Tag Archives: Security

Enhance Raspberry Pi security with ZymKey


In this blog, Zymbit’s Scott Miller addresses some of the missing parts in the Raspberry Pi security equation. 


Raspberry Pi is an awesome platform that offers people access to a full-fledged portable computing and Linux development environment. The board was originally designed for education, but has since been embedded into countless ‘real world’ applications that require remote access and a higher standard of security. One of, if not, the most notable omissions is the lack of a robust hardware-based security solution.

Zymkey_004-1

At this point, a number of people would stop here and say, “Scott, you can do security on RPi in software just fine with OpenSSL/SSH and libgcrypt. And especially with the Model 2, there are tons of CPU cycles left over.” Performance is not the primary concern when we think about security; the highest priority is to address the issue of “hackability,” particularly through remote access.

What do you mean by “hackability?”

Hackability is a term that refers to the ease by which an attacker can:

  • take over a system;
  • insert misleading or false data in a data stream;
  • decrypt and view confidential data.

Perhaps the easiest way to accomplish any or all of the aforementioned goals is for the attacker to locate material relating to security keys. In other words, if an attacker can gain access to your secret keys, they can do all of the above.

Which security features are lacking from Raspberry Pi?

Aside from not having hardware-based security engines to do the heavy lifting, there’s no way to secure shared keys for symmetric cryptography or private keys for asymmetric cryptography.

Because all of your code and data live on a single SD card, you are exposed. Meaning, someone can simply remove the SD card, pop it into a PC and have possession of the keys and other sensitive material. This is particularly true when the device is remote and outside of your physical control. Even if you somehow try to obfuscate the keys, you are still not completely safe. Someone with enough motivation could reverse engineer or work around your scheme.

The best solution for protecting crypto keys is to ensure the secret key material can only be read by standalone crypto engines that run independently from the core application CPU. This basic feature is lacking in the Raspberry Pi.

Securing Raspberry Pi with silicon and software

With this in mind, Zymbit has decided to extract some of the core security features from the Zymbit.Orange and combine them into a tiny device that embeds onto the Raspberry Pi, providing seamless integration with Zymbit’s remote device management console. Meet the ZymKey!

ZymKey for secure remote device management

ZymKey brings together silicon, firmware drivers and software services into a coherent package that’s compatible with Zymbit’s secure IoT platform. This enables a Raspberry Pi to be accessed and managed remotely, firmware to be upgraded and access rights to be administered.

Zymkey-System-Overview-5-1

Secure software services

Zymbit’s Connect libraries enhance the security and utility of Raspberry Pi in the following ways:

  • Add message authentication to egress messages to the Zymbit cloud by attaching a digital signature, which proves that the data originated to a specific Raspberry Pi/Key combination. (Meaning that it was not forged or substituted along the way).
  • Assist in providing security certificates to the Zymbit cloud.
  • Authenticate security certificates from the Zymbit cloud.
  • Optionally help to encrypt/decrypt the content of messages to/from the Zymbit cloud.

Data that is encrypted/authenticated through ZymKey will be stored in this encrypted/authenticated form, thereby preserving the privacy and integrity of the data.

Zymkey-System-Detail-1

In addition to its standard attributes, developers can access lower level features through secure software services, including general cryptography (SHA-256 MAC and HMAC with secure keys, public key encryption/decryption), password validation, and ‘fingerprint’ services that bind together specific hardware configurations.

Stealth hardware

ZymKey’s low-profile hardware plugs directly into the Pi’s expansion header while still allowing Pi-Plates to be added on top. Lightweight firmware drivers run on the RPi core and interface with software services through zymbit.connect. It should also be noted that a USB device is in the works for other Linux boards.

ZYMKEY-RPi-Annotated-2

At the heart of the ZymKey is the newly released ATECC508A CryptoAuthentication IC. Among some of its notable specs are:

  • ECC asymmetric encryption engine
  • SHA digest engine
  • Random number generator
  • Unique 72-bit ID
  • Tamper prevention
  • Secure memory for storing:
    • Sensitive key material – an important thing to point out is that private keys are unreadable by the outside world and, as stated above, are only readable by the crypto engine.
    • X.509 security certificates.
    • Temporary items: nonces, random numbers, ephemeral keys
  • Optional encryption of transmitted data across the I2C bus for times when sensitive material must be exchanged between the Raspberry Pi and the ATECC508A

Life without ZymKey

Raspberry Pi can be used with the Zymbit Connect service without the ZymKey; however, the addition of ZymKey ensures that communications with Zymbit services are secured to a higher standard. Private keys are unreadable by the outside world and usable only by the ATECC508A, thus making it difficult (if not practically impossible) to compromise.

Each ZymKey has a unique set of keys. So, if, on the off chance that a key is compromised, only that key is affected. Simply stated, if you have several Raspberry Pi/ZymKey pairs deployed and one is compromised, the others will still be secure.

Once again, it is certainly possible to achieve the above goals purely through software (OpenSSL/libgcrypt/libcrypto). However, especially regarding encryption paths, without ZymKey’s secure storage, key material must be stored on the Raspberry Pi’s SD card, exposing private keys for anyone to exploit.

