Embed Size (px)
Citation preview
10 Challenges of Securing IoT Communications
PubNub © 2015
Rohini Pandhi, PubNub @rohinip
PubNub © 2015
The Things
Sensors
So Many Categories!
Smart Home
Wearables
TransportationMedical
Manufacturing
PubNub © 2015
The Internet
Sensors
Smart Home
Wearables
TransportationMedical
Manufacturing
PubNub © 2015
Secure
Data Streamsto/from every device in the world
is a Global Network for
High-Speed Reliable
PubNub © 2015
PubNub © 2015
To secure IoT, we must define the IoT
Unprotected devices on the Internet will be attacked
Encryption is needed throughout the data lifecycle
Single security model for all IoT communications
Data stream access controls
Tracking device metadata
Secure provisioning in the field
Firmware updates in the field
Compliance with global regulations
Leaving security up to each IoT project team
The Top 10 ListChallenges:
PubNub © 2015
1. Defining the “IoT”
IoT is computing devices that send data, receive data, or do both on the Internet
One-Way DataTwo-Way DataReal-Time DataOccasional DataOne-to-OneOne-to-ManyMany-to-ManyMany-to-One
Device Device Device
PubNub © 2015
Create a Common Vocabulary
1. Defining the “IoT”
Publish
Device
Subscribe
Device
Presence
Device Online
Device Offline
Channel
Sports
Message Data StreamsSports
Finance
Politics
PubNub © 2015
2. Protecting Devices on the Internet
Data Access ControlEncryption
Firmware Updates
Nonrepudiation Legislative Compliance
Data Retention & Privacy
Device Physical Vulnerabilities
Device Network Vulnerabilities
PubNub © 2015
Offload as much Security into the Network as possible
2. Protecting Devices on the Internet
PubNub © 2015
IoT needs a Data Stream Network
HTTP/Content Delivery Networks
CachingQoS
SecurityRedundancy
VPN
HTTPHTTPSSPDY
Services Protocols
Internet Backbone Networks
PeeringRoutingPOPs
TCPUDP
IP
Services Protocols
Data StreamsAccess Control Caching
PresenceReplicationProcessing
Data Stream NetworksServices
MQTTWEBSOCKETS
HTTP 2.0COAP
Protocols
IoT needs a Data Stream Network
PubNub © 2015
3. Encryption and Processing
TLS/SSL doesn’t cut it
PubNub © 2015
You’ve only encrypted the first hop}
3. Encryption and Processing
PubNub © 2015
AES is a good choice
Message
But often we need to inspect and process the message along the way
Encrypted Message
3. Encryption and Processing
PubNub © 2015
Message = Body + Envelope
Encrypt the Message Body with AES, put actionable data on the Envelope and encrypt with TLS
3. Encryption and Processing
Temp = 31
AES
TLS
PubNub © 2015
4. Single Comprehensive Security Model
Prevent Open Ports at ALL Costs!
PubNub © 2015
4. Single Comprehensive Security Model
If we still struggle to secure corporate networks, how
can inbound ports on devices ever be protected?
PubNub © 2015
4. Single Comprehensive Security Model
Prevent Open Ports at ALL Costs!
Device
TCP/UDPNo “listeners”
Network Node
PubNub © 2015
4. Single Comprehensive Security Model
How about a standard outbound TCP connection?
On the Internet, connections fail
constantly!
Device
TCP/UDPNo “listeners”
Network Node
PubNub © 2015
4. Single Comprehensive Security Model
What about Polling?
“Polling” is often the first
attempt
Network Node
Device
PollingNo “listeners”
PubNub © 2015
4. Single Comprehensive Security Model
Polling doesn’t Scale
Device
Network Node
Device Device Device Device Device Device
Device Device Device Device Device Device Device
PubNub © 2015
4. Single Comprehensive Security Model
Secure, Reliable, Fast Communication
TCP/UDP
Device
No “listeners”
Network Node
Subscribe
PublishMQTT CoAP
WebSockets Steaming HTTP
Device
We really need a tunneled, fault-
tolerant streaming protocol
Offload Security to the Data Stream Network
PubNub © 2015
5. Data Stream Access Controls
Access Controls with Tokens
channel“A”
Publish
Device
channel“A”
Device
Subscribe
writetoken
readtoken
• Access tokens that allow Publish/Subscribe privileges • Support token expiry (timeout) • Allow tokens to be revoked at any time
PubNub © 2015
5. Data Stream Access Controls
Data Stream Network handles Authorization
Stre
amDevice
6. Tracking Device Metadata
Realtime Device State
• “Perimeter” nodes must support token authorization
• Know when a device has been taken offline
• Track power drain, tampering of sensors, etc.
Presence Stream
Device
Perimeter
Stre
am
7. Secure Provisioning in the Field
Provisioning is just another Design Pattern
Device Provisioning Server
1New device subscribes to “announce” channel
2Server returns private channel and sets access rules
Server always subscribed to “announce-presence”
channel
3Device subscribes private channel with secret+salt
4Server checks secret & decides to provision
8. Firmware Updates at Scale
Device Firmware Server
1Server broadcasts “firmware alert” message
2Online devices respond & download immediately
3Offline devices pull data from channel cache on boot
PubNub © 2015
9. Compliance with Global Regulations
PubNub © 2015
9. Compliance with Global Regulations
Data routing to avoid specific geographies
Storage of data, regions and co-mingling
Retention requirements, mandatory disclosures
PubNub © 2015
10. Leaving Security up to Each IoT Project Team
Oct 2010Craig Heffner discovers attack vector via common chipsets embedded in millions of home routers (DEFCON 18)
Nov 2013Target (retailer) data breach reportedly originated thru HVAC Vendor
Sep 2014Hundreds of TrendNet “Secure” Camera Feeds for Home Security, Baby Monitoring Were Hacked, Posted Online
PubNub © 2015
10. Leaving Security up to Each IoT Project Team
Nov 2014Various reports pointed to a high-profile, [Sony] studio-wide cyberattack
Jan 2015CENTCOM’s Twitter and YouTube accounts were eventually taken offline, but not before a string of tweets and the release of military documents
Jan 2015Anthem discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem's IT system and obtained personal information.
PubNub © 2015
10. Leaving Security up to Each IoT Project Team
Yes we need standards…
But Standards are Not Enough!
PubNub © 2015
10. Leaving Security up to Each IoT Project Team
It’s unrealistic to expect hardened security if each team has to design, build,
and test from scratch
PubNub © 2015
We need a Global Communication Network for the Internet of Secure Things
PubNub © 2015
IoT Deployments need an existing proven infrastructure
a communication layer specifically for IoT
a Secure Data Stream Network
10 Challenges of Securing IoT Communications
PubNub © 2015
Rohini Pandhi, PubNub @rohinip
http://bit.ly/pubnub-iot-security (page 19)
