Unit 6: Internet of Things
IoT Privacy, Security and
Vulnerabilities Solutions
This document is for private circulation for Btech,
Computer 2020-21 Cummins college of
Engineering students. It contains data from
various sources and is intended to be used for
educational purposes only.
Basics about security
Security of IoT systems are very important. For Ex. Consider the
ATM messages. They should communicate on internet securely
The security distortion may lead to serious consequences
Privacy is also important as video clips communicates on the
internet in a smart home security application. If the clips reach to
unrelated entitiites, It can lead to serious breach of home security
Security is about the safeguarding of data, whereas privacy is about
the safeguarding of user identity
Industrial organization Allseen Alliance is dedicated for enabling
interoperability of IoT devices and applications
Design of IoT system must ensure Privacy and Security
Some Key Terms
Message- String that represents Data
Hash- It is a bundle which gives an irreversible result after many
operations on data and the operations are just one way
Digest- It a process which gives irreversible result involving
many operations
Encryption is a process of generating new data using a secret
key know only to receiver
Decryption- It is a process which retrives data from the
encrypted data
Use Case- List of event or actions
Misuse case- It defines the behaviour which is not required from
the software under devlopment
Some Key Terms
Layer- Stage during set of actions at which action is taken as per
the specific protocol and then result passes to next layer
Sublayer- Set of actions sequentially taking place at the layer
Firewall- Software interface which interconnects networks with
differing trust. It performs monitoring and controlling
It allows only authorized traffic and imposes restrictions on
network services
Now we will see some processes and actions for ensuring security
And privacy that are taken at the device, network, transport,
application and at service levels
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
1. Privacy
Message Privacy
It means no interference or disturbance from other
It means messages only reach to the centre and used only by the
services of the centre
IoT necessarily need privacy policy
A privacy policy needs to determine that how much of IoT
devices data and which data need absolute privacy and which
needs limited privacy
NIST developing standards for privacy
A system may secure but may inadverantly breach the privacy
of an individual
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
Security authorities and agencies need support for accessing data
which may be private for individuals
Privacy standards for IoT data are under development
Organization 'I am The Cavarly'
2. Vulnerabilities for IoT
It means weak without complete protection
An IoT security article describes that there are many vulnerabilities,
due to participation of the number of layers, hardware sublayers and
software in applications and services
Sensors, machines, automobiles, services each faces different kind of
vulnerabilities
IoT netowork can be vulnerable to eavesdropping(secreatly
listening to private communication)
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
Eavesdropper creates security issues.
For eg. 'E' listens to the messages and commands in the network
during communication and obtains confidential messages
A server at 'E' sends fake commands which a server S for the devices
data assumes that are from the devices or applications
'S' issues responses for the device operations in response to requests
from 'E'
'E' listens these responses
A fake device at 'E' can be used to send the device data such as sensor
data, requests and commands from 'E' for disrupting the control systems
Use of encryption key can protect the messages
The 'Key' is device software generated string
It can be crack by trying large number of combinations
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
Open Web Application Security Policy(OWASP)
It is open source and has free to use licensing policy
It works on Attack surfaces Areas , vulnerabilities
It has identified top 10 vulnerabilities in IoT :
Insecure Web Interface
Insufficient Authentication and Authorization
Inseucre network services
Lack of transport encryption
Privacy concerns
Insecure Cloud Interface
Insecure data Interface
Insecure Software
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
Question: What are the attack surface areas in Device web
interface(DWI) and Cloud web Interface(CWI) defined in OWASP?
For DWI: SQL Injection, account lock out, username enumeration,
weak passwords and known default credentials
For CWI: SQL Injection, account lock out, username enumeration,
weak passwords and known default credentials and
transport encryption
encrypted personally identifiable information sent
unencrypted PII sent
device information leaked
location leaked, cloud user data disclosure
user device location disclosure
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
3. Security Requirements
IoT reference architecture(guide) is set of-
1. Functional 2. Information 3. Deployment 4. Operational
Security consists of Functional View F and it has FG(functional
group). FG contains 5 sets of functions which are required for ensuring
security and privacy
5 Functional Components(FC's) are:
1. Identity Management
2. Autherntications-authentication is the process of verifying who a user
3. Authorization- Authorization is the process of verifying what they
have access to
4. Key exchange and management
5. Trust and Reputation
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
4. Threat Analysis
It is a tool first generates the threats and analyses a system for
threats
It means uncovering the security design flaws after specifying the
stride catagory
STRIDE is an acronym that stands for 6 categories of security
risks: Spoofing, Tampering, Repudiation, Information
Disclosure, Denial of Service, and Elevation of Privileges. Each
category of risk aims to address one aspect of security
It also has a meaning like passing over in one long step
How ia threat analysis for a system performed using Microsoft
Threat Modelling Tool 2014?
