Integrated Manufacturing Systems

Mateu Jover, Manuel Barranco

MEIN, UIB

Security in IoT

Dpto. de Ciències Matemàtiques i Informàtica

Escuela Politécnica Superior
Universitat de les Illes Balears
 Security in IoT

Outline

1. Motivation.

2. Security services.

3. Basic security mechanisms.

4. IoT security rationale.

1
 Security in IoT

Outline

1. Motivation.

2. Security services.

3. Basic security mechanisms.

4. IoT security rationale.

2
 1. Motivation

1. Motivation

3
 1. Motivation

1. Motivation

4
 1. Motivation

1. Motivation

5
 1. Motivation

1. Motivation

6
 1. Motivation

1. Motivation

7
 1. Motivation

1. Motivation

8
 1. Motivation

1. Motivation

9
 1. Motivation

1. Motivation

10
 1. Motivation

1. Motivation

11
 Security in IoT

Outline

1. Motivation.

2. Security services.

3. Basic security mechanisms.

4. IoT security rationale.

12
 2. Security services

2. Security services

• Attributes or properties of the communication among entities

and the relationships between communicating entities.

• Security services help to mitigate or deal with errors of

malicious nature, also known as attacks.

13
 2. Security services

2. Security services

• Authentication.

• Access control.

• Data confidentiality.

• Data integrity.

• Nonrepudation.

14
 2. Security services

2. Security services

• Authentication.
– Assurance that the communication entity (e.g., a device) is the one
that it claims to be.

• Access control.

• Data confidentiality.

• Data integrity.

• Nonrepudation.

15
 2. Security services

2. Security services

• Authentication.

• Access control.
– Preventing or allowing the use of a resource: writing on a database,
accessing web resource (endpoint).

• Data confidentiality.

• Data integrity.

• Nonrepudation.

16
 2. Security services

2. Security services

• Authentication.

• Access control.

• Data confidentiality.
– The protection of data from unauthorized disclosure.

• Data integrity.

• Nonrepudation.

17
 2. Security services

2. Security services

• Authentication.

• Access control.

• Data confidentiality.

• Data integrity.
– The assurance that data received are exactly as it was sent by an
authorized entity.

• Nonrepudation.

18
 2. Security services

2. Security services

• Authentication.

• Access control.

• Data confidentiality.

• Data integrity.

• Nonrepudation.
– Compound service: Data Integrity + Authentication.

– Protection against denial of one of the entities in a communication of

having participated in it (in all or parts of if).

19
 Security in IoT

Outline

1. Motivation.

2. Security services.

3. Basic security mechanisms.

4. IoT security rationale.

20
 3. Basic security mechanisms

3. Basic security mechas.

1. Cryptography.

2. Hash function.

3. Digital signature.

4. Digital certificate.

21
 3. Basic security mechanisms

3. Basic security mechas.

1. Cryptography.
– Used to transform readable format messages (plaintext) into an
unreadable format (ciphertext) that can only be decrypted by
the authorised recipient through the use of a specific secret key.

2. Hash function.

3. Digital signature.

4. Digital certificate.

22
 3. Basic security mechanisms

3. Basic security mechas.

1. Cryptography.

2. Hash function.
– Cryptographic summary of data. It is a known function that
produces deterministic summaries; but it cannot recover the
original data. Hash functions do not use secret keys.

3. Digital signature.

4. Digital certificate.

23
 3. Basic security mechanisms

3. Basic security mechas.

1. Cryptography.

2. Hash function.

3. Digital signature.
– Exchange of plaintext data with the addition of an encrypted
hash (signature). On reception, the recipient decrypts the
encrypted hash (authentication) and then compares it with its
own hash of the plaintext data (data integrity).

