SlideShare a Scribd company logo

Inria Tech Talk IoT - 28 Mars 2018

Download as PPTX, PDF
F
FrenchTechCentral

Inria Tech Talk dédié à une actualité brulante : la sécurité de vos objets connectés. Aujourd'hui, il est indispensable de développer des outils pour générer les tests de sécurité de ces objets dans des scénarios d’usage réalistes. Les chercheurs-experts Inria vous présenteront les attaques existantes et celles développées d’une manière artisanale sur des automates programmables industriels et des objets connectés au cours de ces dernières années. La présentation est disponible ici : https://french-tech-central.com/events/inria-tech-talk-iot/

1 of 15
1 AIPlatformforAutomated SecurityTesting ofConnected Devices. Abdelkader Lahmadi, JérômeFrançois, FrédéricBeck,LoïcRouch,Thomas Lacour
Context • IoT (Internet Of Things) on therise • Consumer and IndustrialIoT • Short time to market and lowcost • Diversity
IoTsecurity concerns • Low processing power and constrained hardwarespace • Poorly secured and designed devices: entry points for cyberattacks • High heterogeneity :operating systems, network protocols, functions Everypoorly secured device that is connected onlinepotentially affects the security and resilience of the Internetglobally (Mirai botnet, end of2016)
Risksand threats
SecurityanalysisofaconsumerIoT • NestThermostat • Attack vectors • Booting with a modifiedcode • Refiningbackdoors • Inject a trojan Front (left) and backplate (right) of a Nest Thermostat (credit: Nest, iFixit). • Motion sensor • WiFi module: remotecontrol • Zigbee module: otherdevices • Linuxkernel version 2.6.37 • Code: open source
SecurityanalysisofanIndustrial IoT • Itron Centron smartmeter • Measure a customer’s energyusage • Reporting through an RFchannel • Charge the customer for their energyusage using the ID of themeter • Attack vectors • Modify the smart meterID in order for a meter reader to read the incurred IDof the device • TheID is stored in theexternal EEPROM • TheID is on the meteritself on the front of the device • Dump the EEPROM: find the ID and change it • Energy theft becomespossible Itron Centron CL200 Smart Meter (credit: Itron)
Securityassessment practices • Penetration testing, fuzzing,firmwareanalysis • Attack graphs, exploitgraphs • Formal verification and validation (criticalsystems) • Who did that ?: Human expertswith high technical skills But very slow, can’t remember all, overloaded, high financialcost
SCUBA:objectives • Automated security testing of connected devices andtheir environments • Predict attack sequences and evaluatethem • Does the device is GDPR (General DataProtection Regulation) compliant ?
SCUBA:Overview
Scientific methods • Learn knowledge graphs: explorerelationships • Learn interaction graphs: exploredynamics • Predict weakest relations: hitting an exploitablefeature
Techniques
Knowledgegraphofasmart plug
MatchingCVEtoCAPEC:NLPlearning • CVE$2013$4434:dropbear sshd 0.51 « Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending onwhether the user account exists, which allows remote attackers to discovervalid usernames. » SSH22 Dropbear sshd 0.51 Connection CVE-2013- 4434 CVE-2013- 4421 • CAPEC$555:Remote Services with StolenCredentials « An adversary leverages remote services such as RDP,telnet, SSH, and VNC to log into a system with stolen credentials. »
MatchingCVEto CAPEC • 91404CVE descriptions, 510CAPECpatterns
What’sNext … • Several blocks of the platform areready • TDA analysis forclustering • Process mininganalysis • Doc2Vec analysis of CAPEC,CVE and technical documents :deeplearning • Featuresextraction: protocols and applicationlayer • Working on integration and making itmodular • Looking for collaborations • Youare building IoT devices andapplications • Youare interested in ourplatform • Youare working on security testing ofIoT

More Related Content

Inria Tech Talk IoT - 28 Mars 2018

  • 1. 1 AIPlatformforAutomated SecurityTesting ofConnected Devices. Abdelkader Lahmadi, JérômeFrançois, FrédéricBeck,LoïcRouch,Thomas Lacour
  • 2. Context • IoT (Internet Of Things) on therise • Consumer and IndustrialIoT • Short time to market and lowcost • Diversity
  • 3. IoTsecurity concerns • Low processing power and constrained hardwarespace • Poorly secured and designed devices: entry points for cyberattacks • High heterogeneity :operating systems, network protocols, functions Everypoorly secured device that is connected onlinepotentially affects the security and resilience of the Internetglobally (Mirai botnet, end of2016)
  • 5. SecurityanalysisofaconsumerIoT • NestThermostat • Attack vectors • Booting with a modifiedcode • Refiningbackdoors • Inject a trojan Front (left) and backplate (right) of a Nest Thermostat (credit: Nest, iFixit). • Motion sensor • WiFi module: remotecontrol • Zigbee module: otherdevices • Linuxkernel version 2.6.37 • Code: open source
  • 6. SecurityanalysisofanIndustrial IoT • Itron Centron smartmeter • Measure a customer’s energyusage • Reporting through an RFchannel • Charge the customer for their energyusage using the ID of themeter • Attack vectors • Modify the smart meterID in order for a meter reader to read the incurred IDof the device • TheID is stored in theexternal EEPROM • TheID is on the meteritself on the front of the device • Dump the EEPROM: find the ID and change it • Energy theft becomespossible Itron Centron CL200 Smart Meter (credit: Itron)
  • 7. Securityassessment practices • Penetration testing, fuzzing,firmwareanalysis • Attack graphs, exploitgraphs • Formal verification and validation (criticalsystems) • Who did that ?: Human expertswith high technical skills But very slow, can’t remember all, overloaded, high financialcost
  • 8. SCUBA:objectives • Automated security testing of connected devices andtheir environments • Predict attack sequences and evaluatethem • Does the device is GDPR (General DataProtection Regulation) compliant ?
  • 10. Scientific methods • Learn knowledge graphs: explorerelationships • Learn interaction graphs: exploredynamics • Predict weakest relations: hitting an exploitablefeature
  • 13. MatchingCVEtoCAPEC:NLPlearning • CVE$2013$4434:dropbear sshd 0.51 « Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending onwhether the user account exists, which allows remote attackers to discovervalid usernames. » SSH22 Dropbear sshd 0.51 Connection CVE-2013- 4434 CVE-2013- 4421 • CAPEC$555:Remote Services with StolenCredentials « An adversary leverages remote services such as RDP,telnet, SSH, and VNC to log into a system with stolen credentials. »
  • 14. MatchingCVEto CAPEC • 91404CVE descriptions, 510CAPECpatterns
  • 15. What’sNext … • Several blocks of the platform areready • TDA analysis forclustering • Process mininganalysis • Doc2Vec analysis of CAPEC,CVE and technical documents :deeplearning • Featuresextraction: protocols and applicationlayer • Working on integration and making itmodular • Looking for collaborations • Youare building IoT devices andapplications • Youare interested in ourplatform • Youare working on security testing ofIoT