Securing low power device communication in critical infrastructure management - TIB AV-Portal

Securing low power device communication in critical infrastructure management

00:00

2

Zugehöriges Material

Eclipse Foundation

Brun, Paul-Emmanuel

Formale Metadaten

Titel

Securing low power device communication in critical infrastructure management

Serientitel

Eclipse SAM IoT 2020: Conference on Security, Artificial Intelligence, and Modeling for the Next Generation Internet of Things

Anzahl der Teile

12

Autor

Brun, Paul-Emmanuel

Mitwirkende

Ferrera, Enrico (Moderation)

Lizenz

CC-Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.

Identifikatoren

10.5446/51308 (DOI)

Herausgeber

Eclipse Foundation

Erscheinungsjahr

Sprache

Inhaltliche Metadaten

Fachgebiet

Genre

Abstract

In this keynote, we will present an overview of a secure IoT data transmission ecosystem. This overview will be completed with a concrete example of a water management use case from the Brain-IoT project. In this use case, to ensure high trust in the device’s data, we integrated an end-to-end security layer that is compatible with battery-less devices with high constraints in terms of energy, power computation and bandwidth.

Eclipse SAM IoT 2020: Conference on Security, Artificial Intelligence, and Modeling for the Next Generation Internet of Things7 / 12

1

41:32

Cobbles and Potholes: On the Bumpy Road to Secure Software Supply Chains

2

28:11

Semantic Models for Network Intrusion Detection

3

13:07

REPLICA: A Solution for Next Generation IoT and Digital Twin Based Fault Diagnosis and Predictive Maintenance

4

16:54

A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physical System

5

16:53

Prescriptive System for Reconfigurable Manufacturing Systems Considering Variable Demand and Production Rates

6

13:46

Smart Building Energy and Comfort Management Based on Sensor Activity Recognition and Prediction

7

31:51

Securing low power device communication in critical infrastructure management

8

26:21

Model Based Methodology and Framework for Design and Management of Next-Gen IoT Systems

9

22:37

Bringing Clouds down to Earth: Modeling Arrowhead Deployments via Eclipse Vorto

10

22:28

DINASORE: A Dynamic Intelligent Reconfiguration Tool for Cyber-Physical Production Systems

11

23:25

Integrated Solution for Industrial IoT Data Security - the CHARIOT Solution

12

14:07

Risk Assessment in IoT Case Study: Collaborative Robots System

Automatisches Abspielen

Sprache

Text

Bild

00:00

ComputersicherheitVorgehensmodellTelekommunikationDatenverwaltungDatenverwaltungComputerarchitekturTelekommunikationExpertensystemIntegralMereologiePhysikalisches SystemProjektive EbeneComputersicherheitDatenmissbrauchMultiplikationsoperatorZweiIdentitätsverwaltungInternet der DingeFormation <Mathematik>CybersexComputeranimation

01:32

TelekommunikationLeistung <Physik>DatenverwaltungTelekommunikationGesetz <Physik>Physikalisches SystemInternet der DingeComputeranimation

02:10

Internet der DingeDatenbankOrdnung <Mathematik>HackerTypentheorieVektorraumPhysikalisches SystemGüte der AnpassungComputersicherheitPunktDirekte numerische SimulationMultiplikationsoperatorCybersexPufferüberlaufZweiGamecontrollerCloud ComputingInternet der DingeBridge <Kommunikationstechnik>Kontrollstruktur