4. Digital certificate.

24
 3. Basic security mechanisms

3. Basic security mechas.

1. Cryptography.

2. Hash function.

3. Digital signature.

4. Digital certificate.
– Some cryptographic mechanisms depend on two different
keys. One private key and one public key for each user or entity.
It is a complex infrastructure that allows to check if public keys
of entities are the ones that are supposed to be and exchange
the public keys for decrypting (Public Key Infrastructure).
25
 3. Basic security mechanisms

3. Basic security mechas.

Authentic. Data integ. Data confid. Access ctrl. Nonrepud.

Crypt. YES No YES No No

Hash funcs. No YES No No No

Digital sig. YES YES No No YES

Digital cert. YES YES No Yes YES

26
 3. Basic security mechanisms

3. Basic security mechas.

Authentic. Data integ. Data confid. Access ctrl. Nonrepud.

Crypt. YES No YES No No

Hash funcs. No YES No No No

Digital sig. YES YES No No YES

Digital cert. YES YES No Yes YES

27
 3. Basic security mechanisms

3. Detailed explanation of the security mechas.

1. Simmetric cryptography.

2. Asimmetric cryptography.

3. Simmetric + asimmetric cryptography.

4. Hash function.

5. Digital signature.

6. Digital certificate.

28
 3. Basic security mechanisms

3.1. Symmetric crypt.

[https://cheapsslsecurity.com/]

● Use shared secret key.

● Idea: encrypt & decrypt with the same secret key:
● En/de crypt algs.: AES (128 bits, 256 bits) and others (RC4, DES, 3DES).
→ Which service(s) can we provide by using this idea ?
29
 3. Basic security mechanisms

3.1. Symmetric crypt.

● Message confidentiality (and authentication if only two actors).

● How to confidentialy share (and keep secret) the key ?

[https://cheapsslsecurity.com/]
30
 3. Basic security mechanisms

3. Basic security mechas.

1. Simmetric cryptography.

2. Asimmetric cryptography.

3. Simmetric + asimmetric cryptography.

4. Hash function.

5. Digital signature.

6. Digital certificate.

31
 3. Basic security mechanisms

3.2. Asymmetric crypt.

● Each entity has two differenty keys: one public, one private.
● The pair of public-private keys are generated together in an
only-once fashion.
● Private key is kept secret by its owner entity.
● A message encrypted with a key can only be decrypted with its
counterpart.
● Algorithms: RSA (1024-2048 bits), ECC (192-224-… bits).

● Idea: encrypt with one of the keys, decrypt with the other one.
→ Which service(s) can we provide by using this idea ?

32
 3. Basic security mechanisms

3.2. Asymmetric crypt.

● Confidentiality.
● Ana encrypts msg. with B.
● Msg. can only be decrypted with B.
● Only Bob is able to decrypt msg., as he is the only one who keeps B.

Bob’s private key

Bob’s public key

[https://cheapsslsecurity.com/] 33
 3. Basic security mechanisms

3.2. Asymmetric crypt.

● Authentication.
● Ana encrypts msg. with A.
● Msg. can only be decrypted with A.
● If the msg. is decrypted with A, it can only be from Ana as she is the only
one who keeps A.

A: Ana’s private key A: Ana’s public key

Ana Bob

Adapted from [https://es.wikipedia.org/wiki/Criptograf%C3%ADa_asimétrica]

34
 3. Basic security mechanisms

3.2. Asymmetric crypt.

● Ok, no need to share private key, but yet:

● How to keep secret the private key?
● How to authenticate the public key ?

35
 3. Basic security mechanisms

3.2. Asymmetric crypt.

● Ok, no need to share private key, but yet:

● How to keep secret the private key?
● How to authenticate the public key ?

We will answer to these questions later on,

when talking about Digital Certificates ...

