Timothy Claeys
PhD (in English), December 2019
Thursday 19 December 2019
The rapid expansion of the IoT has unleashed a tidal wave of cheap Internet-connected hardware. Formany of these products, security was merely an afterthought. Due to their advanced sensing and actuating functionalities, poorly-secured IoT devices endanger the privacy and safety of their users.
While the IoT contains hardware with varying capabilities, in this work, we primarily focus on the constrainedIoT. The restrictions on energy, computational power, and memory limit not only the processingcapabilities of the devices but also their capacity to protect their data and users from attacks. To secure the IoT, we need several building blocks. We structure them in a bottom-up fashion where each block providessecurity services to the next one.
The first cornerstone of the secure IoT relies on hardware-enforced mechanisms. Various security features, such as secure boot, remote attestation, and over-the-air updates, rely heavily on its support. Since hardware security is often expensive and cannot be applied to legacy systems, we alternatively discuss software-only attestation. It provides a trust anchor to remote systems that lack hardware support. In the setting of remote attestation, device identification is paramount. Hence, we dedicated a part of this work to the study of physical device identifiers and their reliability.
The IoT hardware also frequently provides support for the second building block: cryptography. It is used abundantly by all the other security mechanisms, and recently much research has focussed on lightweight cryptographic algorithms. We studied the performance of the recent lightweight cryptographic algorithms on constrained hardware.
A third core element for the security of the IoT is the capacity of its networking stack to protect the communications. We demonstrate that several optimization techniques expose vulnerabilities. For example,we show how to set up a covert channel by exploiting the tolerance of the Bluetooth LE protocol towardsthe naturally occurring clock drift. It is also possible to mount a denial-of-service attack that leverages the expensive network join phase. As a defense, we designed an algorithm that almost completely alleviates the overhead of network joining.
The last building block we consider is security architectures for the IoT. They guide the secure integration of the IoT with the traditional Internet. We studied the IETF proposal concerning the constrainedauthentication and authorization framework, and we propose two adaptations that aim to improve its security.
Finally, the deployment of the IETF architecture heavily depends on the security of the underlying communication protocols. In the future, the IoT will mainly use the object security paradigm to secure data in flight. However, until these protocols are widely supported, many IoT products will rely on traditional security protocols, i.e., TLS and DTLS. For this reason, we conducted a performance study of the most critical part of the protocols: the handshake phase. We conclude that while the DTLS handshake uses fewer packets to establish the shared secret, TLS outperforms DTLS in lossy networks.