resolve inefficiencies of a given system through the use of real-time analysis of passive data sources to change how the system works? • e.g. Traffic sensors used to resolve traffic congestion via machine learning • Cost Savings: Can a system determine when the value it provides to a user is being out weighed by the financial cost to provide it and disrupt operations? • e.g. HVAC units that are temporarily interrupted when power costs are high • Convenience: Can a system enable users to spend less time managing the individual components of its deployment and rather automatically act for them? • e.g. Parking meters that will start/stop billing by proximity of a user’s phone
Can we trust sensor data? • Was a command altered? • Where is data collected? • Is information encrypted? • How do we identify users? • Are passwords enough? • How is control delegated? • Can we mitigate abuse?
that sensors implicitly have within a control network allow for abuse • If the sensor reports a result, how & why should a system decide it’s not valid? • When sensor nodes communicate and/or repeat data, can we trust it? • Each type of sensor inherently has a way to abuse the validity of what it “sees” • Is there a traffic jam? Or did someone only convince the road sensor there is? • Communications between sensors and controllers must have full integrity • Can we manipulate a sensor controller to believe sensors are speaking to it?
the contents of a transmission “in flight” of either wired and/or wireless sensors to change the intent or target to allow the attacker greater influence • e.g. Intercept and change a message to say “car present” to “car not present” • Spoofing: Determine an identifier that is associated with a valid network sensor and fraudulently claim to be that sensor to send transmissions that are regarded as true • e.g. Sniff Wi-Fi traffic for hardware addresses of valid sensors and steal one Many connected technologies and protocols do not appropriately ensure that messages are unique, have a verifiable source, or have cryptographic validity
demonstrated his ability to abuse the lack of integrity in both firmware and communications for sensor technology powering over 200,000 devices For ~$100 USD, Major Traffic Disruptions Can Occur
anchors than the web (e.g. browsers) in order to scale and provide differing levels of assurance • How do we ensure end-to-end communications across vendors who have never before spoken to one another and end-users who don’t know each other exist? • Even modern protocols (e.g. ZigBee) often natively lack appropriate key exchange mechanisms to ensure that passive ease droppers cannot intercept communications • In many cases, infrastructure components don’t even use encryption at all • Are the devices we deploy today capable of performing the necessary operations? • Bugs in libraries occur (e.g. Heartbleed) and we must be able to quickly update! Cryptographic Infrastructure on Scale
exposed that Bluetooth Low Energy (LE) effectively had zero usable key exchange handling. This was only recently resolved in BTLE 4.2 and unlikely used. Passive Attackers Are Able to Crack Cryptography in Seconds
aggregation from Smart City sensors will be both one of the greatest uses of truly ‘Big Data’ and also pose a crisis of citizen privacy it it were mishandled • This is especially true as more governments embrace progressive ‘open data’ initiatives, where they intentionally publish data that could contain information that was not adequately decoupled, redacted, or obscured to protect identities • In 2007, AOL released “anonymized” data of search engine results that were not redacted in a complex enough manner and allowed people to be determined • The aggregate of different sensor networks will ultimately result in Smart City awareness of how citizens “live their life,” which could impede their privacy • Where did individuals go? How long did they stay? What did they do?
either first hand or through the media, that using a password has become insufficient to protect against malware, phishing, and other easy attacks • The web site haveibeenpwned.com has aggregated 290 million accounts from publicly leaked data breaches since only 2010 — this is a drop in the bucket • Two-factor authentication (e.g. hardware token + password) is necessary to further our capability to safely identify users who are connecting to various control systems • This increase in security must be measured against convenience, however, and have a focus on requiring users to authenticate on high-risk transactions or sensitive data • Requiring context-specific, device-aware authentication reduces overall friction
realizes that identity, whether human or machine, must be abstracted to a functional level that allows for complex relationships to occur among disparate objects In a Smart City, the human is just another variable in an equation
performed a consumer survey that found… • The Smart City will require that citizens each possess numerous on- person technologies that can provide higher assurance levels of the identity for any individual — effectively a personal area network of trust • How will Smart Cities manage all of the authentication credentials and device identifiers? Will they leverage third-parties (e.g. social media)? “82% were concerned that wearable tech will invade their privacy and 86% expressed concern that wearable tech will make them more vulnerable to security breaches, a concern that outweighed any of the benefits named.”
of individual technologies that are able to expose interfaces to leverage the depth of their overall functionality • Cars, bulbs, and locks will be abstracted away into purpose-based primitives • Authorization is difficult even for small scopes, let alone at the scale of a Smart City • How do we track who can do what? How is that arbitrated? What about logging? • Much like our problem to manage Smart City confidentiality, authorization in future deployments will need to be managed on a scale that we’ve never seen achieved • We truly must have humans and machines each be able to accomplish tasks that do not require individual authorization or have vendor-specific knowledge Flexibility is the Nemesis of Simplicity
an Attacker’s Dream • If This Then That (IFTTT) is a popular web service that connects unrelated platforms • The problem IFTTT helps solve is the need for users to perform actions based on the results of other platforms — sound familiar? • Authorization in this model is entirely based on initial trust when a user authenticates to a service — Smart Cities need granularity! • e.g. Allow Mark to turn on light bulbs in his house, his office, and Mike’s house
adjust your office’s thermostat? Pay for it. • Using a water fountain on the street? Pay for it. • Need to use a private facilities bathroom? Pay for it. • Determine ads to show a person as they walk by • Use environmental sensors to suggest activities • Provide tourist narration based on a phone’s settings MICRO PAYMENTS HOME INTEGRATION How do these features alter our evolving Smart City security needs? • Automatically set citizen’s home thermostat settings • Integrate home camera feeds into security monitoring • Home owner across town? Close & lock entry points.
resistant-and-evident technologies, at physical & digital levels, to provide assurances that all communications and functionality remain trusted • A mixture of trusted computing hardware, digital signatures, and message queues 2. Building a comprehensive & decentralized cryptographic backend that allows unrelated technologies/vendors to securely communicate with minimal setup • Consider what the Bitcoin blockchain can be used for beyond simply currency 3. Managing the identity of humans & machines on scale, with awareness of the authentication context, proximal technologies, and risk profile of certain actions • Social media + wearables are just step one towards building a web of digital trust 4. Allow the real-time discovery of Smart City components, their capabilities, the authorizations an individual user and/or machine has, and provide direct access • The world is a massive Application Programming Interface (API) to be exposed
and organizations that collectively want to raise the bar for Smart City security through curated knowledge transfer The OTA’s IoT Trust Framework - https://otalliance.org/initiatives/internet-things Structured guidance to help the vendors of connected devices determine the goals and methods to ensure a higher level of secure engineering & privacy Build It Securely - https://builditsecure.ly/ An initiative to provide secure-engineering guidance and technical resources to IoT vendors from world-class experts who provide their time and talent for free HELPING TO SECURE SMART CITIES
mstanislav
kanekoh
iwamot
zaimy
oracle4engineer
flyamerican
flyunitedguide
you
harrry1211
niftycorp
ymrl
gtnao
shnjtk
mclloyd
chrislema
reverentgeek
sachag
addyosmani
brettharned
bermonpainter
smashingmag
zakiyama
tanoku
cassininazir
![Thank You! Mark Stanislav [email protected] @markstanislav](https://files.speakerdeck.com/presentations/685e07aa01384b08819a1140082d1138/slide_23.jpg){kind=link}