La sécurité dans l'IoT : difficultés, failles et contre-mesures @MiXiT

Transcript

1. La sécurité dans l'IoT : difficultés, failles et contre-mesures MiXiT

   2018 Alexis DUQUE, Rtone

2. ALEXIS DUQUE ★ Embedded Software engineer & R&D leader at

   Rtone ★ PhD Student at CITI Lab, INSA de Lyon ★ @alexis0duque ★ alexisduque ★ [email protected] ★ alexisduque.me ★ https://goo.gl/oNUWu6 About Me 2

3. ★ THE INTERNET OF THINGS ★ NEWS ★ VULNERABILITIES &

   OWASP TOP 10 ★ BLUETOOTH LE (UN)SECURITY ★ DEMO: BLUETOOTH LE (UN)SECURITY ★ SIDE CHANNELS ATTACKS ★ COUNTERMEASURES Summary 3

4. The Internet Of Things

5. IOT: WHAT DOES IT MEAN ? ★ [ WIKIPEDIA ]

   The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices. ★ [ OXFORD ] A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data. The Internet Of Things 5

6. IOT: WHAT DOES IT MEAN ? ★ “20 billions interconnected

   devices by the year 2020” Gartner ★ IoT applications include domestic and industrial scenarios (M2M) The Internet Of Things 6

7. SECURITY: WHAT DOES IT MEAN ? Availability ★ Authentication mechanism

   working properly ★ Data available on request Integrity ★ Data have not been altered ★ Data from a trusted device ★ Each device have its own identity that cannot be stolen ★ Unique integrity code for each message Confidentiality ★ Data are encrypted ★ Unauthorized party cannot have access to data The Internet Of Things 7

8. IOT+SECURITY SPECIFIC PROPERTIES ★ Uncontrolled Environment ◦ Many things travel

   to untrustworthy surroundings, possibly without supervision ★ Heterogeneity ◦ IoT is expected to integrate a multitude of things from various manufacturer ★ Users and Manufacturers not aware of security risks ★ Surface of attacks: Hardware + Software ★ Scalability ◦ The vast amount of interconnected things in the IoT demands highly scalable protocols ★ Constrained Resources ◦ Things in the IoT will have constraints that need to be considered for security mechanisms The Internet Of Things 8

9. IOT SECURITY HAPPENS ON 4 DIFFERENT LEVELS Device, Communications, Cloud

   and Lifecycle Management The Internet Of Things 9

10. FIRMWARE UPDATES ★ Need to be able to update firmware

    ◦ Most users don’t bother to update! ★ Automatic updates? ◦ Depends on device ★ Needs to be tested on all hardware variants ◦ LockState bricked some of their locks (recommended by AirBnB) with a firmware update ★ Download path needs to be secure ◦ Out of date CA bundles, certificate loss, e.g. Logitech Harmony Link ★ Update path needs to be secure ◦ Supply-side attacks becoming more common – e.g. CCleaner, MeDoc, Mint, Transmission The Internet Of Things 10

11. IOT+SECURITY CHALLENGES AND CONCERNS ★ Objects are small and everywhere

    and connected ◦ Prone to environmental influences ◦ Unprotected places (unnoticed manipulation) ◦ Weak calculation and memory (limited for crypto) ★ They are autonomous ◦ Acting without user awareness or control ★ Cyber attacks have real world consequences ◦ IoT devices may control the physical world ◦ E.g. vulnerable computer systems in car The Internet Of Things 11

12. The Hacker’s Paradise! 12

13. IOT PRIVACY CHALLENGES ★ How to obtain informed consent? ★

    How can individuals have overall control over data? ★ Who is responsible? How can rights be exercised? ★ How data can be safeguarded? ★ How do you detect attacks, damages, information leaks? The Internet Of Things 13

14. 5 TYPES OF IOT ATTACKERS The Internet Of Things 14

15. ATTACK SURFACE AREA ★ Around 20 attack surface areas on

    the OWASP IoT Project ★ E.g. web Interfaces, physical interfaces, firmware, network, cloud, mobile, API, etc ★ Each attack surface has multiple potential vulnerabilities ★ Firmware packages use old and/or unsupported versions of 3rd party components ★ Ubiquiti network gear hijacked due to 20-year old PHP build ★ Many of the vulnerabilities discovered are years or decades old!!! The Internet Of Things 15

