This is various notes taken during my internship at Red Hat in the messaging team. Theses researchs have been done with concerns for IoT or mechanisms that could be applied to address some of the IoT's outstanding questions.
- Over HTTPS
- the EST Clients & Server are provided with information for mutual auth (URI, shared secrets..).
- If devices are provided informations by the manufacturer, the client (buying the devices) may get these informations via a secure procedure.
- Client authentication isn't required to get a CA certificate -> i.e. you can authenticate the EST server via a Trusted Anchor without authenticating. Similar to an https connection.
Enrollement : getting a client-side cert via :
- another certificate
- a previously installed certificate
- PSK
- http-based auth, i.e. username & password. (to be performed over TLS)
Individual URIs for EST function selection. The certificate & key pair can be generated by the client or the server.
-> give a cert to a device in a secure way and be sure that the client is a device you brought (because it's give you a cert which is signed by the CA of the manufacturer) :-1: You trust the manufacturer to not be hacked & to have good internal security policy.
Java implementation.
Cisco c implemation (a test server is online to play with the protocol).
Glossary :
- CMS cryptographic Message Syntax
- CMC : certificate management over CMS
- TA : Trust Anchor
AFNIC Presentation (in french)
Providing integrity for DNS records :
- A public/private key pair is used for a zone. (Verisign have a key pair for .com).
- You can querry the public key via a standard DNS request "DNSKEY".
- The private key is used to sign the RR, a new RR is given alongside the result : RRSIG.
Also used to sign the "no" : No answer needs to be authenticated. -> a name have a NSEC attached which contain the next name in the zone.
Ex : rhiot.io. NSEC field = 'lwm2m.rhiot.io.' So you know that amqp.rhiot.io. doesn't exists. (and that's circular)
- NSEC 3 does that with the HASH of the names (avoid zone walking 👍 )
Zone delegation : a parent zone can delegate the signing. When this is done, the parent zone have a DS record containing the signed hash of the child zone's public key. (The server who receives the delegation send his public key to his parent, which signs it with his own key an store it.). The inexistence of a child zone is proved by a signed NSEC.
👍 if you have the root key (.) you can authenticate any domains names !
DLV allow you to start the DNSSEC without waiting that all ancestors adopted DNSSEC.
DLV : DNSSEC Lookaside Validation. dlv.isc.org can contain a DS to fr.dlv.isc.org and then validate your redhat.fr by validating redhat.fr.dlv.isc.org
Long key or short key ?
- Long keys alow a good security but require more cryptographic operations (latency++)
- Short key are faster but require to be changed often.
Use 2 keys !
- ZSK : Zone Signing Key (signs the zone's records : short)
- KSK : Key Signing Key (signs the trust delegation : long)
RFC 6698 and (An introduction in French) RFC 6394 : use cases
Introduces a TLSA (TLS Authentication) entry in DNS : allowing you to insert details in your domain zone. These details helps the client to validate the certificate obtained by the webserver.
The TLSA field specify the port & transport mode supposed to be used. Ex :
$ dig +dnssec +noall +answer +multi _443._tcp.www.huque.com. TLSA
_443._tcp.www.huque.com. 893 IN TLSA 3 0 1 (
8CB0FC6C527506A053F4F14C8464BEBBD6DEDE2738D1
1468DD953D7D6A3021F1 )
The TLSA includes : Usage, Selector, Matching type and the playload :Certificate for Association.
4 possibilites for Usage :
- 0 : The client (browser) MUST perform the PKIX validation but verify that the CA's certificate matches the one given in the TLSA. (PKIX CA constraint)
- 1 : Same as 0 but the given TSLA certificate should match the CA certificate AND the end entity's certificate.
- 2 : The client MUST used the given TLSA certificate as a trust anchor when validating the end entity certificate. Useful when a company have it's own CA which is not known in the client's brower PKIX library.
- 3 : There is no CA and PKIX validation. The TLSA playload contain a fingerprint of the end entity certificate. This allow server administrator to use self-issued certificate.
Selector and matching are used to define how the playload have to be processed (e.g. full certificate or SHA-256 Hash) see p5
DANE can be used to reinforce the PKIX model or can also be used as a complete alternative to PKIX : DNSSEC for IoT bootstrapping
DNS Service Discovery to answer the Where is the printer ? question.
Meant to be used on a non-managed network, using multicast DNS. Each node receive the packet and answer if necessary.
Needs a final domain name, got via DHCP or RA.
Uses multicast addresses: IPv4 224.0.0.251 or IPv6 FF02::FB
:thumsup: Can be used in a standard DNS mode though (if you want security !)
Used to find network ressources. 3 DNS types can be used :
- PTR : gives all the SRV records for a given service.
- SRV : Gives details for an instance of a service. Name of the server and which port to use.
- _service._tcp.local or _service._udp.locl.
- everything not TCP is _udp. (the protocol used isn't mentionned (e.g. iTunes DAAP))
- possibility to set a metric and a priority (to load balance & fail handling).
