IoT security based on the DPK platform

Transcription

1 Zz S E C U M O B I. WHITE PAPER IoT security based on the DPK platform Powered by Ethereum David Khoury Elie Kfoury

2 ABSTRACT Public key distribution remains one of the main security weaknesses in many applications and especially in IoT. DPK (Distributed Public Keystore) platform provides a decentralized keystore that holds the public keys for all DPK s users. The platform enables the user with a DPK client module to interact with the Ethereum Blockchain to store and retrieve the cryptographic keys. The DPK platform includes the DPK module on the client side, the PKM module on the server side, and the Smart contracts software in the Ethereum Blockchain network. This client module is installed on a variety of software and hardware entities (Mobile App, web browser, server, IoT devices etc ). The light DPK module contains an Ethereum light client LES which mainly applicable for IoT devices. Having a decentralized public keystore that contains the cryptographic keys of all devices enables the secure distribution of the session keys that will be used as pre-shared keys for PSK-based security protocols (TLS-PSK, DTLS-PSK )

3 1. INTRODUCTION Security and privacy are critical issues facing the development of the Internet of Things. Existing security solutions are not applicable to IoT: PKI/CA for instance, requires a large infrastructure to manage certificates and requires each IoT device to have a certificate for client authentication. Distribution of certificates for many devices is impractical and nearly impossible. On the other hand, other solutions like hardcoding the credentials on the IoT devices, imposes the threat of reverse engineering. The DPK (Distributed Public Keystore) platform allows the IoT authenticated device to store and distribute its public key by using the Ethereum Blockchain technology. The Blockchain acts as a decentralized public key infrastructure and a decentralized certificate authority that ensures the secure distribution of public keys and other cryptographic parameters. As a result, the system overcomes the issue of the Public keys distribution which remains till today one of the main security concerns in many applications and especially in IoT. DPK is developed as a generic platform that can be called by different applications to access transparently the Ethereum Blockchain network. Some of these applications include: IoT security (authentication, confidentiality and integrity in many scenarios and configurations), secure peer to peer communications, and others. The main contribution of this platform is the elimination of the public key infrastructure (PKI) and the Certificate Authority (CA), and the implementation of a generic handshake protocol for the PSK (Preshared Key) based security protocol like TLS-PSK, DTLS-PSK, SRTP, etc This out band generic protocol is responsible for the distribution of the PSK key between two entities. The client module could be part of mobile application software or plug-in software in a server or in web browser In the next section, we provide a background on the Ethereum Blockchain, and elaborate the technical overview of the proposed solution. 2. TECHNICAL OVERVIEW 2.1- Ethereum Blockchain and smart contracts The distributed ledger technologies (DLT), the new Technology of trust A Blockchain is a distributed database; copies are stored in many computers simultaneously. There is no single controlling computer. The validity of a particular version of a Blockchain is established by consensus amongst several nodes that form a central one. [Ethereum White Paper] A Blockchain is more than just a decentralized digital ledger. It can contain Data and transaction records.

4 The use of the Blockchain technology deals with confirming the integrity of data associated with the transaction. That feature of Blockchain is a key for secure the integrity of the next proliferation of networked devices. [ref Ericsson industrialized Blockchain and data integrity]. Ethereum Ethereum is a Blockchain architecture with an associated state database, capable of storing programs and their state. These programs are commonly referred to as Smart Contracts. A smart contract can be deployed by any Ethereum user and it has a function-based interface. Once deployed the smart contract can be referenced by its address, which is a cryptographic identifier. A user can call a smart contract function by sending a transaction with this address as the destination, and with the data payload of the transaction containing the function signature and input parameters. Calling a function causes the miners of the network to execute the program in a trust-minimized way and update its state. A smart contract can hold and send the native value token Ether, and can furthermore call functions of other smart contracts. For further reading on Ethereum and Smart contracts, see the Ethereum White paper: LES (The Light Ethereum Subprotocol) Blockchain technology by design consumes a considerable amount of memory to store the historical transactions. Obviously, it is not applicable to use a normal Full node on an IoT device due to the constraints imposed by the device. Fortunately, an alternative to the Ethereum full node is the Light node. The light client has been designed to function more or less the same as a full client. It is able to run with as low as 10Mb of storage space retrieval thanks to the garbage collection enabled (which scheduled to be implemented), the database will function more like a cache. The current Geth (Go language implementation) uses around 200Mb of memory, which can probably be further reduced. Bandwidth requirements are also lower when the client is not used heavily. Bandwidth used is usually well under 1Mb/hour when running idle, with an additional 2-3kb for an average Future improvements are undertaken in LES like reducing overall latency by remote execution and verifying complex calculations indirectly and improving the slow search speed of log histories.