16. SOUS-TITRE Est ut paucos caritas autem. News 16

17. News 17

18. MIRAI BOTNET Not really new but ... ★ Over 200,000

    devices in original botnet ★ 623 Gbps attack on Krebs ★ 1 Tbps attack on Dyn ★ Source code released ★ Default credentials Also Reaper (2016), Hajime, Okiru, ... News 18

19. E-HEALTH The Hackable Cardiac Devices from St. Jude “The FDA

    confirmed that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device. Once in, they could deplete the battery or administer incorrect pacing or shocks” ★ Vulnerability occurred in the transmitter that reads the device’s data ★ Hackers could control a device by accessing its transmitter ★ 465,000 Abbott pacemakers vulnerable to hacking ★ Need a firmware fix News 19

20. BLUETOOTH VULNERABILITIES BlueBorne ★ https://www.armis.com/blueborne/ ★ Android, Windows, iOS &

    Linux ★ Amazon Echo and Google Home ★ 8 vulnerabilities News 20

21. BLUEBORNE ★ BNEP (Bluetooth Network Encapsulation Protocol) ◦ heap-based buffer

    overflow (CVE-2017-0781) ◦ integer underflow (CVE-2017-0782) ➔ memory corruption + privilege escalation + remote code execution ★ L2CAP / LEAP (Low Energy Audio Protocol) ◦ buffer overflow (CVE-2017-1000251) ➔ payload injection + remote code execution ★ SDP (Service Discovery Protocol) ◦ CVE-2017-0785 /CVE-2017-1000250 ➔ “heartbleed like” data leak ◦ Amazon Echo and Google Home ★ BNEP service (IP connectivity) ◦ fake IP interface + packets interception ➔ “wifi like” MiTM News 21

22. BLUEBORNE News 22 OS Vulnerability CVE Id. Description Android Remote

    Code Execution CVE-2017-0781 Furtive attack Android Remote Code Execution CVE-2017-0782 Furtive attack Android Data leak CVE-2017-0785 Heartbleed like Android "Man-In-The-Middle" (MiTM) CVE-2017-0783 Bluetooth "Pineapple" Linux Remote Code Execution CVE-2017- 1000251 - Linux Data leak CVE-2017- 1000250 Heartbleed like iOS Remote Code Execution CVE-2017-14315 - Windows "Man-In-The-Middle" (MiTM) CVE-2017-8628 Bluetooth "Pineapple"
23. None

24. TOP 10 OWASP

25. WHAT IS OWASP? ★ [owasp.org] “The Open Web Application Security

    Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software” ★ [owasp.org] “The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies” OWASP IOT Project 25

26. OWASP IOT TOP TEN 1. Insecure Web Interface “Attacker uses

    weak credentials, captures plain-text credentials or enumerates accounts to access the web interface.” ★ A1:2017 Injection ★ A7:2017 Cross-Site Scripting (XSS) ★ A13:2017 Cross-Site Request Forgery (CSRF) OWASP IOT Project 26 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability EASY Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

27. OWASP IOT TOP TEN 2. Insufficient Authentication/Authorization “Attacker uses weak

    passwords, insecure password recovery mechanisms, poorly protected credentials or lack of granular access control to access a particular interface.” ★ A2:2017 Broken Authentication ★ Mirai OWASP IOT Project 27 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

28. OWASP IOT TOP TEN 3. Insecure Network Services “Attacker uses

    vulnerable network services to attack the device itself or bounce attacks off the device.” ★ Unnecessary open ports ★ UPnP (Universal Plug and Play) exposing ports to internet ★ Wifi access to network, e.g. iKettle OWASP IOT Project 28 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence UNCOMMON Detectability AVERAGE Impact MODERATE Application / Business Specific

29. OWASP IOT TOP TEN 4. Lack of Transport Encryption/Integrity Verification

    “Attacker uses the lack of transport encryption to view data being passed over the network.” ★ A5:2017 Broken Access Control ★ Devices not always connected to internet ★ Certificates expire ★ Complicated by need for secure inter-device/inter-manufacturer communications ★ Ryan Kurte – “Building a Certificate Authority with Yubikeys”, Chch HackerCon 2017 OWASP IOT Project 29 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

