Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
© 2019 Arm Limited
Nick ZhouATS 2019
Efficient, Secure and Effortless Deployment of IoT
Device Management
2 © 2019 Arm Limited
IoT is About Making Business Decisions Based on DataTrust in data is essential for the success of IoT
People(location,
physical access, security, hazards)
Logistics Supply ChainOptimization
BuildingManagement
SafetyPreventiveMaintenance
ProcessOptimization
TelematicsAsset Management
Data DataData
Equipment(maintenance,
anomalies, sensor data)
Process(quality tracking,
performance)
Environment(energy,
temperature)
Parts &Materials
(location, inventory, consumption)
3 © 2019 Arm Limited
Trusted Data Comes from Trusted DevicesWhat does a trusted device mean?
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Does the device come from a
trusted source?
Was it configured by authorized
personnel?
Is the connection authenticated
and encrypted?
Does the device run most recent version
of software?
Does the device operate as expected?
3 © 2019 Arm Limited
Trusted Data Comes from Trusted DevicesWhat does a trusted device mean?
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Does the device come from a
trusted source?
Was it configured by authorized
personnel?
Is the connection authenticated
and encrypted?
Does the device run most recent version
of software?
Does the device operate as expected?
4 © 2019 Arm Limited
Trusted data
Device Management Platform Controls Device Life Cycle
Trusted Devices
BusinessApplication
BusinessApplication Business
Application
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Device Management Platform
5 © 2019 Arm Limited
Pelion – A Platform for Secure Device ManagementEnables customers to quickly build large-scale, secure and future-proof IoT solutions
6 © 2019 Arm Limited
Back-end Apps Interact with Devices through Pelion DM APIsAll Pelion Device Management services are accessible though REST API
Service APIs
Device Directory
API
Update Service API
Account Managem
ent API
Connect API
Connect Statistics
API
Billing
https://www.pelion.com/docs/device-management/current/service-api-references/index.html
7 © 2019 Arm Limited
8 © 2019 Arm Limited
Pelion Device Management Server
(SaaS, private cloud, on premises)
IoT Back-end Applications
Application Data
IoT Device Application
Device
Onboarding, Key Management
ConfigurationUpdate
Monitoring
ManagementConsole
Pelion Device Management API
Customer Application
Control
Data
Arm Pelion
62% of companies using public cloud IaaS utilize multiple IaaS providers (IDC)
Application Data
Application Data
Unmatched Flexibility in Deployment Options
9 © 2019 Arm Limited
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
10 © 2019 Arm Limited
PKC Allows Management of Device Keys at IoT ScalePublic key cryptography is state-of-the-art authentication for devices, servers, applications
Symmetric keys
• Same key must be configured on the device andthe server for each device• Scalability challenge due to the need to
manage keys of millions of devices• Opens new key management vulnerabilities,
weakening operational security
Asymmetric keys
• Server trusts single Certificate Authority (CA) that signs multiple devices• Scales to millions of devices through
management of trust relationships• Battle-tested cryptography and strong
operational security
Server
1. Server trusts the CA -All devices signed
by this CA are trusted
2. CA signs certificates of many devices
Key 1
Key 2
Key n
Server
11 © 2019 Arm Limited
Unique device identity
X.509 certificate
Secure Device Identity Pelion DM implements certificate-based key management defined in LwM2M standard
Secret Private Key Public Key
Signature
Trusted CAOther Fields
Certifies device is genuine
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
12 © 2019 Arm Limited
Unique device identity
X.509 certificate
Device Keys can be Generated by DeviceWhen device generates the keys, private key never leaves the device improving security
Secret Private Key Public Key
Signature
Other Fields
The key pair can be created outside of
the device or generated by the device for added
security
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Certifies device is genuine
Trusted CA
13 © 2019 Arm Limited
Unique device identity
X.509 certificate
Device Certificate is Signed by Trusted CASigning process integrity must be safeguarded by using secure physical facilities
Secret Private Key Public Key
Signature
Other Fields
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Certifies device is genuine
Trusted CA
14 © 2019 Arm Limited
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
15 © 2019 Arm Limited
How, When, and Who Can Access Devices?
Devices are often installed outside of security perimeter, but are part of an enterprise network
Passwords are virtually impossible to manage
• Often shared across devices and people
• Create easily exploited security backdoors
Inconvenient and often impractical when access to the device is difficult
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
16 © 2019 Arm Limited
Based on emerging IETF ACE standard
Access to device is restricted to holders of valid authorization tokens
Default passwords no longer needed
Fine-grained permissions to access specific
devices
Only approved users are allowed to perform actions on specific
devices -- works even when the device is disconnected
Policy Server decides who is allowed to do what on which
devices based on policies
User authenticates and requests access to specific devices for specific actions
1
2
3
4
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Pelion Device Management
Pelion DM Uses Delegated Access Control to Solve the Challenge
17 © 2019 Arm Limited
Secure Commissioning
A B C
Secure Device Access Policy
Action: Commission_WifiUser: [email protected]: A, B
CPC1 Ground Floor
✓0161d1ccc731001002f2
X0161c2894eef10010021b
✓0161d1ebbb86100100330
Sam does not have permissions to commission Device C
Using the app to commission devices, with Secure Device Access
Device AccessPolicies
18 © 2019 Arm Limited
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
19 © 2019 Arm Limited
Creating Trusted Connections Between Devices and Life-Cycle Management Platform
• How is device configured for secure server connection?• Device certificates – Authenticate device to the Pelion DM server• Server certificates – Authenticate Pelion DM server to the device• Server URI, configuration information, and custom certificates (optional)
BusinessApps
BusinessApps
PelionDevice
Management
Mutual Authentication
CA trusted by the server
CA trusted by the device
sign
sign
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
20 © 2019 Arm Limited
Device OnboardingA 2-stage onboarding model for enhanced security
Bootstrap Server
Device Bootstrap FCU CA
TLS
TLS
BootstrapServer
Bootstrap CA
The device identifies itself by sending its Device Bootstrap certificate, signed by trusted CA
Pelion bootstrap server verifies this cert by using device public key in the CA certificate, the signature, and the certificate parameters.
