D9TvZRb8

1IoT Notes
2
3Lecture 1 Introduction
4
5Radio Spectrum
6
7Mobile Radio Networks - 
8
9900 - 2200 MHz (VHF - UHF)
10Simple small antennas (few cm)
11With 1W input power, covers up ti few kilometres and penetrate building walls
12
13Point-to-point Links and Satellite links - 
14
153 - 30 GHz (SHF)
16Plenty of bandwidth available but strong attenuation due to meteorological effects
17
18Data Wireless Networks (WLAN, WPAN, etc.) - 
19
202.4 - 5 GHz (ISM band)
21Interference with other systems 
22
23High Frequencies - 
24
25High bandwidth available
26Spectrum is less crowded by other systems
27Propagation is difficult due to low penetration of obstacles
28
29Low frequencies - 
30
31Low bandwidth availability
32Big antennas
33Many interference sources due to other human activities
34
35Basic Definitions
36
37Forward Channel - Radio channel used for transmission of information from the base station to the mobile.
38
39Reverse Channel - Radio channel used for transmission of information from mobile to base station.
40
41Simplex Systems - Communication systems which provide only one-way comms.
42
43Half-Duplex Systems - Communication systems which allow two-way communication by using the same radio channel for both transmission and reception. At any given time, the user can either transmit or receive information. 
44
45Full Duplex - Communication systems which allow simultaneous two-way communication. Transmission and reception is typically on two different channels (FDD).
46
47Handoff - The process of transferring a mobile station from one channel or base station to another.
48
49Roamer - A mobile station which operates in a service area (market) other than that from which service has been subscribed.
50
51Page - A brief message which is broadcast over the entire service area, usually in simulcast fashion by many base stations at the same time.
52
53Subscriber - A user who pays subscription charges for using a mobile communication system.
54
55Transceiver - A device capable of simultaneously transmitting and receiving radio signals.
56
57Data Rate Support
58
59Maximum Data Rate -
60
61What is the maximum data rate than can be supported by the channel? What limits it?
62
63Determines - 
64
65Capacity of the system
66Complexity of the receiver
67Application support
68
69Parameters of importance - 
70
71Communication Channel Attenuation
72Frequency vs. Interference 
73
74Security Threats
75
76Disclosure Threat - Leaking of information from a system to an unwanted party, Confidential violation.
77
78Integrity Threat - Unauthorised changes of information during transmission.
79
80Denial of Service Threat - Resources blocked by malicious attacker. Availability violation.
81
82Fuzzing Attacks - Sending malformed messages to the IoT devices. 
83
84Blue Jacking - Causes harm when the user sends the data to the other user.
85
86Authentication - Process of determining the identity of another user.
87
88Authorisation - Process of deciding if device A has the access rights to device B.
89
90Symmetric Key Security - Generally, A trusts B if B can prove that it has the same shared key that A does. 
91
92Bluetooth Devices 
93
94
95Link Key Generation
96
97Link key is generated at the initialisation phase. Two devices bond each other and derive link keys when user enters an identical key to both the devices.
98
99At the end of the initialisation, devices authenticate each other and perform encryption links. The PIN used in the initialisation may have a length from 1 byte to 16 bytes where the longer code may provide more security. 
100
101ZigBee Devices
102
103Summary - 
104
105Operates in Personal Area Networks and device-to-device networks.
106Connectivity between small packet devices.
107Control of lights, switches, thermostats etc.
108
109Characteristics - 
110
111Low cost.
112Low power consumption.
113Low data rates.
114Scalable and reliable.
115Flexible protocol design.
116
117Overview - 
118
119Encryption specified for MAC, network and APS layers
120All security is based on 128-bit key and AES-128 block encryption method
121
122RFID
123
124Summary - 
125
126The use of radio frequency tags to identify real objects.
127Assign IDs to objects.
128Bar codes, license plates, social security numbers etc.
129Passive tags - no battery, low cost.
