5. Internet of Threats
§ A baby monitoring in Texas, USA
§ The newly-crowned Miss Teen USA
§ A botnet of over 100,000 hijacked everyday
consumer devices
§ Delivery of incorrect dosages of insulin,
§ Printers catching on fire
5
7. Attacks on SCADA and M2M
§ Theft of water (Gignac Canal System in France)
§ Release of raw sewage, Maroochy Shire Sewage
plant in Australia)
§ Interference with a Landsat-7 earth observation
satellite
§ Computer viruses infecting the ground-control
systems of the Predator and Reaper remotely
piloted aircraft
7
8. What are the solutions
§ Secure configuration of the devices and OS
§ Secure network communication
§ Secure storage
§ Physical security
§ Hack-proof security is unrealistic
• Need for intrusion detection and response
§ Defence-in-depth approach
• Several complementary security mechanisms
• Context-aware security and broken-glass policies
8
9. TLS/DTLS/eDTLS
§ TLS – Transport Layer Security
• The most widely deployed security protocol
• Uses TCP: requires reliable, in-order packet delivery
§ DTLS – Datagram Transport Layer Security
• Uses UDP: works with unreliable, out-of-order packet
delivery used in constrained platforms and networks
• No multi-record stream cyphers
§ eDTLS on small embedded platforms
• Reduced state-machine code size, data overhead,
compressed handshake protocol
• More keying flexibility: Pre-shared, raw public/private,
X.509 certificate
9
10. Where are the problems
§ Network layer security is the easy part
§ Security provisioning and management is difficult
• Constrained user interface
• Amount of devices
• Untrained users
§ Higher security means higher initial cost,
complexity, power
• However, data or life loss might be more expensive
10
17. Data recorded by automobile
manufacturers
§ BMW, Chrysler, Ford,
General Motors, Honda,
Hyundai, Jaguar Land
Rover, Mazda, Mercedes-
Benz, Mitsubishi, Nissan,
Porsche, Subaru, Toyota,
Volkswagen, and Volvo
§ Aston Martin, Lamborghini,
and Tesla did not respond
17
20. Data recorded by automobile
manufacturers
§ Physical location recorded at regular
intervals;
§ Previous destinations entered into
navigation system;
§ Last location parked.
§ Potential crash events, such as sudden
changes in speed;
§ Status of steering angle, brake
application, seat belt use, and air bag
deployment;
§ Fault/error codes in electronic systems.
§ Vehicle speed;
§ Direction/heading of travel;
§ Distances and times traveled;
§ Average fuel economy/
consumption;
§ Status of power windows, doors,
and locks;
§ Tire pressure;
§ Fuel level;
§ Engine RPM;
§ Odometer reading;
§ Mileage since last oil change;
§ Battery health;
§ Coolant temperature;
§ Engine status;
§ Exterior temperature and
pressure.
20
23. How to protect customers
from the Internet of Threats?
§ Market design
• Ask at the Business track of the school
§ Legislation
23
24. Example of Legislation: Security
and Privacy in Your (SPY) Car Act (2015)
§ Vehicle owners to be made aware of what data is
being collected, transmitted and shared
§ To be offered the chance to opt out of data
collection without losing access to key navigation
or other features where feasible
§ Requiring an easy method for consumers to
evaluate how well an automaker goes beyond the
minimums defined in the proposed law
24
25. § Market design
• Ask at the Business track of the school
§ Legislation
§ Secure design
• Technology
• Usability of configuration
• Easy understanding of implications
25
How to protect customers
from the Internet of Threats?
28. Proposed solution: CPR
• Originator defines content description (attributes), not
confidentiality markings
• Content attributes determine
– Protection requirements
• How the content is to be processed and stored
– Release conditions
• To whom it can be released
28
{PROTECTION
REQUIREMENTS}
{RELEASE
CONDITIONS}
Terminal
attributes
User
attributes
ACCESS
REQUEST
D
D
+
RELEASE
DECISION
CPRESS
29. NATO Object Level Protection:
Content-based Protection and Release
29
33. BobAlice
pk
CA
sk
pk
sk
Public-Key Encryption Schemes
§ Different keys for encryption and decryption
• The encryption key is made public
• The decryption key is kept secret
§ Any user can generate keys.
§ Relies on authenticated distribution mechanism
for public keys.
33
35. BobAlice
Key
Distribution
Female
MSc
Management
Male
Medical
Trainee
Female
˅
Trainee
Attribute-Based Encryption
Schemes
§ Extension of IBE where users can be assigned
various attributes
• Users receive private keys corresponding to their attributes.
• Ciphertexts are linked with a predicate on the attributes.
• Decryption ciphertext possible by a user if and only if the linked
predicate evaluates to TRUE on its user attributes.
35
36. § Predicate Encryption (PE)
• Also incorporates schemes that support predicate
hiding.
§ Functional Encryption (FE)
• Also incorporates schemes where the outcome of a
decryption is a non-trivial function of the involved
message, predicate and key.
§ Relationship: 𝑃𝐾𝐸⊂ 𝐼𝐵𝐸⊂ 𝐴𝐵𝐸⊂ 𝑃𝐸⊂ 𝐹𝐸.
