Page 1
TerraSwarmTerraSwarm
SponsoredbytheTerraSwarmResearchCenter,oneofsixcentersadministeredbytheSTARnetphaseoftheFocusCenterResearchProgram(FCRP)aSemiconductorResearchCorporationprogramsponsoredbyMARCOandDARPA.
AToolkitforConstructionofAuthorizationServiceInfrastructurefor
theInternetofThings(IoT)HokeunKim1,Eunsuk Kang1,EdwardA.Lee1,DavidBroman2
IoTDI 2017,Pittsburgh,PAApril19,2017
1UniversityofCalifornia,Berkeley2KTHRoyalInstituteofTechnology
Page 2
Overview– IoT &Authorization
TerraSwarm Research Center 2
Privatedata
Control
• InternetofThings • Authorization(accesscontrol)– Criticalforcomputersecurity
Benefits,butalsochallenges
• Existingsecuritysolutions?– Mayworkwellforsomepartsof
theIoT,butnotfortheentireIoT!
• Proposedapproach– SST– SST:SecureSwarmToolkit– Anopen-sourcetoolkitforbuilding
authorizationinfrastructurefortheIoT– ToaddressIoT securitychallenges
Page 3
Motivation• ChallengesinIoT security[1]
TerraSwarm Research Center 3[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Heterogeneity• Securityrequirements&resourceavailability• Connectivity(wiredconnectionsvs.mobiledevices)• Systemmanagement
Page 4
Motivation(cont'd)
TerraSwarm Research Center 4
• ChallengesinIoT security[1]
[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Operationinanopen(orhostile)Environment• Physicalaccess & wirelessaccesstoIoT devices• Higherriskofbeingcompromised• MustbeabletorevokeaccessofcompromisedIoT devices
Page 5
Motivation(cont'd)
TerraSwarm Research Center 5
• ChallengesinIoTsecurity[1]
[1] Singhetal., 2016."TwentySecurityConsiderationsfor Cloud-SupportedInternetofThings"
Sources:"Ericsson MobilityReport",June2016/"CiscoGlobalCloudIndex:ForecastandMethodology,2015–2020",Publishedin2016
Scalability• 28billionconnecteddevicesin2021• 15.3ZBdatatrafficin2020
– 1ZB(Zetta byte)=109 TB(Terrabytes)
Page 6
Background:Authorization&IoT
• Authorization– Accesscontrol• "CanIentertheEECSbuilding?"
– Allowing/denyingaccesstoresources– Revokingaccess(e.g.,lostIDcard)
TerraSwarm Research Center 6
• Authentication– Identifyingsomeone/something• "MemberofEECS?"
– Essentialforauthorization
Page 7
Background(cont'd)
• ManyIoT platformsuseTLS(orDTLS[2])forauthentication/authorization– E.g.,AmazonAWSIoT,OpenIoT[3],OSCAR[4],etc.
TerraSwarm Research Center 7
• TLS(TransportLayerSecurity,alsocalledSSL/TLS)– UnderlyingsecurityprotocolforHTTPS–Widelyused,verysuccessfulforweb
[1]VariantofTLSoverUDP,2012"DatagramTransportLayerSecurityVersion1.2.RFC6347"[2]JohnSoldatos etal.,2015."OpenIoT:OpenSourceInternet-of-ThingsintheCloud"[3]Vucinic etal.,2015."OSCAR:ObjectsecurityarchitecturefortheInternetofThings"
Page 8
Background(cont'd)
TerraSwarm Research Center 8[1]Mutton,"Certificaterevocation:WhybrowsersremainaffectedbyHeartbleed",Netcraft,April,2014[2]Duncan,"How certificate revocation (doesn’t)work inpractice",Netcraft,May,2013
• ChallengeswithusingTLSfortheentireIoT– Energyoverheadofpublic-keycrypto&certificates– Scalability(managingcertificatesfor~28billiondevices)– Revocationofcertificatescanbeproblematic[1,2]
– Limitedsupportforone-to-manycommunication
• TLSbasedonadigitalcertificate
EncryptedSecurechannel
CertificateissuedbyCA
BrowserWebServer
CertificateAuthority(CA)
Certificate Public-keycryptography
Page 9
Background(cont'd)
TerraSwarm Research Center 9
– Kerberos[1]• Advantagesforaccessrevocation• Requiresstableconnection• Centralizedarchitecture
– Securitysolutionsfor"Things"• E.g.,WSN,MANETorswarmdevices• Assumehomogeneousenvironments• NotdesignedforInternetscale[2]
[1]C.Neuman etal.,2005."TheKerberosNetworkAuthenticationService(V5)".RFC4120[2]Alcaraz etal.,2010."Wirelesssensornetworksandtheinternetofthings:Doweneedacompleteintegration?"
