General Wireless Security

Go To Last Post
16 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Greetings -

 

This is somewhat of a cross-post from a message I dropped into InternetOfThings>>General Security Discussions but which seems not to raised much interest there.

 

Lets say that I have a wireless gateway and a bunch of sensors out on proprietary wireless links (maybe LoRa, maybe something else LONG range). No attempt to behave as a tcp/ip link, it just transfers data (maybe on request from the gateway, maybe not). There will be some sort of security at the gateway. Certainly the usual tcp/ip stuff, including firewall.

 

But, what is the current thinking about security on past the gateway? 

 

One metric is certainly the cost of an intrusion or hack. In this case, it would be  lost data. But, no real-time decisions will be made based on this data. It will simply be the loss of someone's research time and money. What if someone spoofs a real sensor and injects bogus data into the system. Again, annoyance! It would be worse if someone simply steals a sensor - then you would loose data and the sensor. What if someone intercepts the data? Ho hum? Temperature data is sure going to do someone a lot of good and earn them big money, right? Well, it might not be temperature, but it will be something of similar importance. 

 

With all this frantic hand wringing about not paying attention to IoT security, I hope that someone can provide some insight into what really is important and useful in these low-value, low(er) tech IoT devices as far as security is concerned. Mine will be Mega/Tiny AVRs so, at most, minimal encryption might be possible, but I sincerely question the cost compared to the potential loss.

 

A second scenario is where a farmer uses the information from such sensors, perhaps to control how much water is applied to a crop. Now, we have a value associated with the data. AND, the data needs to be both timely and reliable. The venue is not likely to be one with a high risk of wireless intrusion (think fields with center pivot irrigation). Theft is, again, a more likely risk. It would seem that the cost/benefit equation is a little different, here. The data is of little use to anyone else; what is more important is its timely delivery to the end user. Someone might be able to hack into the system and alter sensor settings, but the only reasons I could think for doing it would be malicious mischief or wanting to see if it could be done. However, a potato field in Idaho or a corn field in Nebraska would not seem to be highly attractive targets. How far would YOU go and what would YOU do (as far as security) in such a system.

 

Any thoughts or suggestions?

Thanks

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

If you're a farmer, hacking your neighbour's irrigation sensors could adversely affect his crop yield, reducing supply, and increasing demand, thereby raising prices.  I suppose there are agricultural regulatory bodies which moderate pricing, and this would be a weak strategy for any nefarious hacker-farmer.  I suppose there are easier ways to make a buck.

 

If you're talking temperature and soil humidity sensors, they're not going to require a particularly high bandwidth.  Encryption on an AVR or similarly low-resource device would be entirely possible, and quite simple to implement.  Think 'remote keyless vehicle entry'.  Have a look at AVR411: Secure Rolling Code Algorithm for Wireless Link:

http://www.atmel.com/products/microcontrollers/avr/default.aspx?tab=documents&Asset_Type=020%20Application%20Note

 

I expect a sensor net would likely be mesh-based, so perhaps a bit more challenging to implement.

"Experience is what enables you to recognise a mistake the second time you make it."

"Good judgement comes from experience.  Experience comes from bad judgement."

"Wisdom is always wont to arrive late, and to be a little approximate on first possession."

"When you hear hoofbeats, think horses, not unicorns."

"Fast.  Cheap.  Good.  Pick two."

"We see a lot of arses on handlebars around here." - [J Ekdahl]

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks, I talke a look at that app note. 

 

Still interested in how others might address this particular issue. We get hammered, over and over, about reports of things like hacking into vehicles and toasters and PLCs that control pipelines and power grids. Clearly, some of these carry a pretty high economic stake and represent attractive targets for those bent on mayhem. I am just trying to sort out, in my mind, what the value of security is for lower value things and how far others would go (or have gone) to protect them, especially in cases where simple device theft would seem to be higher potential economic loss.

 

Thanks, everyone.

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

Last Edited: Mon. Nov 23, 2015 - 05:44 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

There's also the opportunity cost. If you've spent an amount of time setting up the sensors and expect to harvest useful data, then having that interfered with is a tangible cost.
If you can tolerate a payload of 8 bytes or greater, then you can encrypt/decrypt using DES. With 16 bytes or greater, you can use AES128. It costs a couple of k of code and 1ms of cpu time approx. You would have fixed keys. That will stop all but the very determined hacker grabbing or faking your data.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks for the insight. Those are the sorts of metrics that I don't know anything about.

 

One second thought, following Kartman's logic, there is also the cost of unmet expectations. For a commercial product, that can be a big one.

 

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

ka7ehk wrote:
... maybe LoRa ...
Appears the Network Server and each MCU do the crypto.

ka7ehk wrote:
Mine will be Mega/Tiny AVRs so, at most, minimal encryption might be possible, ...
From a run through the Atmel MCU selector on hardware crypto it's XMEGA A, AU, B, 384C3; a follow on is to Cortex-M0+ SAM L.  Code in ASF.

fyi, Atmel recently released (10/2015) the CryptoAuthLib for Atmel crypto-authenticators (storage of keys and certificates, high quality random number generator, etc.) that seems to match recent availability in quantity of the ATECC508A and use of it in the new Arduino Wi-Fi shield.

CryptoAuthLib is for SAM D though there is a "Porting Guide" section.

P.S.

ka7ehk wrote:
Now, we have a value associated with the data.
Information is data with meaning.

