Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
December, 2016
Test and Verification Solutions
IoT Security
Helping companies develop products that are:
Reliable, Safe and Secure.
Agenda
• IoT Security issues
• Re-building trust in IoT
• About the IoT Security Foundation
• T&VS IoT Lab
Copyright T&VS Limited | Private & Confidential | Page 8
▪ $: The economic impact of the Internet of Things will be measured in $trillions.
▪ ∑: The number of connected devices will be measured in billions.
▪ ∞: The resultant benefits of a connected society are significant, disruptive and transformational.
IoT: What more can be said?
Copyright T&VS Limited | Private & Confidential | Page 9
But we can’t carry on like this
Copyright T&VS Limited | Private & Confidential | Page 10
IoT headlines – lack of consumer trust
Copyright T&VS Limited | Private & Confidential | Page 11
Example - IoT issues
▪ (1) Nest Protect smoke alarm fault in 2014. The alarm could bedeactivated by waving at the device putting it into sleep mode.• Fix – users had to disable wave gesture feature, and a patch was made available via wifi.
▪ (2) Nest home thermostat recent fault meant the heating woulddeactivate and could not be turned back on.• Fix – a manual reset or 9 step procedure.
▪ (3) Nest Cam and Dropcam frequent outages on service for live homestreaming – potential baby monitoring.• Fix – no fix yet, was a service outage on the live video streams.
Copyright T&VS Limited | Private & Confidential | Page 12
Botnet DNS attack
▪ Hackers hijacked millions of IoT devices
▪ Sent vast amounts of junk traffic at DNS services operated by US company Dyn
▪ Popular websites inaccessible.
Two things are clear, however: the
freewheeling idiots of the Internet of Things
business need the fear of regulation put
into them – and so do network owners and
operators.
Copyright T&VS Limited | Private & Confidential | Page 13
Why are IoT devices so vulnerable?
Quality
Assurance
Security
Connectivity
standards
• Nest home thermostat had a fault where the heating
would deactivate and not be turned back on
• Petnet smart pet feeder recent incident saw a third-party
server service failure, causing pet feeds to be missed.
• Most IoT products have security measures that are 10
years out of date
• HP: 70% of the IoT devices and sensors examined were
susceptible to the vulnerabilities in the OWASP IoT Top 10
Connected devices create an increased level of intrusion, generating new types
and unprecedented quantities of data, raising potential quality and security issues.
onem2mOpen Interconnection
ConsortiumWireless IoT forum
IETF ZigBee AllianceIndustrial Internet
Consortium
ITUAllSeen
GSMAAlliance
IEEE AllJoyn Thread
Copyright T&VS Limited | Private & Confidential | Page 14
Standards bodies – building TRUST
▪ The BSI (British Standards Institute) attempts to build TRUST with consumers• Can we build standards that guarantee some level of confidence
▪ Do we need different levels of confidence?• Autonomous car vs. smoke detector vs. pet feeder
• In safety systems we start with a hazard analysis• From that we can set an integrity level
• And that implies different levels of development practises
▪ The NMI prefers levels of sign off• Self- certification
• External certification
• Independent certification
• Full certification against industry standards
Copyright T&VS Limited | Private & Confidential | Page 15
Building consumer trust in the IoT
▪ Regulation• By Government?
• The need is too immediate
• Things are changing too quickly
• Self-regulation• the IOTSF approach
• But backed by audits by customers and independent
• Independent bodies • Independent testing labs
• Collaborating with bodies such as the British Standards Inst
• Legal action – USA class action suits
10/04/2017 Public 19
IoT Security Foundation (IoTSF)
Introduction 2016
The IoT Security Foundation was launched on Sept 23rd 2015 in response to
wide-ranging concerns from multiple stakeholder groups regarding the security
aspects of IoT deployment
Introducing the Internet of Things
Security Foundation
www.iotsecurityfoundation.o
rg
SECURITY FIRST
FIT FOR PURPOSE
RESILIENCE
Designed in at the start
Right-sized for application
Through operating life
Our Values
10/04/2017 22
Executive Steering Board
Prof. John Haine, Chair, University of Bristol
Prof. David Rogers, CEO, Copper Horse Solutions
Prof. Ben Azvine, Global Head of Security Research, BT
Prof. Kenny Paterson, RHUL
Ken Munro, Partner, PenTest Partners
Dr. Steve Babbage, Chief Crytographer, Distinguished Engineer, Vodafone Group
Haydn Povey, CEO, Secure Thingz
John Moor, IoTSF MD
Majid Bemanian, Director Segment Marketing, Imagination Technologies
Richard Marshall, Xitex Ltd.
