Professional Documents
Culture Documents
Eric Vtillard
IoT Product Management Group
September 2015
Agenda
1
Definitions
Some countermeasures
Simple checklist
IoT Service
Devices
Enterprise Apps
Gateway
Operators
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
Security
Focus on quality
Principles
Coverage analysis
Detection, mitigation, reaction
Simplicity is better
Redundancy helps
Focus on robustness
Several defence layers
Principles
Coverage analysis
Detection, mitigation, reaction
Simplicity is better
Redundancy helps
Copyright 2014 Oracle and/or its affiliates. All rights reserved. |
Messages
IoT Service
Devices
REST
API
Enterprise Apps
UI
Gateway
Operators
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
Messages
IOT Server
Devices
REST
API
Enterprise Apps
UI
Gateway
Operators
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
Messages
Devices
IoT Service
Framework
Framework
HW / OS
Cloud/Server
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
In the Press
Privacy
BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02)
Spying
DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08)
US Senate Report: Automakers fail to fully protect against hacking (02/09)
Hackers take control of Jeep on the highway (August)
Remote
Control
Theft
Physical
damage
Murder?
10
Safety reasoning
Security reasoning
Simple process
No complex infrastructure
No systematic encryption
Using DES
11
Threat Analysis
Thinking like an attacker
12
Devices
Connectors
Thinking like an attacker
Attacking the network link, remotely
Any operation can be attacked
IoT Service
Enterprise Apps
Targeting admin operations can be good
A failure can affect many deployments
REST
UI
API Thinking like a defender
IoT framework typically not fully under control
Patching/update must be supported at all levels
Gateway
Operators
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
13
Devices
Enterprise Apps
Gateway
Operators
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
14
Messages
IOT Server
Devices
Gateway
Enterprise Apps
Thinking like
an attacker
REST
Things and
gatewaysUIare physically accessible
API
I can steal one and reverse engineer it
I can then attack another one
Denial-of-service or tampering may be options
Thinking like a defender
Make devices (at least partly) tamper-proof
Operators
Otherwise,
make them tamper-evident
Include organizational measures to detect attacks
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
16
Compromising a Device
Compromise
a device
Add a
compromised
device
Duplicate
registration
of a device
Steal data
from another
device
Activate
without
registering
Steal data
from the
network
Insert device
in supply
chain
Replace an
existing
device
Add device
record in the
cloud
Modify an
existing
device
Modify the
devices
software
Replace
device
physically
Replace
device in
cloud
Modify the
devices
hardware
Reconfigure a
gateway
Tamper with
the device
externally
17
Compromise
a device
Spy on the
persistent memory
Disclose
data
Disclose
Disclose system
applications
software
Tamper with
persistent memory
Tamper
with data
Tamper with
applications
Tamper with
system software
18
Disclose
applications
Disclose
authent data
Disclose buffered
messages
Disclose server
verification data
Disclose
application data
Disclose device
registration data
Disclose system
software
10
Disclose
application
Disclose system
software
Disclose device
authent data
19
Tamper with
application data
Tamper with
applications
Tamper with
authentication data
Modify buffered
messages
Modify server
verification data
Modify
application data
Modify device
registration data
Tamper with
native software
10
Modify a stored
applications code
Modify system
software
Modify a stored
apps meta-data
9
Add an application
Modify device
identity
6
Modify device
authent data
Copyright 2014 Oracle and/or its affiliates. All rights reserved. |
20
Tamper with
application data
Tamper with
applications
Tamper with
authentication data
Modify buffered
messages
Modify server
verification data
Modify
application data
Modify device
registration data
Tamper with
native software
10
Modify a stored
applications code
Modify system
software
Modify a stored
apps meta-data
9
Add an application
Modify device
identity
6
Modify device
authent data
Copyright 2014 Oracle and/or its affiliates. All rights reserved. |
21
Indirectly
connected
devices
Device
Virtualization
Oracle IoT CS
Gateway s/w
Directly
connected
devices
Event Store
High Speed
Messaging
Stream Processing
Endpoint
Management
Enterprise
Connectivity
Oracle
Cloud
Services
Integration Cloud
Service
Enterprise
Apps
Cloud or On Premise
Manufacturing
Service
Mgmt
3rd party
apps
Industry
Vertical Apps
Firewall
Mobile Cloud
Service
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal/Restricted/Highly Restricted
22
Trusted Devices
Security mechanism
provisions and manages
trust relationships with
devices
Uniquely assigned device
identities disallows reuse
of security credentials
across devices
Security Lifecycle
Non-Repudiation
Enforces authentication
prior to communication
with any device or
enterprise software,
enabling proof of origin
of data
Transport level security
for all communication to
ensure data integrity
23
Trusted Devices
Security mechanism
provisions and manages
trust relationships with
devices
Uniquely assigned device
identities disallows reuse
of security credentials
across devices
Security Lifecycle
Non-Repudiation
Enforces authentication
prior to communication
with any device or
enterprise software,
enabling proof of origin
of data
Transport level security
for all communication to
ensure data integrity
24
HTTPS
Device
IoT
Service
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
25
HTTPS
Device
IoT
Service
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal
26
27
Example: in a factory
Thoroughly check devices (including
software) before installing them
Make sure that every device is covered
by a security camera
Instruct security staff to regularly
inspect devices for unusual
28
29
Java Card
To ensure that your trusted hardware
can evolve over time
Copyright 2014 Oracle and/or its affiliates. All rights reserved. |
30
A few References
An accessible and useful book on threat analysis
http://threatmodelingbook.com/
31
Summary
Start by thinking like an attacker
What is tempting in my system?
To who? Why?
Copyright
2014 Oracle
and/or
its affiliates.
All rights
reserved.
Copyright
2015,Oracle
and/or
its affiliates.
All rights
reserved.
| |
32
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal/Restricted/Highly Restricted
33