Embed Size (px)
Citation preview
Security Framework for
Connecteddevices
Abstract
Abbreviations
Market Trends and Challenges
Security Goals
Our Solution
Core Functions
Interactive Interface
Threat Detection Module
Security Goal Identifier
Security Profile Generator
Security Engine
Security API Abstraction Layer
FEDS Use Case
Solution Benefits
Best Practices
Conclusion
Reference
Author Info
Table of Contents
Connectivity is a double edged sword, on one hand it gives a user an opportunity to stay connected and getdata anywhere anytime; on the other hand it opens up a gateway for hackers. The hackers can, not only hack the data but they can further use the device as a bot to attack another device. Year 2014 has witnessed many such incidents.Earlier the main focus of embedded systems designer was to minimize the energy consumption while alsoensuring maximum output in real time. Security was not a consideration then. With the advent of IoT and connected Devices, security is becoming more and more important.This paper presents a framework that can be used to identify the security requirements of Embedded Devic-es in IoT and suggest a specific security profile for them. The presented approach makes use of the Cyber-Security Framework version 1.0 by NIST.
Abstract
Abbreviations
SI. NO Acronyms Fullform
1
2
3
4
5
IoT
NIST
DoS
M2M
OEM
Internet of Things
Original Equipment Manufacturer
Denial of Service
National Institute ofStandards and Technology
Machine to Machine
Today there are some 6 billion subscriptions to mobile networks, mostly people, but the next 6 billion userswill mainly be devices (Machine-to-Machine or M2M).This trend will revolutionize and disrupt the operationsof many industries beyond telecommunications and make device security increasingly more important.Now security is considered in different domain where the devices need to communicate and authenticateeach other thus increasing the risk of cybercrime. According to a survey the likely annual cost to globaleconomy from cybercrime is more than $400 billion. According to Gartner, Risk Based Security/ Self Protec-tion is one of the ten technology trends to be observed in 2015. Main challenges in device security for con-nected devices are -
• Connected devices are controlled and operat ed remotely.• Robust authentication and authorization is required to prevent access to malicious users.
Market Trends and Challenges
UNAUTHORIZEDACCESS
• Dos attack exhausts device resources and prevent valid users from accessing device services.• Launching a DoS attack is easier on embedded devices.
DOS ATTACK
• Untrusted code, such as worms, viruses, spy ware, and other malware installed on a device compromise the device.• Firmware modification attacks can affect entire families of devices.
UNTRUSTED CODEEXECUTION
• Device contains stored and received Data. Both types of data are sensi tive to the consumer and should not be accessible to any mali cious user.
DEVICE DATASECURITY
• Device needs to be updated online, man aging secure firmware upgrade for remotely deployed devices is a prime requirement for OEMs
REMOTE FIRMWAREUPGRADE
• The data in a public network passes through a number of untrusted intermediate points. Therefore the secure data must be scrambled and sent ensuring the authenticity and authori zation of communcat ing party
INSECURECOMMUNICATIONS
Security Goals
Connected devices poses a severe security threat. There is an urgent need for a Security Framework that use proven security technology to address the security goals for connected devices, the primary security goals for connected devices are -
DEvice securitygoals
24
ConfidentialityEnsure that information is notdisclosed unless authorized
Non-RepudiationEnsure that communicatingparties have authenticated andauthorized themselves forthe transaction
AvailabilityEnsure that the system is alwaysavailable and the sysytem data is safe
IntegrityVerify that data sent betweenthe appliance and utilitycannot be altered for destroyed
With the security goals identified and considering the embedded nature of the device there is a need to findthe optimal security requirements of the device. The optimal security requirement can be identified using thedetails of system hardware, software, deployment scenario and threats to device. A security mechanism isincomplete without proper analysis of device capabilities, threats and vulnerabilities. An Ideal SecuritySolution for embedded devices in IoT should focus on security goals, hardware capabilities and threat profileof the device. There should also be a mechanism to identify the right amount of security or the appropriatesecurity level for the device on the basis of processing, memory requirements and the level of securityachieved. It should be customizable so that OEMs can pick and choose the desired security profile for theirdevice on the basis of device capability (Processing, memory etc.).
We propose a Framework for Embedded Device Security i.e. FEDS. It is a framework that evaluates theSecurity /Vulnerability of embedded devices and suggests a Security Profile for them. The suggested profilecan be applied to the device using the Components and APIs provided by the Framework. It is a comprehen-sive end to end Device Security Framework that Identifies and detects the Security requirements foran Embedded Device and then protects it using its own library of Security Components.