130Active tags - on-board receiver, long range, high cost
131
132Security - 
133
134Tag Data - RFID tags are considered dumb devices. They can only listen and respond no matter who sends the signal
135Eavesdropping - Signals transmitted can be detected several metres away by other radio receivers
136Denial of Service
137
138Near Field Communication (NFC)
139
140Summary - 
141
142Designed for short distance wireless communication
143Does not require line of sight
144Easy and simple connection method
145Provides communication to non-self powered devices
146The NFC communication is based on an inductive RF link on 13.56 MHz
147Active and passive move at different transfer speeds
148Has good security at mobile and application layer further assisted by short range data transfer, typically on contact
149
150Lecture 2 IoT Networks Protocols
151
152IoT Hardware Security
153
154Closed Systems - 
155
156Closed systems with low-end devices do not typically include high-value information and so have a relatively low security risk
157A trusted encryption environment (TEE) a secure area of the system on chip that guarantees code and data protection
158Higher-end applications in closed systems have higher value data and therefore are at a greater risk of hacking. These systems are starting to embed a hardware root of trust to provide strong protection for the credentials and software of devices
159
160Open Systems - 
161
162Devices such as Linux-based IoT gateways, Cloud-of-Things (CoT) and hubs
163High-end devices for use in open systems may have multiple processors and run multiple operating systems
164Commonly use virtualisation strategies
165All open systems require a TEE for more secure functionality
166
167Hardware Root-of-Trust Concept - 
168
169The protective hardware provides TEE for the privilege software to run
170At a minimum, it must perform one or more proven cryptographic functions
171A form of tamper protection must be present and available for the entire runtime
172Flexible, yet simple user interface that the host can interact with, through either the host CPU and/or a host controller toggling GPIOs
173Secure boot and secure access controls
174Secure identification and authentication
175Firmware integrity assurance
176Secure storage for the rest of the chip
177Secure debug and test access control
178Runtime protection
179Secure field updates
180
181IoT Messaging Protocol
182
183Protocols - 
184
185MQTT (Messaging Queuing Telemetry Transport) uses TCP/IP. Publish subscribe model, requires a message broker
186AMQP (Advanced Message Queuing Protocol) uses TCP/IP. Publish subscribe model and point to point
187COAP (Constrained Application Protocol) uses UDP, designed specifically for IoT, uses request response model like HTTP
188DDS (Data Distribution Service) DDS is a data bus used for integrating intelligent machines
189
190Constrained Application Protocol (CoAP) - 
191
192CoAP is a specialised web transfer protocol for use with contained nodes and constrained networks in IoT
193It is designed for machine-to-machine applications such as smart energy and building automation
194Is a network-orientated protocol using similar features to HTTPs but also allows for low overhead, multicast etc.
195
196IoT Networks
197
198Piconets - 
199
200Small range communication networks
201Piconet master is a device in a piconet whose clock and device address are used to define the piconet physical channel characteristics
202At any given time, data can be transferred between the master and one slave. The master switches rapidly from slave to slave in a round-robin fashion
203
204Two types of links can be established between the piconet master and one or more slaves:
205
206Link Types - 
207
208Synchronous connection-oriented (SCO) link allocates a fixed bandwidth for a point-to-point connection involving the piconet master and a slave. Up to three simultaneous SCO links are supported
209Asynchronous connectionless or connection-oriented (ACL) link is a point-to-multipoint link between the master and all the slaves in the piconet. Only a single ACL can exist in the piconet
210
211Device Types - 
212
213Full Function Devices (FFD) can operate in three modes serving as a personal area network coordinator, a coordinator, or a device
214Reduced Function Devices (RFD) are intended for applications that are extremely simple
215
216RPL for LLN
217
218Low Power and Lossy Networks - 
219
220A class of network in which both the routers and their interconnect are constrained
221Constraints on processing power, memory and energy, and their interconnects are characterised by high loss rates, low data rates and instability.
