IoT Security

© Waher Data AB, 2018.

 1. Overview

© Waher Data AB, 2018.

 Problem domain
IoT systems particularly vulnerable:

 Long-term operation
 Technologies become obsolete
 Lack of updates
 Invisible operation
 No visible clues something is wrong
 No human operator (for normal use case)
 Lack of supervision
 Larger scale
 More units and attack surfaces

© Waher Data AB, 2018.

”America's greatest
threat is the
Internet of Things”
Feb 9, 2016

James R. Clapper

Ex-Director of National Intelligence

http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
 2. HTTP / HTTPS

© Waher Data AB, 2018.

 HTTP(S)
 Standardized by IETF
 Popular
 Well known
 Request/Response communication pattern
 Web-socket
 Bidirectional
 Asynchronous
 TLS transport encryption
 Problems:
 Topology
 Middleware
 Distributed/Global Identities
 Difficult to make secure

© Waher Data AB, 2018.

 Topology Problem
 Actors
 Client
 Server
 Server must be reachable by the client
 Thing a server
 Natural, from a conceptual perspective.
 Sacrifices security: “hole punching”
 Thing a client
 Unnatural
 Sacrifices privacy
 Creates potential bottlenecks
 Server or Middleware processing

© Waher Data AB, 2018.

 Middleware
 How can a client communicate with a client?
 “Middle”-ware: Software in the middle of clients.
 Acts as servers to both clients.
 Proprietary solutions
 Multitudes
 Hybrid solutions
 LWM2M (just data collection)
 MQTT (proprietary HTTP bindings)
 Standardized solutions
 XMPP (BOSH or Web-socket bindings)

© Waher Data AB, 2018.

 Scalability Problem
 C10K problem
 Difficulty in creating scalable middleware.
 Vulnerability increases by scale
 Alternative: Federated middleware
 XMPP (standardized option)

© Waher Data AB, 2018.

 Identity Problem
 Authentication
 Server typically manages accounts
 Distributed identities difficult
 Reversed original architecture
 Difficult to make security decisions in a
distributed environment.

Client Server

Client Server Client Server Client Server

Client Server

© Waher Data AB, 2018.

 3. MQTT

© Waher Data AB, 2018.

 MQTT
 Standardized by OASIS
 Popular
 Most used protocol for IoT
 Publish/Subscribe communication pattern
 Efficiently distributes data to multiple
subscribers
 The broker solves the topology problem.
 TLS Transport Encryption
 Problems:
 Multiple serious design-vulnerabilities
 Scalability
 Identities

© Waher Data AB, 2018.

 Publish/Subscribe

© Waher Data AB, 2018.

 Vulnerabilities by design 1(2)
 No forwarded identities
 Authorization becomes impossible by things
 Makes injection a great threat
 Control signals
 False data
 Bandwidth depletion
 Lack of privacy
 No negotiation of who can subscribe
 Access control out-of-band (proprietary)
 Wildcards
 Makes it easy to eavesdrop
 Scalability
 Topic tree and number of devices have limits
 No natural way to federate
 How do you interoperate across domains?

© Waher Data AB, 2018.

 Vulnerabilities by design 2(2)
 Passwords in clear text*
 Out-of-band (proprietary) authentication with
client certificates required
 Lack of content meta-data*
 Impedes interoperability
 Indeterministic
 Cannot foresee the consequences of an operation
 Relies on careful operation of broker
 Overview of topic tree difficult
 Who operates the broker across domains?

(*) Partially solved if explicitly used in MQTT v5.

Governments actually warn against bad

MQTT implementations. MQTT is notoriously
difficult to use securely. Use it in internal secured
networks.
© Waher Data AB, 2018.
 Warnings
 Governments actually warn against bad
MQTT implementations.
 MQTT is notoriously difficult to use
securely.
 Use it in internal secured networks.

https://cert.se/2016/09/mqtt-i-sverige

© Waher Data AB, 2018.

 4. CoAP / CoAPS

© Waher Data AB, 2018.

 CoAP(S)
 Standardized by IETF
 “Binary HTTP”
 Resource-constrained networks
 Resource-constrained devices
 UDP
 Solves C10K problem
 Communication Patterns
 Request Response
 Event Subscription
 Multi-casting
 DTLS transport encryption
 Not for multi-casting

© Waher Data AB, 2018.

 Limitations
 Still has topology problem
 Assumes middleware for Internet use
 LWM2M is standardized middleware
 Some interoperability
 IPSO Smart Objects
 Only for data collection
 Difficult to interoperate between things
 Distributed identities still difficult.

© Waher Data AB, 2018.

 5. XMPP

© Waher Data AB, 2018.

 XMPP
 Standardized by IETF
 Federated
 Globally scalable
 Extensible
 XML namespaces
 Open
 Robust
 Secure
 Interoperable
 Binding
 Socket, HTTP, WebSocket

© Waher Data AB, 2018.

 Communication
 Brokers
 Accounts
 Rosters
 Routing
 Federation
 Topology insensitive
 Server-less
 Peer-to-peer
 Authentication
 SASL
 Encryption
 TLS
 E2E

© Waher Data AB, 2018.