A model is designed with Stride and elements
Tool has 3 components- Getting Strated, Create a Model and Open
Model
Tool provide definition for new threats using stride catagory
How ia threat analysis for a system performed using Microsoft
Threat Modelling Tool 2014?
Tool predefines a number of threat catagories
Tool messages display shows the vulnerabilities and data flow
diagrams
Analysis view shows threats which are active and which are inactive
Foe eg. Data store is inaccessible
Eg. of Threat 'Daniel of servie Attack'
A Denial-of-Service (DoS) attack is an attack meant to shut down a
machine or network, making it inaccessible to its intended users
USE CASES AND MISUSE CASES
UML notation use case diagram are required for the Fcs of a security FG
Use case analysis enables the requirement analysis
Use cases are key features of many models and frameworks for processes
development
Oracle Unified Method(OUM) and IBM Rational Unified Process(RUP)
are examples of frameworks for S/W development
USE CASES AND MISUSE CASES
Question : What are the examples of security issues for which use cases are
required in IoT?
USE CASES AND MISUSE CASES
Question : What are the examples of security issues for which misuse cases
are required in IoT so that the requirements of new use cases can be
analysed?
Identity misuse case
Eavesdropping
Fake Server
Fake Device Platform
Unauthorized Access to a data store
MISUSE CASES
Misuse case is a business process modeling tool usedin the software
development industry
The term Misuse Case or mis-use case is derived from and is the inverse
of use case
It describes the process of executing a malicious act against a system
Advantages of misuse cases
Quality is increased because non-functional requirements are noticed
Developers and customers can better understand the system
Measures are immediately visible because risks and counter-measures are
visualized
Risk analysis is possible early on
Risks can be recognized customer-specifically
Traceability is ensured because features to increase security have to be
revised
MISUSE CASES
Applications of Misuse Cases
• Eliciting Security Requirements
• Eliciting Safety Requirements
• Identifying Exceptions
• Identifying Test Cases
• Design Trade-offs
MISUSE CASES
The creation process is composed of the following steps:
Determine the functionality of the system and create use cases
Identify the system’s risks or threatening actors and create misuse
cases and misactors
Link misuse cases with the use cases that they endanger
Determine the features that misuse cases could prevent, and link
them with use cases
Repeat steps 1 – 4 and refine the use cases and misuse cases
MISUSE CASES Examples
MISUSE CASES Examples
MISUSE CASES Examples
IoT Security Tomography and Layer Attack Models
Computational Tomography
A computing method of producing a three-dimensional picture of the
internal structures of an object
By observation and recording of the differences in effects on passage of
energy waves impinging on those structures
Identifying the network vulnerabilities
Used in computational security in complex set of networks
It enables design of efficient attack strategies
Security Tomography
Means finding attack vulnerable sections/subsections
Observations for behaviours using a finite number of objects or threats
in a complex set of subsystems
IoT Security Tomography and Layer Attack Models
Network Tomography
Refers to study of vulnerabilities and security aspects for network
monitoring in a complex system such as WSNs, RFIDs networks, IoT
networks
By allocating resources and ensuring the network reliability and
security
Layered Attacker Model
It gives possible attacks on the layers
Layered Attacker Model
Layer 1 Attacks Solution
• Depends on the devices used
• For example, link level provisioning of security Uses—BT LE link level
AES-CCM 128 authenticated encryption algorithm for confidentiality and
authentication, and
• ZigBee at link level security using AES-CCM-128.