Other Related Encryption
Schemes
9/4/15 36NATO UNCLASSIFIED RELEASABLE TO PFP
37. Hybrid Encryption with ABE
§ Concept
• Encrypt plaintext with symmetric encryption scheme.
• Encrypt symmetric key using ABE.
§ Motivation
• The overhead of using ABE is relative to the size of
the data it encrypts.
• Symmetric keys tend to be much smaller than the
plaintext to be encrypted.
• Limited overhead when using symmetric encryption.
• This significantly reduces the overhead of using ABE
relative to the plaintext to be encrypted.
37
38. Definition Attribute-Based
Encryption
§ Let 𝑃: 𝐾× 𝐼→{0,1} be a PT predicate.
§ ABE consists of four PPT algorithms:
Ø ( 𝑝𝑘, 𝑚𝑠𝑘)← 𝑆𝑒𝑡𝑢𝑝(1↑𝜆 )
Ø 𝑠𝑘← 𝐾𝑒𝑦𝐺𝑒𝑛( 𝑚𝑠𝑘, 𝒌)
Ø 𝑐← 𝐸𝑛𝑐𝑟𝑦𝑝𝑡( 𝑝𝑘, (𝒊𝒏𝒅, 𝑚))
Ø 𝑦← 𝐷𝑒𝑐𝑟𝑦𝑝𝑡(𝑠𝑘, 𝑐)
where 𝑘∈ 𝐾 and 𝑖𝑛𝑑∈ 𝐼 and
Ø 𝑦={█■𝑚 if 𝑃( 𝑘, 𝑖𝑛𝑑)=1⊥ if 𝑃(𝑘, 𝑖𝑛𝑑)=0
38
39. Key Policy
§ The key space 𝐾 consists of 𝑛-variable Boolean
formulas 𝜙.
§ Elements 𝑖𝑛𝑑= 𝑧=( 𝑧↓1 , 𝑧↓2 ,⋯, 𝑧↓𝑛 ) from the index
space 𝐼∈{0,1}↑𝑛 are interpreted as
representations of 𝑛 Boolean values.
§ 𝑃(𝜙, 𝑧)={█■1 if 𝜙(𝑧)=1 0 otherwise
39
40. Ciphertext Policy
§ The key space 𝐾={0,1}↑𝑛 consists of
representations 𝑘= 𝑧=( 𝑧↓1 , 𝑧↓2 ,⋯, 𝑧↓𝑛 ) of 𝑛
Boolean values.
§ Elements 𝑖𝑛𝑑= 𝜙 from the index space 𝐼 are
𝑛-variable Boolean formulas.
§ 𝑃(𝑧, 𝜙)={█■1 if 𝜙(𝑧)=1 0 otherwise
40
41. Challenger Adversary
(Setup)
(Query
Phase
1)
(Challenge
set
selection)
(Plaintext
submission)
(Query
Phase
2)
(Guess)
(Challenge
response)
public
parameters
key
queries
attribute
set
S
not
accepted
by
queried
keys
challenge
messages
m0,
m1
Encrypt(pk,(S,m0))
or
Encrypt(pk,(S,m1))
queries
for
keys
with
policy
not
accepting
S
m0
or
m1
Full Security
§ Security defined by the following game:
41 41
42. Challenger Adversary
(Setup)
(Query
Phase
1)
(Challenge
set
selection)
(Plaintext
submission)
(Query
Phase
2)
(Guess)
(Challenge
response)
public
parameters
attribute
set
S
challenge
messages
m0,
m1
Encrypt(pk,(S,m0))
or
Encrypt(pk,(S,m1))
queries
for
keys
with
policy
not
accepting
S
m0
or
m1
queries
for
keys
with
policy
not
accepting
S
Selective Security
§ Security defined by the following game:
4242
43. Selective Security Limitations
§ Can only use policies that accept the challenge
attribute set.
§ Can only use attributes in the challenge attribute
set.
• This in particular makes selective security unsuitable
for ABE schemes that need to support both positive
and negative attributes.
§ Therefore, we mainly focus on fully secure
schemes.
43
44. § Attribute assignments are Boolean.
• E.g., a person may get assigned the attribute
“member”, “not a member” or no attribute related to
membership at all.
§ Relatively efficient inequality comparisons
involving static integers are however possible.
• Uses attributes corresponding to bit representations.
• E.g., 6 encodes as the set {“1∗∗”, “∗1∗”, “∗∗0”}.
• E.g, 𝑎 < 5 encodes as “0∗∗” ∨ (“∗0∗” ∧ “∗∗0”).
Inequalities in Policies
9/4/15 44NATO UNCLASSIFIED RELEASABLE TO PFP
47. § Provide protection
of information in an
environment where both
communication
and data storage
infrastructure are
controlled by a third
party
§ Support all standard
information exchange
scenarios
CPR cryptographic access control:
Infrastructure
47
48. CPR Example: Information
sharing for Passive Missile Defence
48
NATO Desktop located
in Class I areaNATO employee with
NATO Secret clearance
NATO contractor with
NATO Restr. clearance
NATO
laptop
Red Cross worker Unknown
terminal
Full view
Partial view
Public information
only
CPR