Security Framework for the Web of IoT Platforms

Connected devices of IoT platforms are known to produce, process and exchange vast amounts of data, most of it sensitive or personal, that need to be protected. However, achieving minimal data protection requirements such as confidentiality, integrity, availability and non-repudiation in IoT platforms is a non-trivial issue. For one reason, the trillions of interacting devices provide larger attack surfaces. Secondly, high levels of personal and private data sharing in this ubiquitous and heterogeneous environment require more stringent protection. Additionally, whilst interoperability fuels innovation through cross-platform data flow, data ownership is a concern. This calls for categorizing data and providing different levels of access control to users known as global and local scopes. These issues present new and unique security considerations in IoT products and services that need to be addressed to enable wide adoption of the IoT paradigm. This thesis presents a security and privacy framework for the Web of IoT platforms that addresses end-to-end security and privacy needs of the platforms. It categorizes platforms’ resources into different levels of security requirements and provides appropriate access control mechanisms

Towards 5G Zero Trusted Air Interface Architecture

5G is destined to be supporting large deployment of Industrial IoT (IIoT) with the characteristics of ultra-high densification and low latency. 5G utilizes a more intelligent architecture, with Radio Access Networks (RANs) no longer constrained by base station proximity or proprietary infrastructure. The 3rd Generation Partnership Project (3GPP) covers telecommunication technologies including RAN, core transport networks and service capabilities. Open RAN Alliance (O-RAN) aims to define implementation and deployment architectures, focusing on open-source interfaces and functional units to further reduce the cost and complexity. O-RAN based 5G networks could use components from different hardware and software vendors, promoting vendor diversity, interchangeability and 5G supply chain resiliency. Both 3GPP and O-RAN 5G have to manage the security and privacy challenges that arose from the deployment. Many existing research studies have addressed the threats and vulnerabilities within each system. 5G also has the overwhelming challenges in compliance with privacy regulations and requirements which mandate the user identifiable information need to be protected. In this paper, we look into the 3GPP and O-RAN 5G security and privacy designs and the identified threats and vulnerabilities. We also discuss how to extend the Zero Trust Model to provide advanced protection over 5G air interfaces and network components

Securing Communication Channels in IoT using an Android Smart Phone

In today's world, smart devices are a necessity to have, and represent an essential tool for performing daily activities. With this comes the need to secure the communication between the IoT devices in the consumer's home, to prevent attacks that may jeopardize the confidentiality and integrity of communication between the IoT devices. The life cycle of a a simple device includes a series of stages that the device undergoes: from construction and production to decommissioning. In this thesis, the Manufacturing, Bootstrapping and Factory Reset parts of IoT device's life cycle are considered, focusing on security. For example, the Controller of user's home network (e.g., user's smart phone) should bootstrap the ``right'' IoT device and the IoT device should bootstrap with the ``right'' Controller. The security is based on device credentials, such as the device certificate during the bootstrapping process, and the operational credentials that are provisioned to the IoT device from the Controller during the bootstrapping. The goal of this thesis is to achieve easy-to-use and secure procedure for setting up the IoT device into a home network, and for controlling that IoT device from an Android mobile phone (Controller). The objectives are: (1) explore the different aspects of using a smartphone as a Controller device to securely manage the life cycle of a simple device; (2) propose a system design for securely managing the life cycle of a simple device from a Controller compliant with existing standards, (e.g. Lightweight Machine to Machine (LwM2M) is an industrial standard used to manage and control industrial IoT Devices); (3) implement a proof of concept based on the system design; (4) provide a user-friendly interface for a better experience for the user by using popular bootsrapping methods such as QR code scanning; (5) discuss the choices regarding securing credentials and managing data, and achieve a good balance between usability and security during the bootstrapping process. In order to achieve those goals, the state-of-art technologies for IoT device management were studied. Then an Android application that uses LwM2M standard in consumer's home setting was specified, designed and implemented. The Android application is wrapped in a smooth user interface that allows the user a good experience when attempting to connect and control the target IoT device

Network Access Control: Disruptive Technology?