222Support point-to-point traffic, point-to-multipoint traffic
223
224RPL
225
226Construct and maintain a direct acyclic graph (DAG) supporting MP2P flows - 
227
228Multiple successors when available 
229Implementation specific metrics and objective functions to find the least cost paths
230Use DAG to contain and guide computation of routes supporting P2MP flows
231Use MP2P + P2MP and basic P2P support
232
233DAG - 
234
235Nodes taking up a position in the DAG compute a depth value specified to the metric and objective function in use
236Depth value may be used to gauge relative position in the DAG
237
238RPL Routing Attributes - 
239
240Routing metrics - ETX (link), latency (link) and DAG rank
241Routing constraints - Node state and attribute (NSA) node energy
242
243
244Expected Transmission Count (ETX)
245
246The number of transmissions a node expects to make a destination in order to successfully deliver a packet
247
248DAG Construction 
249
250Step-by-Step - 
251
252LLNs are depicted 
253Links are annotated with the ETX
254It is expected that ETX variations will be averaged/ filtered as per to be stable enough
255Nodes are also to observe the metric and gain confidence before use
256Optimise the parameters for each node:
257Metric: ETC
258Objective: Minimise ETX
259Depth computation: Depth ETX
260Note that a practical computation may be more coarse
261LBR-1 multicasts DIO
262Nodes A, B, C receive and process DIO
263They consider long metrics to LBR-1 and the optimisation objective
264Optimisation object can be satisfied by joining the DAG rooted at LBR-1
265Nodes A, B, C add LBR-1 as a DAG parent and join the DAG
266Node A is at Depth 1 in the DAG, as calculated by the routine indicated by depth “ETX”
267Node B is depth 3, node C is depth 2
268A, B, and C have installed default routes
269The RA timer on Node C expires
270Node C multicasts RA-DIO
271LBR-1 ignores RA-DIO from deeper node
272Node B can add Node C as a alternate DAG parent, remaining depth 3
273Node E joins the DAF at depth 3 by adding node C as a parent
274
275
276Node A is at depth 1 and can reach ::/0 via LBR-1 with ETX 1
277Node B is at depth 3, with DAG parents LBR-1, and can reach ::/0 via LBR-1 or C with ETX 3
278Node C is at Depth 2, ::/0 via LBR-1 with ETX 2 item node E is at depth 3, ::/0 via C with ETX 3
279
280
281The RA timer on node A expires
282Node A multicasts RA-DIO
283LBR-1 ignores RIA-DIO from deeper node
284Node B adds node A
285Node B can improve to a more optimum position in the DAG
286Node B removes, LBR-1, node C as DAG parents
287This continues
288
289Lecture 3 Vulnerabilities, Attacks and Countermeasures
290
291IoT Attacks
292
293Wireless Reconnaissance and Mapping - 
294
295Majority of IoT devices on the market utilise wireless communication protocols such as ZigBee, Wave, Bluetooth-LE, WiFi802.1 etc.
296Network scanning using such tools as Nmap is commonly utilised by hackers to gather information 
297
298Security Protocol Attacks - 
299
300Many security protocols can sustain attacks against vulnerabilities introduced either in protocol design, implementation and even configuration stages
301These procedures allow external parties to sniff the exchange network key
302
303Physical Security Attacks - 
304
305Include those in which the attacker physically penetrate the enclose of a host etc.
306
307Application Security Attacks - 
308
309IoT devices and connection can be exploited through attacks against application endpoints
310Application endpoints include web servers and mobile device applications
311
312RPL Attacks
313
314The characteristics of LLN make them vulnerable and difficult to protect against attacks. 