36
 3. Basic security mechanisms

3. Basic security mechas.

1. Simmetric cryptography.

2. Asimmetric cryptography.

3. Simmetric + asimmetric cryptography.

4. Hash function.

5. Digital signature.

6. Digital certificate.

37
 3. Basic security mechanisms

3.3. Simmetric + asymmetric crypt.

[https://cheapsslsecurity.com/]
● Used to reduce encrypt/decrypt effort.
● Provides connection confidentiality.
● Same questions as for asymmetric crypt. 38
 3. Basic security mechanisms

3. Basic security mechas.

1. Simmetric cryptography.

2. Asimmetric cryptography.

3. Simmetric + asimmetric cryptography.

4. Hash function.

5. Digital signature.

6. Digital certificate.

39
 3. Basic security mechanisms

3.4. Hash function

● The hash function generates a “crypto” summary (hash).

* Algs: SHA-2 family

(224, 256, 384, 512…),
(MD5, SHA-1,...)

● The function is deterministic (same input → same hash).

● The following is computationally unfeasible:
● 2 different inputs generate the same hash.
* Small change in input IN → new hash uncorrelated with the hash of IN.
● Use hash to obtain the original input.

● No key is required.

40
 3. Basic security mechanisms

3.4. Hash function

● The hash function generates a “crypto” summary (hash).

* Algs: SHA-2 family

(224, 256, 384, 512…),
(MD5, SHA-1,...)

● The function is deterministic (same input → same hash).

● The following is computationally unfeasible:
● 2 different inputs generate the same hash.
* Small change in input IN → new hash uncorrelated with the hash of IN.
● Use hash to obtain the original input.
Which service(s) can we provide
● No key is required.
by using a hash function ?
41
 3. Basic security mechanisms

3.4. Hash function

● Data integrity.

transmission
message message‘ hash’

message + hash
hash func. hash func.

hash hash

=?

yes

non-tampered message ☺

● Further services when combined with other techniques.

42
 3. Basic security mechanisms

3. Basic security mechas.

1. Simmetric cryptography.

2. Asimmetric cryptography.

3. Simmetric + asimmetric cryptography.

4. Hash function.

5. Digital signature.

6. Digital certificate.

43
 3. Basic security mechanisms

3.5. Digital signature

● Nonrepudiaton (authentication & data integrity).

integrity

authentication

44
[https://cheapsslsecurity.com/]
 3. Basic security mechanisms

3. Basic security mechas.

1. Simmetric cryptography.

2. Asimmetric cryptography.

3. Simmetric + asimmetric cryptography.

4. Hash function.

5. Digital signature.

6. Digital certificate.

45
 3. Basic security mechanisms

3.6. Digital certificate

● Let us remember the two main questions so far:

● How to keep secret the private key?
● How to authenticate the public key ?

46
 3. Basic security mechanisms

3.6. Digital certificate

● Let us remember the two main questions so far:

● How to keep secret the private key?
● Generate private key locally.
● Protect it locally by diff. means, e.g. biometric credential.

● How to authenticate the public key ?

47
 3. Basic security mechanisms

3.6. Digital certificate

● Let us remember the two main questions so far:

● How to keep secret the private key?
● Generate private key locally.
● Protect it locally by diff. means, e.g. biometric credential.

● How to authenticate the public key ?

● Digital certificate !

48
 3. Basic security mechanisms

3.6. Digital certificate

● Each entity has a digital certificate that:

● Assures the entity is the one it claims to be.
● Includes the entity’s public key.

49
 3. Basic security mechanisms

3.6. Digital certificate

● Each entity has a digital certificate that:

● Assures the entity is the one it claims to be.
● Includes the entity’s public key.
● For instance, consider Ana and Bob:
[https://cheapsslsecurity.com/]

50
 3. Basic security mechanisms

3.6. Digital certificate

● Each entity has a digital certificate that:

● Assures the entity is the one it claims to be.
● Includes the entity’s public key.
● For instance, consider Ana and Bob:
[https://cheapsslsecurity.com/]

● Each one of them has its own digital certificate.

