cybersecurity and service stations · • using norms and standards • penetration testing •...

© COPYRIGHT COESSI 2017

CYBERSECURITY AND SERVICE STATIONS

1

Hocine AMEUR and Simon Elrharbi

[email protected] [email protected]


AGENDA

2

1. WHO WE ARE

2. IoT and Security

3. Connected service stations security

4. How to improve IoT security

5. Secure Elements for IoT


WHO WE ARE

3

2010 15 20

2013 25%

2014 2 14

2017

CoESSI

was foundedCollaborators

Active

clients

Recognized as a Young

Innovative CompanyOf the sales are

invested in R&D

Consultants

& Engineers

Sites Paris

& Nantes

A N R

Project

FUI

Project

© COPYRIGHT COESSI 2017 4

▪ Risk assessment,

▪ management

▪ cyber-security evaluation

▪ Security auditing

▪ penetration testing

▪ intrusion detection

▪ Developing penetration

testing tools

▪ Compliance testing

▪ Standard and norm

development

▪ Security-by-design

▪ privacy-by-design

EIS (Enterprise

Information System)IoT (ZigBee, SigFox…) ICS (PLC…)

WHO WE ARE: COESSI CORE ACTIVITY


System

DescriptionRisk

Assessment

result

Smart Grid Security

WHO WE ARE: RISK ASSESSMENT PROJECTS


▪ Penetration testing methodology

development

▪ Penetration testing tools development

▪ Mobile Apps

▪ Wireless communication in IoT (IEEE 802.15.4, 6LowPAN, Z-Wave) using SDR

▪ Communication APIs▪ ICS/SCADA networks▪ CAN bus networks (cars, boats…)▪ Hardware (JTAG/UART exploitation, binary

exploitation)▪ Networks protocol stack fuzzing

6

WHO WE ARE: PENETRATION TESTING PROJECTS


IOT AND SECURITY: IOT INFRASTRUCTURE

Sensors/Actuators

(Edge)

Concentrators

Gateways

(Gateway)

Cloud (Storage,

analytics...)

IoT communication

network (ZigBee, Z-Wave,

EnOcean, PLC, CAN,

MODBUS...)

Cellular/Core

network

(Cloud)

Mobile App

(Mobile)

Enterprise

Information System

• Surveillance, Retail, Transportation, Financial service, etc

Application

• Data flow management, Security control, Configuration, etc.

Management service

• Radio comm. modules, Access Point, SIM, etc

Gateway and Network

• Network activity, Wi-Fi, Ethernet, RFID, Sensors & Actuators

Sensors connectivity and network


Sensors/Actuators

(Edge)

Concentrators

Gateways

(Gateway)

Cloud (Storage,

analytics...)

IoT communication

network (ZigBee, Z-Wave,

EnOcean, PLC, CAN,

MODBUS...)

(Cloud)

Mobile App

(Mobile)

Enterprise

Information System

- Hardware

- Firmware

- Wireless media

- Internet facing services

- Cloud infrastructure

- Mobile Apps

- Communication API

Cellular/Core

network

IOT AND SECURITY: IOT ATTACK SURFACE


Cloud

Wireless LAN

WAN

Remote

management /

monitoring

Tank Gauge

Pressure sensor… Payment TerminalLAN (Wired, Wireless)

Payment, Control…

Displays

- Network segregation

- Securing network traffic

- Requiring authentication

- Isolating guests network

- Securing wireless communication

- SCADA network segregation

- Requiring authentication- Hardware security

▪ Cloud interface security

▪ Cloud data security

▪ Communications APIs security

- Mobile app security

- Securing web interfaces/apps

- Communication APIs security

ATM


Wireless LAN

WAN

LAN (Wired, Wireless)

Payment, Control…

ATM

10

Cloud

Remote

management /

monitoring

Tank Gauge

Pressure sensor…

Displays

Payment Terminal

CONNECTED SERVICE STATION SECURITY


HOW ATTACKS CAN BE PERFORMED

SDR hardware

Hardware attacks

11


ATTACK SCENARIOS

12

• Taking advantage of vulnerable remote display protocols (eg. downgrade

attack)

• Taking advantage of the patch management policy (firmware updated in

such a manner that open an attack vector)

• Taking advantage of an insecure key management policy

• Extracting credentials and hardcoded passwords from the connected objects

• Man in the middle attacks

• SQL injection, XSS, CSRF, Command injection

• Denial of service, Jamming

• Buffer overflow on services

• Web HMI vulnerabilities


WHAT CAN BE DONE

• Bringing control/distribution to a standstill.

• Changing pump names (eg: unleaded to diesel)

• Changing pumping volume (putting the volume as full when it is empty)

• Data leakage, block access to data

13


THREAT ACTORS

“Cyber Attacks Statistics – HACKMAGEDDON.” [Online]. Available: http://www.hackmageddon.com/category/security/cyber-attacks-statistics/.