Stay tuned! The ZymKey will be making its debut on Kickstarter in the coming days.

$60 hack can trick LIDAR systems used by most self-driving cars


A security researcher has created a $60 system with Arduino and a laser pointer that can spoof the LIDAR sensors used by most autonomous vehicles. 


Many self-driving cars use LIDAR sensors to detect obstacles and build 3D images to help them navigate. However, one security researcher has developed a $60 device with “off-the-shelf parts” that can trick the systems into seeing objects which don’t actually exit, thereby forcing the autonomous vehicles to take unnecessary actions, like slowing down or stopping to avoid a collision with the phantom thing. Ultimately, this further highlights the need for stringent security measures for automobiles that would otherwise be vulnerable to cyber criminals armed with nothing more than a low-power laser and pulse generator.

JeffKowalskyCorbis4254044417-1441388783311-2

“It’s kind of a laser pointer, really. And you don’t need the pulse generator when you do the attack. You can easily do it with a Raspberry Pi or an Arduino,” explains researcher Jonathan Petit, principle scientist at Security Innovation.

According to IEEE Spectrum, Petit began by simply recording pulses from a commercial IBEO Lux LIDAR unit. The pulses were not encoded or encrypted, which allowed him to replay them at a later point. He was then able to create the illusion of a fake car, wall, cyclist or pedestrian anywhere from 65 to 1,100 feet from the LIDAR system, and make multiple copies of the simulated obstacles. In tests, the attack worked at all angles — from behind, the side and in front without alerting the passengers — and didn’t always require a precise hit of the device for it to achieve its goal.

“I can spoof thousands of objects and basically carry out a denial of service attack on the tracking system so it’s not able to track real objects,” Petit adds.

As IEEE Spectrum notes, sensor attacks are not limited to self-driving cars, either. The same homebrew laser pointer can be employed to carry out an equally devastating denial of service attack on a human motorist by simply dazzling them, and without the need for sophisticated laser pulse recording, generation or synchronization equipment.

toyota_self-driving_car_lidar_laser-100020089-orig

While the DIY system won’t necessary affect everyone, it does state the case that security should be at the forefront of auto design. Petit concludes. “There are ways to solve it. A strong system that does misbehavior detection could cross-check with other data and filter out those that aren’t plausible. But I don’t think carmakers have done it yet. This might be a good wake-up call for them.”

The researcher described his proof-of-concept hack in a paper entitled “Potential Cyberattacks on Automated Vehicles,” which will be presented at Black Hat Europe in November.

[Images: Jeff Kowalsky/IEEE Spectrum, TechHive]

JAR is a coin-sized biometric crypto key


Instead of using passwords to access websites, JAR lets you login or register with the touch of your finger.


With seemingly a new data breach emerging every week, cybersecurity has become a key concern among a majority of consumers. Despite these incidents, many people still rely on stupidly simple passwords. Just how simple, you ask? Take a look at this recently-revealed list from 2014. The problem with these codes is that most, if not all, of us are pretty bad at remembering them, and with so many different ones for different sites, we rely upon insecure behaviors.

jar-with-background-handheld-962x644

Fortunately, one German startup has devised a solution to the ever-growing password epidemic with a coin-sized gadget. Equipped with its own fingerprint reader, JAR connects to your mobile device via its audio jack, enabling you to securely access your online accounts with a single touch. Just how secure are we talking? Its creators claim that the encryption is so strong that it would take a hacker 6.4 quadrillion years to access your data.

The JAR, which is tiny enough to be attached to a keyring, runs an asymmetrical encryption method based on a pair of 2048-bit RSA keys. To gain entry, gently place your finger on its built-in biometric reader and presto! Because each message is encrypted separately, there’s no way to derive one message from the previous message; each encrypted message broadcasted is non-deterministic and pseudorandom.

565ca70e08afed8e33bc6a5bbe39a6cc_original

“Your devices will only unlock for the most recent message, so a hacker is unable to unlock your devices by re-broadcasting an old message,” the team explains. “Only devices that you’ve set up with your JAR will have the ability to interact with it. A device still has to verify its legitimacy through an automatic encrypted handshake in order to interact with your JAR.”

Should you lose your JAR, not to worry as it can be easily deactivated. When this occurs, a message is immediately sent to all of your devices, letting them know that they should not prompt access to your accounts safeguarded by the lost piece.

cb41135932cbd46a73aa5dbe5620eecf_original

Looking ahead, JAR will also offer a range of services including reliable cloud storage, an offline data vault, and an encrypted messenger, among several others from third parties. At the moment, JAR is available in two colors (soft white and dark grey) as well as two different sizes (1.6” and 1.4”).

Ready to forget about passwords? Head over to JAR’s Kickstarter page, where the team is currently seeking $108,305. Units are expected to begin shipping in January 2016.

You can hack what?!


From skateboards and trucks to medical devices and rifles, these recent hacks show that every “thing” is at risk.