Network Access Control (NAC) implements policy-based access control to the trusted network. It regulates entry to the network by the use of health verifiers and policy control points to mitigate the introduction of malicious software. However the current versions of NAC may not be the universal remedy to endpoint security that many vendors tout. Many organizations that are evaluating the technology, but that have not yet deployed a solution, believe that NAC presents an opportunity for severe disruption of their networks. A cursory examination of the technologies used and how they are deployed in the network appears to support this argument. The addition of NAC components can make the network architecture even more complex and subject to failure. However, one recent survey of organizations that have deployed a NAC solution indicates that the \u27common wisdom\u27 about NAC may not be correct

Network Access Control Based on Endpoint Integrity - Industry Standards and Commercial Implementations

Tietoturva on keskeinen osa nykyaikaista verkkosuunnittelua. Perinteisesti tietoturvaa on pyritty parantamaan käyttämällä mm. verkkojen segmentointia, palomuureja sekä erilaisia IDS/IPS-järjestelmiä. Ongelma nykypäivän organisaatioissa on yhä enemmän ja enemmän liikkuvat käyttäjät. Kannettavat tietokoneet ovat syrjäyttäneet perinteiset pöytätietokoneet, mikä tuo uusia riskejä tietoturvanäkökulmasta sillä laitteet liikkuvat suojatun yritysverkon ulkopuolelle. Käyttävät kytkevät laitteita julkiseen verkkoon lentokentällä, kahviloissa sekä hotellien aulassa. Julkisissa verkoissa koneet altistuvat helpommin hyökkäyksille. Mikäli laitteen tietoturva-asetukset eivät ole ajan tasalla tai esimerkiksi palomuuri on kytketty pois päältä, laite saattaa saada tartunnan. Siinä vaiheessa kun saastunut kone kytketään takaisin yrityksen sisäverkkoon, tartunta saattaa levitä koko verkon laajuisesti. Päätelaitteen eheyteen pohjautuva verkon pääsynvalvonta on joukko mekanismeja, joiden avulla päätelaitten tietoturva-asetukset voidaan pakottaa määritettyjen tietoturvakäytäntöjen mukaisiksi. Laitteen muodostaessa yhteyden verkkoon sille tehdään tietyt tarkistukset, joiden pohjalta päätetään sallitaanko laitteen pääsy verkkoon. Laitteet, jotka eivät vastaa tietoturvakäytäntöjä, voidaan eristää erilliseen karanteeniverkkoon, jossa laitteiden asetukset voidaan palauttaa käytäntöjen mukaisiksi esimerkiksi asentamalla uusimmat virustunnisteet.Network security is an essential part of designing today's corporate networks. Traditionally security threats have been addressed by using network segmentation, firewalls, intrusion detection systems and so forth. However, most of the networks are still vulnerable to attacks coming from inside the internal network. Users in enterprise environments are becoming increasingly mobile when desktop computers are changing to portable computers and handheld devices. From a security perspective this poses new threats. The devices are moved outside the secure corporate network and connected to insecure networks in airports, hotels, caf es, etc. Their security software that defends from malicious users might not be up to date which may expose the device to infection. When the device is connected back to the corporate environment, the whole network might become under threat. Network Access Control based on Endpoint Integrity is a set of mechanisms to enforce security policies for network devices. The idea is that network access is granted only after certain compliance checks have been passed. Non-compliant endpoints can be denied access or they can be isolated into a dedicated network segment where they can be remediated. Remediation is the process where a non-compliant node is made compliant by applying necessary changes into configurations, installing the latest virus signatures, etc