14


IOT SECURITY INCIDENTS

Mirai botnet Cold in Finland2.5 million IoT devices infected by

Mirai botnet in Q4 2016:McAfee

15

IoT reaper

2 million IoT devices in only one

month


HOW TO IMPROVE IOT SECURITY

16

• Risk assessment • Identifying critical elements (Impact x likelihood)• Using norms and standards

• Penetration testing• Evaluating the security level• Identifying vulnérabilities

Risk assessment

Penetration testing(OS, Application, Network, Hardware)

Identifying

critical threats

Updating the

likelihood of

threats

Identifying

the context

Identifying the

feared events

Identifying

threats

Identifying risksPropose

countermeasures


KEY MANAGEMENT

Low power devices High power devices

• Asymmetric cryptography (RSA,

Elliptic Curves),

• Standard protocols (IPsec, TLS…)

• Manufacturing ; Device is ready to

use, possibly headless installation,

what about expiring certificates in

stored devices?

• When first installing the device,

needs access to a registration

authority

• What if the network is unavailable?

• Symmetric cryptography only

(AES, ChaCha20…) using either

AEAD or MAC for authentication

• Bad strategy : randomly generated

and stored

• Good strategy : diversification,

using KDF(device_id, key_version,

master_key)


PATCH MANAGEMENT BEST PRACTICES

• Know your dependencies

• Do watch for new vulnerabilities

• Need to have a dedicated, accelerated, validation procedure for security fixes

• Work upfront to lower the need to ship fixes, embark minimal, hardened programs. No one needs OpenSSL in a thermometer!

• Prefer LTS branches

• Audit the software and the configuration

• Do impact analysis on new vulnerabilities to assess exposure


SECURE ELEMENTS FOR IOT

• Security issues from:• Communication

• Storage (secrets)

• Integrity

• It is time for the IoT industry to consider securing connected devices with Secure Elements, like Mobile Phones, Bank Cards, Identity Cards, and Hardware Authentication Tokens have been for many years.

• Secure Element as firewall:• Identity (Certificate) + Security (associated Private key)

• Tamper resistance + secure communications + storage

19


ABOUT SECURE ELEMENTS

• 10 billion of SE has been shipped in 2017, for SIM modules, bank cards, ePassport, PKI tokens.

• A Secure Element (SE) is a tamper resistant microcontroller whose security is enforced by multiple HW and logical countermeasures:

• Specific reg. (EventRegister) logs abnormal operating conditions (V, CLK, T°)• Bus & Memories encrypted• Sensor mesh against the physical intrusions• Countermeasures against attacks DPA, etc

• Certification according to the Common Criteria (CC, ISO 15408) standards with proven National Scheme and with Evaluation Assurance level (EAL)

• Multiple standards (ISO 7816, 14443, ETSI, etc.) and consortium group (GP, NFC Forum, EMVCo) have defined the interface (physical, electrical and communication protocol) and through which secure transaction are negotiated between the outside world and the Secure Elements and finally defining a process for application selection.

20


SE WITH DIFFERENT FORM FACTORS FOR MULTIPLE DEVICES

• The client of a service (stored in the SE) is identified and not the terminal

• Mobiles and devices are equipped with SE running the TLS stack

• Strong mutual authentication based on TLS

21

or

User SE

holderNFC – ISO 14443

Terminal

• Smart Phone - OS Android

• Tablette - OS Android

• PC

• NFC wearable Device

Authorization

Server

SE

ISO 7816

Proxy App

1

3

2


THE CLOUD OF SECURE ELEMENT PLATFORM

• 2 trusted services• https

• Auth the client through the certificate

• On the server side, a simple phpscript handles the strong Mutual Authentication between the NFC card and the remote server

• RACS HSM: PKCS#15 device are hosted in a RACS HSM server,

• possibility to login with the Certificate and PW with the electronic signature operation

22


USE CASE WITH SE AND IOT

• NFC trusted services• IoT device is managed remotely by the

operator.• Selected authorized resources have direct

device access through a mobile phone with an identity module (optionally imbedded in a secure element for added security, such as preventing the tampering/cloning of embedded apps).

•

•

23


SMART CITY & NFC

• Internet of Things but also Internet of People

• Smart city concepts based on Information + ICT infrastructure deployment that aims to enhance, among other things, efficiency of mobility and economy.

•

•

• NFC is also a major contributor technology for promotion of IoT

• Emergence of new digital banking technologies

• Cless smart card, NFC devices, NFC HCE, etc.)

• Deliver real-time value transfer capabilities without jeopardizing trust and security

• NFC interoperability communication issues, still ongoing concern

24


SKILLS WE CAN BRING

25

• Risk assessment and risk management in a cyber-security context• Technical cyber-security evaluation of developed solutions• Security-by-design and privacy-by-design specification and

implementation• Technical and methodological expertise on cyber-security (IoT, Smart-*,

SCADA)• Standard and norm development• Compliance testing and evaluation regarding existing/developed standards• Developing tools and methods for security auditing, penetration testing

and intrusion detection• Security controls and policy enforcement tools development• Security modeling (Attack trees, threat modeling)


SKILLS WE CAN BRING

26

• Security issues:• SE based Infrastructure for securing on-line payment, remote access,

cloud storage, IoT.

• TLS stacks that are embedded in SE to enable strong mutual authentication based on certificates and asymmetric keys

• NFC interoperability communication issues, • NFC Low level + Transmission protocol

• Remote power supply, loading effect, data transmission quality, etc

• Still ongoing concern and need to take actions to improve the actual situation

• Not only managing but solving (as far as possible) the NFC communication issues

cybersecurity and service stations · • using norms and standards • penetration testing •...

Documents