Working Across Continents
10/04/2017 24
Online Collaboration Platform Physical Meetings
We invite you to join us!
10/04/2017 25
More than 70 members in 1st year.
Now “brands” joining each monthSee https://iotsecurityfoundation.org/our-members/
How we are organized
Members
Plenary Group
Executive Steering Board
Working Groups
Working Group 1: Self-Certification
Working Group 2: Connected Consumer / Home
Working Group 3: Patching Constrained devices
Working Group 4: Vulnerability Disclosure
Working Group 5: IoT Landscape
2016 Priority Working Groups Chaired by:
MikeBartley,T&VS
Working Group 1: Self-
Certification Scheme
The objective of this working group is to determine
appropriate requirements for a low-cost, accessible and fit-for-
purpose system of self-certification in order to improve the
quality and pervasiveness of security in IoT products.
27Confidential & copyright © IoTSF 2016
Self-certificate
Is this the way forward?
Working Group 2: Connected
Consumer Products
This working group is producing security best practice guidelines for
various classes of consumer devices which covers important topics such
as:
28Confidential & copyright © IoTSF 2016
➢ Classification of Data
➢ Physical Security
➢ Device Secure Boot
➢ Secure Operating System
➢ Application Security
➢ Credential Management
➢ Encryption
➢ Network Connections
➢ Software Updates
➢ Logging
Working Group 3: Patching
Constrained Devices
A major challenge for low cost IoT systems will be how to
ensure systems are maintained and updated over their life
cycle. This working group will produce best practice guidance
for systems deploying constrained-resource elements.
29Confidential & copyright © IoTSF 2016
Working Group 3
Patching Constrained Devices:
Members
Starware Design
Working Group 4: Framework for
Vulnerability Disclosure
What happens when a researcher identifies security
vulnerabilities in your product or service? This working group
seeks to educate the need for establishing a channel of
communication and determining a framework of best practice
for both researchers and companies to follow.
31Confidential & copyright © IoTSF 2016
Working Group 5: IoT Security
Landscape
This working group maps applications of IoT at a high level,
from a system-wide and end to end perspective, to identify
where vulnerabilities may lie and inform future IoTSF work.
32Confidential & copyright © IoTSF 2016
Marking the IoT Supply Chain of Trust
➢John Haine
https://iotsecurityfoundation.org/
Complex products
Device Hardware
Sensor
Actuator
TPM
Comms module
Firmware
Encryption keys
Complex supply chain
ODM –Develops
and makes device
Software developer
Software developers
Software developer
Chip vendor
Software developer
Comms module vendor
“Brand Owner” –markets
and supports service
Users
Software
developer
IP vendor
Trusted supply chain
ODM –Develops
and makes device
Software developer
Software developers
Software developer
Chip vendor
Software developer
Comms module vendor
“Brand Owner” –markets
and supports service
Users
Software
developer
IP vendor
OTS RTOS
= IoTSF stamp of approval = not approved, requires separate audit
IoTSF members…
➢ Follow the security guidelines for the relevant device class
➢ Complete WG1 questionnaire with all questions answered
➢Assemble evidence of conformance - think “Technical Construction File”
➢Are entitled to use the Foundation Trustmark for the product (possibly subject to audit)
One last thing…
10/04/2017 55
Copyright T&VS Limited | Private & Confidential | Page 56
Testing challenges – mass interoperability
▪ Many Communication protocols:• Mobile Z-Wave • Wifi 6LowPAN• Bluetooth Thread • Zigbee NFC
▪ Simulate wide range of Networking conditions:• RF testing• cell handovers• low signal strength• protocol analysis• moving between 2G, 3G & LTE or wifi
▪ Test scenarios to consider:• Moving between networks• Losing power on upgrade• Low bandwidth• Simulate signal loss (going through a tunnel)• Patching the device
Copyright T&VS Limited | Private & Confidential | Page 57
Communication protocols - scenarios
1 Device registers to network and data connection is successfully established
2 Verify the data transferred from device to IoT platform.
3 IoT device can transfer/move between network connection types (if applicable.)
4 Device Application “stores and forwards” data to minimise the number of network
connections made by the device.