30. OWASP IOT TOP TEN 5. Privacy Concerns “Attacker uses multiple

    vectors such as insufficient authentication, lack of transport encryption or insecure network services to view personal data which is not being properly protected or is being collected unnecessarily.” ★ EU General Data Protection Regulation (GDPR) - 25th May 2018 ◦ Requirements for User Consent and Pseudonymisation. ◦ Legal obligation to notify the Supervisory Authority of data breach without undue delay (72 hours?) OWASP IOT Project 30 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

31. OWASP IOT TOP TEN 6. Insecure Cloud Interface “Attacker uses

    multiple vectors such as insufficient authentication, lack of transport encryption and account enumeration to access data or controls via the cloud website.” ★ A1:2017 Injection ★ A7:2017 Cross-Site Scripting (XSS) ★ A13:2017 Cross-Site Request Forgery (CSRF) OWASP IOT Project 31 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

32. OWASP IOT TOP TEN 7. Insecure Mobile Interface “Attacker uses

    multiple vectors such as insufficient authentication, lack of transport encryption and account enumeration to access data or controls via the mobile interface.” ★ Bluetooth SIG releasing “Launch Studio”, no provision for security ★ No best practice? ★ National Institute of Standards and Technology (NIST) “Guide to Bluetooth Security” OWASP IOT Project 32 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

33. OWASP IOT TOP TEN 8. Insufficient Security Configurability “Attacker uses

    the lack of granular permissions to access data or controls on the device. The attacker could also us the lack of encryption options and lack of password options to perform other attacks which lead to compromise of the device and/or data.” OWASP IOT Project 33 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability EASY Impact MODERATE Application / Business Specific

34. OWASP IOT TOP TEN 9. Insecure Software/Firmware “Attacker uses multiple

    vectors such as capturing update files via unencrypted connections, the update file itself is not encrypted or they are able to perform their own malicious update via DNS hijacking.” OWASP IOT Project 34 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability DIFFICULT Prevalence COMMON Detectability EASY Impact SEVERE Application / Business Specific

35. OWASP IOT TOP TEN 10. Poor Physical Security “Attacker uses

    vectors such as USB ports or other storage means to access the Operating System and potentially any data stored on the device.” ★ JTAG ★ Serial bus spy: BUS PIRATE ★ Oscilloscope OWASP IOT Project 35 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence COMMON Detectability AVERAGE Impact SEVERE Application / Business Specific
36. None

37. Bluetooth LE

38. ABOUT BLUETOOTH LOW ENERGY In short ★ AKA Bluetooth 4/5,

    Bluetooth SMART ★ One of most exploding recently IoT technologies ★ Completely different than previous Bluetooth 2, 3 (BR/EDR) ★ Designed for low energy usage, simplicity rather than throughput BLUETOOTH LE 38

39. ABOUT BLUETOOTH LOW ENERGY In short ★ Peripheral / Central

    / Advertiser ◦ Read - Write - Notifications - Indication ★ Bluetooth 4.0 ◦ Weak security mechanisms ★ Bluetooth 4.2 ◦ Add strong encryption ★ Bluetooth 5 ◦ No security update ◦ Throughput & Range ++ BLUETOOTH LE 39

40. BLE SECURITY In short ★ Uses AES-128 with CCM (Counter

    with CBC-MAC) encryption ★ Uses Key Distribution to share various keys ◦ Identity Resolving Key is used for privacy ◦ Signing Resolving Key provides fast authentication without encryption ◦ Long Term Key is used ★ Pairing encrypts the link using a Temporary Key (TK) ◦ Derived from passkey & then distribute keys ★ Asymmetric key model ◦ Slave gives keys to master with a diversifier ◦ Slave can then recover keys from the diversifier BLUETOOTH LE 40

41. BLE SECURITY PAIRING How to determine the temporary key (TK)?

    ★ Just Works ◦ Legacy, most common ◦ Devices without display cannot implement other ◦ It’s actually a key of zero, that’s why it just works... ★ 6-digit PIN ◦ In case the device has a display ★ Out of band (OOB) ◦ Does not share secret key over the 2.4 GHz band (used by protocol) ◦ Makes use of other mediums (e.g. NFC) ◦ Once secret keys are exchanged, encrypts the channel Not common (understatement – haven’t seen one yet) “None of the pairing methods provide protection against a passive eavesdropper” - Bluetooth Core Spec BLUETOOTH LE 41

