View
350
Download
1
Category
Preview:
Citation preview
Building Secure Connected
DevicesKedar Sovani
Who am I?
• IoT @ Marvell for 7 years
• 1st Apple HomeKit SDK, 1st Google Weave on μC
• Powering millions of Wi-Fi IoT devices in the field
Anywhere and Everywhere
Google for the term IoT Security
Result Type I: Doomsday Hacking Scenarios
Yes, security is a concern
• Increased surface area for attacks• Connects to the physical world around us• Newer and tinier hardware• Newer developers
Courtesy: Darkreading.com
Result Type II: Buy Our Product
But How Do I Build for Security?
Secure By Design
Device Interactions #1
Remote Access
Standards!
• No home-grown security schemes• Rely on established security standards #2
TLS
• Transport Layer Security• Certificate-based Server Authentication • Secure Key Exchange• Encrypted Channel• Certificate-based Device Authentication• Secures Bank Transactions
Technology Advancements
• Hardware Capability• Memory• CPU
• Strong Software• Many Open Source implementations
Courtesy: Ars Technica
An interesting search engine
Malformed Content?
• What about: malware/viruses?• Communicate with known server
• controller by known entities• Write protection
Local Access
Local Network
• Acts as a client for outside world• router firewall
• Encrypted traffic at the MAC layer• Requires Password/Certificate for access (explicit
delegation)
Switch Network?
• Remember AP Security• Force physical access to reset-to-factory
New Device
Setup?
Authenticate the other endpoint! #3
Authenticate the other endpoint!
Compromised User
• Guest access to the network?• Malware on user’s phone?• Additional Cryptographic layers on top of the MAC
layer• User Management
Tradeoff
Physical Access
Physical modification
• Change the server address/keys?• Change the firmware?• Trusted Boot
• Signed Firmware• Encryption
Device Phishing
• Completely change the device?• Device Authentication – PKI
Zarro Boogs Found!
• Firmware upgradeability• Connectivity Bonus: evolving appliances
• Fix security vulnerabilities• Possible attack vector
Scrutinize #4
@kedarsovani
Thank You!
Recommended