5 2.2- Public or Private Ethereum Blockchain Based on the customers requirements, the Ethereum network could be private or public: Public Blockchain: a public Blockchain is a Blockchain that anyone in the world can read, send transactions and expect to see them included if they are valid, and anyone in the world can participate in the consensus process Private Blockchain: a fully private Blockchain is a Blockchain where write permissions are kept centralized to one organization. Read permissions may be public or restricted to an arbitrary extent. Advantages of private Blockchain: Transactions are cheaper, since they only need to be verified by a few nodes that can be trusted to have very high processing power, and do not need to be verified by ten thousand laptops. The validators are known, so any risk of a 51% attack arising from some miner collusion in China does not apply. Nodes can be trusted to be very well-connected, and faults can quickly be fixed by manual intervention, allowing the use of consensus algorithms which offer finality after much shorter block times. The advantages of public Blockchains Public Blockchains provide a way to protect the users of an application from the developers, establishing that there are certain things that even the developers of an application have no authority to do. Public Blockchains are open, and therefore are likely to be used by very many entities and gain some network effects DPK (Distributed Public Key Store) System Architecture The Software components of the DPK platform consist of the following: 1. DPK client module 2. PKM (Public Key Manager) at the network side 3. Smart contracts in the Ethereum Blockchain network. PKM (Public Key Manager) Function in the DPK platform located on the Network side that authenticates the IoT devices and approves the storage of the cryptographic keys. The main functions of the PKM are:

6 Figure 1 - Solution Overview a) Wallet management: The download or the installation of the user DPK client module at the user side (IoT device) automatically generates the public, private keys and creates an empty Ethereum wallet. The user does not need to own an Ethereum account or ether. The main role of the PKM is to authenticate the DPK client module in the IoT device and send the necessary Ether to the Client to be able to store the user public key in Ethereum. The PKM performs the wallet management functionality by sending Ether to the client and approve the request of the transaction to store the user public key in Ethereum. The PKM module could contains a full or a light Ethereum node to store its public key as well in Ethereum. b) Registration and configuration of the IoT devices: This function could be part of an IoT cloud platform management and in some cases in PKM. The IoT devices accessing the DPK platform should be registered and configured in the cloud platform through a web interface. The configuration consists of assigning a unique Token to the DPK client on the IoT device. This Token is crucial to identify the DPK client module installed on the device, and to ensure that the transaction fees in Ethereum have been paid. The storing transactions in Ethereum Blockchain cost ether. When the DPK module is installed, an empty Ethereum wallet address and private, public keypair are generated. The Wallet management functions in PKM transfers Ether to the DPK client after confirmation of the identity and the transaction fees payment of the IoT device through the associated Token. The payments are done in any fiat currency and the storage transactions fees are paid using the Ether Cryptocurrency. The transaction mechanism of storing the cryptographic keys by the IoT device is controlled by the PKM wallet management.

7 DPK module at the Client: This module could be downloaded or part of the firmware of an IoT device. There are two types of DPK module: Light with LES (Light Ethereum Subprotocol) which is considered a Light Node Ethereum. Full Node Ethereum, usually installed in Servers or high processing and memory devices The DPK client module includes an Ethereum light client (LES) to interwork with Blockchain. The module contacts PKM to fill in the client wallet with the necessary Ether to be able to perform the storing of the client public key in the Ethereum network. At the configuration, a Token file is deployed to each DPK client module to identify and authenticate the client. The Token is part of the information sent to the PKM wallet management which are mainly the following: Ethereum Wallet address, DPK module identity, [Token]Pr pkm, [Token]Pr pkm : Token signed with PKM Private Key The PKM sends back the needed Ether to perform storage of the client public keys in the Ethereum network. DPK smart contract software The smart contract is deployed on the Ethereum Blockchain network. It contains the following functions: 1- addclient() 2- getclient() 3- approveclient() The approval sequence steps are the following: 1- The client (IoT device) calls the function addclient in the smart contract by signing a transaction. This function adds any client to the pending list. The input parameters are: DPK client Identity: any addressable identity like domain name, public IP, URI etc.. Public Key: RSA 2048 public key Token: a string generated randomly and signed by the IoT cloud platform service 2- The DPK client module sends an approval request to the PKM containing the signed token.

