Presentedby: For:

©ETSI2018

22.10.2018

The security challenge in IoT

ScottCadzow,forSTF547ChallengingIoTSecurity&PrivacyWorkshop

�1

©ETSI2018

What is IoT and why is IoT

security a concern?

�2

©ETSI2018

IoT,Security,Standards

TherearelotsofIoTstandards

Therearelotsofsecuritystandards

IoTstandardsandsecuritystandardshavelotsofoverlap

Therearelots,andineverincreasingnumbers,ofguidestobestpracticeinIoTsecurity

…but…

ItisdifficulttoassertthatIoTissecureandprivacypreservingsimplyfromlookingatstandards

�3

!4

THISISABIGANDCOMPLEXTOPIC

©ETSI2018

Securityrelatestosafety,andmanyenhanceprivacy

Securityenablessafety

Butonlyindirectly.Failsafeandfailsecurearebothgoals.Sosystemsneedtobedesignedtofailwithoutraisingrisk.Someoftheriskanalysistoolsusedinsafetydoapplytosecurityanalysis.

Securityenablesprivacy

Securitydoesnotgiveaguaranteeofprivacybutmayenhanceit

Encryptionandaccesscontrol(includingkeymanagement)reinforcesomeaspectsofprivacy

�5

©ETSI2018

TheCIAparadigmextendedwithEP

Confidentiality

EnsuringdatapassedfromAlicetoBobcannotbeseenbyEve

Integrity

EnsuringthatdatacreatedbyAliceandgiventoBobcannothavebeenmodifiedbyEvewithoutBobbeingawareofit

Availability

MakingsurethatAliceisAliceandthatifonlyAliceismeanttoaccesssomethingthatonlyAliceisallowedtoaccessit

Ethics

Ensuringwhatyoudoisright,bringingtheruleto“donoharm”tomachines

Privacy

Ensuringyourdata,behaviour,location,relationshipsarevisibleandsharedonlywiththoseyou’veconsentedtoseethemorwhohavealegalrighttoseethem

�6

!7

©ETSI2018

Security technology

helps to build bridges

�8

©ETSI2018

Whydoweneedbridges?

Applicationscrossdarkchasmsofdanger-attackers,badcode,badconfiguration,badactors…

Bridgesintheformoffullsecurityallowdevicestoconnectandtostayclearofthesedangers

�9

!10

©ETSI2018

Thebridgesweneed

IntheformofCIAmeasures

Identitymanagement-semanticandabsolute

Authenticationofidentityandrole

Accesscontrol

Integritycontrol

Confidentiality(ifyoufallintothechasmmakesurenothinggetsrevealed)

�11

©ETSI2018 �12

The“certification”bridge

ChallengeistobeabletoshowthattheproductorserviceissecureSecurity assurance - assert, prove, validate, document

Security certification - proof is in the document

Ifacertificateexistswhatisitsform?This is also the subject of much debate but suggestions are that it has to be modifiable - reflecting security protection is an ongoing process

DesignforcertificationisthefirststepBuilds on the “design for assurance” work from ETSI

Extends the role of Common Criteria and the cPP

©ETSI2018

Design for certification

From developing ENISA report investigating standards gap for secure IoT

Principle is that IoT device/service certification is market access requirement

Certificate cites standards (consider the Radio Equipment Directive (RED) as an example where there is a Declaration of Conformity (DoC) associated to each device that cites which harmonised standards comply for the equipment)

Equivalence to harmonised standard for security features – which claim, which test/verification method, which dependencies …

Every element of the CIA paradigm has to be addressed by every device/service

How to achieve conformance – self declaration, 3rd party assessment …

�13

©ETSI2018

Summary and message to take away

�14

©ETSI2018

Keymessage

Securitystandardsareincompleteifthereisnoproductassurancefromthem(attestation-proof-verification-certification)

SecurityinIoTiscritical-therearegoingtobebillionsofdevicesandanyoneofthemmaybethesourceofanattack

Thinkingabouthowtoprovesecurityintheproductiswelldoneisvital

Designforassurance-securityclaim,securityproof,validation

Designforcertification-extendassurancetofulldocumentaryevidence

�15

©ETSI2018

That’s all folks

�16