Internet of Things Amr El Mougy Alaa Gohar
IoT Security – part 2
RPL Security
Security Features Defines protection for all types of control messages (DIO, DAO, DIS, DAO-ACK) Three security levels are identified Security field identifies the cryptographic suite used and the security level Services include: Integrity and authenticity Confidentiality Key management Protection against replay attacks
Implementing Security Services Integrity can be provided using a MAC-32 or MAC-64 codes RSA Digital signatures based on SHA-256 also supported Confidentiality is supported based on AES/CCM. The entire RPL packet falls within the scope of protection (except the immutable fields of the header) Security level is specified in the LVL field Replay attacks are prevented using a counter and timestamp Sensors can issue a challenge/response message to check the consistency of the counter value at a different node
Key Identifier Mode Three types of keys are defined: Group symmetric key Symmetric key per pair of nodes Public key for digital signatures Key index field allows identification of which key to be used
Security Modes Three modes are defined: Unsecured: default mode. No security is applied to RPL messages Preinstalled: a pre-configured symmetric is used by a device to join an RPL instance as host or router. The key supports confidentiality, integrity, and data authentication Authenticated: appropriate for routers. The preinstalled key is used to join the RPL and then to obtain a different key from a key authority, which is responsible for authenticating the router. Authenticated mode can only be supported using public key cryptography. However the standard does not specify how it can be implemented.
CoAP Security
Security Services CoAP doesn’t have built in security features but defines bindings to Datagram Transport Layer Security (DTLS) DTLS supports similar services to TLS but for UDP packets This means security is supported at the transport layer rather than the application layer Security services include: Confidentiality, authentication, and integrity: based on AES-CCM Non-repudiation: based on elliptic curve digital signatures (public keys) Protection against replay attacks: using a different nonce for each CoAP packet
Security Modes CoAP defines four security modes to be enforced by DTLS NoSec: completely unsecured transmissions PreSharedKey: sensing devices are pre-programmed with a symmetric key. Devices may use one key for every destination or use group keys for a set of devices RawPublicKey: mandatory in CoAP. Devices use a pre-programmed public key to avoid needing a certificate authority. The public keys are used for authentication Certificates: public keys are authenticated using certificated based on public key infrastructure Device authentication is supported in RawPublicKey and Certificate modes using elliptic curve digital signatures Key exchange can also be done using elliptic curve Diffie-Hellman A DTLS handshake is required before data exchange
ICN Security
ICN Challenges In ICN, publishers may not send their content directly to receivers ICN changes the security model from securing endpoints to securing objects Thus, ICN may suffer from all new forms of attacks in addition to legacy ones In-network caching is heavily used Since content may come from any place in the network, security cannot be bound to endpoints Security is applied to the content itself
Security Levels The severity of ICN attacks can be calculated by looking at the following metrics: Block content retrieval Access user request Cache pollution Misrouting Request timeout Number of affected nodes Geographical distribution of attacked networks Remote exploitation Availability of environment that was attacked How difficult is it to fix the attack
Types of ICN Attacks
1. Naming Attacks The attacker tries to monitor/censor Internet usage by blocking delivery of content or viewing who request this content ICN makes information flow more visible to attackers For the attacker to monitor user requests they have to hijack an ICN node because packets do not carry host identifiers This is not necessary for content filtration/deletion Naming attacks can be classified into watchlist and sniffing attacks
Naming Attacks Watchlist The attacker tries to delete a specific list of content names The attacker monitors network links to perform real-time traffic filtering The attacker either deletes (or monitors) the user’s request or deletes the content itself
Naming Attacks Sniffing The attacker does not have a specific list but monitors packets to check for content that includes particular keywords (Real Madrid, Zamalek, Lady Gaga) Any packet containing these keywords are marked and filtered out Main difference is that the attacker does not have a predefined list of content names but does real-time analysis of traffic
Impact of Naming Attacks Naming attacks can cause the following: Censorship: specific content never delivered Privacy: the attacker learns the interests of a large number of users because ICN allows access to user requests Denial of service: the attacker blocks access to particular requests (for example a set of users)
2. Routing Related Attacks Routing in ICN is asynchronous: publishers and subscribers do not act at the same time Thus, the corresponding states at the routers have to be consistent, which is not easy Attacks in this category include spoofing attacks to cause the consistency to fail It also includes DDOS attacks that consumes resources