315
316Updates - 
317
318The RPL protocol defines several mechanisms that contribute to its security. It integrates local and global repair mechanisms as well as loop avoidance and detection techniques. It also uses two security modes to encrypt data packets
319Typical deployments of such networks base their security on link layer and transport/application layer
320Assume that an attacker is able to bypass security at link layer by accessing shared key
321
322Resources attacks - 
323
324Covers attacks targeting the exhaustion of network resources
325Direct attack - Gathers direct attacks where a malicious node will directly generate the overload to degrade the network
326Indirect attack - Attackers will make other nodes generate a large amount of traffic
327
328Flooding attack - 
329
330Consists of generating a large amount of traffic through DIS messages, causing nodes within range to send DIO messages
331
332Version Number Modification Attack - 
333
334Increasing the version number (which is normally a responsibility of the DODAG’s root when a global repair is to be performed)
335The root receives the DIO with an invalid version number, it updates it and resets its trickle timer for resending a new DIO
336
337Rank Increased Attack - 
338
339The node rank is always increasing in the downward direction in order to preserve the acrylic structure of the DODAG. When the node determines its rank value, this one must be greater than its immediate parent node
340Once rank evaluation is done, the node determines it’s parent in order to optimise the routing cost
341A malicious node advertises a higher rank value that the one it is supposed two have
342Attack generates looping in the DODAG and comms jamming
343
344Topology attacks - 
345
346Sub-optimisation Attack - The network will not converge to the optimal form
347Isolation - Isolating a node or a subnet of nodes in the RPL network
348
349Sinkhole Attack - 
350
351Malicious node tries to extract a large number of higher rank nodes in order to exploit maximum path information
352Node advertises fake info to attract traffic, after receiving traffic, modifies itself
353Network will perform worse because of non-optimised routing path
354
355Blackhole - 
356
357Malicious node drops all packets silently 
358
359Threat Modelling of an IoT System - 
360
361Identify the assets
362Create an IoT system architecture overview
363Decompose the IoT system
364Identify threats
365Document threats
366Rate the treats
367
368Lecture 4 Cryptographic Fundamentals
369
370Authentication / Authorisation - 
371
372Many devices must authenticate to the sink ’s’ node before transmitting the captured data out
373The sink node can authenticate to the cloud where the IoT resides when forwarding the data
374IoT services to analyse the stored data in the could should also authenticate themselves
375
376Security Token based Authentication
377
378X.509 Certificates - 
379
380Use of digital certs issued by a trusted cert auth.
381Contains info to assert an identity claim -
382Name
383Serial number
384Expiration dates
385Cert holders public key
386Digital signature of cert auth
387
388Kerberos Tickets -
389
390Clients share symmetric key with server
391Clients login to authentication server
392Server returns a ticket-granting ticket (TGT) encrypted with the client’s key
393Client sends decrypted TGT to ticket granting service
394TGS sends ticket authorising network access and certain services
395Session ticket data -
396Name
397Network address
398Time stamp
399Expiration dates
400Session key
401
402Custom Security Tokens - 
403
404May contain additional context information
405Access methods -
406Wired - local terminal
407Wired - remote terminal
408Wireless PDA 
409Authentication method - 
410Password
411e-Token
412Fingerprint
413Face Recognition
414
415Block Ciphers
416
417Simon and Speck - 
418
419Aim to fill the need for secure, flexible, and analysable lightweight block ciphers
420Excellent performance on hardware and software platforms. Flexible enough to admit a variety of implementations on a given platform
421Perform exceptionally well across the full spectrum of lightweight applications
422SIMON is tuned for optimal performance in hardware. SPECK for software
423
424Secrecy and Secret-Key Management
425
426Securing Private Keys for IoT Deployments - 
427
428Involves creating, renewing, accounting for, and managing private keys
429Lost keys may compromise security
430Expired certs and keys may shut down device comms because once a certificate expires the key can no longer be used to create a secure connection
431
432Important Design Guidelines - 
433
434Key and Certificate Management Platform -  Organisations need to have an easy-to-use and comprehensive centralised management platform that is designed to monitor and control certificates and keys within the organisation
435Access control - The centralised management platform should have well-defined access control roles or features for the items and information within the system
436Key and Certificate Renewal - Should allow admins to track certificate and key expiration dates
437Key and Certificate Generation - Establish a way for keys and certs to be generated directly
438Key and Certificate Discovery - Allow admins to check network and identify all keys and certs being used 
439Key and Certificate Reporting  - Allow admins to establish and track certs and key lifetimes 
440Key Escrow - IoT admins should be able to recover certs and keys that are no longer operational for business purposes, analysis, forensics 
441Key and Certificate Rollover - Admins should be able to distribute a new cert and key to a device 
442Key Destruction - Admins should be able to remotely destroy a compromised key 
