Identiverse 2021 - Cryptographic Protocols for Machine Identities and Credentials

Slide 1

Slide 1 text

JUNE 2021 Cryptographic Protocols for Machine Identities and Credentials Mrinal Wadhwa CTO, Ockam

Slide 2

Slide 2 text

IoT will have an economic impact between $4 trillion and $11 trillion, by 2025. Source: McKinsey & Company

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

JUNE 2021 1. Implicit trust in network boundaries. Source: Dragos - Industrial Control Systems, CyberSecurity, Year in Review 2019 & 2020 Root causes

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

JUNE 2021 1. Implicit trust in network boundaries . 2. Lack of end-to-end data integrity and con fi dentiality. Root causes

Slide 8

Slide 8 text

Least Privilege. Principle of Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.” — Jerome Saltzer, Communications of the ACM, 1974

Slide 9

Slide 9 text

Heart Rate Monitor Heart Rate Application

Slide 10

Slide 10 text

Heart Rate Monitor Heart Rate Application

Slide 11

Slide 11 text

Heart Rate Monitor Heart Rate Service Heart Rate Application

Slide 12

Slide 12 text

Heart Rate Monitor Heart Rate Service 80 bpm Heart Rate Application

Slide 13

Slide 13 text

Heart Rate Monitor Heart Rate Service 80 bpm Heart Rate Application

Slide 14

Slide 14 text

The phone may not be online all the time so the service also caches this data to deliver it later … Heart Rate Monitor Heart Rate Service 80 bpm Heart Rate Application

Slide 15

Slide 15 text

Initiator Responder Shared Secret Shared Secret M1 M2 M3 The shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange D Secure Channel

Slide 16

Slide 16 text

THREAT DESIRED PROPERTY S Spoo fi ng identity Identi fi cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con fi dentiality D Denial of service Availability E Elevation of privilege Authorization Note that this model is very high level, there is massive amounts of nuance in dealing with each of the rows. The STRIDE threat model can help us evaluate every message.

Slide 17

Slide 17 text

Coming back to our heart rate solution, for secure communication … Heart Rate Monitor Heart Rate Service Heart Rate Application

Slide 18

Slide 18 text

Heart Rate Monitor Heart Rate Service Secure Channel We setup a secure channel between the monitor and the service. Heart Rate Application

Slide 19

Slide 19 text

Heart Rate Monitor Heart Rate Service Secure Channel Secure Channel And another secure channel between the phone and the service. Heart Rate Application

Slide 20

Slide 20 text

Heart Rate Monitor Heart Rate Service Transport Layer Security Transport Layer Security Since these devices have direct access to the internet, with TLS … Heart Rate Application

Slide 21

Slide 21 text

Heart Rate Monitor Heart Rate Service 80 bpm Transport Layer Security Transport Layer Security Heart Rate Application

Slide 22

Slide 22 text

Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… Transport Layer Security Transport Layer Security Heart Rate Application

Slide 23

Slide 23 text

Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80 bpm Transport Layer Security Transport Layer Security Heart Rate Application

Slide 24

Slide 24 text

Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80 bpm 0x8621f842… Transport Layer Security Transport Layer Security Heart Rate Application

Slide 25

Slide 25 text

Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80 bpm 0x8621f842… 80 bpm This type of setup is industry best practice. Transport Layer Security Transport Layer Security Heart Rate Application

Slide 26

Slide 26 text

Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80 bpm 0x8621f842… 80 bpm But even when we manage to setup the channels correctly the data is still exposed to the service.   The service doesn’t need to know the contents of the message to route and cache messages (its primary job). Transport Layer Security Transport Layer Security Heart Rate Application

Slide 27

Slide 27 text

Route on/off instructions. Connected Outlet Connected Outlet Application Connected Outlet Service

Slide 28

Slide 28 text

Route open/close instructions. Connected Lock Connected Lock Application Connected Lock Service

Slide 29

Slide 29 text

Route/Cache sensor data, alerts and videos. Camera Door Bell Camera Door Bell Application Camera Door Bell Service

Slide 30

Slide 30 text

Gateway Flood Warning Sensor Multiple transport protocols in the path of one message. TCP TCP Flood Monitoring System Sensors Vendor’s Service LPWAN

Slide 31

Slide 31 text

Gateway Flood Warning Sensor Flood Monitoring System Sensors Vendor’s Service TLS TLS LPWAN

Slide 32

Slide 32 text

Messages, within modern applications, rarely flows over a single, direct, point-to-point transport connection.

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

Secure Channel implementations are usually tightly coupled with the length and duration of the underlying transport layer connection.

Slide 38

Slide 38 text

Data integrity and confidentiality guarantees are lost at every transport connection hop.

Slide 39

Slide 39 text

JUNE 2021 1. Implicit trust in network boundaries . 2. Lack of end-to-end data integrity and con fi dentiality . 3. Lack of mutual authentication. Root causes

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

JUNE 2021 1. Implicit trust in network boundaries . 2. Lack of end-to-end data integrity and con fi dentiality . 3. Lack of mutual authentication . 4. Poor management of keys and credentials. Root causes

Slide 43

Slide 43 text

JUNE 2021 End-to-end Encrypted  Secure Channels

Slide 44

Slide 44 text

Slide 45

Slide 45 text

Slide 46

Slide 46 text

Heart Rate Monitor Heart Rate Application Heart Rate

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

TLS IP TCP Application

Slide 52

Slide 52 text

TLS TCP Application TCP Application Routing Secure Channels IP IP

Slide 53

Slide 53 text

No content

Slide 54

Slide 54 text

No content

Slide 55

Slide 55 text

TCP Application Routing Secure Channels IP

Slide 56

Slide 56 text

TCP Application Routing Secure Channels IP UDP WebSocket HTTP

Slide 57

Slide 57 text

TCP Application Routing Secure Channels IP UDP WebSocket HTTP Bluetooth LPWAN

Slide 58

Slide 58 text

Slide 59

Slide 59 text

JUNE 2021 Device Enrollmen t Leased API access token s Firmware Updat e Find my lost device …

Slide 60

Slide 60 text

JUNE 2021 Privacy Contexts & Identity Profiles

Slide 61

Slide 61 text

JUNE 2021 Selective Disclosure

Slide 62

Slide 62 text

JUNE 2021 Anonymous Credentials

Slide 63

Slide 63 text

JUNE 2021 Zero Knowledge Proofs Mozilla is using Non-Interactive Zero Knowledge Proofs to collect telemetry from the Firefox browser without collecting any private browser usage. A large subset of IoT use cases is telemetry collection.

Slide 64

Slide 64 text

JUNE 2021 Federated Learning Google Keyboard learns out-of-vocabulary words on mobile phones without exposing sensitive text to servers.   Connected sensors could similarly learn to improve accuracy while preserving privacy.