Musicians have the GRAMMYs. Actors have the Emmys. Athletes have the ESPYS. Hackers, well they have Black Hat. Every year, more than 10,000 security pros converge in Las Vegas to explore the latest network flaws, device vulnerabilities and cyber attacks of the past, present and future. While these demonstrations typically focused on how to take control of computers, given the rise of the Internet of Things, it seems like just about any “thing” can be susceptible to malicious intruders. As we gear up for what will surely be an insane amount of coverage across all media channels, here are a few hacks that’ll surely grab your attention.

OnStar vehicles

Serial hacker Samy Kamkar has devised a tablet-sized box that could easily tap into and wirelessly take control of a GM car’s futuristic features. With connected car security a hot topic at this year’s conferences, the Los Angeles-based entrepreneur has created a device — dubbed OwnStar — that can locate, unlock and remotely start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers.

clky0h4wgaesaly

The system is driven by a Raspberry Pi and uses an ATmega328 to interface with an Adafruit FONA for cellular connection. After opening the OnStar RemoteLink app on a smartphone within Wi-Fi range of the hacking gadget, OwnStar works by intercepting the communication. Essentially, it impersonates the wireless network to fool the smartphone into silently connecting. It then sends specially crafted packets to the mobile device to acquire additional credentials and notifies the attacker over 2G about the new vehicle it indefinitely has access to, namely its location, make and model.

With the user’s login credentials, an attacker could do just about anything he or she wants, including tracking a car, unlocking its doors and stealing stuff nside (when carjacking meets car hacking), or starting the ignition from afar. Making matters worse, Kamkar says a remote control like this can give a malicious criminal the ability to drain the car’s gas, fill a garage with carbon monoxide or use its horn to drum up some mayhem on the street. The hacker can also access the user’s name, email, home address, and last four digits of a credit card and expiration date, all of which are accessible through an OnStar account.

Tesla Model S

Researchers said they took control of a Tesla Model S car and turned it off at low speed, one of six significant flaws they found that could provide hackers total access to vehicles, the Financial Times reported.

Tesla

Kevin Mahaffey, CTO of Lookout, and Marc Rogers, principal security researcher at Cloudflare, claimed they decided to hack a Tesla car because the company has a reputation for understanding software than most automakers. The hackers had to physically gain entry into the vehicle, which made it more difficult than many other attacks. Once they were connected through an Ethernet cable, they were later able to access the systems remotely. These included the screens, speedometer, windows, electronic locks, and the ignition.

“We shut the car down when it was driving initially at a low speed of five miles per hour. All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop,” Rogers describes.

Tesla has since issued a patch to fix the flaws.

Electric skateboards

After his own electric skateboard abruptly stopped working last year, unable to receive commands from its remote control, Richo Healey decided to delve a bit deeper into the incident. What he discovered was that, the volume of Bluetooth traffic in the surrounding the intersection interfered with his RC’s connection to the board.

Hack

Cognizant of this defect, Healy teamed up with fellow researcher Mike Ryan to examine the hackability of his and other e-skateboards on the market today. The result was an exploit they developed called FacePlant that can give them complete control of someone’s gadget.

The duo describes FacePlant as “basically a synthetic version of the same RF noise” that Healey experienced at the intersection in his hometown of Melbourne. The exploit ultimately allows them to gain total control of someone cruising down the street or sidewalk, which means they could easily cold stop a board or send it flying in reverse, tossing the rider.

They found at least one critical vulnerability in each board they examined, all of which hinge on the fact that the manufacturers of the boards failed to encrypt the communication between the remotes and the boards. The attack for controlling them is essentially identical across the board (no pun intended), but the mechanism for conducting it differs somewhat for each one. As a result, they’ve only completed an exploit for the Boosted board at this time.

Square readers

Three former Boston University students have highlighted a vulnerability in the hardware of Square readers that would enable hackers to convert it into a credit card skimmer in less than 10 minutes. The rigged PoS device could then be used to steal personal information with a custom-recording app.

h_butoday_register.02-640859785726568a44d6465746406445

Computer engineering grads Alexandrea Mellen, John Moore and Artem Losev unearthed the flaw last year in a project for their cybersecurity class. They also found that Square Register software could be hacked to enable unauthorized transactions at a later date.

“The merchant could swipe the card an extra time at the point of sale. You think nothing of it, and a week later when you’re not around, I charge you $20, $30, $100, $200… You might not notice that charge. I get away with some extra money of yours,” Moore explains.

The group says there is no evidence that either of the vulnerabilities have been employed to scam credit card holders, but does warn that their findings raise red flags for the fast-emerging mobile commerce industry.

Medical devices

The U.S. Food and Drug Administration and Department of Homeland Security have both issued advisories warning hospitals not to use the Hospira infusion system Symbiq due to cybersecurity risks. While no known attack has occurred, hackers could theoretically tamper with the intravenous infusion pump by accessing a hospital’s network.

“This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies,” the FDA said in a statement.

Hospira has since discontinued the manufacture and distribution of the Symbiq Infusion System, because of unrelated issues, and is working with customers to transition to alternative systems. However, amid the latest string of security woes, the FDA strongly encourages healthcare facilities to begin transitioning to other infusion systems as soon as possible.