FEDS is based on the suggestions of Cybersecurity Framework and supports IDENTIFY, DETECT and PRO-TECT core functions of the framework. It executes these functions in a cyclic manner as shown in the figure 1
Our Solution
Core Functions
Identify Protect
Detect
Identify the security goals. List theassets to be protected like devicesoftware, hardware, data,interfaces etc.
Implement the appropriate safeguardsto limit the security risk. This functionalityprotects the data at rest and data in transit.
Discover the occurrence of threats andattacks by malicious code, monitor unauthorizedaccess and perform vulnerability scans.
Interactive Interface
Block Diagram of FEDS is shown in the figure 2. The main components of the FEDS architecture are
User interface captures device and application inputs. The inputs captured in this layer includes device capa-bility in terms of processing speed, memory, device deployment details, application installed on the thedevice, OS, version, type of connectivity and Security goals identified by OEMs as primary securityrequirements. Some of the inputs are taken directly from user interface and others can be automaticallydetected using system tools.
Threat Detection ModuleThis module is responsible for generating the threat profile of the device. It uses device specific data andstandard threat database to get device specific threats. These threats are verified by threat assessment toolsand collection of attack scripts specific to the threats. The verified threats form the threat profile of thesystem.
Security Goal IdentifierThis component is used to identify the absolute security goals namely authentication, confidentiality,integrity, availability, non-repudiation for the device on the basis of threats and security requirements ascaptured in the Input layer.
Security Profile GeneratorThis component generates the security profile on the basis of threat profile and security requirement of thedevice. The generator generates two types of profile one is basic security profile and the other is advancedsecurity profile. The basic security profile consists of the components that are required to provide the bareminimum security to the system considering only the OEMs security requirements. The advanced securityprofile consists of components that are required to provide the desired security goals and the ones thatprotect the system from the likely threats detected by threat detection module.
This component is the repository of libraries implementing security protocols and optional modules likeaccess control module, logging module and identity management module. The components are managed in a database containing the list of vulnerabilities that can be averted/minimized using the components. Thedatabase also contains the processing and memory requirement for each component and the level of securi-ty achieved in terms of low, medium and high. Security engine comprises of open source and COTS compo-nents.
This layer works as an abstraction layer for Open source and COTS components. It enables FEDS to switchbetween various protocols implementations. The abstraction layer abstracts the implementation andprovides a uniform API layer.
Security Engine
Security API Abstraction Layer
FEDs UI
Security profile generator
Threat detection module Security goal identifier
Security Engine
Security API Abstraction Layer
CustomVulnerability DB
StandardVulnerability DB
Security Management layers (Access Control, Audit Logging, Trust Mechanism)
Communication Security Layer (Firewall, SSL, TLS, IPSec, Bluetooth, ZBSecurity Protocols
Device Security Layer (Secure OS, Secure file System, System Boot
Secure Chip (Cryptographic Engine, TPM Module, Secure Storage)
Update
FEDS Use CaseThe framework performs a list of sequential operations to evaluate the Security Requirements of anEmbedded Device. Let’s consider the case when FEDS is used to generate security profile for an embeddeddevice part of M2M and sends intermittent data over the network to the cloud the user wants to ensure theconfidentiality of the data sent.
Identify the security requirement of the device using questionnaire for device assessment. User inputs for this sensor device could be OS – RTOS, Connectivity TCP/IP, Application – Client, Processing – Low, and Memory – Low.
Gather User Inputs
ISecond step for vulnerability detection and threat profile generation comprising of a set of possible threats considering the common weaknesses of the OS, network protocol, application type etc.
Generate Threat Profile
Security Profile containing the list of Security Components required for securing the Device. Basic Profile(Based on User Requirements) - Confidentiality Component Advanced Profile (Based on User Requirements and Threats to Device) – Confidentiality and Authentication Component.
Generate Security Profile
This step provides the list of APIS to be integrated in the device for securing the Device.
Generate API List
Solution Benefits
Framework identifies the real security risk to device by correlating the device threats and vulnerability information with the device capability.
Risk Based Security
The framework provides a complete end to end and scalable platform giving holistic view of the security requirment of the device
Scalable Framework
The security profile generated by FEDS provides just the right type and amount of securi-ty to defend against the real threats
Appropriate Security
OEMs can pick and choose the desired configuration fro their device and get device spe-cific profile
Modular
Framework is based on NIST based cybersecurity framework and provides FIPS compli-ant open source components.