42. BLE SECURITY: BLE 4.2 4.2 brings strong encryption with Elliptic

    Curves Diffie-Hellman (ECDH) Numeric Comparison to determine the TK ★ In practice, ~80% of tested devices do not implement BLE-layer encryption ★ Mobile apps cannot control the pairing (OS level) ★ Why? ◦ As always, security is left behind (cost, time, etc.) ◦ Multiple users/apps using the same devices ◦ Public access devices (e.g. cash register) ◦ Hardware, software or even UX ◦ Compatibilities/requirements BLUETOOTH LE 42

43. HACKING: BLUETOOTH LOW ENERGY Hardware ★ BLE USB dongle ◦

    CSR8510: most common, good enough, ~ 5 EUR ◦ Other chips (often built in laptops) ★ Ubertooth BLUETOOTH LE 43

44. HACKING: BLUETOOTH LOW ENERGY Software: Btlejuice ★ https://github.com/DigitalSecurity/btlejuice ★ Bluetooth

    MiTM attacks BLUETOOTH LE 44

45. HACKING: BLUETOOTH LOW ENERGY MitM for BLE BLUETOOTH LE 45

46. DEMO TIME!

47. None

48. Side Channel Attacks

49. DEFINITION What is a “side channel” ★ A side channel

    is a source of information about secret information besides the actual communication channel ★ In most cases the source of information a consequence of the system design unintended hard to control ★ Side channels and side-channel analysis is very common – also in everyday life Side Channel Attacks 49 Personal identification system based on rotation of toilet paper rolls, Kurahashi et al. , IEEE PCC 2017

50. EXAMPLE A PIN code check ★ Consider a PIN check

    running on an embedded processor ★ The PIN check could be programmed in the following straightforward way Side Channel Attacks 50 r = strcmp(secret_pwd, typed_pwd); if (r==0) { /* grant access */ s = access_secret_data(); } else { /* deny access */ incorrect_password(); } int strcmp(const char* s1, const char* s2) { while(*s1 && (*s1 == *s2)) { s1++; s2++; } return *(const unsigned char*)s1 - *(const unsigned char*)s2; } The execution time of strcmp() is directly proportional to the number of correct PIN digits at the beginning of the PIN!

51. EXAMPLE Differential Power Analysis (DPA) on AES Side Channel Attacks

    51

52. EXAMPLE Meltdown & Spectre Side Channel Attacks 52

53. Countermeasures and best practises

54. GLOBAL LEVEL SECURITY Security objectives must be considered during the

    product life cycle ★ Security “by design” ★ Governance ★ Risks analysis ★ Technologies choices and their threat ★ Architecture requirements for security ★ Security-related operating device requirements ★ Integration in the project ★ Security review during the project ★ Feasibility and security measures efficiency assessment in production Countermeasures and best practises 54

55. COVER THE MAIN RISKS Security Upgrade ★ Safe and secured,

    it is better ! Communications encryption and authentication ★ Use standard crypto ★ Don’t shared key between devices! Local Security ★ Code integrity, data confidentiality ★ Restrict and control local access (hardware, …) 55 Countermeasures and best practises

56. WORK IN PROGRESS Crypto primitives and crypto protocoles ★ Lightweight

    Crypto for the IoT (LWC) Software Security ★ Code security and proof (standard, best practices, formal analysis) Hardware Security ★ Side channel-attack and fault-injection Runtime integrity ★ Secure boot ★ Secure firmware update 56 Countermeasures and best practises

57. FRENCH COLLABORATIVE PROJECT PACLIDO ★ Protocoles et Algorithmes Cryptographiques Légers

    pour l’Internet des Objets Consortium ★ Airbus, Loria-CNRS, Rtone, Université de Limoge, Trusted Object, Sophia Conseil Goals ★ Develop new and IoT compliant crypto primitives and protocols ★ For domotics (BLE), Smart-Cities 57 @fui_paclido paclido.fr Countermeasures and best practises

58. SECURE HARDWARE Secure Element 58 Countermeasures and best practises

59. CONCLUSION

60. SUMMARY IoT is going to get worse before it gets

    better! ★ 84 billion devices out there. ★ Devices in development still to be released ★ Devices deployed need to be updated ★ Developers are lazy ★ Customers are stupid ★ Manufacturers are skinflint Developers need help! ★ Solutions already exist ★ Solutions are still in development ★ Researchers are designing future IoT security standards CONCLUSION 60
61. None

62. 62