5 IoT Device Application uses dynamic polling intervals.
6 Check IoT Device Application behaviour in situations when network
communication requests fail
7 Check IoT Device Application reports power failure
8 Check IoT Device Application’s use of “off-peak’ communication
9 Check behaviour of IoT Device Application when resetting the Communications
Module after any communication failures or error conditions
10 Upgrade testing – verify post upgrade the comms unit is functioning correctly
11 Check the IoT Communications Module does not send unsolicited messages
12 Check the IoT Communications Module sends only a AAAA DNS Query. IPV6
Copyright T&VS Limited | Private & Confidential | Page 58
Security testing – OWASP TOP 10
1.) Insecure web interface2.) Insufficient authentication/authorization3.) Insecure network services4.) Lack of transport encryption5.) Privacy concerns6.) Insecure cloud interface7.) Insecure mobile interface8.) Insufficient security configurability9.) Insecure software/firmware10.) Poor physical security
Copyright T&VS Limited | Private & Confidential | Page 59
T&VS IoT Device Lab & Certification process
▪ Ensure IoT products conform against the latest industry standards, and QA & security testing best practices
▪ Rebuild consumer trust in IoT devices
▪ IoT certifications include:• T&VS IoT Network Certification
• T&VS IoT Security Certification
Copyright T&VS Limited | Private & Confidential | Page 60
IoT Certification Model
Bronze Level
• deemed low risk
• selection of key tests executed
• no monitoring ongoing required
Silver Level
• deemed middle risk
• execute medium size test suite from selection
of key standards
• manufacturer can patch/update product as
long as correct procedures followed and tested
Gold Level
• deemed high risk
• full conformance against key standards and
each update/patch to be verified by BSI
Certification
Level
Network Connectivity – Certification End-2-End Security – Certification
Prerequisites Confirm which protcols are in or out of
scope: eg
• Mobile (GSM/GPRS/EDGE (2G),
UMTS/HSPA (3G), LTE (4G))
• Wifi
• Hypercat
Risk assessment performed, eg:
• What assets (digital or physical) need to be
protected?
• What groups of people (tangible or
intangible) are potential threat actors?
• What is a threat to the organization?
Assessment For each identified protocol the specified
test pack will then be executed
depending on level selected.
Following the risk assessment, the specified test
pack will then be executed depending on level
selected.
Step1 - Assessment Step2 - Level Assigned
Copyright T&VS Limited | Private & Confidential | Page 61
Example Certification Cost model
▪ Certifications:• Network
• Security
▪ Example protocol:
• Mobile (UMTS/HSPA (3G))
Copyright T&VS Limited | Private & Confidential | Page 62
T&VS IoT - Bronze CertificationCertification Level IoT - Network Interfaces & Connectivity –
Certification
IoT – End-2-End
Security – Certification
Ongoing maintenance
Bronze
Level(deemed low
risk - selection
of key tests
executed. No
monitoring
ongoing
required.)
Selection of key smoke test scenarios
against the specified protocol(s)
(generic examples):
• IoT Device registers to network
and data connection is successfully
established.
• Verify the data transferred from
device to IoT platform.
• IoT device can transfer/move
between network connection
types (if applicable.)
OWASP top 10 Scheduled:
• Monthly newsletter (highlighting general IoT
connectivity and security conformance issues
relevant to the IoT device)
• A six monthly report on connectivity and
security conformance issues specific to their
device.
Optional:
• Request a specific (paid) report at any time -
will be done asap but guaranteed within 4
weeks
• Optional six monthly re-test (extra cost at
80% of standard bronze certification price)
• Can request re-test at any point – will be
done asap but guaranteed within 6 weeks
(extra cost at price of standard bronze
certification)
Pricing
T&VS offshore £4,000 £4,000 £5,000
(1 year service)T&VS Bristol Lab £6,500 £6,000
Example protocol: Mobile
(UMTS/HSPA (3G))
Copyright T&VS Limited | Private & Confidential | Page 63
T&VS IoT - Silver CertificationCertification
Level
IoT - Network Interfaces &
Connectivity – Certification
IoT – End-2-End Security –
Certification
Ongoing maintenance
Silver Level(deemed middle
risk – execute
medium size test
suite from
selection of key
standards.