• ChallengeswithapplyingothersecuritysolutionsKerberos
AuthenticationServer
ServiceServerClient
*Ticket:temporarytokenforaccessingservice
*
*
Source:http://www.yuden.co.jp/ut/solutions/wsn/
Page 10
ProposedApproach• SST– SecureSwarmToolkit
TerraSwarm Research Center 10
– Anopen-sourcetoolkitforauthentication/authorizationoftheIoT (availableonhttps://github.com/iotauth)
Page 11
ProposedApproach(Cont'd)
• SpecificgoalsofSST
TerraSwarm Research Center 11
Heterogeneity
OpenEnvironment(AccessRevocation)
Scalability
Integrationofexistingsecuritysolutions(notinventingnewones)
Locallycentralizedandgloballydistributedarchitecture
Easeofdeploymentbylocaldomainexpertsatalargescale
Page 12
SST’sDesignandImplementation
• Auth[1]– Locallycentralized,globallydistributedauthentication/authorizationentity(software)
– Javaprogramtobedeployedonedgedevices[2] (e.g.,IntelIoT gateways)
TerraSwarm Research Center 12
[1]AprototypeofAuth hasbeenproposedinKimetal.,2016."ASecureNetworkArchitecturefortheInternetofThingsBasedonLocalAuthorizationEntities"[2]Lopezetal.,2015."Edge-centricComputing:VisionandChallenges”
AuthAuth
Auth
Auth
Auth
Auth
ElectricVehicle
SmartHome
Auth
Auth
Auth
Auth
MedicalCenter
SmartPowerGrid
Auth
Internet
ConferenceRoom
Factory
PersonalArea
Network
Page 13
DesignandImplementation(cont'd)
• Securecommunicationaccessors
TerraSwarm Research Center 13
– Softwarebuildingblocks forsecurelyaccessingAuth andtheIoT services
– Encapsulatecryptokeys&operations– HelpIoT developerswhoarenot
securityexperts
– Formoreinformation,seehttps://accessors.org– We'restillatastartingpointandworkingonmoreaccessors!
IoT Application(Actor-orientedProgramModel)
Secure Comm Accessor
IoT ServiceAuth
CryptoKey
Encrypt&authenticate
Decrypt&verify
Message
Message
GenerateMessage
ProcessMessage
Message
– Currentlyavailableaccessors(inJavaScript)
Page 14
DesignandImplementation(cont'd)
TerraSwarm Research Center 14
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
AuthSessionKeyIwanttouse
IoT Service!
EncryptedwithDistributionKeybetweenAuth andClient
• Example:HowSST(Auth andaccessors)works
Page 15
DesignandImplementation(cont'd)
TerraSwarm Research Center 15
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-response
Challenge-response[1] tocheckwhetherIoT ServerhasthesameSessionKey
[1]SimilartoTLSPSKextensionbyEronen andTschofenig.2005.Pre-SharedKeyCiphersuites forTLS.RFC4279.
• Example:HowSST(Auth andaccessors)works
Page 16
DesignandImplementation(cont'd)
TerraSwarm Research Center 16
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-response
SessionKey
EncryptedwithDistributionKeybetweenAuth andIoT Server
• Example:HowSST(Auth andaccessors)worksOK,Clientcanaccess
thisIoT Service.
Page 17
DesignandImplementation(cont'd)
TerraSwarm Research Center 17
Client
SecureCommClient
AccessResponse
FromService
RequestToSend
ProcessClient
Message
RespondToClient
SecureCommServer
IoT Service
Auth
Initiatechallenge-responseFinishchallenge-response
Protectedcommunicationchannelusingsessionkeyandstandardcryptography[2]
• Example:HowSST(Auth andaccessors)works
Securecommunication
[2]FollowedTLS1.2’sstandard,includingsequencenumber,encrypt-then-MAC
Page 18
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
SSTforHeterogeneity
• SST’sconfigurationalternatives
TerraSwarm Research Center 18
Heterogeneity
OpenEnv.
