Protecting the internet of micro-thingscomsec.spb.ru/imctcpa16/03.01.BourgeoisJ.pdf · Protecting...

Protecting the internet of micro-things

Julien BOURGEOIS

Institut FEMTO-ST - UMR CNRS 6174

Univ. Bourgogne Franche-Comté

International scientific school

"Incident management and countering targeted cyber-physical attacks in distributed large-scale

critical systems (IM&CTCPA 2016)"

SPIIRAS, St. Petersburg

31 Oct. - 02 Nov. 2016

Work funded by:ANR/RGC (ANR-12-IS02-0004-01 and 3-ZG1F),ANR (ANR-06-ROBO-0009),ANR (ANR-2011-BS03-005) 1

• University Bourgogne Franche-Comté (UBFC)

• University of Franche-Comté (UFC)

• FEMTO-ST Institute, UMR CNRS

– Collegium Smyle with EPFL

2

Where do I come from?

Montbéliard(Peugeot car home city)

• CMU– Seth Copen Goldstein, Flavio Cruz, Frank Pfenning, Emre Karagozler, Michael Ashley-

Rollman, Brian Kirby

• FEMTO-ST/OMNI– Benoit Piranda, Eugen Dedu, Hakim Mabed, Dominique Dhoutaut, André Naz, Nicolas

Boillot, Hicham Lakhlef, Pierre Thalamy, Haithem Skima

• FEMTO-ST/AS2M– Guillaume Laurent, Nadine Piat, Christophe Varnier, Kamal Medjaher

• FEMTO-ST/MN2S– Jean-François Manceau, Réda Yahiaoui

• LAAS/CNRS– Didier El Baz

• LIMMS/University of Tokyo– Hiroyuki Fujita, Yoshio Mita, Dominique Collard, Manabu Ataka, Julien Malapert

• PolyU– Jiannong Cao, Junbin Liang, Tao Li

3/65

Acknowledgments

Outline

• A definition of IoT

• The Internet of Things at the micro-scale

• Examples of projects

• A complete environment for micro-IoT

• Protecting the micro-IoT

• Conclusion

• Do not expect a presentation on cybersecurity, you will be disappointed!

4/60

• From ubiquitous computing (Weiser, 1991) to internet of things(Ashton, 1999)

• IoT is embedding computing in everyday objects and connect themto the internet (Internet FOR things?)*

• IoT objective is to give computer sensing and actuation capabilities

• IoT begun with a lipstick and a RFID chip

* BBC, May 2015

5/82

A definition of IoT

• Using the internet to interconnect things

• OR

• Using a new network to interconnect things?

• Connecting all things to the internet

+ Standard network architecture

+ access to most computing ressources and humans

– Internet connection is not energy-friendly

– High hacking risk

– No roaming (until IPv6 may be in the next century… )

6/82

IoT or IfT?

• Interconnecting all things using a new network

– Via a dedicated low-energy wireless WAN

• SIGFox nationwide wireless network

• FastPrk in Moscow

– 11,000 sensors for parking places

7/82

IoT or IfT?

• Interconnecting all things using a new network

– Via a direct connection

• 4G Long-Term Evolution (LTE) direct (500m range)

8/82

My bet: Location-based service will be replaced by LTE

IoT or IfT?

9/82

Internet

Low-energyInternet of Things

3G, 4G, 5G networks

Local connexion networks

Things

Things

ThingsCommunication Things ThingsCommunication

Things

Things

Co

m.

Will things still need Internet?

• Internet of Things or Internet for Things?

• Connecting all things to the internet or interconnecting things all together?

• Both are good depending on – The location of the device

• Plugged or not

• Accessible or not (example, parking place sensing)

– The kind of thing• Decent computing power/memory or not

• Mobile or not

– The kind of interroperability• Asynchronous or synchronous

• One way or two ways

10/82

IoT or IfT?

• Partly the same as for MANET…

• …With some new features:

– Can be used as attacking resource

• Friday 10/21/16 Dyn DNS DDoS attack, using Mirai IoT botnet

• Appears to be the work of script kiddies rather than hackers

– Can cause damage in real-world devices

• More psychological impact

• See Philip K. Dick, Ubik, 1969

– If wisely used, peak throughput can be huge

• High number of devices

11/82

Security challenges in IoT

Outline






• Conclusion

12/60

IoT at the micro-scale

• Microtechnology is now a mature technology

• Micro-electro-mechanical Systems (MEMS)

• MEMS can be produced by thousands units

• Applications:

STMicro LIS331DLH

Accelerometers

13/65

Talk from Jamal Deen, yesterday

IoT at the micro-scale



• Applications:

TI

Digital Micromirror Device

14/65

Flow of information

DistributedMEMS

Sensor MEMS

Static topologyDynamictopology

Actuator MEMS


Sensor/ActuatorMEMS


Output only Input only Input/Output

Scalability issue

Distributed Intelligent MEMS 15/65

16/65

Computer science Big DataOptimizationMachine Learning …

NetworkingProtocolAd hoc, P2P, etc.…

Schematic view of software in DiMEMS

Distributed computingIoT, UCSecurity/Privacy/trustSHM/PHM…

Introduction



• Integrating intelligence within the matter

• New challenges:

– Coordination needs distribution paradigm• Communication

• Programming

• Control

– Smooth integration of different technologies

• Scalability up to millions!