● Ana can send its certificate to Bob so as to: (& viceversa)
● Prove she is Ana.
● Let Bob know her public key.
51
 3. Basic security mechanisms

3.6. Digital certificate

● Ok, but:
● Who does create the digital certificates ?
● How can we validate (trust on) a digital certificate ?

52
 3. Basic security mechanisms

3.6. Digital certificate

● Ok, but:
● Who does create the digital certificates ?
● How can we validate (trust on) a digital certificate ?

PKI
(Public Key Infrastructure)
• hardware
• software • create
• store
• networks used to ? • distribute what ? digital certificates
• roles • validate
• revoke
• policies
• procedures
53
 3. Basic security mechanisms

3.6. Digital certificate - PKI

De Chris 論 - Trabajo propio utilizando: [1] and OpenCliparts.org, CC BY-SA 3.0,

https://commons.wikimedia.org/w/index.php?curid=2501151

54
[https://id4d.worldbank.org/guide/digital-certificates-and-pki]
 3. Basic security mechanisms

3.6. Digital certificate - PKI

● Holder entity
● Person, device or system that
owns the certificate.

De Chris 論 - Trabajo propio utilizando: [1] and OpenCliparts.org, CC BY-SA 3.0,

https://commons.wikimedia.org/w/index.php?curid=2501151

55
[https://id4d.worldbank.org/guide/digital-certificates-and-pki]
 3. Basic security mechanisms

3.6. Digital certificate - PKI

● CA (Certificate Authority).
● Issues the certificate.

De Chris 論 - Trabajo propio utilizando: [1] and OpenCliparts.org, CC BY-SA 3.0,

https://commons.wikimedia.org/w/index.php?curid=2501151

56
[https://id4d.worldbank.org/guide/digital-certificates-and-pki]
 3. Basic security mechanisms

3.6. Digital certificate - PKI

● CA (Certificate Authority).
● Issues the certificate.

● RA (Registration Authority).
● Checks veracity of the data
(mainly the public key) of the
entity requesting a certificate.
De Chris 論 - Trabajo propio utilizando: [1] and OpenCliparts.org, CC BY-SA 3.0,
https://commons.wikimedia.org/w/index.php?curid=2501151

57
[https://id4d.worldbank.org/guide/digital-certificates-and-pki]
 3. Basic security mechanisms

3.6. Digital certificate - PKI

● CA (Certificate Authority).
● Issues the certificate.

● RA (Registration Authority).
● Checks veracity of the data
(mainly the public key) of the
entity requesting a certificate.
De Chris 論 - Trabajo propio utilizando: [1] and OpenCliparts.org, CC BY-SA 3.0,
https://commons.wikimedia.org/w/index.php?curid=2501151
● VA (Validation Authority).
● Validates association between
certificate and the holder entity.

58
[https://id4d.worldbank.org/guide/digital-certificates-and-pki]
 3. Basic security mechanisms

3.6. Digital certificate - PKI

● CA (Certificate Authority).
● Issues the certificate.

● RA (Registration Authority).
● Checks veracity of the data
(mainly the public key) of the
entity requesting a certificate.
De Chris 論 - Trabajo propio utilizando: [1] and OpenCliparts.org, CC BY-SA 3.0,
https://commons.wikimedia.org/w/index.php?curid=2501151
● VA (Validation Authority).
● Validates association between
certificate and the holder entity.

● Further infrastructure.
● TSA (TimeStamp Authority).
● Repositories, e.g. CRL (Certificate
Revocation List).
● etc 59
[https://id4d.worldbank.org/guide/digital-certificates-and-pki]
 3. Basic security mechanisms

3.6. Digital certificate

Types of digital certificates?

60
 3. Basic security mechanisms

3.6. Digital certificate - Types of dig. certificates

● Individual digital signature:

● Identifies a person & includes personal data.
● Used to: (1) sign e-documents, (2) control access to info.
● Server certificate:
● Identifies a computer including its name and IP.
● Used for authen. & confiden. in security transport prot., .e.g. SSL/TLS.
● This concept can be extended for having Device certificates.