First is the data; data's value to the beholder.


https://www.lora-alliance.org/What-Is-LoRa/Technology

Atmel Corporation

CryptoAuthLib

http://www.atmel.com/tools/cryptoauthlib.aspx

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Kartman wrote:
You would have fixed keys.
I see your point.

It's been stated that a US DBS data stream was intercepted due to non-fixed keys becoming unsecure (cracked subscriber cards); stated that may have been more secure to use keys in ROM on the cards along with a secure boot.

We in the US are well behind Europe in use of Smart cards.

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Good points. Thanks.

 

Appreciate the additional info about encryption. I am thinking of an XMega for the task but was looking at D. Will have to give more thought about using one with hardware encryption.

 

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Here's a more direct link to the app note AVR411.

 

http://www.atmel.com/images/atme...

If you don't know my whole story, keep your mouth shut.

If you know my whole story, you're an accomplice. Keep your mouth shut. 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I was able to find it  previously. Thanks, anyway!

 

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Torby wrote:
Here's a more direct link to the app note AVR411.

http://www.atmel.com/images/atme...

I've taken to linking to the full list of app notes lately, since it allows the reader to easily find all of the other app notes available, as well as the .zip file associated with the desired app note.

"Experience is what enables you to recognise a mistake the second time you make it."

"Good judgement comes from experience.  Experience comes from bad judgement."

"Wisdom is always wont to arrive late, and to be a little approximate on first possession."

"When you hear hoofbeats, think horses, not unicorns."

"Fast.  Cheap.  Good.  Pick two."

"We see a lot of arses on handlebars around here." - [J Ekdahl]

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ah. I'm always loosing the related zip file.

 

After reading through half the list, I'd forgotten what I was looking for.

If you don't know my whole story, keep your mouth shut.

If you know my whole story, you're an accomplice. Keep your mouth shut. 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Kartman wrote:
You would have fixed keys.
There are advantages to having a key rotation process though storage of keys is a concern.

Enhance system security with better data-at-rest encryption

by (Green Hills Software, CTO)

March 24, 2012

http://www.embedded.com/design/safety-and-security/4369714/3/Enhance-system-security-with-better-data-at-rest-encryption (page 3 of 4)

...

Remote key provisioning

...

Key escrow

...

Data-at-rest is also in :

Security framework for IoT devices

by (President and cofounder of Icon Labs, a leading provider of security solutions for embedded devices.)

December 01, 2015

http://www.embedded.com/design/safety-and-security/4440943/Security-framework-for-IoT-devices

Would need more than an AVR to implement what's in that article though some functions could be on an AVR.


 

Embedded Systems Design, April 2012

March 19, 2012

http://www.embedded.com/electronics-blogs/embedded-systems-design-magazine-archive/4238291/Embedded-Systems-Design--April-2012

(To locate an article copy the article's title into the "Search" field then press enter)

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

ka7ehk wrote:
But, what is the current thinking about security on past the gateway?
fyi, can generate certificates yourself; this may be more linked to the key escrow activity and the server and gateway functions.

There is SSL or TLS on MCUs.

PolarSSL in ASF for UC3 (did not re-browse ASF).

But, TLS is heavy for small MCUs; likely better for such is crypto at the application level.


Linux Foundation

Let’s Encrypt May Improve Security for Regular People More Than Any Other Initiative This Decade

by Jim Zemlin

December 4, 2015 - 7:27pm

http://www.linuxfoundation.org/news-media/blogs/browse/2015/12/let-s-encrypt-may-improve-security-regular-people-more-any-other

...

But the reality is that everyone should be able to access information without others listening in.

...

It allows website owners to obtain SSL certifications through a free and simple process that takes no longer than a few minutes to complete.

...

The public beta is a critical milestone, in that website administrators no longer need to pay for certificates or deal with the hassles of renewal and manual updates.

...

Edit : Quotes.

"Dare to be naïve." - Buckminster Fuller

Last Edited: Sat. Dec 5, 2015 - 01:27 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

However, a potato field in Idaho or a corn field in Nebraska would not seem to be highly attractive targets

It may sound preposterous, but there is a certain class of criminal who could benefit from simply intercepting raw data from the fields and pastures... Rustlers. In Southern Florida we have such problems, with Cattle rustlers and... Vegetable rustlers. Really. I don't mean the neighborhood kids who steal watermelons from your garden. I mean organized criminal enterprises.

 

Currently, rustlers have to drive around the countryside to locate targets. This often draws the attention of the locals, who are invariably tight knit communities where everyone knows everybody else's family, friends, business and what brand of beer they favor. It is therefore rather risky.

 

If rustlers could just plant eavesdropping devices in strategic locations, they could reduce their exposure tremendously. A lot of information can be deduced from seemingly un-important data.

 

For example, after harvesting corn, cattle are often turned out into the field to graze on the stubble. If I, as a cattle rustler, can simply wait in a secure location until a significant, rapid change in the soil moisture of Farmer Browns remote corn field, I could deduce that soon the field will be full of cattle, and my 2 AM trip to the field will likely turn a tidy profit.

 

Not that I am a cattle rustler... though I have in the past enjoyed a lot of watermelons.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Good point, Mike. That argues for at least obscured data, if not some kind of encryption. Point well taken.

 

If that sort of "rustling" is prevalent, over-the-air encryption could be a good selling point, also.

 

Thanks

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

Last Edited: Sat. Dec 5, 2015 - 06:10 PM