Holistic security 4.0

The future computer climate will represent an ever more aligned world of integrating technologies, affecting consumer, business and industry sectors. The vision was first outlined in the Industry 4.0 conception. The elements which comprise smart systems or embedded devices have been investigated to determine the technological climate. The emerging technologies revolve around core concepts, and specifically in this project, the uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything (IoE). The application of bare metal and logical technology qualities are put under the microscope to provide an effective blue print of the technological field. The systems and governance surrounding smart systems are also examined. Such an approach helps to explain the beneficial or negative elements of smart devices. Consequently, this ensures a comprehensive review of standards, laws, policy and guidance to enable security and cybersecurity of the 4.0 systems

Trust and integrity in distributed systems

In the last decades, we have witnessed an exploding growth of the Internet. The massive adoption of distributed systems on the Internet allows users to offload their computing intensive work to remote servers, e.g. cloud. In this context, distributed systems are pervasively used in a number of difference scenarios, such as web-based services that receive and process data, cloud nodes where company data and processes are executed, and softwarised networks that process packets. In these systems, all the computing entities need to trust each other and co-operate in order to work properly. While the communication channels can be well protected by protocols like TLS or IPsec, the problem lies in the expected behaviour of the remote computing platforms, because they are not under the direct control of end users and do not offer any guarantee that they will behave as agreed. For example, the remote party may use non-legitimate services for its own convenience (e.g. illegally storing received data and routed packets), or the remote system may misbehave due to an attack (e.g. changing deployed services). This is especially important because most of these computing entities need to expose interfaces towards the Internet, which makes them easier to be attacked. Hence, software-based security solutions alone are insufficient to deal with the current scenario of distributed systems. They must be coupled with stronger means such as hardware-assisted protection. In order to allow the nodes in distributed system to trust each other, their integrity must be presented and assessed to predict their behaviour. The remote attestation technique of trusted computing was proposed to specifically deal with the integrity issue of remote entities, e.g. whether the platform is compromised with bootkit attacks or cracked kernel and services. This technique relies on a hardware chip called Trusted Platform Module (TPM), which is available in most business class laptops, desktops and servers. The TPM plays as the hardware root of trust, which provides a special set of capabilities that allows a physical platform to present its integrity state. With a TPM equipped in the motherboard, the remote attestation is the procedure that a physical node provides hardware-based proof of the software components loaded in this platform, which can be evaluated by other entities to conclude its integrity state. Thanks to the hardware TPM, the remote attestation procedure is resistant to software attacks. However, even though the availability of this chip is high, its actual usage is low. The major reason is that trusted computing has very little flexibility, since its goal is to provide strong integrity guarantees. For instance, remote attestation result is positive if and only if the software components loaded in the platform are expected and loaded in a specific order, which limits its applicability in real-world scenarios. For such reasons, this technique is especially hard to be applied on software services running in application layer, that are loaded in random order and constantly updated. Because of this, current remote attestation techniques provide incomplete solution. They only focus on the boot phase of physical platforms but not on the services, not to mention the services running in virtual instances. This work first proposes a new remote attestation framework with the capability of presenting and evaluating the integrity state not only of the boot phase of physical platforms but also of software services at load time, e.g. whether the software is legitimate or not. The framework allows users to know and understand the integrity state of the whole life cycle of the services they are interacting with, thus the users can make informed decision whether to send their data or trust the received results. Second, based on the remote attestation framework this thesis proposes a method to bind the identity of secure channel endpoint to a specific physical platform and its integrity state. Secure channels are extensively adopted in distributed systems to protect data transmitted from one platform to another. However, they do not convey any information about the integrity state of the platform or the service that generates and receives this data, which leaves ample space for various attacks. With the binding of the secure channel endpoint and the hardware TPM, users are protected from relay attacks (with hardware-based identity) and malicious or cracked platform and software (with remote attestation). Third, with the help of the remote attestation framework, this thesis introduces a new method to include the integrity state of software services running in virtual containers in the evidence generated by the hardware TPM. This solution is especially important for softwarised network environments. Softwarised network was proposed to provide dynamic and flexible network deployment which is an ever complex task nowadays. Its main idea is to switch hardware appliances to softwarised network functions running inside virtual instances, that are full-fledged computational systems and accessible from the Internet, thus their integrity is at stake. Unfortunately, currently remote attestation work is not able to provide hardware-based integrity evidence for software services running inside virtual instances, because the direct link between the internal of virtual instances and hardware root of trust is missing. With the solution proposed in this thesis, the integrity state of the softwarised network functions running in virtual containers can be presented and evaluated with hardware-based evidence, implying the integrity of the whole softwarised network. The proposed remote attestation framework, trusted channel and trusted softwarised network are implemented in separate working prototypes. Their performance was evaluated and proved to be excellent, allowing them to be applied in real-world scenarios. Moreover, the implementation also exposes various APIs to simplify future integration with different management platforms, such as OpenStack and OpenMANO

