Towards an Architecture for Trusted Edge IoT Security Gateways
Matt McCormack, Amit Vasudevan, Guyue Liu, Sebastián Echeverría, Kyle O’Meara, Grace Lewis, Vyas Sekar
IoT Insecurity is Growing
2
krebsonsecurity.com
iotsecurityfoundation.org
wired.com
washingtonpost.com
Prior Work: “Bolt-on” Security Gateways
3[Yu et al., HotNets 15], [Ko and Mickens, ANRW 18]
Advantages: practical, deployable, agile
Edge Gateway
ControllerPolicy
Control PlaneData Plane Device-specific NFs
Problem: Edge Gateways are Insecure
4
Edge Gateway
Controller1. Alter NF
3. Alter security policy
2. Bypass NF
Policy
Our Vision: Trusted “Bolt-on” Security
5
Edge Gateway
Controller Policy
1. Cannot alter NFs
2. Cannot alter paths
3. Cannot alter policy
Requirements Contributions
6
Holistic Coverage–Data plane–Control plane
Aligns with “Bolt-on” Security Gateways
–General– Legacy compatible–Performant
Key security properties of a trusted gateway
Trusted gateway architecture built on a micro-hypervisor
Foundational Security Properties
7
Software Integrity
Secure Data Channel
Secure Control Channel
Data Isolation & Mediation
Background: Extensible Micro-Hypervisor
8
micro-hypervisor
Hardware
OS
Extension
App 1 App n…
General
Legacy compatible
Performant
[Vasudevan et al., IEEE SP 13, USENIX Security 16, IEEE EuroSP 18]
Security Foundation
Edge Gateway
Controller1. Alter NF
Trusted Data Plane Approach
9
Edge Gateway
micro-hypervisorvTPM
1. Detect altered NFs: Periodically attest
Edge Gateway
Controller
2. Bypass NFs
Trusted Data Plane Approach
10
Edge Gateway
micro-hypervisorPacket Signing
2. Enforce path: per-hop
authentication
Promising Preliminary Results
11
Data plane: Packet Signing Extension–OVS & Docker: +13% latency
Control plane: Policy Extension–Custom controller: +17% latency
Prototype on Raspberry Pi 3–Micro-hypervisor: uberXMHF
(https://uberxmhf.org)
Conclusions
12
• Edge gateways offer hope for IoT security–Currently these gateways lack trust
• Vision for trusting edge IoT security gateways–Defined a holistic adversary model to derive our
foundational trust properties–High-level architecture for trusted data and
control plane built on top of a micro-hypervisor
• Thank you! – Contact: [email protected]