Iden%ty  &  Security  In  AllJoyn  14.06  

Tim  Kellogg  Saturday,  July  19  2014  

hAps://github.com/tkellogg/alljoyn-­‐examples    hAps://github.com/tkellogg/alljoyn-­‐core/tree/master/alljoyn_core/src    hAp://www.slideshare.net/kellogh/security-­‐iden%ty-­‐in-­‐alljoyn-­‐1406    

Embedded  Security  

Mitsubishi  EMI  Incident  (2003)  •  Brakes  disabled  when  given  1000-­‐10000x  legal  levels  of  EMI  radia%on  

•  Car  thinks  brakes  are  locked,  so  it  releases  •  All  within  limits  required  by  law  

Slammer  Worm  (2003)  •  Nuclear  plant  safety  monitoring  disabled  for  5  hours  

•  “The  business  value  of  access  to  the  data  within  the  control  center  worth  the  risk  of  open  connec%ons  between  the  control  center  and  the  corporate  network”  

•  Unpatched  MSSQL  Server  

Hello,  my  name  is  Bruce  Schneier  and  I  think  routers  are  super  duper  easy  to  hack,  mostly  because  you  nerds  never  

patch  the  so`ware  

hAps://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html  

University  of  Washington  Study  (2010)  “We  demonstrate  that  an  aAacker  who  is  able  to  infiltrate  virtually  any  Electronic  Control  Unit  (ECU)  can  leverage  this  ability  to  completely  circumvent  a  broad  array  of  safety-­‐cri%cal  

systems”  hAp://www.autosec.org/pubs/cars-­‐

oakland2010.pdf    

Hey,  check  it  out!  I  made  my  own  

encryp%on  algorithm  

Embedded  Needs  “Rails”  •  So`ware  Updates  •  Security  &  Iden%ty  •  Communica%on  •  Media  Streaming  •  User  Interfaces  

Distributed  Bus  

Distributed  Bus  

Security  

Auth  Listeners  •  ALLJOYN_RSA_KEYX  –  X.509  cer%ficates  •  ALLJOYN_SRP_KEYX  –  Show  Random  PIN  •  ALLJOYN_SRP_LOGON  –  preset  U/P  table  •  ALLJOYN_ECDHE_NULL  •  ALLJOYN_ECDHE_PSK    •  ALLJOYN_ECDHE_ECDSA  –  DSA  

ALLJOYN_RSA_KEYX  •  RSA  =  Asymmetric  key  encryp%on  •  X.509  cer%ficates  – Trusted  Cer%ficate  Authority  

SRP_KEYX  &  SRP_LOGON  •  Threshold  Cryptography  •  No  trust  required  to  establish  a  secure  connec%on  

•  LOGON  =  Username  &  Password  •  KEYX  =  A  PIN  is  displayed  

ALLJOYN_SRP_KEYX  

ECDHE  •  Ellip%c  Curve  (EC)  Cryptography  •  DHE  =  Diffie-­‐Hellman  key  Exchange  – Symmetric  key  encryp%on  

ALLJOYN_ECDHE_NULL  •  Ellip%c  Curve  Encryp%on  •  No  verifica%on  of  iden%ty  

ALLJOYN_ECDHE_PSK  •  PSK  =  Pre-­‐Shared  Key  •  Service  already  has  the  client’s  public  key  •  A  password  may  also  be  used  

ALLJOYN_ECDHE_ECDSA  •  ECDSA  –  Ellip%c  Curve  Digital  Signature  Algorithm  

•  Cer%ficate  shows  iden%ty  

Ques%ons?    @kellogh      

Prac%cal  Internet  of  Things