Introduction to IoT security

Christina Skouloudi, Apostolos Malatras | ENISA IoT Security team

ENISA-FORTH NIS Summer School| 26.09.2018
European Union Agency for Network and Information Security
Structure of Day 1
Day 1
• Round table
• Intro & ENISA’s efforts on IoT
• IoT 101
• Intro and definition
• Ecosystem (including assets and components)
• IoT platforms
• IoT protocols
• IoT Security
• Challenges
• Threats
• Attack scenarios
• Case-study: BLE Security
• LAB
3
Positioning ENISA activities

CAPACITY POLICY
 Hands on activities  Support MS & COM in
Policy implementation
 Harmonisation across EU

EXPERTISE
 Recommendations
 Independent Advice

4
ENISA’s efforts on IoT Security

 Horizontal and vertical Studies

 Expert Groups
 Validation Workshops
 Conferences
 Summer School

5
ENISA’s efforts on IoT Security

Industry 4.0 Baseline IoT Security

6
IoT security in sectors

• Understand threats & assets

• Consider context of use
• Highlight security good
practices in specific sectors
• Provide recommendations to
enhance cyber security
• Expert groups

7
ENISA and IoT cybersecurity

• Baseline Security Recommendations for IoT

• Map existing IoT security initiatives
• Address the problem holistically engaging
with wider community
• Utilize sectorial knowhow
• Provide horizontal cybersecurity
recommendations and security measures
• One stop shop for IoT cybersecurity
in Europe

https://enisa.europa.eu/iot
8
IoT 101
What is IoT to you?

10
IoT

“
ENISA defines IoT as a cyber-physical ecosystem
of interconnected sensors and actuators which
enable intelligent decision making.

” 11
Sensor

12
Sensor

element that allows to monitor the environment

and the context on which IoT systems operate

sensors can measure defined physical, chemical or biological indicators, and on

the digital level, they collect information about the network and applications

• accelerometers
• temperature sensors
• pressure sensors
• light sensors
• acoustic sensors

13
Actuator

14
Actuator

the entity responsible for moving or controlling a system

or mechanism.

an actuator operates in the reverse direction of a sensor;

it takes an electrical input and turns it into physical action.

15
Sensor + Actuator + ..

• medical implants
• wearables (smart watches)
• connected lights
• smart thermostats

Structure of an IoT embedded system

16
Intelligent Decision Making

17
Everything becomes connected

Business side
• “Everything connected” hype
- Competitors do IoT, hence we must do
IoT
- Competitors don’t do IoT, let’s be the
first one!
• Financial gains
• New business models and
opportunities
• Advanced data collection and
processing

18
19
Components of IoT?

20
IoT Ecosystem
CLOUD PLATFORM,
BACKEND AND
SERVICES

GATEWAYS

ENDPOINT DEVICES (SENSORS, ACTUATORS, EMBEDDED DEVICES etc.)

21
IoT Components – Endpoint Devices

• Smart appliances
• Smartphones
• Smart ‘things’

22
IoT Components - Communications

• WiFi
• Zigbee
• Z-Wave
• NFC SESSION AMQP, CoAP, DDS, MQTT, XMPP

ENCAPSULATION 6LowPAN, Thread

NETWORK

• RFID DATALINK
ROUTING CARP, RPL

Bluetooth / BLE, Wi-Fi / Wi-Fi HaLow, LoRaWAN, Neul, SigFox, Z-Wave, ZigBee, USB

• BLE
• LoRAWAN
• MQTT/SIP/CoAP

23
24
25
IoT Components - Cloud

• Data and storage

• Web-based services
• Device management (config, etc)

26
IoT Cloud platform

27
IoT Components - Use case / context

• Consumer Electronics
• Automotive
• Healthcare
• Industrial IoT
• Wearables
• Logistics
• Sport & Fitness

28
What are the assets of
IoT?
Group of 4 – 5’

29
IoT Assets

30
Development for IoT

31
IoT development platforms

• ThingBox
• Node-RED
• M2MLabs Mainspring
• Kinoma
• Eclipse IoT Project
• Arduino

32
IoT hardware platforms

• Apio • OpenPicus
• Arduino Nano • panStamps
• Arduino Pro Mini • PicAxe
• Arduino Uno • Pinoccio
• Arduino Yún • Raspberry Pi 2
• Arietta G25 • RasWIK
• BeagleBoard • SAM R21 Xplained Pro
• Flutter • SmartEverything
• Flutter • SODAQ
• IMUduino BTLE • SparkFun RedBoard
• Intel Edison • Tessel
• Intel Galileo • Tessel 2
• Libelium Waspmote • The AirBoard
• LightBlue Bean • The Rascal
• Local Motors Connected Car • TinyDuino
• Microduino • UDOO
• Nanode • WIOT
• OpenKontrol Gateway • XinoRF
33
IoT software platforms

