security Considerations 1-18

Operation (details to be discussed later)

After the bootstrapping phase, the system enters the

Security Considerations 1-19

You might also like