Securing the IoT Gateway -
Welcome to another in a series of articles from Citrix Labs R & D staff to the subject written Internet of things (IOT). If you have not discovered the previous posts, here you can catch up and read about how we define , the role of the Internet of Things in the Citrix software defined workplace identifies potential security problems , described a simple framework IoT and focused on the device layer security .
to investigate in this issue, we move to the IoT stack and the gateway level.
As you can see illustrated in simplified IoT model below, the gateway layer serves the important role of connectivity and messaging between things, people and cloud services. In most cases today, the primary function of the IoT gateway protocol translation of low-power sensor networks with the Internet or LAN.
But to predict all the big names in the industry, a massive number of IoT devices arriving in the company over the next 5 years.
So in addition to simple protocol translation, intelligent IoT Gateways are needed in the company to handle the sheer volume of IoT devices and the messages communicated between them. The gateway is closer polices the local processing of automation rules at the network edge, device management functionality, and the enforcement of network access control. Connect only by sensors and IoT devices to your network, you can also enable the option information about the physical world of the merger (sensors) and the ability to work with the world to interact (through connected devices) with the mission-critical applications on the you run to your business.
, for example, when fully implemented, will the Internet of Everything each company allow real-time tracking of their vehicle fleet with their shipping and logistics software to integrate or use automated inventory tracking to their asset management solution. Of course, all this functionality must be performed safely, and this article deals with some important security requirements of IoT Gateway.
Gateway Layer Security
Communication in the IoT will usually have a combination of private and public networks, the network protocols is to ensure course important and the first thing you should consider. If for this film to think about security, remember the basic triad CIA Security. The communication between things, the gateway, and the cloud service must cryptographically secured to preserve confidentiality, integrity and authenticity. Securing the network communication in this way with the technology as AES cipher suites and TLS / SSL encryption, is well understood area of IoT security, because we have to do it for years for applications such as e-commerce on the Internet.
Unique Challenges
Even with mature technology for securing network communications, the Internet of things is different from the Internet of servers and PCs and so presents some unique security challenges. Many of these challenges relate to the fact that the Internet of Things have limited computing power equipment and no graphical user interface for easy configuration.
End-to-end encryption
As noted above, a primary role of the gateway layer bridging a lower power sensor networks, usually from a low-power radio standard such as ZigBee or Z -Wave, Wi-Fi or Ethernet. This is a critical function, as we expect many devices from many manufacturers, several different protocols speak in the company to appear. The IoT Gateway serves as a common point of communication and control between the myriad devices.
to maintain a challenge for the IoT Gateway confidentiality while this protocol translation preforms. Although both ZigBee and Z-Wave support encryption protocols, the gateway must generally decrypt and re-encrypt the payload, if a network protocol to translate into another. This protocol translation makes it more difficult to observe confidentiality, since it is not true end-to-end encryption; Communication between agents is protected, but not the intermediary itself. If the attacker IoT gateway to compromise were not only the transfer of data through the gate in danger, but the control over the physical things are at risk associated with it as well.
For example, research from Veracode conducted found 6 common home gateways:
"... widespread problems of communication between connected devices and the manufacturer management server secure in the cloud. Five of the six devices were tested, were prone to so-called "man in the middle" attacks that it will modify an attacker on the same network as listen to a device, and forward traffic between the device and would allow its cloud-based service. Many of the tested device is not properly validate the TLS or SSL certificate that traffic to encrypt, Creighton said. "
One way this issue mitigate is true to implement end -to-end, application-level security. with this strategy, the messages in an encrypted manner that only the unique recipient of the message to decrypt possible and not think anyone in between. In other words, keep only the IoT device and receiving cloud service the cryptographic key and the gateway acts as illiterate messenger, along messages over, it can not decipher. The gateway is still its protocol translation can not perceive, it can only read the news not as they passes from one network to another.
Secure Onboarding
Secure Onboarding is the process of a configuration IoT device for the first time, and it for the management of the application. In security model Resurrecting Duckling for IoT devices, this is the method the duckling for embossing (device) with an encryption key generated by the mother duck (IoT management service). The IoT Gateway plays an important role in the onboarding process, because it is the mediator between the IoT device and administration competent service. If you install a device for the first time, all communications and encryption keys are the gateway to happen and must be protected against eavesdropping and man-in-the-middle attacks.
We know that the encryption effectively IoT communication addressed confidentiality, but the weak link in the chain encryption security is often to key management practices and how key onboarding process to be replaced during the device. A research paper entitled Review of the Safety of Z-Wave wireless protocol shows how, although the underlying Z-Wave protocol has strong 128-bit AES encryption, improper implementation of device manufactures can cause serious security holes.