This isn’t the first time vulnerabilities in medical devices have been in the spotlight. Back in 2014, Scott Erven and his team found that drug infusion pumps could be remotely manipulated to change the dosage doled out to patients. On top of that, a WIRED article noted that “Bluetooth-enabled defibrillators could be hacked to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring, X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.”

Semi trucks

Asset-tracking systems made by Globalstar and its subsidiaries were discovered to have flaws that would enable a hijacker to track valuable and sensitive cargo and then disable the location-tracking device used to monitor it. From here, criminals could potentially fake the coordinates to make it appear as if the shipment was still traveling its intended route. Or, as WIRED points out, a hacker who simply wanted to cause chaos could add false coordinates to companies and militaries monitoring their assets and shipments to make it appear as if they’d been taken over.

Intercepting-Satellite-Comms-from-Plane-768x1024

These findings were brought to light by Colby Moore, a researcher with the security firm Synack. The same vulnerable technology isn’t only employed for tracking cargo, it’s used in people-tracking systems for search-and-rescue missions and in SCADA environments as well.

As Moore tells the magazine, the Simplex data network that Globalstar uses for its satellites doesn’t encrypt communication between the tracking devices, orbiting satellites and ground stations, nor does it require the communication be authenticated so that only legitimate data gets sent. Subsequently, a hacker could intercept the communication, spoof it or jam it.

“Each device has a unique ID that’s printed on its outer casing. The devices also transmit their unique ID when communicating with satellites, so an attacker targeting a specific shipment could intercept and spoof the communication. Often the unique IDs on devices are sequential, so if a commercial or military customer owns numerous devices for tracking assets, an attacker would be able to determine other device IDs, and assets, that belong to the same company or military based on similar ID numbers.”

Rifles

Security researchers Runa Sandvik and Michael Auger have hacked a pair of $13,000 TrackingPoint self-aiming rifles. The duo has developed a set of techniques that could let an attacker compromise the gun via its Wi-Fi connection and exploit vulnerabilities in its software. According to WIREDthe tactics can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing.

Hack

“The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application.”

Additionally, the researchers shared that a hacker could alter the rifle in a way that would persist long after that Wi-Fi connection is broken. It’s even possible, they tell WIRED, to implant the gun with malware that would only take effect at a certain time or location-based on querying a user’s connected phone.

Hijacking data as sound waves

Reuters has reported that a team of researchers led by Ang Cui have demonstrated the ability to hijack standard equipment inside computers, printers and millions of other electronic devices to send information through sound waves.

funtenna.jpg.CROP.promovar-mediumlarge

The project, called Funtenna, refers to a software payload that intentionally causes its host hardware to act as an improvised RF transmitter using existing hardware, which is typically not designed for electromagnetic emnation.

The program works by taking control of the physical prongs on general-purpose input/output circuits and vibrates them at a frequency of the researchers’ choosing, which can be audible or not. The vibrations can be picked up with an AM radio antenna a short distance away.

The new transmitting antenna adds another potential channel that would be hard to detect because no traffic logs would catch data leaving the premises. Cui tells Reuters that hackers would need an antenna close to the targeted building to pick up the sound waves, as well as find some way to get inside a targeted machine and convert the desired data to the format for transmission.

Smart homes

Tobias Zillner and Sebastian Strobl of Cognosec uncovered flaws in the Zigbee standard, which is widely used by countless IoT appliances. Specifically, the researchers shed light on the fact that the protocol’s reliance on an insecure key link with smart gadgets opens the door for hackers to spoof them and potentially gain control of your connected home. According to Cognosec, the items that have been tested and proven to be susceptible include ight bulbs, motion sensors, temperature sensors and door locks.

“If a manufacturer wants a device to be compatible to other certified devices from other manufacturers, it has to implement the standard interfaces and practices of this profile. However, the use of a default link key introduces a high risk to the secrecy of the network key,” the team states in its recent paper. “Since the security of ZigBee is highly reliant on the secrecy of the key material and therefore on the secure initialisation and transport of the encryption keys, this default fallback mechanism has to be considered as a critical risk. If an attacker is able to sniff a device and join using the default link key, the active network key is compromised and the confidentiality of the whole network communication can be considered as compromised.”

[Images: Samy Kamkar, Tesla, Colby Moore, Square, WIRED, Ang Cui]

Report: 100% of tested smartwatches exhibit security flaws


HP report finds a majority of smartwatches to have insufficient authentication, lack of encryption and privacy concerns.


While wearable technology continues to increase in popularity, it appears that embedded security may have been left behind. That is according to new research conducted by HP, which discovered serious vulnerabilities in a vast majority of today’s most popular wrist-adorned timekeeping devices.

Wathc

Without question, the wearables space has experienced tremendous growth over the last couple of months, with analysts now projecting the space to surge upwards of 150 million units by 2019. However, as smartwatches like the Apple Watch, the Motorola Moto 360 and the Samsung Gear become mainstream, malicious hackers have found a new entry point for consumers’ most valuable and confidential data.

