Enhancing IoT Security and Privacy with Distributed ...

Enhancing IoT Security and Privacy with Distributed Ledgers Paul Fremantle[1], Benjamin Aziz[1], Tom Kirkham[2] [1]School of Computing, University of Portsmouth {paul.fremantle, benjamin.aziz}@port.ac.uk, [2] Science and Technology Facilities Council [email protected]

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

One Minute Overview Problem: The Internet of Things is insecure

Distributed Ledgers provide shared governance New Transaction

Entered into Block

Ledgers are updated

Consensus

Next Block

Mirai

Le d g er

Le d g er

Le d g er

Le d g er

Le d g er

620+Gbps attack

Typical IoT devices are too small to run consensus algorithms

Intel SGX enclave! !

!

Open Source code

Blockchain! processor! ! ! ! ! !

Interaction with Blockchain

Pythia API!

Attestation

Devices are tied to vendors, No heterogeneous interop, No shared governance

IoT! Devic e!

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

We propose a new model called Pythia that enables IoT devices to trust Dist Ledgers

Challenges for IoT Security and Privacy •  October 2016 Mirai Botnet

–  100,000 devices compromised –  620Gbps DDOS attack –  In reality there are millions of compromisable devices (Checkpoint study 2014) –  Mirai was based on a dictionary attack and weak passwords

•  Also attacks on cars, houses, medical devices, etc

–  A survey of secure middleware for the Internet of Things, Fremantle and Scott, PeerJ, accepted for publication

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

IoT security and privacy •  Updates are difficult and there is no economic incentive for manufacturers •  Lack of clear ownership and registration models •  Poor identity models •  Leakage of data and metadata •  Use of IoT devices as attack vectors

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

The real challenge

IoT is not heterogeneous, hence no choices for users Low economic and evolutionary pressures Fitbit Server

Fitbit Chrome Firefox Safari Internet Explorer

Dropbox Google Drive FTP, NAS, etc

HTTP, TLS HTTP/2 UDP, DTLS, FTPS, XMPP, etc

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Distributed Ledger Technologies New Transaction

Entered into Block

Ledgers are updated

Consensus

Next Block

N1

N2

Ledger

Ledger

Nn

Ledger

Ledger

Ledger

Ledger uses a Merkle Tree to ensure that each record guarantees all previous records to create an immutable chain Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Consensus algorithms •  Bitcoin: Proof of Work –  Miners perform hashing, competing to be the first to finalise the block, with a reward –  The longest chain becomes the master –  No requirement to know or trust the other participants –  Expensive, low transaction rate, slow to come to consensus –  Proven to be resilient at global scale Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Alternative consensus models •  Arbitrary participants –  Proof of storage •  Calculations based on stored data

–  Proof of stake •  Based on ownership of existing coins

•  Known participants –  Byzantine Failure Tolerant algorithms –  E.g. Paxos Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

What can DLT do for IoT •  Three main concepts –  Distributed Ledger

•  A single, agreed source of truth

–  Cryptocurrency

•  Economic models to create value for security and privacy

–  Smart Contracts

•  Flexible transaction models that allow new transactions to be scripted

•  An environment where there can be trust, privacy and effective contracts between parties without reliance on a single vendor. Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Three Tier Privacy Model Spierkermann and Cranor

User Sphere: Fully in control of user e.g. Laptop

Joint Sphere:

Recipient Sphere:

Appears to be in user control e.g. GMail

Fully in control of Data recipient

Spiekermann, Sarah, and Lorrie Faith Cranor. "Engineering privacy." IEEE Transactions on software engineering 35.1 (2009): 67-82. Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Approaches / Use cases

Consent Contracts Consent Logs Data Revocation Contracts Policies Policy enforcement contracts

Identity Ownership Registration Updates

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Three tier privacy model for IoT

User Sphere: Device Identity Device Ownership and Registration Device Updates

Joint Sphere: Consent Management Policies

Recipient Sphere: Consent Tracking Policy Enforcement Data Revocation

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Typical IoT footprints

ESP8266 – 32bit controller, 1Mb program, 80k RAM ~ $2 each

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Uh oh •  How does an IoT system participate and trust in a DLT? –  Full participation is expensive

•  Bitcoin database >80Gb •  512MB of RAM, 1Ghz CPU minimum

–  Simple Payment Verification (SPV) smaller but still beyond IoT devices –  Fundamentally, consensus algorithms are beyond the CPU, network, power and memory of IoT Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Oracles •  In blockchains, an Oracle is a system that truthfully informs the blockchain about events outside the ledger Zhang, F., Cecchetti, E., Croman, K., Juels, A., and Shi, E. (2016). Town crier: An authenticated data feed for smart contracts. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 270–282. ACM.

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Pythia

Lycurgus Consulting the Pythia (1835/1845), Delacroix

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

New concept - Pythia •  We define a Pythia as the “inverse” of an Oracle •  Informs the outside world truthfully about the distributed ledger –  In our case, the IoT device needs to be able to interact with the ledger: •  Without participating in consensus directly •  With trust

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Intel SGX extensions •  Provide a secure enclave –  Compare with Sandbox

•  The code within the enclave is protected from the rest of the system •  Remote attestation can guarantee the codebase running is a known codebase

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Pythia ! !

Blockchain! processor! ! ! ! !

–  Without the IoT needing to participate in consensus Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Pythia API! Interaction with Blockchain

!

IoT! Device!

Open Source code

Intel SGX enclave!

Attestation

•  A proposed model to allow IoT devices to trust DLTs •  An attested proxy for the ledger •  The Pythia truthfully informs the world (IoT) about the ledger

OAuthing •  Previous work on IoT privacy and security: –  Secure device registration –  Pseudonymous Data Sharing –  Personal IoT middleware –  But without DLT (so far)

•  OAuthing + DLT + Pythia:

–  Shared governance and an approach based on smart contracts

Fremantle, P. and Aziz, B. (2016): OAuthing: privacy-enhancing federation for the Internet of Things, 2nd International Conference on the Cloudification of the Internet of Things

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Related Work •  Tindall, K. (2015)

–  Bitcoin payments for IoT updates

•  Christidis and Devetsikiotis (2016)

–  Discuss IoT and Blockchains, but not specifically privacy and security

•  Proof of Luck

–  Milutinovic et al. (2016) provide an alternative consensus model based on SGX enclaves

•  Frey et al (2016)

–  Have demonstrated trust in Bitcoin on a mobile phone

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Conclusions and further work •  Position paper: still plenty of work to do •  This is a serious issue:

–  How does the IoT trust the Blockchain without significant overhead?

•  Pythia is one potential approach •  Need to validate:

–  Blockchain running within SGX (128Mb limitation) –  Remote attestation costs on IoT devices –  SGX challenges

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Contributions •  A model for reasoning about how blockchains can improve privacy and security in IoT •  A set of approaches for improving security and privacy of IoT with blockchains •  A proposed architecture (Pythia) for creating distributed trust in a blockchain on low- power devices. Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham

Thank you & Questions

Enhancing IoT Privacy and Security with Distributed Ledgers, Fremantle, Aziz, Kirkham