8 3- The PKM calls the function approveclient in the smart contract by signing a transaction. The token is the only parameter used. 4- Only the owner of the contract (the platform provider) can approve the client: The approval process is achieved by searching for the token in the pending list, and if found, copying the first occurrence to the approved clients list. First come, first serve approach is implemented in the contract to mitigate against token duplication. The pending client is released from the pending list getclient(identity) function is used to fetch the public key of the requested identity 3. CONFIGURATION MECHANISM 3.1 DPK identity The DPK is considered as a platform to store and provide cryptographic keys (mainly Public Keys) to any applications intended to communicate securely with its recipients. The application can use any transport layer security like: TLS, DTLS, SRTP The DPK client entity should be addressed using routable addresses like IPv6 address, IPv4 public IP address, phone number, or domain name etc The DPK identity is defined during the configuration of the devices. Figure 2 - Configuration Mechanism

9 3.2 DPK client module and PKM interfaces The communication channel between DPK client module and PKM is secured using TLS- PSK. The DPK client module and PKM at the server side are considered as part of the Blockchain Ethereum network as the DPK client and PKM contains a light Ethereum client (LES) and a full node Ethereum client respectively. 3.3 The transaction public key storage flow The figure represents the mechanism flow of executing the public keys transaction storage in Ethereum using the DPK platform. It should be noted that the PKM server stores as well it public key Pu pkm in Ethereum. The Pu pkm is fetched from Ethereum by any users of the DPK platform to communicate securely with PKM. The main function of the PKM is to approve the transaction requests of the DPK client module to store their public keys in Ethereum. Storage Flow: 1. PKM server stores its public key in Ethereum Pu pkm. The PKM contains a full or light Ethereum Node. 2. Registration and configuration of the IoT device in the IoT cloud Platform Service. The configuration is executed through a web interface. The configuration is associated with the payment of the transaction fees for each IoT device and therefore for each DPK client module. A Token is generated and encrypted with PKM private key Pr pkm ([Token]Pr pkm ) and a DPK identity is assigned to the DPK client module. The Token is needed to identify and authenticate the IoT device and to ensure that the transaction fees in Ethereum have been paid. 3. The installation of DPK client module in the IoT device generates an empty Ethereum wallet address, and accepts the Token file as an input. 4. To be able to communicate securely with the PKM, the DPK client module get the Public key of the PKM and generate randomly a session key which is encrypted with Public key of PKM 5. DPK module requests from the PKM (in a secure way (TLS-PSK)), the authorization to execute the storage transaction of the DPK s module public key in Ethereum. The main data sent to PKM are: Ethereum Wallet address, DPK client module identity, [Token]Pr pkm. 6. The PKM server decrypt the token received by the Pu pkm and verify the Token authenticity associated to the IoT device. 7. If the verification is successful, PKM send Ether to the concerned IoT device 8. After filling in the Ethereum wallet, the DPK client module in the IoT device stores its public key in Ethereum Network.

10 5- Transaction approved by PKM: The DPK client module sends an approval request to the PKM in the cloud platform containing the signed token. The PKM calls the function approveclient in the smart contract by signing a transaction using the received token. 4. ENCRYPTED COMMUNICATION MECHANISM Figure 3 represents an example of secure communication between two entities or two IoT devices using the DPK platform Figure 3 - Secure Communication 1. It is assumed that both DPK client module in IoT device1 and IoT device 2 has stored their public keys PuK1 and PuK2 in Ethereum according to the mechanism described above. 2. IoT device 1 requests the public key of IoT device 2 from Ethereum. 3. The smart contract contains a list of the DPK client module identities and their corresponding Public Keys. Upon IoT device1 request, the smart contract sends back the public key corresponding to the IoT device2 (PuK2). 4. The client module in device1 starts the pre-shared handshake protocol by generating randomly a session key Ks. This session key Ks is used as a pre-shared Key (PSK) for the security protocol adopted to encrypt the communication session between the two devices (TLS-PSK, DTLS-PSK, SRTP etc ) 5. Ks is sent encrypted with the public key of the device2: { Ks } PuK2 6. Once received, the device2 decrypts the message with its private key and extracts the session key Ks.