For its “Smartwatch Security Study,” HP combined manual testing along with the use of digital tools and its HP Fortify on Demand methodology to evaluate 10 of what they believe to be today’s “top” gadgets. The team found many of the devices to be susceptible because they simply lacked basic, industry standard security measures. While the results may be disappointing, they are not too surprising given the latest string of hacks and breaches.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” explained Jason Schmitt, general manager of HP Security, Fortify. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

Topping the list of flaws included insufficient verification, lack of encryption, insecure web interfaces and other privacy concerns. Not only did every tested unit lack a two-factor authentication process and the ability to lock out accounts after three to five failed password attempts, but the company flagged as many as 30% of the wearables to be vulnerable to account harvesting, a technique where an attacker could gain access to the device and data using a combination of weak password policy, lack of account lockout and user enumeration.

Security_Touch_SS_83000362

Additionally, researchers uncovered that the devices demonstrated a lack of transport encryption protocols. While each of them implemented encryption using SSL/TLS, 40% of the watches remained defenseless to known vulnerabilities such as POODLE, allowed the use of weak cyphers or still used SSL v2.

30% of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate study, three in 10 exhibited account enumeration concerns with their mobile applications as well. This flaw enables hackers to identify valid user accounts through feedback received from reset password mechanisms.

Making matters worse, 7 out of 10 gadgets analyzed are said to have problems with firmware updates. Researchers revealed that most of the smartwatches did not receive encrypted firmware updates, and while a number of updates were signed to help prevent malicious code or contaminated updates from being installed, a lack of encryption did allow files to be downloaded and looked at elsewhere.

If that all wasn’t scary enough, HP says the wearables demonstrate a risk to personal security and privacy ranging from names, addresses and date of births to weight, gender and heart rate information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal data is surely a concern.

“As manufacturers work to incorporate necessary security measures into smartwatches, consumers are urged to consider security when choosing to use a smartwatch. It’s recommended that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data,” HP concludes.

Want to delve a bit deeper? Be sure to check out HP’s entire report, as well as explore ways to embed hardware-based security into future wearable designs.

Why the IoT needs multi-layer security


When it comes to the Internet of Things, you’re only as a strong as your weakest link. 


The notion of security being only as strong as its weakest link is especially true for the Internet of Things. When it comes to connected devices, security must be strong at all layers, closing any possible open doors and windows that an attacker can crawl through. Otherwise, if they can’t get in on ther first floor, they will try another.

Security_SS_147872255

Internet security has been built mainly upon Transport Layer Security, or TLS. TLS provides confidentiality, data integrity and authentication of the communication channel between an Internet user and a secure website. Once a secure communications channel is set up using a TLS method, for example, the other half of the true security equation is needed, namely applications layer security.

To understand this notion, think of logging into your bank account on the web. First, you go to the bank’s website, which will set up a secure channel using TLS. You know TLS is successful when you see the lock symbol and https (“S” for secure) in the browser. Then, you will be brought to a log-in page and prompted to enter your credentials, which is how the bank authenticates your identity, ensuring that you’re not some hacker trying to gain access into an unauthorized account. In this scenario, your password is literally a secret key and the bank has a stored copy of the password which it compares to what you entered. (You may recognize that this is literally symmetric authentication with a secret key, though the key length is very small.) Upon logging in, you are, in fact, operating at the application. This application, of course, being electronic banking.

So, as autonomous IoT nodes spread around the world like smart dust, how do those nodes ensure security? This can essentially be achieved using the same two steps:

  • Set up Transport Layer Security to secure the communications channel using TLS or another methodology to get confidentiality, data integrity and confidentiality in the channel. This channel can be either wired or wireless.
  • Set up Applications Layer Security to safeguard the information that will be sent through the communications channel by using cryptographic procedures. Among proven cryptographic procedures to do so are ECDSA for authentication, ECDH key agreement to create session keys, and encryption/decryption engines (such as AES that use the session keys) for encrypting and decrypting messages. These methods make sure that the data source in the node (e.g. a sensor) is authentic, the data is confidential and has not been tampered with in any degree (integrity).

Un

The reason that multi-layer security, particularly application layer security, is required is that attackers can get into systems at the edge nodes despite a secure channel. Long story short, TLS is not enough.

IoT nodes collect data, typically through some kind of sensor or acting on data via an actuator. A microcontroller controls the operation of the node and a chosen technology like Wi-Fi, Bluetooth and Zigbee provides the communications channel. The reason that application layer security needs to be added to the TLS is that, if an attacker can hack into the communications channel via any range of attacks (Heartbleed, BEAST, CRIME, TIME, BREACH, Lucky 13, RC4 biases, etc.), they can then intercept, read, replace and/or corrupt the sensor/actuator or other node information.

Attack

Unfortunately in the real world, TLS gets breached, making it not sufficient. As a result, true security requires both Transport Layer and Applications Layer Security. Think of it as a secure pipeline with secure data flowing inside. The crypto element — which are an excellent way to establish the Applications Layer Security for the IoT — gets in between the sensor and the MCU to ensure that the data from the sensor has all three pillars of security applied to it: confidentiality, integrity, and authentication (also referred to as “CIA”). CIA at both the transport and application layers is what will make an IoT node entirely secure.