Scalability
Moresecurityguarantees
Lessenergyoverhead
Effectofknobswillbeshownthroughexperiments!
Page 19
SSTforOpenEnvironment
TerraSwarm Research Center 19
– SST'sdesigntotimelyrevoke keys(session&distributionkeys)• MustalwaysbeauthorizedbyAuth• Revocationtakeseffectimmediately
• Limitingdamagefromcompromisedentities
Heterogeneity
OpenEnv.
Scalability
– EvenwhenClientwithavalidsessionkeyiscompromised,Auth canpreventitsaccesstoIoT Server!
Client
SecureCommClient
AccessReceivedMessage
MessageToSend
Auth SessionKey
ProcessReceivedMessage
RespondToClient
SecureCommServer
IoT Service
Initiatechallenge-response
Client
Page 20
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 20
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
Heterogeneity
OpenEnv.
Scalability
Page 21
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 21
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
Heterogeneity
OpenEnv.
Scalability
Page 22
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 22
SecurePublisherMessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
MessageBroker
Message
Message
Message Message
ThroughMQTT(publish-subscribeprotocol)
Heterogeneity
OpenEnv.
Scalability
Auth
Page 23
SSTforScalability
• Sharedkeysupportforone-to-manycommunication(fordatascalability)
TerraSwarm Research Center 23
SecurePublisher
Auth
MessageToPublish
AccessPublishedMessage
SecureSubscriber
Sender
Receiver1
AccessPublishedMessage
SecureSubscriber
Receiver2
AccessPublishedMessage
SecureSubscriber
ReceiverN
UDPbroadcastoveralocalnetworkMessage
Heterogeneity
OpenEnv.
Scalability
Object(data)security(e.g.,forinformation-centricnetworks)
Page 24
SSTforScalability(cont'd)
• GloballydistributedAuths (toscalewith#IoT devices)– Trustrelationshipswithoutacentralizedauthority
TerraSwarm Research Center 24
Auth Auth
Client IoT Service
Heterogeneity
OpenEnv.
Scalability
Auth
Auth Auth
Auth
AuthAuth
Auth
AuthAuthTrustrelationshipbetweenAuths
Secure communication
Page 25
Evaluation:SecurityAnalysis
TerraSwarm Research Center 25
DesiredSecurityProperties• Confidentiality(ofdata)• Messageauthenticity• Dataintegrity
ThreatModel• Networkattackers
• Eavesdroporinjectpackets• CompromisedIoT Entities
• Trytobreaksecurityofothers• NocompromisedAuths
FormalSecurityModelofSST[1]• ModeledinAlloy[2] (Modelcheckingtool&language)• IncludesmodelsforAuths,entitiesandcommunicationmessages
Result:Formallyproventosatisfythesecurityproperties![1]https://github.com/iotauth/security_analysis[2]http://alloy.mit.edu/alloy/
Page 26
Evaluation:ScalabilityAnalysis• Auth’s authorizationtasksinclude– CommunicationwithIoT entities andAuths– Cryptographicoperations– AccessingAuth’s database (keys,accesspolicy,etc.)
TerraSwarm Research Center 26
Accessactivityperentity↑
AuthAuth
AuthAuth
AuthAuth AuthAuth
AuthAuth
AuthAuth
NumberofIoT entities↑
Authorizationworkload↑
• Scalabilityanalysisresult:– EachAuth’s workloadisalinearfunctionof“numberofentitiesperAuth”, not
“totalnumberofentitiesinthesystem”,assumingaccessactivityperentityisfixed– Intheory,wecanalwaysscalewithincreasingentitiesbyaddingAuths accordingly
Page 27
Experiments&Results
• Effectofvariousconfigurationalternatives– Estimatedenergyconsumptionforsettingupsecureconnections betweenIoT clients&IoT servers• Loggedcryptooperationsandcapturedpackets• UsedenergynumbersfromUAB[1]andSICS[2]
TerraSwarm Research Center 27
[1]UAB(UniversitatAutònomadeBarcelona),Rifa-PousandHerrera-Joancomarti.2011[2]SICS(SwedishInstituteofComputerScience),FeeneyandNilsson.2001
Client
IoT Server
Client
Client
ClientClient
Energyoverhead?
