SAN FRANCISCO -- Embedded-security expert Benjamin Jun told an audience at RSA Conference 2015 that as endpoints...
migrate toward an ever-higher balance of Internet of Things (IoT) devices, security professionals will need to re-examine the mechanisms by which these devices find and authenticate each other.
The danger inherent in IoT security failures
Part of Jun's reasoning, presented at a Tuesday afternoon session entitled "Endpoints in the New Age: Apps, Mobility and the Internet of Things," is simply that the IoT inherently involves vast quantities of devices and that security failures in these systems will foster problems of correspondingly large dimensions. "Washington, D.C., uses a [traffic control] system from a company that I'll leave unnamed," said Jun, CTO of Chosen Plaintext Partners. "IOActive found some incredible problems with this system: everything was transmitted in plaintext; the code wasn't really signed; it was easy to modify and change; and you could essentially shut down the traffic control system of Washington, D.C. So you can break things at scale."
(A bit of Googling shows that Washington's traffic control provider is Sensys Networks.)
Jun pointed out several aspects of security where IoT devices present special challenges. In many cases, device location can be critical and malicious alteration of that information can lead to trouble. "I think we're going to a world," Jun said, "where our connected devices will actually have a secured system where one of its main purposes in life is environment attestation. It will help you know where you are and what time it is. It will digitally sign these messages based on a certain level of trust that it has of where it's located."
IoT upgrade issues
Another issue with IoT devices is the difficulty of upgrading them. Even where upgrading is possible, the very fact that some of these devices will be so mundane will mean that their owners won't think in terms of maintaining security. "Even if we know the owner of a jacket that has chips in it, the owner of that jacket might not have the incentive to update," Jun said.
But perhaps the biggest issue Jun identified is federated identity and complex networks of varying degrees of trust that must be established ad hoc and without human interference. "This is what your connected house is going to look like: A bunch of devices are going to come in and decide how to work together. And they're not going to be centrally administered."
Current approaches to federation -- things like FIDO -- won't work.
"The problem is that it really doesn't work for machine-to-machine type interactions." There are extensions in development, Jun said, "but we're lacking things here. We're lacking a machine-to-machine solution that includes things like discovery."
Once devices are discovered, the trust relationships among them will need to be more nuanced than currently is possible. "We're looking at a world where we want multiple owners of a system; we want transparent limits; we want to be able to do privilege transfers. … I need situational overrides. This is new territory."