Fortunately, Atmel has an industry-leading portfolio of crypto, connectivity and controller devices that are architected to easily come together to form the foundation of a secure Internet of Things. The company’s wireless devices support a wide spectrum of standards including Wi-Fi, Bluetooth, Bluetooth Low Energy and Personal Area Networks (802.15.4), not to mention feature hardware accelerated Transport Layer Security (TLS) and the strongest link security software available (WPA2 Enterprise).

MCU1

Crypto elements, including CryptoAuthentication and Trusted Platform Modules (TPM) with protected hardware-based key storage, make it easy to provide extremely robust security for IoT edge nodes, hubs, and other “things” without having to be a crypto expert. Built-in crypto engines perform ECDSA for asymmetric authentication and ECDH key agreement to provide session keys to MCUs, including ARM and AVR products that run encryption algorithms.

Why should you care about securing your IoT devices?


In this blog, Zymbit’s Scott Miller reviews some of the security features of Zymbit.Orange, how they work, and more importantly, why they matter.


Internet of Things (IoT) devices are, by nature, light on resources, diverse, widely proliferated and often at the ‘edge’ of the network beyond the control of any network administration; perfect ingredients for digital chaos and anarchy!

11245478_1091243084226194_4187312776059801785_n1

Cloud and big data applications depend on the quality of the data they ingest and key factors in quality are the authenticity, integrity and privacy of data they collect from the edge for the network. For the IoT to get real sustainable traction, the data coming from such edge devices must be “trusted” — from the core silicon all the way to the data services.

Fortunately, the Zymbit platform addresses many of the common security threats found in real world applications, whether using embedded ARM CPUs or Maker development boards. For Raspberry Pi and Arduino developers, Zymbit.Orange IoT motherboard makes it easy for developers to implement applications with secure access to communications interfaces as well as cryptographic services. What’s more, Zymbit.Orange can also be used standalone.

Zymbit-Orange-in-Hand-RPI-Atmel-Wing

In this blog, Zymbit VP of Embedded Scott Miller reviews some of the key security features of Zymbit.Orange, how they work, and more importantly, why they matter.

Who Should Read This Blog?

  • Anyone building IoT devices who is not a security expert, and doesn’t have the time or budget to become one;
  • Anyone who has deployed a connected embedded design;
  • Any Maker using Raspberry Pi or Arduino at the edge of the network… and now needs to add security.

Security Considerations for IoT Edge Devices

Securing IoT devices requires a system architecture that addresses some fundamental needs. Let’s take a look at them:

Data Privacy

Generally speaking, data should be kept private if it is integral to a proprietary process or if it is personal in nature. In each case, the data must be protected from prying eyes using encryption techniques that extend from the publishing source — the IoT edge device — to the cloud and onwards to subscribers. Additionally, the administrator of the data should be able to select who or what is able to subscribe to the data stream.

Data Authentication

Most data transactions/interactions are based upon the assumption that you know that the data really came from the presumed edge device. But how can you be sure? And, how can you be sure that your subscribers are receiving that authentic data?

In order for data to be trusted, it must be proven that it originated from a given edge device at the time that it was reported to have been recorded. Data authentication can be accomplished in many ways, but a digital signature is generally regarded as one of the most secure. One application of a digital signature applied to a timestamped block of data involves computing a one-way hash (e.g. SHA-256) of the timestamped data block and then asymmetrically encrypting the hash using a private key. When the data is received at the cloud, the hash of the data is computed and is compared to the hash that accompanied the data block after it is decrypted using the public key. If the hashes are the same, the data is optionally stored on the Zymbit cloud server along with the signature and transferred to the subscribers in a manner similar to the way the edge device transferred it to the cloud.

IP Protection & Threats from Counterfeits

Counterfeit products have an adverse economic impact on businesses and they also introduce serious vulnerability into enterprise systems. In the industrial sectors there have been numerous examples of ‘black market’ spares and generic devices that have introduced back doors into large scale enterprise systems, so much so that the U.S. Government has its own hotline for reporting such breaches.

Zymbit.Orange employs a number of architectural strategies with the goal of protecting software IP:

  • Isolate embedded services in special purpose hardware (e.g. dedicated embedded CPUs) so that it becomes harder to “hack & crack” an application running on an app CPU:

Security-Orange-Mother-Board-2

  • Some of these embedded services include:
    • Securely transacting data through otherwise unsecured channels:
      • Ethernet
      • Wi-Fi
      • Cellphone modem
      • Low-power radio
    • Interacting with and controlling attached user interfaces
    • Collecting physical data from sensors that are serviced by the embedded services hardware cluster
    • Generic encryption/decryption and data authentication/validation
    • Application image update and application health monitoring
  • These isolated embedded services require valid credentials in order to authenticate the users (e.g. applications running on Arduino or Raspberry Pi) of those services.
  • The special purpose CPUs must have their hard programming paths (e.g. JTAG or SWD) disabled so that the firmware that runs on them cannot be hijacked, replaced or corrupted.
  • Tamper event detection (e.g. attempts to open the case or manipulate the real time clock) — when a tamper event is detected various actions can be taken. Some of these actions might include:
    • Recording the tamper event
    • Deliberately “bricking” the system by erasing critical firmware
    • Erasing critical data which would take the system offline
    • The above actions can be configured by the system administrator
  • Application designers must have the means to encrypt and attach digital signatures for the application images they produce. Image decryption and signature validation are accomplished using the embedded services mentioned above.
  • Software updates can be exclusively disseminated via a secure cloud network utilizing encryption and image authentication.

