Security challenges in an Internet of Things

Download Report

Transcript Security challenges in an Internet of Things 

World Class Standards
Security challenges in an
Internet of Things
RFID and beyond, RFID03_07
Workshop – RFID Networks Start
Scott CADZOW
C3L
© C3L 2008. All rights reserved
World Class Standards
Concepts and content




Security
Internets
Internets of Things
Conclusions
2
World Class Standards
Security
 Very poor word
 It doesn’t have a specific meaning
 Collection of attributes or functions leading to well-being
 CIA …








Confidentiality
Integrity
Authenticity
Availability
Access
Reliability
Repeatability
…
3
World Class Standards
Internets and IP
 Historically joining heterogeneous networks
 DECnet to SNA and similar
 Abstraction of a network with 2 abstracted transport services
 Developed towards ubiquitous network technology
 Internet becomes the network
• IP allows great abstraction of link capability
4
World Class Standards
Internets of things
 Devices versus hosts
 Hosts are addressed
• In RFID the readers are hosts (if networked)
 Devices are named
• In RFID the tags are devices
 Hosts need to be reachable
 (Semi-)Permanent address
 Routing capabilities deep in the network (DNS, BGP)
5
World Class Standards
The security challenge
 Devices are not reachable
 Most of the time a device is not connected
 Devices can be lost and stolen
 Makes security difficult when the device is not connected
 Devices are not crypto-engines
 Strong security difficult without processing power
 Devices have finite life
 Credentials need to be tied to lifetime
 Devices are transportable
 Will cross borders
 Devices need to be recognised by many readers
 What data is released to what reader?
6
World Class Standards
Security work in an Internet of Things
 Assurance
 Risk analysis
 Device analysis
 Crypto capability and export analysis
• RFID tags will not do crypto for some years
 Security objective
• Privacy protection
• Identity protection
• Traffic analysis protection
 Identity and identifier management
 Separation of identity and identifier (see TR 187 010)
7
World Class Standards
Relationships
 TISPAN
 Developer of the “Design for assurance” paradigm
•
•
•
•
EG 202 387
TR 187 011
TS 102 165-1
TS 102 165-2
 MTS
 Developer of the “Making better standards” approach
 OCG-SEC
 General guidance
 SAGE
 Guidance on cryptographic capability
 SCP
 Smartcard and tag development
8