Routing Related Attacks DDOS Resource Exhaustion Infrastructure Source Mobile Blockade Flooding Timing Routing Related Attacks Spoofing Jamming Hijacking Interception
Routing Related Attacks DDOS Infrastructure attacks: the attacker sends a large number of available/unavailable requests The network keeps propagating these requests towards the source, consuming resources ICN mitigates this attack by propagating requests to multiple resources
Routing Related Attacks DDOS Source attacks: the attacker targets a specific publisher and sends a very large number of requests Mobile blockade: the attacker sends a large number of requests while traversing the network, thereby contaminating a particular geographical region Timing attack: the attacker increases the timeout of requests to violate the router’s consistency. These leads to larger delays in responses Mobile blockade
Routing Related Attacks Spoofing Jamming attacks: the attacker sends a large number of bogus requests. The network replies but no one is waiting to receive Hijacking attack: the attacker masquerades as a trusted publisher and announces invalid routes for any content. Requests sent on these invalid routes will not be answered. Interception attacks: man in the middle. The attacker announces invalid routes and the content is sent to the attacker, who then forwards it to the users, violating their privacy Hijacking Interception Jamming
3. Caching Related Attacks Caching is a very important component in ICN It is vulnerable to pollution or corruption Caching attacks can be classified into time analysis, bogus announcements, and cache pollution attacks
Caching Related Attacks Time Analysis The attacker monitors traffic of a user and measures the response time between cached and uncached content When a legitimate user requests content for the first time it will be obtained from the publisher in time T1 + T2 If an adversary requests the same content later it will be returned in only T1 because it was cached. The attacker uses this information to learn that a user has requested the content before 1- A user requests for ICN content named (x). 2- and 3- ICN routers try to find the content (x). 4- and 5- ICN routers forward the content (x) to the requested user. 6- The user retrieves the content (x) in total time T1+T2. 7- An adversary requests for the content (x). 8- The adversary retrieves the content (x) in time T2 only, as routers cache the content.
Caching Related Attacks Bogus Announcements The attacker sends many content updates at a rate greater than the convergence time of the routers to violate caching and routing systems ICN routers will not be able to respond properly to requests while these bogus announcements are being received
Caching Related Attacks Cache Pollution Unpopular requests: the attacker only sends requests for content that is unpopular. Requires a prior knowledge of content popularity Random requests: the attacker requests content at random to fill the cache with content that may not necessarily be popular
Random requests (normal) 1- User1 requests for ICN content named (x). 2- R1 router tries to find the content (x). 3- R1 retrieves the content from ICN network. 4- R1 caches the content (x). 5- User1 retrieves the content (x). 6- User2 requests the same content (x) via R2 router. 7- R2 tries to find the closest copy, which exists in R1 router. 8- R1 sends the content to R2 router. 9- R2 caches the content (x). 10- User2 retrieves the content (x). Random requests (normal) 1- User1 requests for ICN content named (x). 2- R1 router tries to find the content (x). 3- R1 retrieves the content from ICN network. 4- R1 caches the content (x). 5- User1 retrieves the content (x). 6- An attacker sends a large number of random/unpopular requests to violate the cache. 7- User2 requests the same content (x) via R2 router. 8- R2 tries to find the closest copy and sends request to R1. 9- R1 router tries to find the content (x). 10- R1 retrieves the content from ICN network. 11- R1 caches the content (x). 12- R1 sends the content to R2. 13- R2 caches the content (x). 14- User2 retrieves the content (x). Random requests (attacked)
4. Miscellaneous Attacks Attacks that aim to degrade ICN services or gain unauthorized access Can be classified into packet mistreatment, breaching signer’s key, and unauthorized access Packet mistreatment: the attacker gains access to an ICN node or link and modifies or replays packets The requester may receive the reply to a request several times or the attacker may generate content on behalf of the user Can lead to congestion of links or reduced throughput (or DOS) Unauthorized access: the attacker gains access to a service he/she is not authorized to. Here the attacker makes use of any available content copy to gain access Here the attacker may capture all user requests and track all their activities
Miscellaneous Attacks Breaching Signer’s key The attacker somehow obtains the private key of the publisher used to sign packets Using this key, the attacker can generate any content and it will be trusted by the users An attacker requests for ICN content named (x). The attacker retrieves the content (x) that contains signer’s public key and signature, which can be used with the content itself to determine the signer’s key.