Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Low Power Wide Area Networks security
Sophia-Antipolis, December 9, 2015Pierre Girard, Security Solution Expert
Introduction
LPWAN technologies are booming
Main driversLow costLow power consumption
High trust level needs to be maintained
09/12/2015LPWAM security - P. Girard2
Why trust in IoT ?
Management of sensitive devicesValve, pump, door, engine, …
Management of sensitive transactionsEnergy: (not) producing, (not) consuming, storing …X as a Service: cleaning, manufacturing, flying …
Management of sensitive dataLocation / presence, behavior / consumption patterns, …
09/12/2015LPWAM security - P. Girard3
IoT will redefine your business model …
09/12/2015LPWAM security - P. Girard4
… and you want to protect it !
Main security requirements
Device / network mutual authentication
End-to-end applicative level security
09/12/2015LPWAM security - P. Girard5
Business as usual ?
09/12/2015LPWAM security - P. Girard6
Requirements WAN LPWAN
Mutual auth.
E2E sec.+ TLS
+ AKA Too costlyToo much power
Too costlyToo much power
The LoRaWAN security example
09/12/2015LPWAM security - P. Girard7
LoRaWAN device (class A) communication
09/12/2015LPWAM security - P. Girard8
LoRa architecture
09/12/2015LPWAM security - P. Girard9
Devices Gateways LoRa networkserver
Applicationservers
LoRa security
09/12/2015LPWAM security - P. Girard10
Devices Gateways LoRa networkserver
Applicationservers
Each device is provisioned with a unique AES 128 key : AppKey
LoRa security: network connection
09/12/2015LPWAM security - P. Girard11
Devices Gateways LoRa networkserver
Applicationservers
Joint request (DevNonce,…, MIC)
A cryptogram (MIC) is computed with AppKey
LoRa security: network connection
09/12/2015LPWAM security - P. Girard12
Devices Gateways LoRa networkserver
Applicationservers
Joint accept (…, MIC)
A cryptogram (MIC) is also computed with AppKey
Not a classic challenge / response scheme
Saves a round trip
But nonce is generated by the device to be authenticated
Server-side has to check for replays
09/12/2015LPWAM security - P. Girard13
LoRa security: network connection
09/12/2015LPWAM security - P. Girard14
Devices Gateways LoRa networkserver
Applicationservers
AppSKey
NwkSKey
Two session keys are derived : AppSKey and NwkSKey
LoRa security: network connection
09/12/2015LPWAM security - P. Girard15
Devices Gateways LoRa networkserver
Applicationservers
NwkSkey is used for network layer security
LoRa security: network connection
09/12/2015LPWAM security - P. Girard16
Devices Gateways LoRa networkserver
Applicationservers
AppSkey is used for application layer end to end security
LoRaWAN frame content for payloads
09/12/2015LPWAM security - P. Girard17
DevAddr FCnt Payload MIC
Encrypted with
Compute MIC with
09/12/2015LPWAM security - P. Girard18
Problem statement for secure key provisioning
How to provision the devices / servers without Secure Elements ?
As the same key (AppKey) is used to derive both the network key (NwkSKey) and the applicative key (AppSkey), the network operator and its customers have a conflict of interest:
if the network operator knows the device key AppKey, it will be able to compute the AppSkey and thus intercept the applicative data;
if the application provider knows the device key AppKey, it will be able to compute the NwkSKey and thus clone devices.
A Trusted Third party is needed !
09/12/2015LPWAM security - P. Girard19
Introduction of a Trusted Third Party
09/12/2015LPWAM security - P. Girard20
Devicemanufacturers
Trusted Third Party
Device provisioning
09/12/2015LPWAM security - P. Girard21
Devicemanufacturers
Trusted Third Party
AppKey generation
Device claiming
09/12/2015LPWAM security - P. Girard22
Devicemanufacturers
Trusted Third Party
Claim device DevEUI
Network connection
09/12/2015LPWAM security - P. Girard23
Devicemanufacturers
Trusted Third Party
Joint request (…, MIC)
Network connection
09/12/2015LPWAM security - P. Girard24
Devicemanufacturers
Trusted Third Party
Joint request (…, MIC)
Network connection
09/12/2015LPWAM security - P. Girard25
Devicemanufacturers
Trusted Third Party
Joint accept (…, MIC)
Joint accept (…, MIC)
Network connection
09/12/2015LPWAM security - P. Girard26
Devicemanufacturers
Trusted Third Party
Key derivation
09/12/2015LPWAM security - P. Girard27
Devicemanufacturers
Trusted Third Party
Key distribution
09/12/2015LPWAM security - P. Girard28
Devicemanufacturers
Trusted Third Party
Secure communication with TLS
09/12/2015LPWAM security - P. Girard29
PKI
Conclusion
LPWAN drivers are low cost and low power
Trust is needed, more than ever !
A new trust infrastructure is required
09/12/2015LPWAM security - P. Girard30
Thanks for your attention
09/12/2015LPWAM security - P. Girard31