"with this tool we have an implementation vulnerability in Z-Wave-key exchange protocol shown that only by knowing the Home and node IDs of the target device, the full control over a target Z- could be used to take Wave door lock both, can by observing the Z-Wave network traffic over a short period are identified. "
is the good news from this report
"We have received the details of this vulnerability to the vendor who has a security clearance of the Z-Wave specification and SDK to ensure conducted to cover a correct handling of the discovered vulnerabilities. has finally Sigma designs measures taken to prevent such implementation deficiencies standard to reach the market in the future, by providing additional security test cases for certification test suite. "
The Allseen Allianz AllJoyn IoT is due beautiful has and great documentation as they approach safely onboarding and cryptographic security in the ecosystems.
firmware updates
stressing the need for reference implementation vulnerability Z-Wave in IoT device an example above firmware updates perform on IoT devices in the field. As many devices IoT Gateway in the way UI or internal memory do not have much, an external application and Gateway will often fetch and apply updates firmware required. to update the firmware sure the system should record current version and new version of the firmware, check. for a valid signature on the downloaded firmware to the receipt and check firmware integrity before firmware installation
the OWASP (OWASP) lists insecure firmware in its top 10 list of IoT security concerns and the additional information on the topic.
interface minimization
An important strategy in the implementation of security by design is to minimize attack surface. In other words, an IoT gateway manufacturer should only implement the protocols and interfaces required to provide the intended functionality and nothing more. These include restriction services and interfaces that run for debugging purposes on the device, but not for use by end users. While these interfaces invaluable for the production, development and test purposes, they are often for backdoors information leaks and authentication vectors "hidden". , Moreover, to restrict debugging interfaces are all open interfaces should prevent a legitimate user, running arbitrary code designed on the gateway device are
found in the previously cited studies of Vera Code on 6 common gateway home IoT, that:
"Many of the most serious defects showed a kind of sloppiness in the design and manufacture of equipment ... For example: exposed [two of the] leave debug interfaces and unsecured in their product delivered. this could for attackers a way that access to the same network as the machine had to steal information or bypass other security controls. "
" the point about the debug interfaces that it sounds dark, but it's really not. All you have to do is go to the Android developer site, download a toolkit and within five minutes full access to the [IoT gateway] device, "he said ,
If your Wi-Fi AP are the only gateway you need?
as efficient Wi-Fi implementations, such as the forthcoming 802.11ah default, become more frequent and installed on IoT devices is the IoT gateway function finally merge the Wi-Fi access point, rather than a separate device be. This brings more safety requirements for a network device that already has a history of vulnerabilities in the consumer sector and re-enforces the need for a hardened IoT gateway with enterprise-class security from the beginning built.
- 300,000 Compromised SOHO Gateways
- Virgin Media Router Snafu
- Asus and Linksys Router Vulnerabilities
- Linksys Router Worm
the Intel IoT Gateway
to fill the need for a safe IoT gateway for the company, Intel is developing the Wind River Intelligent Device platform. This device is positioned to combine both old industrial equipment and new intelligent infrastructure for IoT. It is designed to integrate protocols for networking, embedded control, security and manageability and provides a platform on the 3 rd party applications can run. The Intel IoT Gateway white paper describes the following security features of the device .:
- Secure Boot - ensure only authorized and trusted software can be run on the device when it is powered up published collection of free software patches under the GNU GPL to secure the Linux kernel -
- GRSecurity . GRSecurity is a set of configurable role-based access control (RBAC) guidelines, the collection of programs or processes running with least privilege
- McAfee Embedded Control allows. - By only provides system integrity unauthorized software allows to run system changes validate changes file system and protects important data files from tampering
- Integrity Management Architecture -. detects if files changed maliciously or accidentally, locally. and from a distance
Intel IoT Gateway focus will be given to security and extensibility as a platform Citrix the experiment with the execution of the entire Octoblu IoT with very good results on the apparatus to read more about it here: / blogs / 08.05.2015 / octoblu-intel-industrial-IOT /.
combine
Conclusion
, the primary role of the IoT gateway low-power sensor networks to private Ethernet LANs and. To the Internet As the number of devices proliferate in the enterprise, the role of the gateway will grow the increased network traffic and include features such as local processing equipment automation, device management and network access policies to deal with. It is not difficult to see that the gateway plays a crucial role in the IoT, however, to be included in the company, it must be safe. In this article, we presented a series of safety requirements for the gateway device. These include:
- Encryption - cryptography is an important part of communicating via an IoT Gateway to secure, but it needs to be properly effective are implemented. End-to-end application layer encryption is a strategy to prevent the goal that the weak link in the security chain is
- Secure Onboarding -. Even with state-of-the-art cipher suites available, we have shown that secure device on-boarding and key exchange is an important aspect of security in depth at the gateway layer
- firmware updates -. When security problems found, you have the devices in the patch panel and it is largely the role of the gateway firmware, especially low-power sensors that lacks a direct connection to the Internet.
- to provide interface minimizing - since the IoT gateway serves as an aggregation and control point for multiple devices, it is a high value target for malicious attacks. For this reason, manufacturers must take extra care only interfaces required to ensure to be implemented to provide the intended functionality and nothing more
- Hardened Wi-Fi access points -. Over time, we expect the IoT gateway roles with the Wi-Fi access point, but with the special challenges of securing tiny IoT devices, gateways with enterprise-class security as the Intel Wind River IoT gateway to merge required.
In the next and final article in this series IoT security we consider are how to ensure the privacy of the customers in the Internet of Things cloud services and to receive.