Page 28
495
417
312
259
227
225
120
67 35985
642
424
327
259 45
1232
135
671967
1093
650
461
324
901
458
270
133
0200400600800
100012001400160018002000
1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞ 1 ∞
TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP
Updated Permanent Updated Permanent Updated Permanent
TLS SST TLS SST TLS SST
16Clients 32Clients 64Clients
Energy(m
J)
Estimatedenergyconsumptionofresource-constrainedserver
Public-keycryptoSym.crypto&MACNetworkcomm.
Numberofallowedcachedsessionkeys
UnderlyingProtocolDistribution keymanagement
Numberofclients
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
Experiments&Results(cont'd)
TerraSwarm Research Center 28
• Moreresultsinourpaper!(forIoT clients)
EstimatedenergyforanIoT serverconnectedby16,32,and64clients
Moresecurityguarantees
Lessenergyoverhead
Tradeoffsforheterogeneity!
Note:TLSwasusedasareferenceandwedonotclaimthatSSTisbetterthanTLS
32
1
1
23
Page 29
Experiments&Results(cont'd)
• Asenderandmultiplereceiverswithdifferentsettings
TerraSwarm Research Center 29
(1)ConnectionswithSSL/TLS (2)SharedKey+secureconnectionsbySST
(3)Sharedkey+MQTTmessagebroker
Sender
ReceiverReceiver
ReceiverSSL/TLS
Sender
ReceiverReceiver
ReceiverUDPbroadcast
ReceiverReceiver
ReceiverBrokerSender TCPTCP
Sender
ReceiverReceiver
ReceiverSSTsecureconnection
(4)Sharedkey+UDPbroadcast
:SharedsessionkeydistributedbyAuth
Updatedusingpublickey
Permanent
Nodirectkeydistribution
EphemeralDiffie-Hellman
Encryption
Authenticationonly
Strong&shortLightweight&long
Distribution key
Cryptostrength&keylifetimes
SessionkeyusageNumberof
sessionkeysharers
Cachedsessionkeys
Underlyingprotocol
TCP
UDP
One
Two(server-client)
Morethantwo(broadcasting)
Unlimited
Unlimited Multiple
D-3
D-1
D-2P-1
P-2
C-1 C-2 C-3K-1K-2K-3
O-1
O-2
O-3
S-1
S-2
S-3
Page 30
54.0
48.6
3.4
3.0
108.1
96.9
3.4
3.0
216.2
193.5
3.4
3.0
0
50
100
150
200
250
TLS ISC MB UB TLS ISC MB UB TLS ISC MB UB
16Receivers 32Receivers 64Receivers
Energy(m
J)
Estimatedenergyforsending1KBmessage
Sym.crypto&MACNetworkcomm.
Net.Setting
#receivers
Experiments&Results(cont'd)
TerraSwarm Research Center 30
Estimatedenergyforasendertosenda1KB-messagetoreceivers
TLS: (1)SSL/TLSISC:(2)IndividualSSTConnections+sharedkeyMB:(3)MQTTMessagebrokerUB:(4)UDPbroadcast
TradeoffexampleAsensornode(500mAh/1.5Vbattery)sending1KBperminuteto64receivers
Expectedbatterylife<10dayswithISC(secureconnectionsbySST)625dayswithUB(UDPbroadcast)
Image:DevDuino SensorNodeV1.3
• Moreresultsinourpaper!(forsenderinitialization)
Page 31
Conclusions
• BenefitsofSST:SecureSwarmToolkit– AuthorizationforawiderangeofIoT fromsensornodestosafety-critical systems
– EnableInternet-scaledeployment withincreasingconnecteddevicesandtraffic
– HelpdeploymentofIoT securitysolutionsbysystemdesignerswithmoderateknowledgeinsecurity
– Possibleintegration withotherIoT-relatedefforts(e.g.,securingCoAP[1])
TerraSwarm Research Center 31[1]Shelbyetal.,2014."TheConstrainedApplicationProtocol(CoAP)".RFC6347
Page 32
Conclusions(cont'd)
• Futurework–Mitigationagainstavailabilityattacks (e.g.,Denial-of-Serviceattacks)
– DetectionofmaliciousbehaviorofcompromisedIoT entitiesorAuth
– FurtherstudiesonusabilityofSST– EfficientinitialsetupofSST(e.g.,registeringIoTdeviceswithAuth)
• Forfurtherinformation– https://github.com/iotauth
TerraSwarm Research Center 32