05:18

Internet der DingeSoundverarbeitungE-MailMorphingDreiSystemplattformDatenbankFront-End <Software>Architektur <Informatik>Physikalisches SystemProtokoll <Datenverarbeitungssystem>RechnernetzService providerOperations ResearchGatewayZusammenhängender GraphQuelle <Physik>DatenverwaltungHardwareOrdnung <Mathematik>ComputerarchitekturSoftwareTelekommunikationHackerProdukt <Mathematik>MAPSensitivitätsanalyseKategorie <Mathematik>GrenzschichtablösungPhysikalischer EffektArithmetisches MittelBitEindeutigkeitGeradeKette <Mathematik>LeckMereologiePhysikalisches SystemPhysikalismusTermInternetworkingNichtlinearer OperatorWasserdampftafelCASE <Informatik>Faktor <Algebra>Prozess <Informatik>RobotikEnergiedichteComputersicherheitPunktProtokoll <Datenverarbeitungssystem>Kartesische KoordinatenService providerEinfügungsdämpfungDatenmissbrauchDomain <Netzwerk>p-BlockSystemplattformKontextbezogenes SystemMultiplikationsoperatorCybersexStandardabweichungDienst <Informatik>Internet der DingeComputeranimation

11:00

SystemplattformQuelle <Physik>Front-End <Software>Architektur <Informatik>Physikalisches SystemInternet der DingeProtokoll <Datenverarbeitungssystem>HardwareService providerZusammenhängender GraphGatewayRechnernetzTypentheorieBeschreibungskomplexitätRuhmasseTransportproblemComputersicherheitMechanismus-Design-TheorieNotepad-ComputerPlastikkarteSoftwareKomplex <Algebra>Prozess <Informatik>ProgrammierparadigmaDatenmissbrauchOperations ResearchHardwareOrdnung <Mathematik>ComputerarchitekturGebäude <Mathematik>NebenbedingungKette <Mathematik>Komplex <Algebra>Leistung <Physik>Physikalisches SystemTreiber <Programm>ServerInternetworkingRuhmasseCASE <Informatik>Zusammenhängender GraphEnergiedichteComputersicherheitPunktProtokoll <Datenverarbeitungssystem>ChiffrierungKartesische KoordinatenUmwandlungsenthalpieService providerSuchmaschineVirtuelles privates NetzwerkDatenmissbrauchSichtenkonzeptWeb SiteDifferenteFront-End <Software>SoftwareschwachstelleZweiDienst <Informatik>Internet der DingeSoftwareTransportproblemOvalVarietät <Mathematik>AuthentifikationSystemplattformOrtsoperatorComputeranimation

16:43

Overhead <Kommunikationstechnik>AggregatzustandComputersicherheitPartielle DifferentiationTLSKugelkappeProtokoll <Datenverarbeitungssystem>AuthentifikationChiffrierungLeistung <Physik>NebenbedingungLeckVektorpotenzialKomponente <Software>AlgorithmusHardwareOrdnung <Mathematik>AggregatzustandBitKette <Mathematik>Physikalisches SystemTermNichtlinearer OperatorZusammenhängender GraphComputersicherheitVollständigkeitPunktProtokoll <Datenverarbeitungssystem>UmwandlungsenthalpieService providerFokalpunktWeb SiteDifferenteSystemplattformInternet der DingeSoftwareDatenkompressionLeistung <Physik>Projektive EbeneDatenflussChiffrierungVerbindungsloser ServerTLSComputeranimation

20:12

ComputersicherheitBandmatrixRechnernetzService providerEnergiedichteInternet der DingeDatenverwaltungWasserdampftafelCASE <Informatik>AuthentifikationLastKünstliche IntelligenzCybersexSystemprogrammierungArchitektur <Informatik>DatenverwaltungImplementierungOrdnung <Mathematik>PerspektiveComputerarchitekturSoftwareBandmatrixProgrammierumgebungEinfach zusammenhängender RaumErneuerungstheorieKomplex <Algebra>Leistung <Physik>MereologiePhysikalisches SystemTermZahlenbereichGüte der AnpassungRegulärer GraphWasserdampftafelCASE <Informatik>Zusammenhängender GraphCoxeter-GruppeEnergiedichteComputersicherheitFormation <Mathematik>PunktWellenlehreAuthentifikationProtokoll <Datenverarbeitungssystem>Kartesische KoordinatenRegulator <Mathematik>Service providerSoundverarbeitungDatenmissbrauchEreignishorizontOpen SourceAutonome DifferentialgleichungSchlüsselverwaltungDifferenteFront-End <Software>Kontextbezogenes SystemCybersexOverhead <Kommunikationstechnik>SoftwareentwicklerInternet der DingeRückkopplungPhysikalismusSystemaufrufChatten <Kommunikation>Computeranimation