61
 3. Basic security mechanisms

3.6. Digital certificate

● Final notes:
● No private or secret key is ever exchanged.
● The holder is the only one who knows the private key.
● The holder is the responsible for keeping the private key secret, e.g.
storing it in a secure file like PKCS#12.
● Any operation by the holder must be carried out in person within the
client hardware, e.g. within a cryptographic card like PKCS#11.

[https://es.wikipedia.org/wiki/Infraestructura_de_clave_p%C3%BAblica] 62
 Security in IoT

Outline

1. Motivation.

2. Security services.

3. Basic security mechanisms.

4. IoT security rationale.

5. Examples of security technologies.

6. Security frameworks & regulations.

63
 4. IoT security rationale

4. IoT security rationale

1. Challenges.

2. Principles.

3. Some practices (focused on devices).

64
 4. IoT security rationale

4. IoT security rationale

1. Challenges.

2. Principles.

3. Some practices (focused on devices).

65
 4. IoT security rationale

4.1. IoT security rationale - Challenges

The closer to the device in the value chain, the more specific the security challenges.
Example:
securing the HW of a connected thermostat may be new and difficult,
compared to securing a mobile app that controls it

66
[Hinarejos’a]
 4. IoT security rationale

4.1. IoT security rationale - Challenges

[Hinarejos]

● Diversity.
● Scale.

67
 4. IoT security rationale

4.1. IoT security rationale - Challenges

[Hinarejos]

● Diversity.
● Fragmentation in all layers → heterogeneous tools & techniques.
● Devices with ≠ CPU/memory/energy → RSA vs ECC; digital cert, etc. ?
● Thus need for device-adhoc security config. & management.
● Use of both secure (e.g. LTE) and not secure (e.g. Sigfox) networks.
● Use of both secure IoT platforms (e.g. AWS IoT) and local IoT deployments,
(e.g. local MQTT broker).
● Many uses cases, .e.g. smart home, wereables, retail, health, etc.

● Scale.

68
 4. IoT security rationale

4.1. IoT security rationale - Challenges

[Hinarejos]

● Diversity.
● Scale (huge number of devices) implies:
● Difficult to config. & manage security of the devices
● Difficult to config. & manage security of private network within which
devices communicate.
● Difficult to apply report&control access policies of devices to IoT platform.
● Need for automating security config. & management of the devices.

69
 4. IoT security rationale

4. IoT security rationale

1. Challenges.

2. Principles.

3. Some practices (focused on devices).

70
 4. IoT security rationale

4.2. IoT security rationale - Principles

There are many proposals of IoT principles.

Let us take a brief look at some proposals.

71
 4. IoT security rationale

4.2. IoT security rationale - Principles

Six principles of IoT Cyber Security across the stack

72
 4. IoT security rationale

4. IoT security rationale

1. Challenges.

2. Principles.

3. Some practices (focused on devices).

73
 4. IoT security rationale

4.3. IoT security rationale - Some practices

Let us comment few practices to address some principles.

We focusing on the devices (edge).

74
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Secure remote update/maintenance of device.

75
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Secure remote update/maintenance of device.

76
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Analize risks due to environment in which device operates.
● Implement anti-tampering measures on the device.
● Avoid storing sensitive data in removable memory.
● Securely store credentials on the device.
● Deactivation of device: ensure elimination of sensitive data.

● Secure communication with device.

● Secure remote update/maintenance of device.

77
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Secure remote update/maintenance of device.

78
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Continuously monitor device.
● Operate device connectivity.
● Operate device credentials.
● Connect device conciously.

● Secure remote update/maintenance of device.

79
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Continuously monitor device.
● Operate device connectivity.
● Operate device credentials.
● Connect device conciously.

● Secure remote update/maintenance of device.

80
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security: Select device identity.