The bootstrap server assigns operational LwM2M identities to the device.
Device LwM2M
LwM2M ServerTLS
TLS
LwM2M CA
LwM2M Device signing
LwM2MServer
LwM2M CA
1
2
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
21 © 2019 Arm Limited
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
22 © 2019 Arm Limited
Software Update is Critical for Keeping Devices Trusted
• Why is the security of update flow important?• Trusted version can be replaced with
compromised software modified by the attacker• Software can be rolled back to older version that
has known vulnerabilities or bugs
• To be effective as a security measure, remote software update flow must support millions of devices
Device lifetime
Bugs Vulnerabilities Bugs Vulnerabilities
23 © 2019 Arm Limited
Pelion Update Service is Designed for IoT ScaleDistinguishes between OEM and System Operator roles for enhanced security
Pelion
Update Service
Device Client
Applies Updates
Publish Package
Setup Campaign
Distribute Package
Verify Package
Code Development
Apply Recover
Software Developer
Device Admin/ Service Manager
Developer
Publishes Software
Account Admin
Manages Campaigns
1 2 3
Connected Device
Prepare full or delta
Update Package
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
24 © 2019 Arm Limited
Pelion Update Flow
3
Device
1Signed manifest
1. Device receives the manifest from Device Management and validates it
2. If the manifest is valid, the device downloads the image & validates it
3. If the image is valid, the device reboots and the bootloader applies (installs) the update
a) If the power fails during installation, the bootloader restarts the installation
4. Device informs Device Management when update is completed successfully
4
2Image
Status
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
25 © 2019 Arm Limited
Pelion Update Protections
• Anti-roll-back protection• Prevents installation of potentially insecure/incompatible images• Updates will only proceed if the associated software manifest is a later version
• Power failure protection• During application, the main image is checked and if corrupt, the update will be re-applied• Power failure at any time during the update will not “break” the device. The device will re-apply the
update on the next boot.– This feature depends on following recommended bootloader functionality.
• Accident protection• The Pelion Device Management Client checks for the manufacturer/model, revision or other attribute
associated with the software and will reject updates which do not match the device• The Client validates software images before application
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
26 © 2019 Arm Limited
Delta UpdateEfficient delivery of software updates
• Rather than send a full software image, only the difference between the existing image and the new image is sent
• This delta image can be significantly smaller than the software image depending on how much has changed• Reduces network bandwidth costs• Enables firmware update on narrow-band networks• Improves battery life for battery operated devices
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
27 © 2019 Arm Limited
Delta Update Efficiency
Firmware content Example changes Target file size Delta file size Compression
PDM Client with example application
on Mbed OS
Upgrade from PDM Client 2.0.0 to 2.1.0
480Kb 86Kb 82%
Added a new driver to PDM Client 2.0.0
388Kb 47Kb 88%
Made a simple string change
388Kb 10Kb 97%
The delta tool and device client by default use a 512-byte buffer for workspace. Larger buffers (up to 32k) can be used to increase efficiency at the expense of RAM usage.
• Delta update is optimised for constrained devices
• The efficiency of the delta compression is governed by the number and type of changes between the images
• Examples:
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
28 © 2019 Arm Limited
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
29 © 2019 Arm Limited
Extend battery life
Device shows abnormally high processor utilization
Detectmalware
Device runs unauthorized tasks and threads
Prevent DDoS attacks
Device sends packets to an unauthorized IP address
Pelion Device Sentry (Preview)
Makes sure connected devices operate as expected by detectingcyberattacks and deviations from normal behavior
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
30 © 2019 Arm Limited
Device Sentry Collects Device Health Metrics and Reports Deviations From Expected Behavior
Dashboard
SIEMsystems
Device Sentry client obtains health metrics from the
operating system
Server collects device health metrics and detects deviations
Server notifies system admin and/or incident response systems
SIEM - Security Information and Event Management
1 2 3
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
PelionDevice
Management
31 © 2019 Arm Limited
Pelion Device Sentry GUI
List of metric collectionsessions
List of incident reports
Historical health metrics data
12
3
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
32 © 2019 Arm Limited
IoT is About Making Business Decisions Based on DataTrusted data comes from trusted devices
Trusted Source
Trusted Configuration
TrustedConnection
Trusted Software
TrustedOperation
Learn more about secure device life-cycle management:
https://www.pelion.com/iot-device-management/
Thank YouDankeMerci谢谢
ありがとうGracias
Kiitos감사합니다
धन्यवाद
شكًراתודה
© 2019 Arm Limited