A Concept for a Trustworthy Integration of Smartphones in Business Environments

Smartphones are commonly used within business environments nowadays. They provide sophisticated communicational means which go far beyond simple telephone capabilities. Email access and particular apps on the device are examples of their versatile abilities. While these features allow them to be used in a very flexible way, e.g. in different infrastructures, they impose new threats to their surrounding infrastructure. For example, if used in an environment which allows the installation of custom apps, malicious software may be placed on the device. In order to mitigate these threats, a detailed awareness combined with the possibility to enforce certain constraints on such devices need to be established. In detail, it is necessary to include such devices into a decision making process which decides about the policy compliance of such devices. The policy used in this process defines the rules which apply to the particular infrastructure, e.g. if custom apps are allowed or if a specific software version may not be allowed. However, even when relying on this process, there is one limitation as it does not include a trust-based evaluation. This leads to the problem that a malicious smartphone might compromise the information used for the decision making process which should determine the policy compliance of this device. This renders the overall approach ineffective as the decision wether a device is policy compliant or not may be false. Given that, the thesis presented here provides means to evaluate the trustworthiness of such information to allow a trustworthy decision making about the policy compliance. It therefore introduces two things: (1) a generic trust model for such environments and (2) a domain-specific extension called Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS). The trust model (1) allows to specify, to calculate and to evaluate trust for the information used by the decision making process. More in detail, the trust founding process of (1) is done by introducing so-called security properties which allow to rate the trustworthiness of certain aspects. The trust model does not limit these aspects to a particular type. That is, device-specific aspects like the number of installed apps or the current version of the operating system may be used as well as device independent aspects like communicational parameters. The security properties defined in (1) are then used to calculate an overall trust level, which provides an evaluable representation of trust for the information used by the decision making process. The domain-specific extension (2) uses the trust model and provides a deployable trust-aware decision making solution for smartphone environments. The resulting system, TCADS, allows not only to consider trust within the decisions about the policy compliance but also enables to base the decisions solely on the trust itself. Besides the theoretical specification of the trust model (1) and the domain-specific extension (2), a proof of concept implementation is given. This implementation leverages both, the abilities of the generic trust model (1) as well as the abilities of the TCADS system (2), thus providing a deployable set of programs. Using this proof of concept implementation, an assessment shows the benefits of the proposed concept and its practical relevance. A conclusion and an outlook to future work extending this approach is given at the end of this thesis.Smartphones sind in heutigen Unternehmensnetzen