11 4.1 DPK module API for Applications Any application in a certain device can get the destination public key by accessing the DPK client module in a well-defined API. The same API is used for remote application running for example on IoT constrained devices in capillary network (See section 5). 5. DELEGATED DPK IN CAPILLARY NETWORKS FOR CONSTRAINED DEVICES The aim in capillary networks is to establish an end to end session key between the end device (which is usually an IoT constrained device) and a server. The constrained devices can be seen as resources of the authenticated CGW. The delegated DPK method requires that the end device requests from the CGW a session key Ks to be used to encrypt the communication between the device and the recipient (Server). The DPK module in the CGW gets the public key of the server PuK2 from the Ethereum blockchain. An end-to-end session key Ks is generated by the DPK module in CGW. The Ks, and [Ks] PuK2, (the Ks encrypted with public key of the destination server) are sent to the constrained device which in turn transfers { Ks } PuK2 to the server as a Ticket. The session key Ks is shared between the two entities, this key can be used for setting up any type of secure communication such as pre-shared key based TLS (TLS-PSK) session between the end device and the server. Figure 4 - Capillary Network

12 A precondition for this method is to have a secure channel in the capillary network between the end devices and the CGW. The end device can interwork with DPK module in the CGW through the same API as the one used by the local application in the CGW 6. DPK COMBINED WITH GBA ALTERNATIVE 2 Figure 5 - GBA combined with DPK In this alternative, the GBA (Generic Bootstrapping Architecture) method is combined with the Blockchain technology to provide ultimate security for the IoT devices. The GBA architecture is used to authenticate the device based on its SIM/E-SIM by the mobile operator. Then, the DPK platform which is based on Ethereum Blockchain is used to provide integrity and confidentiality of the information. The main advantage of deploying GBA is the elimination of the complexity of PKI and certificates distributions as the client authentication is based on the existing mobile operator infrastructure. The advantage of alternative 2 compared to the alternative 1 is the elimination of the configuration of the devices in IoT cloud platform server or the PKM and the process to deploy a Token for each one. The solution in alternative2 is based on two trusted authorities: Mobile Operator and blockchain network. Furthermore, the DPK platform is a catalyst for a new business opportunity for mobile operator to deploy the GBA solution.

13 7.1 Architecture Overview The assumption that the mobile operator has introduced the GBA and deployed the GBA software components: BSF (Bootstrapping Server Function), NAF (Network Application Function) in the network and client GBA software. Generic Bootstrapping Architecture (GBA): GBA is an authentication architecture standardized by the 3GPP that enables the authentication of a client and a server based on existing mobile network operator infrastructure. The main modifications in the DPK solution compared to the Alternative1 are: 1) 2) 3) 4) The Network Application Function (NAF): element which forms the authentication function of the server side, is added in the PKM A secure communication interface between PKM and BSF node in the mobile core network. 3GPP GBA client added in the IoT device. The BT-ID (Bootstrapping Transaction Identifier) generated during the GBA authentication is used instead of the Token to identify the DPK client module installed on the device, and to ensure that the transaction fees in Ethereum have been paid. Figure 6 - GBA/DPK Architecture

14 8. BUSINESS MODEL Storing data in the Blockchain costs money (Ether) therefore, the storage of the public key requires Ether. DPK platform provides the IoT devices with Ethereum wallets filled with Ether transparently. The company running this service revenue for each device public key storage transaction. In case of GBA there is another important source of revenue for the mobile operator by providing authentication based on GBA. Moreover, this is a new sales opportunity for mobile infrastructure manufacturer like Ericsson as they can upgrade their existing mobile operators with GBA software components (BSF, NAF ). Gartner Says 8.4 Billion Connected "Things" will be in use in 2017, Up 31 Percent From If we consider this number as a reference and we consider that 1% of these devices will use the DPK service with a 1$ fee per transaction, we end up with $ It is worth noting that the number of IoT devices is increasing exponentially to reach 20 Billion according to Gartner. CONCLUSION Security and privacy are critical issues facing the development of the Internet of Things since the existing security solutions cannot be applied to IoT devices, especially constrained devices. Blockchain technology has proven to be a secure and fully decentralized immutable database. Based on this fact, DPK platform benefited from the Blockchain technology to safely store and manage end devices cryptographic keys. Having a decentralized public keystore that contains the cryptographic keys of all devices enables the secure distribution of the session keys that will be used as pre-shared keys for PSK-based security protocols (TLS-PSK, DTLS-PSK ) As a result, end-to-end security (authentication, confidentiality, and integrity) between nodes and servers can be achieved with minimum resources.

15 REFERENCES [1] Ethereum: A Secure Decentralized Generalized Transaction Ledger. [2] Ethereum White paper. [3] Light client protocol. [4] Ericsson, Bootstrapping Security", [5] Terminology for Constrained-Node Networks", Tools.ietf.org, 2017 [6] RFC The Transport Layer Security (TLS) Protocol Version 1.2", Tools.ietf.org, [7] RFC Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)