Transkript: Englisch(automatisch erzeugt)

00:01

It is time to start with the second keynote speaker of this today's conference. I have the pleasure to introduce to you, Mr. Paul Emmanuel Bong from Airbus Cybersecurity Funds. He is going to provide a talk

00:20

on securing low power device communication in critical infrastructure management. Paul Emmanuel is a passionate of cybersecurity, IoT and identity management. He is a expert in IoT system security and he leads the innovation activities within Airbus Cybersecurity Funds.

00:43

As a former security and identity management engineer, Paul Emmanuel was involved in several European initiatives and contributed to several project to the French Ministry of Defense from a secure architecture definition to integration of cybersecurity solutions.

01:03

After applying several patents linked to cybersecurity of IT and the IoT systems, he is now focused on innovation and the IoT system security. With Airbus, Paul Emmanuel is currently directly involved

01:21

in the EU H2020 Brain IoT project where he leads the activities related to security and he is also part of the European security and privacy cluster. So thank you Enrico for this very nice introduction. So we will have a short, quite short talk

01:43

about the securing low power device communication in critical infrastructure. And I will just start to give all of you at least from Airbus regarding the threats

02:01

into the IoT systems. So just to start quickly, how we see the threats today in IoT. We see three usage of IoT in order to perform cyber attacks.

02:21

The first one is to use the IoT as a target itself for that I will take the example of Dallas emergency syringe cyber attack in 2017 when a cyber attack was performed on the Dallas emergency syringe

02:41

and make them run early in the morning. This doesn't seem to be very critical, but the fact is that this overflow the emergency call and create a kind of panic into the city.

03:02

There is a lot of other example regarding the IoT as a target of cyber attacks, such as for example in the car industry with the Tesla, the Jeep that were braked. But this is I think a good example. The second type of attack is using the IoT

03:24

as a vector. Indeed, most of the time hackers are looking for the weakest points into the system they want to attack. And what we see is that most of the time the IoT is one of these weakest points.

03:43

In 2017, there was a quite interesting attack in Tulkasino where hacker used a simple temperature sensor that was connected to some cloud application in order to go through this temperature sensor, go through the wifi of the system

04:03

and then to the database into the casino. This is very interesting to see that here they use a quite simple device in order to try to retrieve all the data from the casino. So here we can really see that the IoT is seen

04:23

as a vector in order to target a much bigger system than the IoT itself. And the last one is that the IoT is also often used as a weapon. Typically the Mirai botnet who braked the DNS

04:44

two years ago is a very good example of cyber attack. Why we can use it as a weapon, it is simply because there is so much IoT out there that are quite similar one to the others

05:03

that it is quite easy when you have found the security breach to take the control over lots of devices and therefore you can use it as a real weapon. So now if we go to the critical infrastructure

05:23

and the industrial IoT consideration regarding cyber security, we can see that there is several kinds of impacts of the cyber attack into IoT systems. The first one is the business impact. Indeed, if a hacker succeed to break an IoT system

05:45

in the industrial and critical infrastructure context, this could have a huge business impact in terms of production and service downtime, in terms of quality of the production that is done or of the service that is delivered.

06:04

And of course it could also cause reputational damages because when a company related to critical infrastructure is known as cyber attacked, then for the reputation, it could be quite terrible.

06:25

And therefore it could be also a loss of opportunities and businesses for this company. The second point is the physical damages. In critical infrastructure, IoT is often used in the context of what we call cyber physical systems.

