Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Transcription

1 Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

2

3 Internet of Things is a game changer

4 Organizations are benefiting from IoT today Lido Stone Works

5 However, IoT projects can be complex Long timelines Hard to scale Difficult to customize

6 IoT Challenges Scale # devices >> # humans, and growing fast Volume of data generated (and network traffic) Pace Innovation pressure: analysis, command and control Skill pressure: data science, other (niche) specialties Environment Extreme heterogeneity IT/OT collaboration Internet security and privacy Emerging standards & regulations New competitors

7 Connect millions of devices and integrate your business systems with new insights to transform your business. Azure IoT Suite Get started quickly with preconfigured solutions for common IoT scenarios. azure.microsoft.com/solutions/iot-suite/ Leverage a worldwide ecosystem of experienced IoT partners to tailor IoT solutions to your needs.

8 Connect and scale with efficiency Analyze and act on new data Integrate and transform business processes Analytics Device Registry SAP SalseForce Dynamics Real-time operating systems And more Rules and Actions Dashboards & Visualization Oracle DB2 WebSphere Informix Twitter Office 365

9 Accelerate time to value with preconfigured solutions Get started in minutes Modify existing rules and alerts Add your devices and begin tailor to your needs Fine-tuned to specific assets and processes Highly visual for your real-time operational data Integrate with back-end systems

10 Azure IoT Suite architecture Azure IoT Suite Remote Monitoring Web/Mobile App Power BI Devices C# simulator IoT Hub Stream Analytics Storage blobs Event Hub Web Jobs DocumentDB Logic Apps Back end systems and processes Azure Active Directory

11 Security from the ground up Microsoft Cloud Largest online services in the world Centers of excellence Operational Security Assurance (OSA) process Security Development Lifecycle (SDL) azure.microsoft.com/documentation/articles/securing-iot-ground-up/

12 Defense in depth Securely connect millions of devices... Over a secure internet connection... To Microsoft Azure built with security from the ground up Device Security Connection Security Cloud Security

13 THE EVOLUTION OF ATTACKS Volume and Impact Script Kiddies BLASTER, SLAMMER Motive: Mischief

14 THE EVOLUTION OF ATTACKS 2005-PRESENT Organized Crime Script Kiddies RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit BLASTER, SLAMMER Motive: Mischief

15 THE EVOLUTION OF ATTACKS Beyond 2005-PRESENT Script Kiddies BLASTER, SLAMMER Motive: Mischief Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Nation States, Activists, Terror Groups BRAZEN, COMPLEX, PERSISTENT Motives: IP Theft, Damage, Disruption

16 Insecure design Unauthorized control of Jeep Unauthorized control of Nissan Leaf

17 North Carolina Highway Signs Compromised By a Foreign Hacker* Penetration of a Water Treatment Facility by a Foreign Hacker* *NSTAC Report to the President on the Internet of Things.

18 State sponsored attacks IR-40 facility in Arak, Iran

19 Why is IoT vulnerable?

20 Information Technology (IT) - the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data* Mission of IT Design and maintain software, hardware and network resources which run securely and privately How? Secure Development Lifecycle Secure Network Technologies Threat & Vulnerability Mitigation Monitoring and Alerting Software/Firmware Auto-Updates Privacy Models *en.wikipedia.org/wiki/information_technology

21 Operations Technology (OT) - collects information and causes changes in the physical world through the direct monitoring and control of physical devices in industrial contexts Mission of OT Design and maintain machines which run reliably, and safely (do not cause injury or harm to other machines, humans, and the environment) How? Robust machines, with built-in safety features Automated monitoring and control Isolate and control cut off all interaction with the world Design to protect against natural and man-made disasters

22 System of Systems Information Technology Specialists Operational Technology Specialists

23 Integration of IT and OT Complex merger of security aspects between IT and OT Compromise of safety because of lack of security Machine s control sequece modified without access control (lack of information integrity) Compromise of reliablity because of lack of security Modified operation controls can cause machines to become less reliable (malicious outsider or insider threat) Leakage of business process secrets Realtime business process details stolen (confidentiality of information)

24 Environment Threats Security Privacy Trustworthy IoT Reliability Safety Human Errors System faults

25 The STRIDE model Spoofing Identity: Tampering with Data: Repudiation: Information Disclosure: Denial of Service: Elevation of Privilege: aka.ms/iotarch

26 Component Threat Mitigation Risk Implementation Device S Assigning identity to the device and authenticating the device Field Gateway S Authenticating the Field gateway to Cloud Gateway Device TID TLS (PSK/RSA) to encrypt the traffic. Replacing device or part of the device with some other device. How do we know we are talking to the right device? If someone can spoof Field Gateway, then it can present itself as any device Reading data in transit between devices. Tampering with the data. Overloading the device with new connections Authenticating the device, using Transport Layer Security (TLS) or IPSec. Infrastructure should support using pre-shared key (PSK) on those devices that cannot handle full asymmetric cryptography. TLS RSA/PSK, IPSe, RFC All the same key storage and attestation concerns of devices in general Security on the protocol level (HTTP(S)/AMQP/MQTT/CoAP.

27 Protecting physical devices

28 IoT hardware manufacturer and integrator IoT solution developer IoT solution deployer IoT solution operator

29 Telemetry based IoT security Security state monitoring Near real-time monitoring for on-device security properties, such as state of OS, malware, IP attack surface. Upload data to Azure Security Center Analysis in the cloud with global intelligence for attacks Present security status to device owner in a user friendly and usable fashion. Suggest mitigations Anomaly detection based on telemetry data Train ML models for normal behavior based on telemetry data (more accurate with more data) Detect anomalous behavior based on known physical and security attack vectors, e.g. tampering, moving device from one location to another, insider attack to take physical control of device Examples scenarios: Device tampering, sleep, context based anomalies

30 Challenges of telemetry-based IoT security monitoring Technical Constantly adapt telemetry models Generalize telemetry models Mapping between real-world and cyber context Implementation Business model Sharing of threat information ISAC (DHS) and Infoguard (FBI) Standards for sharing vulnerabilities IoT Device Security Certification is it even possible

31 In closing Internet of Things is the next big thing For IoT hacks it is not about if, but when and how Security in IoT is an ecosystem play There is promise in data science based security anomaly detection How do you sell security investments?

32 Thank you

33