Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Challenges in Securing the IoTin a Post‐Quantum World
Security Week 2019
Louis Parks, CEO
SecureRF: Authentication and Data Protection“Smallest” Internet of Things
“Innovation Award: Best Contribution to IoT Security”
ARM TechCon 2017
“Cybersecurity 500 World’s hottest and most innovative”
Cybersecurity Ventures, Q2 2017
“Linley 2017 Analyst Choice Award: Best Technology”
• Key Agreement Protocols and Digital Signature Algorithms• Provisioning, and Ownership Management Solutions• Secure Boot and Secure Software Update• Software and Hardware toolkits
Why talk about Security for the IoT?• 50% of consumers indicated cybersecurity concerns for an IoT device that discouraged them from purchasing
• Over 40% of respondents are “not confident at all” that IoT devices are safe or secure
• 88% of respondents have thought about the potential for hacking associated with IoT devices
Source: ESET/NCSA
“IoT security will be complicated by the fact that many “Things” use simple processors and OS…”
Source: Gartner
“Hackers used a fish tank to break into a Vegas Casino. We’re all in trouble.”
The Internet of Things has a ProblemLittle or No Security!
Headline: September 4, 2018
Cryptographic TaxonomySecurity Paradigms
Private Key Systems
Public Key Systems
Triple DES DES AES Diffie‐Hellman and Digital Signature Algorithms
RSA
Elliptic Curve
ECDSADSA
Diffie‐Hellman
Why is IoT Security so Hard?
• Current security methods are 35 to 45 years old• Were not contemplating low‐resource IoT devices
• 8‐ 16‐ and 32‐bit processors are the foundation of IoT• Often have minimum resources ‐ very hard to secure
• Devices are focused on low‐energy (battery life) and speed• Security is computationally intensive (power drain) – and slow
• Current Security Methods do not scale and are too slow
Challenges in Securing IoT Devices
IoT represents a broad range of technology
• Little or no power• Small computing platform • Time to compute• No common computing environment
What is a “Post Quantum World”Large enough Quantum Computer to run:• Grover's Search Algorithm• Shor's Algorithm
Grover's Search Algorithm: reduces security level (e.g., AES‐128 becomes 64‐bit secure)Shor’s Algorithm: Breaks ECC, RSA, and DH by quickly factoring/solving the discrete log problem
Requires the method's math be Finite, Cyclic, and Commutative
Impact of Quantum Computing…“Because nations around the world, including China, are investing heavily in research and development…likely less than a decade away from the day when a nation‐state could use quantum computers to render many of today’s most sophisticated encryption systems useless.”
US representative Will Hurd (R‐Texas)Chair ‐ Information Technology Subcommittee of the Committee on Oversight and Government Reform, Committee on Homeland Security, Permanent Select Committee on Intelligence.Source: WIRED Magazine, December 7, 2017
Challenge: • Securely distribute keys• Secure all databases• Single breach – System compromised
Key Management Challenge
Post‐Quantum Asymmetric Cryptography• Solves the key management problem• Several methods to choose from:
• Code‐Based• Group Theoretic• Hash‐Based• Hybrid Solutions• Isogeny• Lattice Based• Multivariate• QKD
Examples: Post‐Quantum Digital Signatures
Digital Signature Methods Cycles (to Verify)SPHINCS+ 10,923,659MQDSS 191,666,288PICNIC 16,780,544Gravity‐SPHINCS 2,710,406DRS 505,869,989WalnutDSA 175,770
Source: NIST PQC Performance Testing
“Optimized” IoT Devices A Challenge
Do Not Let the Size of a Device Fool You
• 100+ ECUs/Microcontrollers (MCUs)• Vehicle Controls – 16‐Bit MCU• Power Train – 16 to 32 Bit MCU• Driver Information – 8 Bit• Examples:
• Brakes, steering, air bags, climate control
Post‐Quantum IoT “Still” has a Problem!
• IoT presents unique platform challenges• Size, Speed, and Energy a challenge
• Moore’s Law does not apply
• Many PQC methods secure – but how practical?• E.G. DualModeMS Private Key – 18MB
DRS Public Key – 5MB
• No dominate operating system
Post‐Quantum IoT: Big problem/opportunityfor new methods
Securing A Post‐Quantum IoT
Company Headquarters California Office100 Beard Sawmill Road, Suite 300 75 East Santa Clara, Floor 6Shelton, CT 06484 USA San Jose, CA 95113 USA1‐203‐227‐3151 1‐203‐227‐[email protected] [email protected]
SecureRF Corporation – The Future of Embedded Security