mittlerweile nicht mehr wegzudenken. Über einfache Telefonie-basierte Fähigkeiten hinaus bieten sie Eigenschaften wie zum Beispiel Email-Zugriff oder hohe Anpassbarkeit auf Basis von Apps. Obwohl diese Funktionalitäten eine vielseitige Nutzung solcher Smartphones erlauben, stellen sie gleichzeitig eine neuartige Bedrohung für die umgebende Infrastruktur dar. Erlaubt eine spezifische Umgebung beispielsweise die Installation von eigenen Apps auf dem Smartphone, so ist es über diesen Weg möglich, Schadprogramme auf dem Gerät zu platzieren. Um diesen Bedrohungen entgegenzuwirken, ist es zum einen nötig Smartphones in der jeweiligen Umgebung zu erkennen und zum anderen, Richtlinien auf den jeweiligen Geräten durchsetzen zu können. Die durchzusetzenden Richtlinien legen fest, welche Einschränkungen für die jeweilige Umgebung gelten, z.B. die Erlaubnis zur Installation von eigenen Apps oder die Benutzung einer bestimmten Softwareversion. Aber auch wenn eine entsprechende Lösung zur Einbeziehung von Smartphones in die Infrastruktur verwendet wird, bleibt ein Problem ungelöst: die Betrachtung der Vertrauenswürdigkeit von durch das Smartphone bereitgestellten Informationen. Diese Einschränkung führt zu dem Problem, dass ein entsprechend kompromittiertes Smartphone die Informationen, welche zur Entscheidungsfindung über die Richtlinienkonformität des Gerätes verwendet werden, in einer Art und Weise ändert, welche den gesamten Entscheidungsprozess ineffizient und somit wirkungslos macht. Die hier vorliegende Arbeit stellt daher einen neuen Ansatz vor um einen vertrauenswürdigen Entscheidungsprozess zur Regelkonformität des Gerätes zu ermöglichen. Im Detail werden dazu zwei Ansätze vorgestellt: (1) Ein generisches Modell für Vertrauensürdigkeit sowie eine (2) domänenspezifische Abbildung dieses Modells, welches als Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS) bezeichnet wird. Das Modell für Vertrauenswürdigkeit (1) erlaubt die Definition, Berechnung und Auswertung von Vetrauenswürdigkeit für Informationen welche im Entscheidungsprozess verwendet werden. Im Detail basiert die Vertrauenswürdigkeitsbestimmung auf Grundfaktoren für Vertrauen, den sogenannten Sicherheitseigenschaften. Diese Eigenschaften bewerten die Vertrauenswürdigkeit anhand von bestimmten Aspekten die entweder gerätespezifisch und Geräteunabhängig sein können. Basierend auf dieser Bewertung wird dann eine Gesamtvertrauenswürdigkeit, der sogenannte Trust Level berechnet. Dieser Trust Level erlaubt die Berücksichtigung der Vertrauenswürdigkeit bei der Entscheidungsfindung. Teil (2) der Lösung stellt, basierend auf dem Modell der Vertrauenswürdigkeit, ein System zur vertrauensbasierten Entscheidungsfindung in Smartphone Umgebungen bereit. Mit diesem System, TCADS, ist es nicht nur möglich, Entscheidungen auf ihre Korrektheit bezüglich der Vertrauenswürdigkeit zu prüfen, sondern auch Entscheidungen komplett auf Basis der Vertrauenswürdigkeit zu fällen. Neben dem allgemeingültigen Modell (1) und dem daraus resultierenden domänenspezifischen System (2), stellt die Arbeit außerdem einen Tragfähigkeitsnachweis in Form einer Referenzimplementierung bereit. Diese Implementierung nutzt sowohl Fähigkeiten des Modells der Vertrauenswürdigkeit (1) als auch des TCADS Systems (2) und stellt ein nutzbares Set von Programmen bereit. Eine Evaluierung basierend auf diesem Tragfähigkeitsnachweis zeigt die Vorteile und die Praktikabilität der vorgestellten Ansätze. Abschließend findet sich eine Zusammenfassung der Arbeit sowie ein Ausblick auf weiterführende Fragestellungen

