Post on 28-Jan-2018
Franklin Heath Ltd
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath @heathcr
Mobile360 – Privacy & Security 24 May 2017
© Franklin Heath Ltd c b CC BY 4.0
What Security Do You Need From Low-Power Wide-Area Networks?
24 May 2017 2
Why do You Need to Know?
How do You Work it Out?
What Features do You Need?
Which LPWANs Suit You?
White Paper: LPWA Technology Security Comparison
franklinheath.co.uk/blog/
© Franklin Heath Ltd c b CC BY 4.0
Why do You Need to Know?
24 May 2017 3
Low-Power WANs provide benefits for the Internet of Things: low BoM cost (← lower device complexity ?) extended coverage (← lower data rates ?) long battery life (← lower data throughput ?)
Security features usually have costs, such as: more device complexity (→ higher BoM cost ?) higher data rates (→ reduced coverage ?) higher data throughput (→ reduced battery life ?)
Trade-offs have to be managed
© Franklin Heath Ltd c b CC BY 4.0
How do You Work it Out?
24 May 2017 4
You know your use case Who / what are the threats? Why?
Consider the relevant risks: S poofing T ampering R epudiation I nformation Disclosure D enial of Service E levation of Privilege
© Franklin Heath Ltd c b CC BY 4.0
Example Use Case: Utility Metering
24 May 2017 5
Example threats: Utility customer: wants to cheat to reduce their bills? Burglar: wants to know when the property is unoccupied?
STRIDE (and resilience) risks: Spoofing (e.g. customer replaces device) Tampering (e.g. customer changes the readings sent) Information Disclosure (e.g. burglar sees when readings are low) Resilience (e.g. blackmail threat of disabling many meters)
(e.g. OTA update required for inaccessible meters)
© Franklin Heath Ltd c b CC BY 4.0
What Features do You Need?
24 May 2017 6
Spoofing Tampering Repudiation Information Disclosure
Denial of Service
Elevation of Privilege
Resilience
Confidentiality 4 / 4
Integrity 1 / 3 2 / 3 1 / 3
Availability 1 / 1 1 / 1 1 / 1
Authentication 3 / 3 1 / 3
Authorization 1 / 1
Assurance 2 / 6 1 / 6 6 / 6
Renewability 2 / 2
© Franklin Heath Ltd c b CC BY 4.0
Utility Metering Example: 6 of 20 Features
24 May 2017 7
LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Identity Protection Yes Yes Yes Partial No
Device/Subscriber Authentication
Subscriber (opt. Device)
Subscriber (opt. Device)
Subscriber (opt. Device) Either Device
Data Integrity Limited Optional Limited Limited Variable
Updatability (Device) Possible Possible Possible Limited No
Updatability (Keys/Algorithms) Optional Optional Optional Limited No
Class Break Resistance Yes Yes Yes Optional Yes
I S T
© Franklin Heath Ltd c b CC BY 4.0
Other Example Use Cases in our Report
24 May 2017 8
LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Smart Pallet Good Good * Adequate Good Poor
Smart Agriculture Good Good Good Adequate Adequate
Smart Street Lighting Adequate Good * Adequate Adequate * Adequate
Utility Metering Adequate * Good * Adequate * Adequate Poor
Domestic Smoke Detectors Good Good Good Adequate Adequate
Assessments marked * include some features which are optional to the service provider
© Franklin Heath Ltd c b CC BY 4.0
Thank You!
24 May 2017
craig@franklinheath.co.uk
@heathcr @franklinheath
9
© Franklin Heath Ltd c b CC BY 3.0 24 May 2017 10
Backup Slides
© Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (1/5)
24 May 2017 11
Confidentiality LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Identity Protection Yes Yes Yes Partial No
Data Confidentiality Yes Yes Optional Yes No
End-to-Middle Security No No Partial Yes No
Forward Secrecy No No No No No
I I I I
© Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (2/5)
24 May 2017 12
Integrity LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Data Integrity Limited Optional Limited Limited Variable
Control Integrity Yes Yes Optional Yes Unknown
Replay Protection Yes Optional Limited Yes Yes
T S T R
T R D Availability LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox
Reliable Delivery Yes Yes Yes No No
© Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (3/5)
24 May 2017 13
Authentication LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox Globally Unique Identifiers Yes Yes Yes Optional Yes
Device/Subscriber Authentication
Subscriber (opt. Device)
Subscriber (opt. Device)
Subscriber (opt. Device) Either Device
Network Authentication Yes Yes Yes Optional No
Authorisation LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox Critical Infrastructure Class Yes Yes Yes No No
S S S
E
R
© Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (4/5)
24 May 2017 14
Assurance LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox Network Monitoring and Filtering Yes Yes Yes Limited Monitoring
only
Key Provisioning OTA possible
OTA possible
OTA possible
OTA possible Not OTA
Algorithm Negotiation Yes Yes Yes No No
Class Break Resistance Yes Yes Yes Optional Yes
Certified Equipment Required Required Required Optional Required
IP Network Optional Optional Yes No No
D E
D
© Franklin Heath Ltd c b CC BY 4.0
LPWAN Security Features (5/5)
24 May 2017 15
Renewability LTE-M NB-IoT EC-GSM-IoT LoRaWAN Sigfox Updatability (Device) Possible Possible Possible Limited No
Updatability (Keys/Algorithms) Optional Optional Optional Limited No