- TXT : use to give additionnal details that doesn't fit in the SRV record. Mandatory, even if empty. (key-avlue array. TTL, plugins, PaperSize..)
- The "key" have to be ASCII and short, case non-sensitive.
source code Tiaki use DNS SEC to sign SD records, adding security. Exists as a java library or a binary executable.
Here are some details about security technologies, not necessary aimed for IoT.
3 RTT (possible down to two by false start & resumption (down to ~1/3 of the data)) in case of IoT that means a teared down connection could be "resurected" easier. (needs to be cached in both server & client)
With false start : the app data is piggybacked into the handshake.
intermediate certificate needs to be included. (if no : additionnal requests)
Overhead : 512 Bytes for the packet and 2540 bytes for the records (blocks signed & packaged into the packet)
OSCP : check if the certificates haven't been revoked. The server can only push you 1 so : probably additionnal requests.
Use raw public keys for authentication (e.g. GitHub) : RFC 7250 SSL survival guide
TLS allows cipher suites that don't encrypt data offering only auth & integrity RFC 4785
An IETF document with few guidelines and idea to lightening security
A lot of ciphers ! How it works :
TLS_<key exchange and authentication algorithms>_WITH_<bulk cipher and message authentication algorithms>
| Key Exchange Algorithm | Signature Algorithm | Bulk Encrytpion Algorithm | Message Authentication Code |
|---|---|---|---|
| Key Exchange | Authentication | Symetric Stream Encryption | Integrity |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | |||
| Elliptic curve Diffie-Hellman | Elliptic Curve Digital Signature Algorithm | 256 bits length AES key used for symetrical encryption AES | HMAC with SHA algorythm 384 bits lenght output |
| TLS_PSK_WITH_NULL_SHA256 | |||
| Pre-shared Key | Pre-shared Key | No Encryption | 256 bits SHA for HMAC. |
| TLS_PSK_WITH_AES_128_CBC_SHA256 | |||
| Pre-shared Key | Pre-shared Key | 128 bits AES symetrical Encryption | 256 bits SHA for HMAC. |
TLS is modular : use can use NULL to have authentication + Integrity only.
aims to reduce the delay included by the handshake. a few introduction slides
Lightweight TLS-compliant library (TLS & DTLS 1.2). writen in C.
Some ciphers don't require padding (save data)
Use a short MAC ()
homepage
Library for DTLS :
- Written in C
- Cover client & server
- Support mandatory cipher suites for CoAP:
- TLS_PSK_WITH_AES_128_CCM_8
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- Works on a 100 KiB Flash & 10 KiB RAM devices.
- Support for hardware accelerated encryption
Offical Website
Slides from bosh
IoT Model to descibe the devices, associated with code generators. Plateforms providers generates code that works on their plateform from a standard model.
The Models are created via the Ecplise IoT Tool Set. Centralized into a repository
Exemple of a model : TI Sensortag :
namespace examples.informationmodels.sensors
version 1.0.0
displayname "TI SensorTag CC2650"
description "Information model for the TI SensorTag CC2650."
category demo
using examples.functionblockmodels.sensors.Accelerometer ; 1.0.0
using examples.functionblockmodels.sensors.TemperatureSensor ; 1.0.0
using examples.functionblockmodels.sensors.HumiditySensor ; 1.0.0
using examples.functionblockmodels.sensors.PressureSensor ; 1.0.0
using examples.functionblockmodels.sensors.LightSensor ; 1.0.0
using examples.functionblockmodels.sensors.MagnetSwitch ; 1.0.0
using examples.functionblockmodels.sensors.Magnetometer ; 1.0.0
using examples.functionblockmodels.sensors.Gyroscope ; 1.0.0
infomodel TI_SensorTag_CC2650 {
functionblocks {
temperaturesensor as TemperatureSensor "Function block representing the temperature sensor of the device."
humiditysensor as HumiditySensor "Function block representing the humidity sensor of the device."
pressuresensor as PressureSensor "Function block representing the pressure sensor of the device."
lightsensor as LightSensor "Function block representing the lighting sensor of the device."
magnetswitch as MagnetSwitch "Function block representing the MagnetSwitch of the device."
accelerometer as Accelerometer "Function block measures acceleration of the device."
magnetometer as Magnetometer "Function block measures magnetic field of the device."
gyroscope as Gyroscope "Function block measures Gyro of the device."
}
}
TIME. a revoked certificat can be used by a hacker if the device doesn't have the correct time. How constrained objects stay on time ?
Texas Instruments interview raising interesting questions
about 802.15.4 -> non-standard ethernet frames. up to 127 bytes. Allows to do Auth and/or Integrity and/or encryption. Encryption is done with a symetrical 128 bytes key.
secure RF : Algebraic Eraser (a diffie-helman algorythm that needs a very small amount of power)
http://fr.slideshare.net/jvermillard/the-5-elements-of-iot-security
http://www.scmagazineuk.com/internet-of-things--top-ten-concerns/article/339217/ http://pzf.fremantle.org/2014/03/internet-of-things-protocols-and-access.html