Layer 2 Attacks Solution
Programming the network switches to prevent internal node attacks during
use of DHCP or Spanning Tree Protocol (STP)
Additional controls:
1. ARP inspection,
2. Disabling unused ports and
3. Enforcing effective security on VLAN’s (Virtual LAN)
to prevent VLAN hopping.
Layered Attacker Model
Layer 3 Attacks Solution
• Use of temper resistant router
• Use of packet filtering
• A firewall for controlling routing messages and packets data
between layers 3 and 4 for reducing the risks
Layer 4 Attacks Solution
Port scanning method to Identify the vulnerable port
Effective firewall configuring and opening of network ports and
locking down ports only to those required
Inclusion of SASL (Simple Authentication and Security Layer) for
security when using the XMPP protocol.
Layered Attacker Model
Layers 5 & 6
Assume an attacker injects the SQL input to extract data from the
database. When the application fails to validate the injection, the
query extracs the data
Web application can use HTTPS Communication Link as it
provides:
Application Level Security
Allows use of digital signatures and encryption, various encryption
options
Server-Client Negotiations
Specific Algorithm
CISO Suggested Layered Framework Solutions:
•Layers 1–6: Role-based security
•Layers 1–4 Anti-temper and detection-based security
•Layers 1–6: Data protection and confidentiality
•Layers 1–6: IP protection
Identity Management and Establishment
Source of Message (s)
• Needs to specify an identity (Id) when sending the messages
•The receiver can thus know that from where the messages have been
received
The messages can be from several sensros, actuators and platforms and
those may be for several applications and services
MAC Address can specify identity of a computing device platform
An URI can then be used as Universal resource identifier on Internet.
An Object Identifier (OID) in IoT have following identifires:
Types of things: Streetlight, vehicle, ATM, WSN,RFID
Class identifier: Class, type, or category of things, make and model
Instance identifier: VIN (Vehicle identity number) for vehicles
Identity Management(IdM)
IdM means managing the different identities, pseudonames, hierarchies
of group IDs as well as IDs for message senders and receivers
The FC anonymously manages the IDs
Acess Control
3 FC's in a Security FG for ensuring security and privacy are:
1. Authentication
2. Authorization
3. Key exchange and Management
Authentication
ID establishment and authentication are essential elements of access control
We Can use Hash Algorithm or MD5 that generates a fixed size hash value
using authentication data and secret key
Only hash value communicates
The receiver end receives the value and compares that with a stored value
If both are equal then sender is authenticated
Authorization
Aceess control allows only authorized device or application to a resource
It is essesntial element of secure access control. Some standard
authorization model are: ACL for coarse-grain access control, RBAC for
fine grain access control, ABAC
An access control server and data communication gateway can be
cenrally used to control accesses between application and IoT devices
Each device can access the server and communicates data to another
server
Key Exchange and Management
Message Integrity
It means maintaining and assuring the accuracy and consistency over its
entire life cycle
It means message remains unaltered. A msg should not be altred during
its communication
The encrypted data after decrypting should be identical to one before
communication
Message Integrity check invloves: Hash Function with hash value h0
taking the message M0 and K as inputs
Appends the h0 along with message
Communicate or store h0
Integirty Check
Retrieve M any time later. Assume that retrived message M1
Calculate 128 ,192 or 256 hash value h1, taking message M1 and K as
inputs
Compare h1 and h0
Message is unchanged if h1=h0 and integrity check passes else fails
Message Non-Repudiation
It is the the assurance that someone cannot deny the validity of
something
non-repudiation refers to the ability to ensure that a party to a contract
or a communication must accept the authenticity of their signature on a
document or the sending of a message.
It is like once having communicated data to a sender cannot deny it later
that message was not sent from the source
The servie provide proof of message's origin as well as its integirty
A digital certificate asserts the origin using public infrastructure by a
trusted digital certifying service
Mesage Availability
It affects when daniel of service attack occurs. Because source-
end message is unavailable to the intended destination-end on
DoS
SECURITY MODELS,PROFILES AND PROTOCOLS FOR IoT
The Internet Engineering Task Force is an open standards organization, which develops and
promotes voluntary Internet standards, in particular the standards that comprise the Internet
protocol suite.IETF recommended some security models for 5 security profiles
SECURITY MODELS,PROFILES AND PROTOCOLS FOR IoT
SECURITY PROTOCOLS FOR IoT
Open Trust Protocol
To deal with the risk, the companies collaborated on the Open
Trust Protocol (OTrP), which combines a secure architecture
with trusted code management
It manages security configurations in a Trusted Excecution
Eviornment (TEE)
It is used for installing, updating and deleting applications and
services
OTrP is equipped with a TEE and is pre-provisioned with a
device-unique public/private key pair, which is securely stored
This key pair is referred to as the “root of trust.” A service
provider uses such a device to run Trusted Applications (TAs).
