Wireless security and the internet of things nick hunn

Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013

Wireless Security and the Internet of Things

Nick Hunn WiFore Consulting


The Legal Requirement

https://www.gov.uk/government/consultations/radio-equipment-directive-proposal#download http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0584:FIN:EN:PDF

In the EU proposal for the revision of the R&TTE directive, it states that:

Article 3 Radio equipment shall be so constructed that it complies with the following essential requirements: (c) radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected;

https://www.gov.uk/government/consultations/radio-equipment-directive-proposal







http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0584:FIN:EN:PDF




Some examples of what has been hacked

• Pacemakers • Insulin Pumps • Weir Gates • Set Top Boxes • Fitness Monitors • Smart Meters


The Consequences of Hacking

• People know where you are. • People know where you aren’t. • People know who you’re with. • People know what you’re doing. • People think you’re someone else. • Your lights go out. • Your bills go up. • Things stop working. • Things start working differently. • Your business fails.


What is the Internet of Things?

Some are born with Sensors,

Some acquire sensors, and

Some have sensors thrust upon them.


Machine to Machine (M2M)

Many current M2M deployments are cellular


Appcessories and The Quantified Self

Consumer growth is most likely to come from the world of Appcessories.

Find out more about Appcessories at http://www.nickhunn.com/2ubiquity

http://www.nickhunn.com/2ubiquity


The Smart Home

It will take time coming, but homes will get monitored.


To 40 billion and Beyond


The missing 25 billion may be “Desirable”

Annual Sales of Appcessories

-

2,000

4,000

6,000

8,000

10,000

12,000

14,000

2014 2015 2016 2017 2018 2019 2020

Mill

ions

Source: WiFore Consulting


Which gives 40 billion opportunities to steal or corrupt someone’s data.

Every second of every day


Addressing Security


The Topology of the Internet of Things

Sensors

dB & App

Where cellular is Integrated with sensors it will remove some steps in the chain.


Sensor Gateway

PCT Boiler Switch

Router

PC

Customer Supplied

The Simple Case of the Smart Thermostat

Installer Supplied


Router

PC

I/O Manager dB

Application & Analysis

Web Interface

Phon

e

Device Manager

Security Manager

External Service Provider

The Backend Environment

Service Provision

3rd Party Data MDMS, etc.


And don’t forget the Weak Link…

PC

Phon

e


“Elements of Security”

• Most IoT architectures consist of a collection of separate, connected elements, each of which may have their own security.

• Systems composed of “Off the Shelf” components generally have different levels of security, which need to be stitched into a whole. This can be trickier than designing from scratch.

• The order of installation can be critical. But guaranteeing the correct order may be impossible.

• Existing security of wireless may be a false security.


“But I’m using Wi-Fi / Bluetooth / ZigBee. That’s got security built in.

Why do I need to do anything else?”

The AES128 Datasheet Misconception


Practical Considerations


• You MUST develop a complete end-to-end security model. Just implementing Wireless security is not enough.

• Write an RMADS as soon as you’ve done your first draft of system architecture, and then reiterate both until they work and are consistent.

• Consider device management, end to end authentication and link key management.

Build a Security Model

dB & App

BTS / WPA2 TLS

Encryption / Authentication

TLS / PW


Design for Autonomous Operation

dB & App

X X

X X

Think about what happens when: • Internal or external comms links or the web service fail • The mobile phone goes out of the house • The gateway / router fails or is replaced • The consumer moves home

The consumer expects their HVAC and lights to continue working


Security & Usability

• No security makes getting to 40 billion devices easy. • High security makes it very difficult.

But…

• Major security failures scare customers and may kill the

market altogether.

If the reaction to new security threats is simplistically to add even stronger protection, then the costs of that additional security will result in M2M solutions that are not economically viable.

Beecham Research 2013 www.beechamresearch.com

http://www.beechamresearch.com/


And…

• Pairing remains the biggest problem for most wireless products, both in terms of usability and security.

• Many of these IoT & M2M products will have much longer lives than current consumer products. That means that new components will be added to the system and existing ones replaced. That is a security challenge.

• More security = more processing = shorter battery life. • Make sure that firmware updates don’t compromise the

security. Or that the security model doesn’t prevent them being deployed.

• Remember that many of these devices may have NO user interface.


But…

Annual Sales of Appcessories

-

2,000

4,000

6,000

8,000

10,000

12,000

14,000

2014 2015 2016 2017 2018 2019 2020

Mill

ions

If we get it right, the market is five times bigger than the mobile phone market. It’s worth getting it right.


Questions?

www.wireless-book.com

Nick Hunn CTO

mob: +44 7768 890 148 email: [email protected] web: www.wifore.com

Creative Connectivity Blog: www.nickhunn.com

http://www.wireless-book.com/



http://www.nickhunn.com/

Documents

Wireless security and the internet of things nick hunn