Manufacturer
can
patch/update
product as long
as correct
procedures
followed and
tested)
Selection of key tests against following standards:
• GSMA IoT connection efficiency guidelines
• onem2m connection standards
And specified protocols including (generic
examples):
• All bronze level test scenarios
• Device registers to network and data connection
is successfully established.
• Verify the data transferred from device to IoT
platform.
• IoT device can transfer/move between network
connection types (if applicable.)
• Check IoT Device Application uses a secure data
connection
• Upgrade testing
• Check the IoT Communications Module does not
send unsolicited messages
Selection of key/high priority tests against
following standards:
• GSMA IoT security standards
• Onem2m security standards
• OWASP Internet of Things Top 10
• Online Trust Alliance’s IoT Trust Framework
Including (examples):
• All bronze level test scenarios
• Authentication / authorisation eg Ensure
that web interfaces disallows weak
passwords
• Encryption model eg ensure that web
interfaces has the ability to use HTTPS
• Cloud interface. Eg cloud-based web
interface has an account lockout
mechanism
• Software / firmware. Eg Ensure all devices
operate with a minimal number of network
ports active
• Physical security. Eg Operating System can
not be accessed via unintended methods
such as through an unnecessary USB port
Scheduled:
• Monthly newsletter (highlighting
general IoT connectivity and security
conformance issues relevant to the IoT
device)
• A quarterly report on connectivity and
security conformance issues specific to
their device.
Optional:
• Request a specific (paid) report at any
time - will be done asap but guaranteed
within 2 weeks
• Optional quarterly re-test (extra cost at
80% of standard silver certification
price)
• Can request re-test at any point – will
be done asap but guaranteed within 4
weeks (extra cost at price of standard
silver certification)
Pricing
T&VS offshore £7,000 £7,000
£10,000
(1 year service)
T&VS Bristol Lab£11,500 £11,500
Example protocol: Mobile
(UMTS/HSPA (3G))
Copyright T&VS Limited | Private & Confidential | Page 64
T&VS IoT - Gold CertificationCertification Level IoT - Network Interfaces & Connectivity – Certification IoT – End-2-End Security –
Certification
Ongoing maintenance
Gold Level(deemed high
risk – full
conformance
against key
standards and
each
update/patch
to be verified)
Full conformance test packs executed against following standards:
• GSMA IoT connection efficiency guidelines
• onem2m connection standards
And specified protocols including (generic examples):
• All bronze & silver level test scenarios
• Device registers to network and data connection is successfully
established.
• Verify the data transferred from device to IoT platform.
• IoT device can transfer/move between network connection types (if
applicable.)
• Device Application “stores and forwards” data to minimise the
number of network connections made by the device.
• IoT Device Application uses dynamic polling intervals.
• IoT Device Application adapts to changes in network communication
latency and data speed.
• Check IoT Device Application behaviour in situations when network
communication requests fail: 6 different.
• Check IoT Device Application reports power failure
• Check IoT Device Application’s use of “off-peak’ communication
• Check behaviour of IoT Device Application when resetting the
Communications Module after any communication failures or error
conditions.
• Check IoT Device Application uses a secure data connection
• Upgrade testing
• Check the IoT Communications Module does not send unsolicited
messages
• Check the IoT Communications Module sends only a AAAA DNS
Query. IPV6
Full conformance test packs executed against
following standards:
• GSMA IoT security standards
• Onem2m security standards
• OWASP Internet of Things Top 10
• Online Trust Alliance’s IoT Trust Framework
Including (examples):
• All bronze & silver level test scenarios
• Authentication / authorisation eg Ensure that
web interfaces disallows weak passwords
• Encryption model eg ensure that web
interfaces has the ability to use HTTPS
• Cloud interface. Eg cloud-based web interface
has an account lockout mechanism
• Software / firmware. Eg Ensure all devices
operate with a minimal number of network
ports active
• Physical security. Eg Operating System can
not be accessed via unintended methods
such as through an unnecessary USB port
Scheduled:
• Monthly newsletter (highlighting
general IoT connectivity and
security conformance issues
relevant to the IoT device)
• A monthly report on connectivity
and security conformance issues
specific to their device.