Malicious Attack Defense

Although we aren’t hearing too much about it yet in the press, malicious attacks will soon be launched on IoT devices in a manner similar to PC viruses and cell phones today. Motivations will range from ‘hackers because they can’ to corporate espionage to cyber terrorism. And the the consequences of such attacks can be much more serious than data loss; many IoT devices interact with the physical world and that can cause bodily harm even loss of life. If you think this is sensationalist then wait until the first examples begin to surface.

The good news is that the serious innovators amongst us are thinking about this and looking for solid and practical solutions. Malicious attacks can be prevented or made very difficult to achieve using the same countermeasures we reviewed earlier in IP protection.

Securing Your Edge Devices – Raspberry Pi and Arduino, Too

We love the accessibility and affordability of open source devices and support the communities that are building amazing applications using Arduino and Raspberry Pi. Yet neither was designed with core security in mind and consequently, before applications can be scaled, their vulnerabilities need to be addressed. So let’s first explain their security shortcomings:

Security Vulnerabilities – Raspberry Pi:

  • No built in cryptographic engine
    • While the Pi can perform encryption in software, overall performance suffers as a result.
  • Removable SD card – no physical security
    • This means that an attacker with direct access to a Raspberry Pi based device can steal and clone the software and data on the card or deliberately corrupt the contents of the card.
  • No secure key store
    • Because the SD card is removable and the SD card is the only means of storing anything on the Pi, shared static keys and private certificates are now completely viewable and modifiable. Even if one chooses to encrypt a data volume for key and certificate storage, the key for decrypting the data volume must be exposed at some point. This fact makes data authentication on the Pi infeasible.
  • Susceptibility to power cycling exploits
    • Because there is frequently no intrusion detection or monitoring, simple repeated power cycling of the device may lead to failure and thus denial of service.
  • Lack of real-time clock
    • Prevents the system from responding properly in case of communications outage.

Security Vulnerabilities – Arduino:

  • No built in cryptographic engine
    • Crypto shields are available for purchase, but packaging Arduino shields tends to be very clumsy and difficult to deploy, not just due to the physical size issues associated with stacking shields but also because the Arduino shield framework suffers from resource bus (SPI/I2C) and GPIO pin allocation issues, so simply stacking a new shield on an Arduino may prove to be impossible when other shields are stacked.
  • No way to validate or secure the Arduino executable image if the debugging/programming interface is available. Even if an Arduino based “thing” had a crypto shield attached, an attacker with direct access could potentially:
    • Corrupt or erase the executable image.
    • Gain access to shared keys stored in RAM or flash.
    • “Patch” in their own code which would allow them to take control of the system.
  • Many Arduinos have very limited amounts of RAM and flash, making it extremely difficult to implement robust, secure communications solutions.

Zymbit has solved these problems for Raspberry Pi and Arduino developers by implementing an isolated security framework on the Zymbit.Orange IoT motherboard.

Adding Security With the Zymbit.Orange IoT Motherboard

At the heart for the Zymbit.Orange architecture is a Secure Services Cluster that isolates edge facing application CPUs from each other and from the outbound network connection. Isolation is achieved using a combination of data security (authenticate and encrypt), power security (turn off the CPU) and physical security (tamper proof and enclosure intrusion detection).

Security Orange Mother Board

We use Atmel silicon for all three aspects of security because their solutions are well thought out, affordable and have good performance characteristics.

Secure Silicon Review

The security services cluster within Zymbit.Orange is comprised of three blocks:

Secure Communications Hub

  • Atmel | SMART SAM E70 – high performance advanced connectivity CPU
  • Primary purpose:
    • Provides secure access to communications and UI interfaces
    • Performs tamper detection
    • Provides secure software updates for applications processors via the Zymbit cloud
  • CPU features:
    • 300MHz Cortex-M7
    • AES encryption engine
    • Low latency TRNG (True Random Number Generator)
    • Integrity Check Monitor (ICM) for generating and comparing digests of certain memory areas

Supervisory MPU

  • Atmel | SMART SAML21J17A – ultra low-power microcontroller unit
  • Primary purpose:
    • Power supervision and monitoring
    • Real-time clock
    • Secure programming and debugging interface for the on-board Arduino Zero application CPU
  • CPU features:
    • 48MHz Cortex-M0+
    • AES encryption engine
    • Low latency True Random Number Generator (TRNG)

Secure Key Generation and Storage

  • Atmel ATECC508
  • Primary purpose:
    • Asymmetric (public key) crypto
    • Digital signature generation/validation
    • Password validation
  • Features:
    • Secure key storage
    • Asymmetric encryption
    • Ephemeral key generation

Using these components, Zymbit.Orange provides a secure interface to all essential services for user applications running on the on-board Arduino Zero and/or Raspberry Pi. The dedicated on-board hardware significantly increases the overall security of these platforms without interfering with user applications. It is just as easy to develop an Arduino or Linux project on Zymbit.Orange from scratch or to adapt an existing application to take advantage of the on-board services because they do not interfere with the application CPU programmability.

