Smart Homes’ security: from theory to practice · 2016-03-21 · theory to practice Jacques FOURNIER Mathieu GALLISSOT Christine HENNEBERT Karine ZUNINO 21/03/2016. 2 ... crypto

Smart Homes’ security : fromtheory to practice

Jacques FOURNIERMathieu GALLISSOT Christine HENNEBERTKarine ZUNINO

21/03/2016

2

ALTERNATIVE ENERGIES AND ATOMIC ENERGY COMMISSION

ETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 2

MilitaryApplications

Division (DAM)

Nuclear EnergyDivision (DEN)

TechnologicalResearch Division

(DRT)

Materials Sciences DivisionLife Sciences Division

Mission DAM : France’s national security independence

Mission DEN : France’s energy independence

Mission DRT : French business’ economic competitiveness

“ The World's Most Innovative Research Institution ” according

to a 2016 survey by Reuters

• Who are we?• IoT in the Smart Home• Technical security issues adressed• Experimental Smart Homes & test environments

3

CEA TECH: FRANCE’S LEADER IN TECHNOLOGICAL RESEARCH


Solar

Laboratory of Electronics and

Information Technologies

Staff: 1800, Budget: €280 M

Laboratory of Integrated

Systems and Technologies


Laboratoty of Innovation for new

Technologies for Energy and

Nanomaterial


CEA TechRégions

(2012)


4

CEA TECH’S ACTIVITIES IN IOT SECURITY FOR SMART HOME S


Technical solutions / bricks to address primary/fundamental

practical security issues

‘Near to real life’ integration and test environments

Pump Priming25%

(5-10 years)

Technology Transfer75%

(1-3 years)


5

CONNECTIVITY, THE GAME CHANGER


Early 80’s : no standardization of network protocols, fieldbus are adopted :- X10 on power line- X2D on bi-band RF- Batibus and EIB on two-wire bus

Mid 90’s : first standardization efforts- Bacnet adopted by ASHRAE- Batibus and EIB forms KNX- Microsoft releases UPnP (with lots of backdoors…)

No such thing as ‘the cloud’


6

EXAMPLE OF A ‘SUPER CONNECTED’ HOME


No such thing as ‘the cloud’

http://bwired.nlOnline since late 90’s

Individual weights in the family

Last person to use the bell

Last person to use the mailbox


7

VP

N

VPN

RESTful APIWeb Sockets

over https

IOT INFRASTRUCTURE FOR SMART HOMES

6LoWPANZigBeeUWBBLEWiFiNFC

Challenge:Secure Plug & Play bootstrap

Things Gateway Cloud Server Application



8

CHALLENGES & PARTICULARITIES…

1. The longevity of the objects � Update of the firmware

� Autonomy

� Easily accessible to hackers

2. The resources of the objects are constrained� memory, computing, energy, throughput

3. The objects are ‘headless’, i.e. no user interface � No keyboard, no mouse, no tactile screen… to perform authentication

4. The objects hold sensitive data� The personal data need to be protected

5. State of mind� The actors of the IoT don’t think as security experts

� The application is often deployed without security in its first version



9

AUTHENTICATION OF THE THINGS 1/2

Out-of-Band Channel

Use of a trusted intermediate element like a smartphone to:

� Generate the secure key

� Send the secure key to the devicethrough an out-of-band channel –i.e. light

� Send the secure key to the gateway through a secure channel – i.e. WiFi WPA2

Secure key sent via a light beam



10

AUTHENTICATION OF THE THINGS 2/2

In-Band Pairing

� The device embeds a True Random Number Generator –it is autonomous to generate its secret keys

� Bootstrap to the gateway through secure protocols using lightweight cryptography:

� Lightweight handshake DTLS

� Lightweight IKEv2

� Link-layer security

TRNG inside



11

PRESERVING THE PRIVACYIdentity of the Things

� Use of pseudonyms to mask the identity – address - of the things at the lowest levelAvoid the traffic analysis and the network topology reconstruction

� Use security to ensure the confidentiality of the data

Secure protocolData encryption

Use of pseudonym (over the air)to mask the identity of the things



12

HARDWARE & EMBEDDED SOFTWARE SECURITY



Are your secret/sensitive data

safe in there?

Is your program being correctly

executed?Can your hardware be trusted?

Characterisation Secure solutions

• State of the art characterisation benchs: EM, laser, Vcc, clock…

• State of the art analysis techniques against crypto algorithms (AES, Pairings…)

• Analysis of communication protocols (contactless, WLoPAN…)

• Software analysis tools

• CESTI: French ANSSI-accredited HW evaluation lab (Common Criteria, EMVCo…)

• Hardware and software countermeasures for secure implementations of crypto algorithms

• Shields, new technologies…

• Run-time countermeasures

Physically Unclonable Functions

• Robustness analyses

• Certification aspects

• Implementation of new structures

Integrity verification

• On chip sensor-based approach

• Off chip side-channel based approach

• IoT network integrity verification

• Node bootstrapping and key management protocols

• Secure transport layer security protocols

• IoT intrusion detection system

• Trust anchors for industrial systems

13

IN GRENOBLE: « LIMITED RESOURCES » PROJECT


• Goals• Identify daily usage behaviour of autonomous habitat occupants • Determine material environment adapted to Limited resources and Autonomous

Building context from resident point of view• Means

• Equip of a 5 persons composed family (with the support of Leti and Liten)• Conduct usage studies


14

IN CADARACHE: AN EXPERIMENTAL HOUSE PLATFORM ON EN ERGY EFFICIENCY IN SMART HOUSES

� Objective : providing of facilities to help industrial partners to innovate

� Research areas :� Summer comfort with thermal mass,

natural ventilation, thermal insulation, glazing, materials, natural lighting…

� Home automation/BMS� Predictive control� Neural network� Secure & trusted infrastructures� Uses: Integration of occupantsbehaviour and comfort concept

Climatic cells Experimental housesETSI - Internet of Things in the Smart Home | Fournier,Gallissot,Hennebert,Zunino | 14


15

IN CADARACHE: A FIRST EXPERIMENTAL HOUSE

� Uninhabited house, simulated inhabitants’ behaviour , life scenario implementation

� Highly instrumented houses with the implementation of a data acquisition system

� Control of active components:� Shades: roller blind, indoor/outdoor stores, sunshades� Openings: roof windows, roller bays� Heating� Domestic hot water production� Ventilation� Metrology

The house can be the support for other various projects



Thank you for your attention

Documents

Smart Homes’ security: from theory to practice · 2016-03-21 · theory to practice Jacques FOURNIER Mathieu GALLISSOT Christine HENNEBERT Karine ZUNINO 21/03/2016. 2 ... crypto