Home Automation Middleware Operating Systems

• Eclipse SmartHome • IoTSyS • AllJoyn
• Home Gateway • Kaa • Contiki
Initiative (HGI) • OpenIoT • Raspbian
• Ninja Blocks
• OpenRemote • RIOT
• Spark
• openHAB
• PrivateEyePi
• RaZberry
• The Thing System

34
IoT Iintegration platforms
• Canopy
• Chimera IoT
• DeviceHive(IoT Integration Tools and Horizontal Platforms )
• net
• Distributed Services Architecture (DSA)
• IoT Toolkit
• M2MLabs Mainspring
• Mango
• Nimbits
• Open Source Internet of Things (OSIOT)
• OpenRemote
• Pico Labs (Kynetx open source assigned to Pico Labs)
• prpl Foundation
• RabbitMQ
• SiteWhere
• ThingSpeak
• webinos
• Yaler
35
Node-Red

https://nodered.org/

Presentation Title | Speaker Name ( To edit click Insert/ Header & footer) 36
IoT Security
What could possibly
go wrong?

38
What could possibly go wrong?

39
Based on a real life example

• IoT botnet
• IoT devices used for DDoS attacks

40
Why IoT security matters?
No device is fully secured
• Reliance on third-party components, hardware and
software
• Dependency on networks and external services
• Design of IoT/connected devices
• Vulnerabilities in protocols
• Security by design NOT the norm.

IoT security is currently limited

• Investments on security are limited
Physical
Cyber
System
• Functionalities before security
System
• Real physical threats with risks on health and safety
• No legal framework for liabilities

41
IoT Security – Main challenges

• Very large attack surface and widespread deployment

• Limited device resources
• Lack of standards and regulations
• Safety and security process integration
• Security by design not a top priority
• Lack of expertise
• Applying security updates
• Insecure development
• Unclear liabilities
42
43
What are the threats to IoT?
Group of 4 – 5’

44
IoT Threat Landscape

45
Which way would you attack IoT?
Attack scenarios

46
Many ways to attack IoT

• Attacks over the entire IoT ecosystem

• Sensors/actuators
- E.g. draining the battery of pacemakers
• Communications
- E.g. intercepting Bluetooth LE communication
• Decision making (data integrity, etc.)
- E.g. modification of messages to modify smart car
behavior
• Information privacy
- E.g. smart toys exploited to eavesdrop on children

47
IoT Attack Scenarios

IoT administration system compromised

48
IoT Attack Scenarios

Botnet / Commands injection

49
Class Exercise
Botnet (Mirai)
51
Shodan

Shodan
IP Angry

52
What to understand

• What we are exposing on the internet

• Online scanners
• The use of shodan, and the many grey areas.
• Who is a potential target of these kind of scanners?
• Are shodan results an indicator of potential attacks and more
sophisticated version of current attacks? (eg. Mirai evolved to
target specific ports – why?)

53
IP Angry

54
Code of a Botnet

Study Mirai code on github:

https://github.com/jgamblin/Mirai-Source-Code

55
IoT Security Architectures

• AIOTI High Level Architecture functional model

• FP7-ICT – IoT-A Architectural reference model
• NIST Network of Things (NoT)
• ITU-T IoT reference model39
• ISO/IEC CD 30141 Internet of Things Reference Architecture
• ISACA Conceptual IoT Architecture
• oneM2M Architecture Model
• IEEE P2413 - Standard for an Architectural Framework

56
High-level IoT reference model

57
Case-study
Demo on Smart Health Security
Sensor

1 High

Sensor
1 = red (RGB sensor)
0 = green
-1 = blue 0 Med

Display?/LED

-1 Low

59
Interconnectivity

Sensor
(RGB sensor)
1 = red
0 = green
-1 = blue

reading

60
Decision Making

Based on reading, we want to

increase or decrease value to 1 High
get optimal state

0 Med

If(red)
add blue
-1
Low
If(green)
do nothing

If(blue)
add red

61
Actuator

If(red)
add blue

62
Scenario 1: Sensor tampering
modifying the values read by sensors or their threshold values and settings

63
Real life practice – Electronic
thermometer

64
Scenario 2: Man-In-the-Middle
modifying the values intercepted from the man in the middle

65
Real life practice – Pacemaker

66
Scenario 3: Unauthorised access
modifying or sabotaging normal settings of the device

67
Real life practice – Unauthorised
syringe injections

68
Summary

• IoT 101
• IoT Security
• Challenges
• Threats
• Attack scenarios
• Case-study

69
What follows..

Lab exercises on
BLE attacks
Time to set up the VMachines!

70
Thank you
1 Vasilissis Sofias Str, Maroussi 151 24, Attiki, Greece

Tel: +30 28 14 40 9711

[email protected]

www.enisa.europa.eu