SecureAxcess is a secure and encrypted USB token


This cybersecurity solution will keep the bad guys away from your personal information. 


With each week seemingly bringing news of another data breach, it’s no wonder a vast majority of people are gripped by anxiety. Fortunately, one Clearwater, Florida startup has developed a new way to put that uneasiness to rest, by ensuring that their most sensitive information is protected from malicious hacking, phishing, snooping, mining and any other form of cyber crimes. Vir-Sec’s solution? The aptly named SecureAxcess

Steal

The company has created and patented what they are billing as “the world’s first, and only, method of secure communication.” Designed with speed and simplicity in mind, a user plugs the flash drive-like token into the USB port of any computer, enters their password and launches a “browser-less” platform called SecureCommuniquea closed messaging, file transfer and chat application that operates inside of SecureAxcess. This limited distribution tool enables users to send emails and documents, as well as engage in other forms of communication in a secure environment, without the threat of intruders. What’s more, the individual’s data and login page cannot be accessed by anyone other than them, and their token.

“It has the look and feel of a browser, but it’s not one! Browsers are bad for accessing secure data. Most major vulnerabilities and methods of attack come from browsers. Eliminating the browser eliminates that threat,” its creator Chris Murphy explains. “The IP address is constantly shifting and is unique to your token so hackers can’t find where to try and break in. It’s like your front door keeps moving around and you can only find it if you have the correct key.”

SecureAxcess also promises true two-factor authentication, requiring both something physical (their token) and something a user knows (their password) in order to access the confidential data.

“When you physically go to the bank, do you just give a name and password to withdraw cash? Of course not, but then why have we allowed it to be so online? Our token acts like you online, physically showing you are who you say while accessing important data,” Murphy adds.

Steal2

Another nice feature is that the program runs entirely from RAM on the token itself, not the computer. Reason being, hackers can compromise browsers and other installed software quite easily. As for its hardware, the pocket-sized device is based on an Atmel | SMART SAMA5 Cortex-A5 MPU and boasts built-in cryptographic security (AES).

“The best way to secure data is to allow authentication to happen at a secure, off-site location, free from software and browsers. Also you can’t open the token and access the parts. The token is a solid fused piece of plastic that cannot be opened without destroying the data.”

Looking for a peace of mind when it comes to safeguarding your online information? Head over to SecureAxcess’ official Kickstarter page, where Vir-Sec is currently seeking $250,000. 

Breach Brief: Cyberattack on LOT Polish Airlines grounds 10 flights


Hackers grounded 10 flights and delayed another 12 by Polish airline LOT after breaching their computer system.


Nearly 1,400 passengers of the Polish airline LOT were affected at Warsaw’s Chopin airport on Sunday after hackers managed to access the computer system responsible for issuing flight plans.

(Source: Wikipedia)

(Source: Wikipedia)

What happened? The cyberattack targeted computers issuing flight plans at Warsaw’s Chopin Airport, officials said. As a result, LOT was forced to ground 10 flights and delayed another 12 including those to Hamburg, Dusseldorf and Copenhagen. The breach took place in the afternoon and, upon being detected, required just about five hours to repair the damage. However, the source of the hack remains unknown.

What they’re saying: In a statement, the airline said that the airport itself wasn’t affected, nor were flights already in the air compromised by the breach. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” company spokesman Adrian Kubicki said. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry.”

This latest incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?

Breach Brief: FBI investigating Cardinals for hacking Astros computer network


According to the New York Times, the FBI is investigating St. Louis Cardinals officials for hacking into the Houston Astros internal networks.


The St. Louis Cardinals are being investigated by the FBI and the U.S. Justice Department for possibly hacking into the internal network of the Houston Astros to steal information on player personnel, the New York Times has reported.

(Screenshot: SI.com)

(Screenshot: SI.com)

What happened? Investigators have come across evidence that the Cardinals front office staff may have broken into the network of the Astros, which housed a number of special databases. According to officials, internal discussions around trades, proprietary stats and scouting reports were among the information compromised.

How did it happen? The intrusion does not appear to be sophisticated, law enforcement officials have noted. According to the New York Times, the FBI believes Cardinals personnel gained access to the Astros’ system by using a list of passwords associated with Astros general manager Jeff Luhnow dating to his tenure with the Cardinals from 2003 until he left for Houston after the 2011 season.

What they’re saying: MLB has shared that it has fully cooperated fully the ongoing investigation, which began last year after data was posted anonymously online. According to the statement, “Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database. Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and will make decisions promptly.”

The professional sports world has seen everything form Spygate to Deflateglate in recent months, but perhaps this cyberattack marks the start of the next wave of cheats. This latest high-profile incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?