06:41

So it means that attacking an IoT could cause equipment damages. And also in some context, it could lead to some human safety issue. The production line is a good example. If you attack some robots within the production line,

07:01

then you could have some human safety issue for the operators that are working, for example, in the factory. So this is a key point also in the critical infrastructure. And the last one is related to the damage to intangible assets.

07:20

Critical infrastructure also could mean that you have a high level of intellectual properties to protect. And these intellectual properties could be, for example, linked to the production means you have,

07:45

and that are often related to the devices and the IoT you have in the company. Just for example, when you produce, for example, foods, temperature is a key value. Why? Because it's a secret you have.

08:02

So it's part of your intellectual property. In order to make the food as you want to be at the end. So if a competitor succeeds to steal you the temperature of your processes,

08:21

then it could be a high loss for you in terms of intellectual property and uniqueness into your own market. So the example I gave is quite simple, but we can also imagine the same in the production, more industrial oriented or more critically oriented.

08:42

And of course, we all know that there could be threats really related to privacy issue and the private data leakage. For that, for example, I will talk a little bit after about water management use case, but in all the energy management use cases,

09:01

you have to face the management of some kind of personal data that are privacy sensitive. So this is also a real risk that we have to take into account in critical infrastructure, especially in energy domain.

09:22

So let's have a short overview of the IoT, let's say quite standard system architecture. So I divided here the architecture into five blocks. The first one is the device on the left, the device itself. The second one is what I would call the edge network.

09:43

So the network which is close to the device. The third one is the network provider. This could be the internet infrastructure typically. Then you have the IoT platform itself or the IoT platforms that will collect all the data. And finally, you have the application and services

10:02

that will serve the service for which the IoT and the devices are deployed. Along all this value chain, we can identify threats. It could be very hardware and physical threats on the device itself.

10:20

It could be on the network by spoofing some untrusted data, especially when you are using non-secure protocols. But there is also threats on, let's say third party that are providing services for the IoT network, for the IoT system, sorry, such as the network provider.

10:42

There was some interesting example of hacking into telecom provider that show that, that mean that leads, sorry, to a leak of a lot of personal and professional data

11:01

through the 4G infrastructure. And we could also identify some threats on the IoT platforms, quite similar to the one on the network provider. And finally, this could lead to fake data sent into the application

11:21

and therefore an application that will not be able to create the service for which it is designed. Just in order to show you an example of this kind of threats,

11:42

I made a little church on Shodan. Shodan is let's say a search engine that was made quite famous because it's the one which was used in order to reveal that there were a lot of IP camera

12:03

that were fully open on the internet. And I made a small research regarding an IoT protocol which is quite widely used, which is MQTT. So it's a Q protocol, quite well known, sorry. And making this research,

12:21

I found that there were 74,000 of fully open backend on the internet. And by going through some of them, I saw that there were lots of backend that were related to IoT data,

12:40

for example, GPS position, temperatures, humidity, some kind of actuators. And there were not any protection in order to access those data, but there were also not any kind of encryption on those data on the server.

13:00

So it really showed that the threats exist and that we have to take this into account when we are designing our systems. Just to conclude on these specificities of IoT

13:21

on the top of those threats, we can also highlight some complexity that are really related to the use of IoT. The first one is the fact that there are a lot of heterogeneous protocols and with very different requirements that make very hard to ensure real end-to-end security

13:45

as we can have today, for example, when we go on HTTPS websites. The second point is that we are using in critical infrastructure, protocols and hardware that come from the mass markets

14:02

and that are not, let's say, built specifically for critical infrastructure systems. This is necessary because indeed, if we want to build IoT services, we need to reduce the cost because we want to deploy lots of devices and the cost is one of the driver

14:21

in order to build those IoT systems. But on the other hand, this have a huge impact on the overall security of the system because you introduce some weakness into your IT and OT systems.

