Inria Tech Talk dédié à une actualité brulante : la sécurité de vos objets connectés.
Aujourd'hui, il est indispensable de développer des outils pour générer les tests de sécurité de ces objets dans des scénarios d’usage réalistes.
Les chercheurs-experts Inria vous présenteront les attaques existantes et celles développées d’une manière artisanale sur des automates programmables industriels et des objets connectés au cours de ces dernières années.
La présentation est disponible ici :
https://french-tech-central.com/events/inria-tech-talk-iot/
2. Context
• IoT (Internet Of Things) on therise
• Consumer and IndustrialIoT
• Short time to market and lowcost
• Diversity
3. IoTsecurity concerns
• Low processing power and constrained hardwarespace
• Poorly secured and designed devices: entry points for cyberattacks
• High heterogeneity :operating systems, network protocols,
functions
Everypoorly secured device that is connected onlinepotentially
affects the security and resilience of the Internetglobally
(Mirai botnet, end of2016)
5. SecurityanalysisofaconsumerIoT
• NestThermostat
• Attack vectors
• Booting with a modifiedcode
• Refiningbackdoors
• Inject a trojan
Front (left) and backplate (right) of a Nest Thermostat (credit: Nest, iFixit).
• Motion sensor
• WiFi module: remotecontrol
• Zigbee module: otherdevices
• Linuxkernel version 2.6.37
• Code: open source
6. SecurityanalysisofanIndustrial IoT
• Itron Centron smartmeter
• Measure a customer’s energyusage
• Reporting through an RFchannel
• Charge the customer for their energyusage
using the ID of themeter
• Attack vectors
• Modify the smart meterID in order for a
meter reader to read the incurred IDof the
device
• TheID is stored in theexternal EEPROM
• TheID is on the meteritself on the front
of the device
• Dump the EEPROM: find the ID and change it
• Energy theft becomespossible
Itron Centron CL200 Smart Meter (credit: Itron)
7. Securityassessment practices
• Penetration testing, fuzzing,firmwareanalysis
• Attack graphs, exploitgraphs
• Formal verification and validation (criticalsystems)
• Who did that ?: Human expertswith high technical skills
But very slow, can’t remember all, overloaded, high financialcost
8. SCUBA:objectives
• Automated security testing of connected devices andtheir
environments
• Predict attack sequences and evaluatethem
• Does the device is GDPR (General DataProtection Regulation)
compliant ?
13. MatchingCVEtoCAPEC:NLPlearning
• CVE$2013$4434:dropbear sshd 0.51
« Dropbear SSH Server before 2013.59
generates error messages for a failed
logon attempt with different time
delays depending onwhether the user
account exists, which allows remote
attackers to discovervalid
usernames. »
SSH22
Dropbear
sshd 0.51
Connection
CVE-2013-
4434
CVE-2013-
4421
• CAPEC$555:Remote Services with StolenCredentials
« An adversary leverages remote services such as RDP,telnet, SSH, and
VNC to log into a system with stolen credentials. »
15. What’sNext …
• Several blocks of the platform areready
• TDA analysis forclustering
• Process mininganalysis
• Doc2Vec analysis of CAPEC,CVE and technical documents :deeplearning
• Featuresextraction: protocols and applicationlayer
• Working on integration and making itmodular
• Looking for collaborations
• Youare building IoT devices andapplications
• Youare interested in ourplatform
• Youare working on security testing ofIoT