443Certificate Revocation - Must have a robust cert revocation service
444Lecture 5 Identity and Access Management Solutions
445
446IAM - 
447Enable the right individuals to access the right resources at the right time for the right reasons 
448
449Threat-Aware IAM - 
450
451Offers fundamental security control to manage security and risks in order to meet the business demands
452
453Safeguard mobile, cloud and social access - 
454Validate who is who
455Proactively enforce access policies
456Prevent advanced insider threats - 
457Manage and monitor privileged access
458Defends applications and data
459Simplify could integrations and identify silos - 
460Provide federated access
461Unify “Universe of Identities”
462Deliver actionable identity intelligence - 
463Streamline identity management
464Manage and monitor user entitlements and activities
465
466End-to-End IAM
467
468The trustworthiness of services and service use depends on how the actors govern identities and data, security and privacy, and the degree to which they comply with the agreed policies and regulations
469The combination of security and identity functions is important for defining the trust level
470
471Flexible E2E Approach to Security and Identity
472
473Business-optimal and trust-centric IoT security id dependent on continuous risk management that balances criticality, cost, usability and effectiveness to fulfil different types of security SLA in multi-tenant IoT systems
474For critical IoT services, the level of security functions must be set high in accordance with the risk management results and service provider security policies
475
476BYOD Risks & Solutions
477
478Risks - 
479
480Sensitive data on a device that is lost/stolen etc
481Infected device connecting to network
482Malicious app downloaded by user
483Theft of data via personal device
484
485Solutions - 
486
487App management on devices
488Asset tracking
489Smart devices don’t collect corporate email
490No corporate documents on device
491Device tracking
492Cloud storage control
493Encrypted data
494Remote lock and wipe
495Passcodes
496Encryption
497Requires basic device restrictions
498
499Public Key Infrastructure
500
501Consists of - 
502
503Cert auth that stores, issues and signs digital certs
504Reg auth which verifies the identity of entities requesting their digital certs to be stored at the CA
505Central directory
506Certificate management system managing access to stored certificates or delivery
507Certificate policy stating the PKI’s requirements concerning its procedures
508
509Hardware as The Root of Trust - 
510
511Security framework must begin at the edge, with identity rooted in the silicon
512Sits below applications, divers and the real-time OS, monitoring activity
513Second line of defence : MFA will be vital
514IoT devices can be wrapped in a new security blanket and co-exist with new hardware security paradigm
515
516EDGE - 
517
518Distributes computing paradigm in which computation is largely or completely performed on distributed device nodes or edge devices 
519
520FOG - 
521
522Architecture that uses edge devices to carry out a substantial amount of computation, storage, communication, locally and routed over the internet
523
524Cloud of Things (CoT) - 
525
526A fully managed service that allows you to easily and securely connect, manage, and ingest data from millions of globally dispersed devices
527
528Lecture 6 Mitigating IoT Privacy Concerns
529
530Privacy Challenges Introduced by the IoT
531
532As endpoints in the IoT environment transmit data autonomously they also work in conjunction with other endpoints and communicate with them
533Interoperability of things is essential
534Data transmitted might not cause a privacy issue on its own
535Fragmented data can yield sensitive data
536
537IoT Risks
538
539DDoS Attack Defence - 
540
541Filtering may mean legit traffic will be rejected
542Attack packets often have spoofed IP
543Add more servers - resource competition - Costly
544Traffic that is found to be malicious is rejected
545DDoS attack mitigation in Clouds - When the DDoS attack happens, the cloud can redirect the request to one of the IPs to be filtered
546
547Data Breaches from IoT Devices
548
549Does my device present privacy concerns? - 
550
551Identify all data types being collected
552The device should only collect what is necessary
553Determine if data is collected beyond what is needed
554Determine if a data retention policy is in place
555
556How Do I Prevent Privacy Concerns? - 
557
558Ensuring only data critical to the functionality of the device is collected
559Proper protection with encryption
560Ensure devices protected personal information
561Ensuring authorised individuals have access to personal information
562End-users are provides with “notice and Choice” if data collected is more than what would be expected from the product
563Ensuring role based access control to the data is applied
564Ensuring the analysed data is de-identified
565
566Privacy Impact Assessment (PIA)
567
568Analysis of how personally identifiable information is collected, used, shared, etc.
569A Data PIA is a process to help you identify and minimise the data protection risks of a project the DPIA must:
570Describe the nature, score and context and purposes of the processing
571Access necessity, proportionality and compliance measures
572Identify and asses risk to individuals
573Identify any additional measures to mitigate those risks
574
575Lecture 7 Internet Protocol Security IPV4 IPV6
576
577IP
578
579Advantages - 
580
581Flexible and Robust
582No unnecessary overhead for connection setup
583Can work with different network types