– 1 m3 of micro-robots -> internet on your table!

17/65

Internet of things at the micro-scale

18/65

Com ComCom

Smart Surface

Claytronics

IoT

Mic

ro-I

oT

Monolithic intelligent objects Distributed intelligent MEMS objects

Com Com

Com Com

Com Com

J. Bourgeois, S.C. Goldstein, the Internet of micro-things, Keynote at iThings 2011

J. Bourgeois, S.C. Goldstein, Distributed Intelligent MEMS: Progresses and Perspectives. IEEE Systems Journal 9(3): 1057-1068 (2015)

Com Com

Com Com

Com Com

19/65

Smart Surface

Claytronics

Mac

ro Io

TM

icro

IoT

Monolithicintel. obj.

Distributed intelligent MEMS objectsLow density of communicationFew communicating objectsSingle point of contact

High density of communicationHigh number of communicating objectsNo point of contact by default


Communication Communication

J. Bourgeois and S.C. Goldstein, the Internet of micro-things, Keynote at iThings 2011

J. Bourgeois and S.C. Goldstein. Distributed Intelligent MEMS: Progresses and Perspectives. IEEE Systems Journal, PP(99):1--12, 2015.


20/65

Com ComCom

Smart Surface

Claytronics

IoT

Mic

ro-I

oT

Monolithic intelligent objects Distributed intelligent MEMS objects

Com Com

Com Com

Com Com

J. Bourgeois and S.C. Goldstein, the Internet of micro-things, Keynote at iThings 2011

J. Bourgeois and S.C. Goldstein. Distributed Intelligent MEMS: Progresses and Perspectives. IEEE Systems Journal, PP(99):1--12, October 2013.

Outline





• Conclusion

21/65

22/82

Google[X] nanoparticles projects

• Functionalize nanoparticules– Coating the surface with the right antibodies

• Concentrate nanoparticules – Choosing the right number of particles to inject to have meaningful results

• Query nanoparticules– Interrogating their status, using a magnetic field with will shake the

particles

– If a particle does not shake normally, it is then attached to a biggerelement (a cell), has to be detected by the sensing device

• Baseline settings to avoid false positives detection– Being sure of the detection and counting

All of this has already being tested and is working (so they say)!

23/65

Google[X] nanoparticles projects

Future work?

• Nanoparticles can only monitor one disease at a time

• Multi-diseases detection would need a differenciation sensing

– Kind of RFID?

• Toxicity of nanoparticles?

• Many teams around the world are working on this subject but cannot compete with Google[X]

– Ask questions about how academic research is working

– Multi-disciplinary teams are needed

– Academic researchers spend more and more time looking for funding, writing report, doing administrative tasks, instead of doing their corejob: doing research

24/65

25/65

Microgrippers for biologic tissue samplingJohn Hopkins University

Evin Gultepe, Sumitaka Yamanaka, Kate E. Laflin, Sachin Kadam, YooSun Shim, Alexandru V. Olaru, Berkeley Limketkai, Mouen A.

Khashab, Anthony N. Kalloo, David H. Gracias, Florin M. Selaru, Biologic Tissue Sampling With Untethered Microgrippers,

Gastroenterology, Volume 144, Issue 4, April 2013, Pages 691-693, ISSN 0016-5085

Microgrippers

26/65

Swimming Micro-Scallops

Max Planck Institute for Intelligent Systems (Germany)Team of Prof. Peer Fischer

Qiu, Tian, Tung-Chun Lee, Andrew G. Mark, Konstantin I. Morozov, Raphael Münster, Otto Mierka, Stefan Turek, Alexander M. Leshansky, and Peer Fischer. "Swimming by reciprocalmotion at low Reynolds number." Nature communications 5 (2014).

27/65

From

JDRF

Juvenile Diabetes Research Foundation

Illustration: James Provost

Robo-pancreas

Outline






• Conclusion

28/65

C App.Meld App.

C, C++, Java App.

29/60

Distributed applications

Meld VM

Simulation and debugging with

VisibleSim

Simulator API Blinky Blocks API

Firmware

Smart BlocksBlinky Blocks

Catoms

Real hardwareSimulated hardware

Micro-IoT/DiMEMS environment

C App.Meld App.

C, C++, Java App.

Hardware models

Wired, Wireless,Nanowireless (THz)

30/60


Meld VM


VisibleSim


Firmware


Catoms

Programmable matterMEMS-based distributed conveyor

Two projects in micro-IoT/DiMEMS

using


C App.Meld App.