EAP-TPM Αυθεντικοποίηση Χρηστών σε Ασύρματα Δίκτυα Πρόσβασης

Στην σημερινή εποχή πληθώρα συσκευών είναι συνδεδεμένες σε ασύρματα δίκτυα τόσο ιδιωτικά όσο και δημόσια. Η αυθεντικοποίηση τους στο δίκτυο αποτελεί μία διαδικασία στην οποία θα πρέπει να επεμβαίνει ο χρήστης ώστε να εισάγει τα διαπιστευτήρια του. Σκοπός της παρούσας εργασίας είναι η παρουσίαση μιας εναλλακτικής μεθόδου αυθεντικοποίησης στα ασύρματα δίκτυα μέσω του Trusted Platform Module (TPM). Βασική ιδέα ήταν η δημιουργία ενός μηχανισμού αυθεντικοποίησης παρόμοιου με αυτόν των δικτύων τηλεφωνίας. Σε ένα τηλεφωνικό δίκτυο και κατ’επέκταση σε ένα 5G δίκτυο, η αυθεντικοποίηση των χρηστών γίνεται μέσω διαπιστευτηρίων που είναι αποθηκευμένα στην κάρτα SIM των συσκευών, χωρίς να απαιτείται ο χρήστης να παρέχει επιπλέον στοιχεία για να συνδεθεί στο δίκτυο. Το ίδιο λοιπόν θα μπορούσε να εφαρμοστεί και σε περιπτώσεις σύνδεσης χρηστών σε ένα WiFi δίκτυο μέσω της χρήσης του TPM, το οποίο βρίσκεται πλέον ενσωματωμένο στις περισσότερες φορητές συσκευές (laptops, κινητα) και μπορεί να δημιουργεί αλλά και να αποθηκεύει πιστοποιητικά ασφαλείας. Βασιζόμενοι σε προηγούμενες έρευνες για την υλοποίηση μιας παραλλαγής του πρωτοκόλλου EAP-TLS, που ονομάστηκε EAP-TPM, προσπαθήσαμε να μελετήσουμε την υλοποίηση αυτού τον τρόπο αυθεντικοποίησης. Δημιουργήσαμε λοιπόν ένα δοκιμαστικό περιβάλλον αποτελούμενο από ένα ασύρματο σημείο πρόσβασης, έναν FreeRADIUS server και έναν client, ο οποίος έχει ενσωματωμένο TPM, και μελετήσαμε τον τρόπο δημιουργίας πιστοποιητικών ασφαλείας, τα οποία θα αποθηκεύονται στο TPM. Στην συνέχεια μελετήσαμε την παραμετροποίηση του TPM για να μπορεί να υποστηρίξει αυθεντικοποίηση μέσω του πρωτοκόλλου EAP-TLS, ώστε ο client να μπορεί να αυθεντικοποιείται μέσω των αποθηκευμένων σε αυτό πιστοποιητικών. Τέλος, παρουσιάζονται η οικονομική αξία των ασύρματων δικτύων πρόσβασης, όπως προκύπτει από έρευνες, τα πλεονεκτήματα που απορρέουν από την χρήση τους, το κόστος εγκατάστασης τους αλλα και τα βασικότερα κριτήρια επιλογής αυτών των δικτύων.Nowadays, many devices are connected to wireless networks, both private and public. Their authentication on the network is a process in which the user must intervene in order to enter his credentials. The purpose of this paper is to present an alternative authentication method for wireless networks through the Trusted Platform Module (TPM). The basic idea was to create an authentication mechanism similar to that of telephone networks. In a telephone network and consequently in a 5G network, user authentication is done through credentials stored on the SIM card of the devices, without requiring the user to provide additional information to connect to the network. The same could be applied in cases of users connecting to a wireless network through the use of TPM, which is now integrated in most mobile devices (laptops, mobile phones) and can create and store security certificates. Based on previous research to implement a variant of the EAP-TLS protocol, called EAP-TPM, we have tried to implement this authentication method. So we created a test environment consisting of a wireless access point, a FreeRADIUS server and a client, which has a built-in TPM, and we studied how to create security certificates, which will be stored in the TPM. Then we studied the TPM configuration to be able to support authentication via the EAP-TLS protocol, so that the client can authenticate via the certificates stored in it. Finally, the economic value of wireless access networks is presented, as shown by research, the advantages resulting from their use, their installation costs and the most basic selection criteria of these networks