Standards Based
Best Practices
Security processes as part of SDLC Including security planning in the life cycle management of device iscritical. Embedded systems designers and developers must adopt the following product life cycle designaspects to include security as an integrated part of product development life cycle.
SDLC Phases Security Processes
Requirements
Design
Coding and UnitTesting
Integration andSystem Testing
Deployment
Support
Security analysis for requirements and Security Policy definitionto check abuse/misuse cases
Architectural Assessment, Security Scenario Identification, AttackSurface Analysis and Threat Modeling
Adherence to Secure Coding Standards, introduction of securitycomponents, bug fixes for security holes.
Penetration Testing, Static and Dynamic Security Testing,Integration and Fuzz Testing
Reduce Attack Surface, Update Default Configuration,Configuration management, Access Policy Updation
Build Integrated Security Patch Updation, and impact analysis ofPatch application.
Conclusion
Reference
Security attacks underline the need for stronger protective measures in critical embedded systems.Embedding security in an embedded device need to be considered throughout the product life cycle—from-design and inception, through development and testing, to delivery and maintenance and also at every layerof the product from hardware platforms and virtualization technologies to the operating system, thenetwork stack, or other communications middleware, packets of data being sent across the network, and purpose- built applications required to support device functionality. Security has to be an exercise built into the product development process instead of adding as an add-on feature.
[1] Srivaths Ravi , Anand Raghunathan , Paul Kocher , Sunil Hattangady, Security in embedded systems: Design challenges, ACM Transactions on Embedded Computing Systems (TECS), v.3 n.3, p.461-491, August 2004[2] Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan, Niraj K. Jha, "A Study of the Energy Con sumption Characteristics of Cryptographic Algorithms and Security Protocols," IEEE Transactions on Mobile Computing, vol. 5, no. 2, pp. 128-143, February, 2006[3] Fengyuan Xu; Zhengrui Qin; Tan, C.C.; Baosheng Wang; Qun Li, "IMDGuard: Securing implantable medi cal devices with the external wearable guardian," INFOCOM, 2011 Proceedings IEEE , vol., no., pp.1862,1870, 10-15 April 2011[4] “Framework for Improving Critical Infrastructure Cybersecurity” Version 1.0 National Institute of Standards and Technology February 12, 2014[5] Simin Nadjm-Tehrani and Maria Vasilevskaya, “Towards a Security Domain Model for Embedded Sys tems”, 2011, The 13th IEEE International Symposium on High Assurance Systems Engineering (HASE), Boca Raton, November 2011[6] J. Wan, C. Zou, and J. Liu, "Security in the Internet of Things: A Review," in Computer Science and Elec tronics Engineering (ICCSEE), 2012 International Conference on, vol. 3, 2012, pp. 648-651.[7] L. Khelladi, Y. Challal, A. Bouabdallah, N. Badache, "On Security Issues in Embedded Systems: Challeng es and Solutions", International Journal of Information and Computer Security 2008, Vol. 2, No.2, pp. 140-174.
[8] S. Zhang, X. Ou, and J. Homer. “Effective network vulnerability assessment through model abstraction. In Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment”, DIMVA’11, pages 17–34, Berlin, Heidelberg, 2011. Springer-Verlag[9] http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014[10]http://w ww.techrepublic.com/blog/10-things/gartners-top-10-technology-trends-for-2015-all-about-the-cloud/
Shivani Tomar
HCL Engineering and R&D Services
Author Info
ABOUT HCL
Our propositions include:• Global deployment• Instance consolidation• Fundamental cost reduction• Target operating model transformation• Benefits delivery• Large program management• Applications development• Design, build and run services
TRUE GLOBAL DELIVERYHCL operates as a single global organization, allowing us to deploy consulting teams that leverage proven industry and solution bestpractices from our offices and delivery centres around the world.
With revenues of $6.5 billion, employing 100,000 technology experts and operating in 31 countries worldwide, HCL is a leading global technology services provider. HCL helps its clients transform their business and IT assets, deliver complex Digital Systems Integration programs and operate their application and infrastructure estates. HCL’s Digital Systems Integration business works with its clients to drive business outcomes through large IT program delivery. HCL employ 15,000 systems integration experts and are established partners with leading enterprise application providers—SAP, Oracle and Microsoft.
Hello there! I am an Ideapreneur. I believe that sustainable business outcomes are driven by relationships nurtured through values like trust, transparency and �exibility. I respect the contract, but believe in going beyond through collaboration, applied innovation and new generation partnership models that put your interest above everything else. Right now 105,000Ideapreneurs are in a Relationship Beyond the Contract™ with 500 customers in 31 countries. How can I help you?
TM