C, C++, Java App.

Hardware models


31/60


Meld VM


VisibleSim


Firmware


Catoms



using

www.cs.cmu.edu/~claytronics

Claytronics

32/65

33/65

CATOM = Claytonic Atom

~meters (2006)

~decimeters (2007)

~centimeters (2007)

~millimeters (2012)

Claytronics

Shell

Chip

Catom

Catom: a rolling cylinder.

Shell

Chip

Shell: SiO2 film + Aluminum

Chip: HV SOI CMOS die

34/65

Hardware

35/65

The Smart Blocks project

• A MEMS-based modular and self-reconfigurable surface for fast conveying of fragile objects and medicinal products

36/65

The hardware

BlinkyBlocks

37/65


C App.Meld App.

C, C++, Java App.

Hardware models


38/60


Meld VM


VisibleSim


Firmware


Catoms



using

• Vouivre (FEMTO-ST, https://nao.pu-pm.univ-fcomte.fr/vouivre/)– Nanowireless simulator

• VisibleSim (FEMTO-ST, http://projects.femto-st.fr/projet-visiblesim/)– Multi-targets (Blinky Blocks, Smart Blocks, Robot Blocks, Claytronics)

– Multi-languages (C/C++, Meld, Java)

– Interactive

– Include physics

– Include debugging

– Available in your web browser online at: • http://ceram.pu-pm.univ-fcomte.fr:5015/visiblesim/

– First MSR simulator on the web thanks to WebGL!

• One ambition: make VisibleSim the reference simulator for modular robots and distributed programming initiation

39/65

Simulation environment

https://nao.pu-pm.univ-fcomte.fr/vouivre/

http://projects.femto-st.fr/projet-visiblesim/

http://ceram.pu-pm.univ-fcomte.fr:5015/visiblesim/

• Smart Blocks

40/65

Smart Blocks, Robot Blocks and Blinky Blocks

• Robot Blocks • Blinky Blocks

• 3D catoms

41/65

Catoms

• 2D catoms

42/60

Distributed debugging

Outline






• Conclusion

43/65


C App.Meld App.

C, C++, Java App.

Hardware models


44/60


Meld VM


VisibleSim


Firmware


Catoms

Security in micro-IoT

• VERY scarce resources

– CPU, memory, energy

• HUGE number of elements

– Millions of communicating thing in a very small space

– 1 m3 can hold 1 billion (109) micro-robots

• Network connectivity is dynamic

– Moving elements

• Potentially CRITICAL applications

– As they can sense and act on real world

• Applications are simple

– Easier to secure

45/65

Specifities of micro-IoT

• Attack definition and modelling– Done in the context of MANET for AODV/OLSR

– Must target very specific attacks

• Device identification– Do not have a single id inside an ensemble

– Can be built, but can be faked…

– How to deal with it?

• Trust– Done in the context of MANET using confidence interval to detect liars

– Can use obsevable behavior (One transportation cell isn’t acting the way itshould)

• Very lightweight IDS– Done in the context of MANET with LIDR

46/65

Protecting the micro-IoT

• Programmable matter

– Protecting reprogramming

• Use of traditionnal lightweight authentication method?

• Or need for a new one?

– Protecting the spanning tree

• Can be a single point of failure if the attacker is the root of the tree

• Can harm lots of nodes

– Network connectivity is neighbor-to-neighbor

• Can be used to detect source of infection

• Can be used to contain the intrusion to a certain neighborhood

– Micro-robots are moving

• Connexion and deconnexion, how to identify movement from new connexions?

47/65

Protecting the micro-IoT: example

• MEMS Conveyor

– Moving elements are bigger and traditional methods can be used

– Cells depends on the block

• Security management can be done in the block

– Cells do not move

• Easier to identify

• No security feature but rather prognostic

health monitoring (PHM) -> failure

• Cells can observe the behavior of the object

Being transported and deduce if an actuator

Is not working the way it should

48/65

Protecting the micro-IoT: example

Outline






• Conclusion

49/65

Conclusion

• First software and hardware environment for micro-things has been proposed

• Intelligence is more and more integrated insidethe matter

• Many challenges still need to be solved in diverse areas ranging from hardware to software– Energy harvesting/zero-energy processing

– Lightweight security/trust/privacy

– Mm to sub-mm location location

– SHM/PHM of MEMS

50/65

Conclusion

• Paradox

– Security is mandatory but has not been addressedyet!

• First necessity: having something that works!

• Security is viewed as luxury

• Same old way to design: Internet, IoT

• Need to be changed!

• We need experts in security, we need you!

51/65

Protecting the internet of micro-thingscomsec.spb.ru/imctcpa16/03.01.BourgeoisJ.pdf · Protecting...

Documents

Transcript of Protecting the internet of micro-thingscomsec.spb.ru/imctcpa16/03.01.BourgeoisJ.pdf · Protecting...