14:41

And the third, let's say, challenge that we have to face is that we see that we have very different use cases, even into what we call the critical infrastructure, we see the Industry 4.0, the connected transportation, some use case related to smart city, to energy,

15:03

and all that have very specific requirements that are not the same. For example, if we go to energy, if you want to deploy some gas meter, you will have energy constraints on it. But if you want to deploy an electric meter,

15:21

then you will not have this low power requirement. So this leads to a lot of heterogeneity constraints that are very complex in order to take into account into when you have the system view of the full IoT architecture.

15:46

So just a short talk about what we call the end-to-end security. When we are talking about the end-to-end security, the idea of that is that you are able to ensure the security, the authentication,

16:01

and the privacy of the data from the device up to the final application. We can, let's say, compare this to a kind of VPN that will ensure the security of the data through all the value chain. So typically, if you implement a trustable end-to-end

16:24

security, you can rely on third party for your networks, for your platforms, and for your systems. This is really the added value of the approach of end-to-end security. And therefore, you will be protected against all the threats on the third party components.

16:44

If we have a short look on the state of the art of this end-to-end security with a specific focus for low power, then we identified four main, let's say, protocols. The first one is TLS.

17:02

TLS is quite well known. It's the protocol that is used, for example, when you go on the website of your bank. But the issue of this security layer is that it's quite heavy in terms of consumption,

17:22

and it's, sorry, and it's also quite, let's say, not adapted to when you have, when you are using different protocol

17:42

at different point of your system. Now, if I go to EDHOC plus TLS, it's, let's say, enhanced use of TLS, allowing to use lower hardware in order to perform the cryptographic operation.

18:02

This is a very interesting approach, but what we can see is that it's not covering this topic of end-to-end security when you have, let's say, heterogeneous protocol in the data flow.

18:21

If I talk a little bit about the SEHC plus TLS, SEHC, let's say, it's a completion algorithm in order to ensure the capability to use IP over many kind of protocols, such as, for example, LoRaWAN.

18:41

This one is very interesting to ensure end-to-end security, but it doesn't support the fact that you will be using your data for different protocols. For example, if you are using LoRaWAN, then MQTT protocol, then HTTP, it won't be able to secure all the chain

19:03

without what we call hop-to-hop security, so encrypting and re-encrypting the data at each third party component. And finally, there is the OSCOR protocol,

19:21

which is also very interesting, but quite limited to co-op, and therefore it's not possible to have protocol disruption, so quite the same issue for the previous one. So within the Brain IoT project,

19:44

what we have seen is that there was no really solution to ensure true end-to-end security, especially targeting to critical infrastructure where we want to have high trust into the data, even when they are going through

20:02

some kind of third party that are providing services such as a network provider or even some platform aggregator providers. So we have worked in order to develop such kind of end-to-end security layer,

20:22

and we have done that in the water management use case. Why water management? Because it's a very critical use case where you have to trust the data you received, and therefore this kind of security is quite well-treated, let's say,

20:44

to this kind of use case. So I gave it here an example where we have two IoT network and where we are sending data to the Brain IoT fabric, and the idea is that we are able to encrypt

21:03

over all the applicative layer, the data that are sent in, and we are able also to check this encryption and check the authenticity of the data when we received it into the system.

21:21

Through the security management, we are also able to distribute the key, allowing therefore to comply with regulation that ask for regular key renewal and such kind of requirements. This show that we are able to protect against any kind of attack on the third party.

21:44

It means that if the network provider backend is hacked, all the data will be encrypted and authenticated. So if anyone is trying to spoof or to steal data in this backend, this will have no effect on the final system.

22:00

This layer has a very low impact on the energy consumption because we are about, the impact is about 0.25% of the whole device lifetime, and the impact on the bandwidth is also very, very low because we are talking about five bytes

22:21

linked to the security overhead. So just to summarize very quickly what has been done. Let's say this is quite legacy infrastructure where you have the Brain IoT node,

22:41

which could be compared to the final application. And between both, you have your network infrastructure, either LoRaWAN or any other kind of network. Those network are offering a first layer of security between the device and the network itself. And then they are offering a security layer

23:04

in order to connect to their backend. But into their backend, the data are either non-authenticated or even more not encrypted. So that's the security layer we have developed

23:21

allows to ensure this end-to-end security. And this, let's say fully transparently because all the keys and the key management is also exchanged through this network. And therefore you don't need any other kind of connection or any other kind of requirements.

