M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015
The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications ERP CRM. Databases CEP Communication Infrastructure apaas SaaS Enterprise IT Big Data Application Infrastructure Layer M2M Integration Platform M2M Integration / Application Enablement / Device and Application Management Platform System Infrastructure Public Cloud Private Cloud Aggregators & On- Premise Platforms Communication Infrastructure MQTT Client SIM Card & Communication Infrastructure Management Optimum M2M / IoT Protocols Field Infrastructure Device HW Device, Gateway, OS, Security Device Application Framework Certifications, etc Sensors, HMIs, Actuators, etc.
M2M / IoT Security Security Focus Points Communication Security Authentication (verified) Encryption Message integrity MitM protection DNS spoofing protection Things Gateways / Smart Devices IoT / OT Platform Application IoT Device Security Authentication (verified) Service discovery / provisioning / pairing Trusted execution environment (ESF 3.2) Network security / firewall Secure Boot IoT Device Cloud Security Authentication (verified) PKI / certificate management Trusted execution environment Network security / firewall Access control (role based)
Everyware Security Architecture Foundation for IoT Security Device has a validated identity IoT platform has a validated identity Mutual authentication for communication Signed messages over an encrypted channel Secure execution environment (devices & IoT platform) Secure software management / distribution State-of-the art network & system security (firewall, hardening) Role based access control Secure management access
Device Connectivity Administration Everyware Cloud / EDC Security Overview EC 4.0 Device to Cloud to Application Security Architecture X.509 Certificate based authentication Integrated PKI / Certificate management Regular Vulnerability Assessments and Penetration Tests Security in the Cloud (IoT / OT Platform) Allowed traffic is secure and authenticated Application Integration Data Management Secure cloud infrastructure / Perimeter Defense Device Management Firewalling (two firewalls in front of broker) All in-bound ports other than HTTPS and MQTTS ports are closed Security Access Control Centralized Access Control & User Management Role-Based Access Control, Roles and Permissions Strong Passwords and User s Lockout Policy Optionally 2-factor Authentication Data Security & Tenant Isolation Dedicated Message Brokers & Topic Partitioning for Messaging Data Segregation through Virtual Private Database Separate Execution Context for Complex Event Processing
Everyware Cloud / EDC Security Overview EC 4.0 & ESF Securing Device to Cloud (Communication Security) Device Authentication Options Unique per-device credentials distributed by Provisioning SSL/TLS Mutual Authentication DNS-SEC Authentication (Coming Soon) Platform-Signed Device Management Messages Device Initiated Connections (No open ports on Device) Allowed traffic is secure and mutual authenticated (SSL/TLS) Everyware VPN Service Securing the Device Secure device identity Secure execution environment (ESF 3.2) Encrypted Configuration Storage and Certificates Stores Device Unique Master Password Remote Certificate Management Firewall OSGi / Signed Code Everyware VPN Client Secure Boot (in roadmap) on Code Java VM Linux Hardware
Everyware Device Cloud - Security An Introduction to EDC Security Upcoming Versions of EC & ESF Amaro, 2015
EDC Security Elements Integrated Certificate Management / PKI Ensures: Integrity Authenticity Non-repudiation of origin Certificate Management Dedicated administrative web panel Standard X509 certificate format Certificate chain support Certificate validations and export functionalities Trusted message server signed digest over MQTT EDC jobs to provision, renew and revoke certificates @
EDC Security Elements Secure Messaging / MQTT All MQTT traffic is encrypted over an SSL connection. Data messages are subject to an algorithm of data transformation: data must be serialized before being transmitted with the same protocol that is used by the receiver (subscriber) to be de-serialized. Device Management Messages published by EC are signed to guarantee authenticity and message integrity. @
EDC Security Elements Tenant Segregation @ Secure multi-tenant implementation At the MQTT broker, broker data and traffic is segregated between accounts using virtual machine segregation All data (telemetrics, device events, ) are archived in a Big Data (no SQL) database and kept isolated by Virtual Private DB
EDC Security Elements Access to Console over encrypted HTTPS only @ Secure enforced passwords (12 chars long complex password) Password stored one-way-encrypted only Configurable lock-out policy per account Option: Two factor authentication based on one-time-password via QR code on mobile phone + username & password
EDC Security Elements Secure Programmable Interfaces @ Programmable interfaces (REST API, WEBSOCKETS) available exclusively over an encrypted HTTPS connection
EDC Security Elements Firewall Protection and reduced attack footprint The MQTT connection is always initiated by the gateway and remains always open. The opening session is an outbound MQTT connection from the local area network, possibly behind the firewall, towards Everyware Cloud. At all points only minimal number of open ports (MQTT, HTTPS, SSL, VPN) All databases in Everyware Cloud are protected through strict firewall rules from external access and they are only accessible from the mid-tier machines. Devices are firewall protected @
EDC Security Elements Secure Execution Environment (Device, ESF 3.2) OSGi Security: Signed Bundles Checks (Integrity, Authenticity) @ ESF Security Manager Environment Integrity Checks Environment Hardening Allowed Jar Signatures Allowed Bundle Access Device Unique Master Password (Code Obfuscation, String Encryption) Encrypted Configuration Storage SSL Mutual Authentication Device Management Checks (Integrity, Authenticity) Remote Certificate Management
EDC Security Elements ESF Security Manager Overview Application ESF ESF Bundles ESF Security ESF SSL Manager ESF Certificate Manager ESF Security Manager OSGi Java SE Embedded JKS ESF JKS SSL Encrypted Configuration Snapshots OSGi Security Signed Bundles Checks Integrity Authenticity ESF Security Manager Environment Integrity Checks Environment Hardening Allowed Jar Signatures Allowed Bundle Access Device Unique Master Password Code Obfuscation String Encryption Encrypted Configuration Storage SSL Mutual Authentication Device Management Checks Integrity Authenticity Remote Certificate Management
EDC Security Elements Remote Management / VPN @ Secure administrator initiated transparent IP connection between remote systems and devices in the field Gateways behind firewalls can be reached No IP addressing conflicts prevent or complicate the establishment of connections Using the established MQTT channel for initiating the VPN connection from the remote device (openvpn, soon IPSEC)
EDC Security Elements Auditing / Penetration Testing Eurotech performs regularly vulnerability assessments, like Code Injection, Cross Site Request Forgery, credentials stealing, etc, including network/host and applications. Eurotech ensures internal and external vulnerability scanning is conducted periodically and after any major changes to the environment @
Thank You! www.eurotech.com
M2M / IoT Security Device Security Questions Does the device have a unique ID and credentials? Does the device have a secure initialization & pairing mechanism? Does the device have a secure boot mechanism? Is the device closed from a network perspective? Does the device have a trusted execution environment? Is the device upgradable over-the-air? Is the device / local network accessible to anyone?
M2M / IoT Security Comunication Security Questions Is the communication encrypted? Are the messages signed to protect integrity? Communication nodes with a unique ID and credentials? Are the communication nodes closed / secured from a network perspective?
M2M / IoT Security IoT Device Cloud Security Questions Is the IoT Platform closed / secured from a network perspective? Does the IoT Platform have a trusted execution environment? Are you using PKI for key and certificate management? Easy to perform scheduled key-rollover? Can you revoke certificates and therefore devices? Is the device allowed / authenticated to connect? Is the application allowed / authenticated to connect? Do you have strong credential policy for users?