 Federated Brokers
 Authenticate clients
 SASL
 Cooperate (federation)
 Forward identities
 Authorization
 Roster
 Presence
 Subscription
 Solve
 Topology problem.
 Latency problem.
 Scalability problem.

© Waher Data AB, 2018.

 Communication Patterns

Intrinsic patterns:
 Asynchronous messages (message)
 Request/Response (iq)
 Publish/Subscribe (presence)

Extended
 Publish/Subscribe
(extended by XEP-0060, 0163)
 Multicasting
(extended by XEP-0045)

© Waher Data AB, 2018.

 Communication Patterns

Async. Req/Resp Pub/Sub Federation Broker P2P7

Msg.

MQTT ✓ ✓
HTTP ✓ ✓
CoAP ✓ ✓ ✓
XMPP ✓ ✓ ✓✓✓ ✓ ✓* ✓

* Note: XMPP supports server-less communication as well.

© Waher Data AB, 2018.

 Security

Standard layers of security:

 Global Identities (always forwarded)

 Authentication (SASL)
 Encryption (TLS)
 Authorization (presence subscription)
 Blocking
 Spam reporting
 Provisioning

© Waher Data AB, 2018.

 IoT Harmonization (1451-99)
 Sensor Data
 Control Operations
 Localization (M2M, M2H)
 Tokens for distributed transactions
 Decision Support (for devices)
 Provisioning (for owners)
 Peer-to-Peer communication
 End-to-end encryption
 Concentrator/Bridge (“Thing of things”)
 Discovery
 Ownership
 Clock Synchronization
 Secure Account Creation
 Legal Identities
 Contracts
 Automated provisioning
 Economic feedback

https://gitlab.com/IEEE-SA/XMPPI/IoT

© Waher Data AB, 2018.

 Backbone
 Efficiency
 Interoperability
 Global scalability
 Technology agnostic

vs

© Waher Data AB, 2018.

 6. Privacy

© Waher Data AB, 2018.

 Rights
New privacy legislation (GDPR) require:

 Legal base for processing

 (consent, legitimate interest, etc.)
 Transparent information to subjects
 Provide subjects with rights:
 Provide access to personal data
 Export personal data
 Correct erroneous personal data
 Restrict personal data
 Delete personal data
 Etc.
 Underlying technologies must support these rights
 Makes Blockchain illegal for use with personal data.

© Waher Data AB, 2018.

 Security

GDPR references as benchmark:

 “State of the art”.

 “Data protection by design and by
default”.

© Waher Data AB, 2018.

 Data Protection by design
 Cannot be superficial:
 Not sufficient with log-in
 Or apparent security

 Must permeate architecture:

 APIs
 Databases
 Communication (Protocols)
 Code
 Hosting
 Runtime

© Waher Data AB, 2018.

 Examples
Examples of techniques used in Data Protection:

 Decentralization
 Ubiquitous encryption
 Authentication
 Authorization
 Hashing
 Signatures
 Anonymization
 Pseudonymization
 Obfuscation
 Data masking
 Data aggregation
 Security logging
 Monitoring
 …

© Waher Data AB, 2018.

 XMPP & Data Protection by Design

XMPP supports data protection by design:

 Decentralization
 Ubiquitous encryption
 Even end-to-end encryption
 Global identities
 Authenticated
 Forwarded
 Basic communication authorized

© Waher Data AB, 2018.

 Data Protection by default

You don’t add protection

 It’s all on by default

You remove protection

 Permissions are granted

Compare difference between:

 White-list (by default)
 Black-list (not by default)

© Waher Data AB, 2018.

 XMPP & Data Protection by Default

XMPP supports data protection by default:

 Presence negotiation
 Consent-based
 Required to be able to communicate
using iq and presence.
 Consent can be withdrawn.

© Waher Data AB, 2018.

 Decentralization & security
Decentralization has security implications:

 More attack surfaces.

 But value of each node is small.
 Value/Effort ratio small.
 Easier to protect.
 Massive data breaches difficult.
 You don’t put all your eggs into the same basket.
 More resilient.
 End-to-end encryption.

Bonuses:

 Permits enforcing ownership of data

 Owner can authorize access, restrict processing or delete data
© Waher Data AB, 2018.
 Anonymization vs. Strong Identities

Anonymization:
 Protects whistle blower or dissident
(or criminal or terrorist)
 Makes security decisions difficult.

Strong identities (pseudonyms):

 Protect information owners.
 Allows selective responses.

Both protect privacy, in different ways.

© Waher Data AB, 2018.

 Mastering Internet of Things
 Raspberry Pi & Arduino
 Sensors, Actuators, Controllers,
Concentrators, Bridges
 Protocols:
MQTT, HTTP, CoAP, LWM2M,
XMPP
 Interoperability
 Social Interaction
 Decision Support
 Product Lifecycle
 IoT Service Platforms
 IoT Harmonization
 Security
 Privacy

Amazon
Packt
Microsoft Store
Contact: https://waher.se/

© Waher Data AB, 2018.