23:45

So to conclude, this was a short presentation related to cyber, I will call cyber protection for the low power devices, but we need to understand that cybersecurity system

24:04

rely on two main pillars. The first one is the cyber protection of the system, but the second one is the cyber detection. And here in the IoT systems, we have new challenges, especially regarding, let's say,

24:20

legacy cyber monitoring systems. Because in legacy cyber monitoring system, we are relying on systems that don't have restriction on the bandwidth, don't have restriction on the power, and that are relying, let's say, on the quite well-known number of assets.

24:43

Here in the IoT, we are talking about environments where we can see devices that are coming into the system and out of the system regularly. We are talking about protocols, network protocols that have very different bandwidth.

25:03

So it's really new challenges that we have to face in order to monitor those kinds of systems. And for that, and the last point is that it's a very decentralized architecture. Therefore, that's why we think

25:24

that the artificial intelligence is a key technology in order to enable this kind of reliable cyber monitoring for those IoT contexts. So this is really the key point

25:40

if we want to offer new technology that are allowing to cyber monitor those kind of decentralized complex IoT systems. Thank you. So I keep around 10 minutes for the questions.

26:01

So I will be happy to answer if there is questions. Thank you. Thank you very much, Paul and Manuel for your very, very interesting presentation.

26:20

If there are any questions from the audience, please raise your hand or write your question in the chat. Maybe I can start with a question from my side.

26:41

It is, let's say more general respect to the topics that you addressed in your presentation. And in this conference, we will talk also about infrastructures that can reconfigure

27:01

themselves autonomously to adapt themselves to surrounding environments. And these kind of infrastructures could be very important for managing easily critical infrastructures. The question is, what do you think are the major challenges

27:25

in terms of security and privacy also for modern application where artificial intelligence takes an important role, especially in autonomous systems?

27:42

That's a very good question. From the security perspective, I see regarding the two pillars I mentioned in the confusion, I see several challenges. The first one is how I can trust any new assets

28:01

that is coming into the systems. So this is really not that easy as it seems because it could rely, if I take the industry example, it could rely in the provider you are using

28:22

to put new assets, it could rely on the system itself, how you can ensure that new components you start or you bring into your systems is secure. So this is really a key challenge. Then perhaps a threat really specific to the IoT

28:43

is that when you bring an asset, a new asset or new system into the system, you don't know its environment. Can we trust the environment where he is deployed? This is also a key point where I think

29:01

that research also have its parts to place in order to bring solutions. Also the environment could be controlled quite easily from external, triggering some external events happenings.

29:24

So if someone could have malicious intentions, could operate not on the infrastructure itself, but on the environment in order to control.

29:42

Exactly, exactly that the point with the IoT and the cyber physical systems, that it's not only the system itself, but the environment is key for the cybersecurity.

30:03

Okay, thank you. We have another question from Marco Jan. How do you see the role of open source in such security work? Is your implementation going open source?

30:20

That's a very good question. I think that open source is key because you have feedback from the community. And in this context, it's very important where we are talking about cybersecurity solutions. Regarding the open source release of this activity,

30:47

it's indeed a way that we are investigating and that's really, I think could be valuable for us and for the community.

31:02

Okay, thank you. Marco, did he answer to your question? Okay, if there are no other questions, are there other questions for Paul Emmanuel?

31:26

If not, I can say again, thank you very much to Paul Emmanuel, thank you for your presentation and for joining us for our conference.

31:42

Thank you very much, Enrico, for this opportunity to present this activity. Thank you.