SECURITY PROTOCOLS FOR IoT
The key components of the OTrP system are:
Trusted Services Manager (TSM): The TSM is responsible for originating and coordinating lifecycle
management activity on a particular TEE. It’s at the core of the protocol and manages the trust in the
devices on behalf of service providers.
Certificate authority: Mutual trust between a device, a TSM, and services providers is based on
certificates. A device embeds a list of root certificates, called trust anchors, from trusted certificate
authorities that will be used to validate a TSM. A TSM will remotely validate a device by checking that a
device comes with a certificate from a trusted certificate authority.
Trusted Execution Environment in the device: The TEE resides in the device chip security zone and is
responsible for protecting applications from attack, enabling them to perform secure operations.
SECURITY PROTOCOLS FOR IoT
Use cases for OTrP
1. Identity management for enterprise systems
2. Strong authentication and display protection for payment systems
3. Enterprise systems: VPN, secure access to web sites
4. Digital Rights Management applications
5. Automotive systems: authentication, pay as you drive, in-application
purchasing
6. Healthcare: authentication, privacy management
7. Home automation: authentication, privacy
SECURITY PROTOCOLS FOR IoT
Datagram Transport Layer Securty Protocol
It is used for maintaining the privacy during the datagram
It enables protection from eavesdropping,tampering or
message faking
TLS is the basis of DTLS for data segment communication
using transport layer
SECURITY PROTOCOLS FOR IoT
X.509 protocol
X.509 is a standard defining the format of public-key certificates.
It referes to issue of a digital certificate with a trust based on TTP
authorized certification authority
It deploys public key Infrastructure that manages digital
certificates and public key encryption
It is used for secure communication with the web
An X.509 contains a public key and an identity (a hostname, or
an organization, or an individual), and is either signed by a
certificate authority or self-signed
When a certificate is signed by a trusted certificate authority, or
validated by other means, someone holding that certificate can
rely on the public key it contains to establish secure
communications with another party, or validate documents
digitally signed by the corresponding private key
QuestionTime
What is a firewall in computer networks:
a. A system designed to prevent unauthorized access
b. A web browser
c. The physical boundary of network
d. The Network Operating System
Physical cum data-link layer in the IoT model consists of a local are
network/personal are network.
True
False
cannot say
Hash uses a 128 bit block size and a key size of __________ bits.
a. 128 or 192
b. 128 or 256
c. 128, 192, or 256
d. 128, 192 and 256
An encryption scheme is unconditionally secure if the ciphertext generated does not
contain enough information to determine uniquely the corresponding plaintext, no
matter how much cipher text is available.
a. True
b. False
Even with two-factor authentication, users may still be vulnerable
to_____________attacks.
a. Scripting
b. Cross attack
c. Man-in-the-middle
d. Radiant
Process of identifying any individual
a. Auditing
b. Authorisation
c. Authentication
d. Accounting
Process that prevents someone from denying that she accessed resource-
a. Accounting
b. Non-repudiation
c. Sniffing
d. Authorisation
The most common form of authentication is:
a. Password
b. Smart cards
c. PIN
d. Digital certificates
The process of indentifying a person before giving an access?
a. Authentication
b. Encryption
c. Auditing
d. Access control
What concept determines what resources users can access after they log on?
a. Auditing
b. Defense in depth
c. Authentication
d. Access control
What do you call the scope that hacker can use to break into a system
a. Attack surface
b. Defense in depth
c. Principle of least privilege
d. Risk mitigation
What kind of electronic document contains a public key?
a. PIN
b. Digital certificate
c. PAN
d. Biometrics
Which of the following is threat to IoT Device
a. Virus
b. All of the above
c. People
d. Natural Disaster
e. Spoofing