Optional:
• Request a specific (paid) report
at any time - will be done asap
but guaranteed within 1 week
• Optional monthly re-test (extra
cost at 80% of standard gold
certification price)
• Can request re-test at any point –
will be done asap but guaranteed
within 2 weeks (extra cost at
price of standard gold
certification)
Pricing
T&VS offshore £14,000 £14,000 £18,000
(1 year service)T&VS Bristol Lab £21,500 £21,500
Example protocol: Mobile
(UMTS/HSPA (3G))
Copyright T&VS Limited | Private & Confidential | Page 65
Assumptions
▪ Examples prices given for mobile network protocol connectivity
▪ All figures are indicative
▪ Network certification price is per connectivity protocol (there may be multiple per device)
▪ Costs may vary based on:• connection protocols covered
• scenarios complexity
• configurations required
▪ Ongoing maintenance is for 1 year service model• scheduled and optional retests are at extra cost
Copyright T&VS Limited | Private & Confidential | Page 66
T&VS IoT Device Lab facility
▪ Global strategic partnership
▪ Communication protocols:• Mobile Z-Wave • Wifi 6LowPAN• Bluetooth Thread • Zigbee NFC
▪ Simulate wide range of Networking conditions:• RF testing• cell handovers• low signal strength• protocol analysis• moving between 2G, 3G & LTE or wifi.
Copyright T&VS Limited | Private & Confidential | Page 67
IoT Network connectivity – certification (1)
Purpose ensure IoT solutions verified against a wide range of networking connection and connectivity protocols
Standards / Guidelines
For example• GSMA IoT connection efficiency guidelines• onem2m connection standards
Example scenarios 1.) IoT Device Application should minimize the number of networkconnections between the IoT Device and the network.2.) IoT Device Application should be designed to cope withvariances in mobile network data speed and latency consideringthe variety in performance of communications technologies suchas 3G, WIFI, LTE.3.) The IoT Device Application should always be prepared tohandle situations when communication requests fail.4.) Communication retry mechanisms implemented verified.
Copyright T&VS Limited | Private & Confidential | Page 68
IoT End 2 end security – certification (2)
Purpose ensure IoT solutions verified against a wide range of security conditions and scenarios
Standards / Guidelines
For example• GSMA IoT security standards• Onem2m security standards• OWASP Internet of Things Top 10• Online Trust Alliance’s IoT Trust Framework
Example scenarios 1.) Authentication / authorisation eg Ensure that web interfacesdisallows weak passwords.2.) Encryption model eg ensure that web interfaces has the abilityto use HTTPS.3.) Cloud interface. Eg cloud-based web interface has an accountlockout mechanism.4.) Software / firmware. Eg Ensure all devices operate with aminimal number of network ports active.5.) Physical security. Eg Operating System can not be accessed viaunintended methods such as through an unnecessary USB port.
Copyright T&VS Limited | Private & Confidential | Page 69
IoT Kitemark Model
IoT Network connectivity – (1) IoT End 2 end security – (2)
Purpose ensure IoT solutions verified against a wide range of networking connection / connectivity protocols
ensure IoT solutions verified against a wide range of security conditions and scenarios
Standards • GSMA IoT connection efficiencyguidelines
• onem2m connection standards
• GSMA IoT security standards• Onem2m security standards• OWASP Internet of Things Top 10• Online Trust Alliance’s IoT Trust
Framework
Example scenarios
1.) minimize the number of network connections. 2.) cope with variances in network data speed and latency considering 3.) communication requests fail.4.) Communication retry mechanisms implemented verified.
1.) Authentication / authorisation eginterfaces disallows weak passwords.2.) Encryption model eg HTTPS.3.) Cloud interface has account lockout4.) Software / firmware. Eg Ensure alldevices operate with a minimalnumber of network ports active.
Copyright T&VS Limited | Private & Confidential | Page 70
Summary
▪ Increased regulation
▪ Focus on QA & security
▪ IoT ongoing maintenance
▪ IoT Kitemark model
▪ Rebuild consumer trust
Unless these issues are addressed the only winners in the IoT wild west will be the hackers.
December, 2016
Test and Verification Solutions
THANK YOU