● Secure remote update/maintenance of device.

81
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Select device identity.

● Secure remote update/maintenance of device.

82
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security: Select device identity.
● Inmutable value intrinsic to device (not of communication module).

● Secure remote update/maintenance of device.

83
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Continuously monitor device.
● Operate device connectivity.
● Operate device credentials.
● Connect device conciously.

● Secure remote update/maintenance of device.

84
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Continuously monitor device.
● Supervise, .e.g. from IoT plat., that device behaves as expected.
● Implies a model of behaviour.

● Secure remote update/maintenance of device.

85
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Continuously monitor device.
● Operate device connectivity.
● Operate device credentials.
● Connect device conciously.

● Secure remote update/maintenance of device.

86
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Operate device connectivity.
● Enable & disable device connections to different networks.
● Enable & disable channels, e.g. a whole LTE network.
● Limit traffic volume accepted from device.

● Secure remote update/maintenance of device.

87
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Continuously monitor device.
● Operate device connectivity.
● Operate device credentials.
● Connect device conciously.

● Secure remote update/maintenance of device.

88
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Operate device credentials.
● Temporarily disable authentication of a compromised device.
● Revoke device credentials.
● Assign new authentication token.

● Secure remote update/maintenance of device.

89
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Configure device security.
● Continuously monitor device.
● Operate device connectivity.
● Operate device credentials.
● Connect device conciously.

● Secure remote update/maintenance of device.

90
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Connect device conciously.
● Does a device need to be connected permanently?
● Check number&time that comm. interfaces & ports are enabl/opened.
● Disable interfaces & ports (e.g. debugging) that are not useful.
● Inform users about the usefulness of interfaces & ports.
● Allow the user to disable comm. interfaces & ports when not needed.

● Secure remote update/maintenance of device.

91
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Secure remote update/maintenance of device.

92
 4. IoT security rationale

4.3. IoT security rationale - Some practices

● Secure physical device.

● Secure communication with device.
● Secure remote update/maintenance of device.
● Securely update devices' app, SO & firmware.
● Have a secure communication channel to notify the update.
● Provide a secure channel to download the update.
● Include a mechanism to check the integrity of the update package.

93
 References
[Hinarejos’a] Xisca Hinarejos, “Integration and connectivity of IoT systems”, slides for
master course 11769-Integration and connectivity of IoT systems, of MUSI, University of the
Balearic Islands. Available online on the course web page. 2021
[Hinarejos’b] Xisca Hinarejos, “Security at the Transport Layer TLS”, slides for master
course 11769-Integration and connectivity of IoT systems, MUSI, University of the Balearic
Islands. Available online on the course web page. 2021
[Oblancarte] Oscar Blancarte, “Que es Service-oriented architecture (SOA)”,
http://www.oscarblancarteblog.com, 2014.
[Zou’13] Honbo Zhou, “The Internet of Things in the Cloud”, CRC Press, Taylor & Francis
Group, Boca Ratón, 2013.
[Puri] Sumith Puri, “SOAP Web Services - CXF/JiBX [JAX-WS]”, 2016, https://dzone.com/
[Rondon] Bladimir Rondon, “Oauth 2 0, concepto y como funciona”, 2019,
https://youtu.be/pMLcAjE5Cso
[JavaB’19] Java Brains. What is JWT authorization really about - Java Brains.
https://youtu.be/soGRyl9ztjI
[WebDevS’19] Web Dev Simplified. What Is JWT and Why Should You Use JWT.
https://youtu.be/7Q17ubqLfaM
[Reink’16] Johann Reink. Understanding OAuth2.
http://www.bubblecode.net/en/2016/01/22/understanding-oauth2
94
Integrated Manufacturing Systems
Mateu Jover, Manuel Barranco

MEIN, UIB

Security in IoT

Dpto. de Ciències Matemàtiques i Informàtica

Escuela Politécnica Superior
Universitat de les Illes Balears