security presentation - solar decathlon
Post on 12-Jul-2015
119 Views
Preview:
TRANSCRIPT
Solar Decathlon Cysec
Presentation ILaura Cerrito, Maunil Sanghavi, Alexis
Moore, Daniel Delaney, Assaf Kipnis, Justin Frech
Project Goals
● Construct a zero energy balance self sustaining house
● Give the house "smart" features● Compete successfully in the DOE Solar
Decathlon● Make the house a viable marketable product
○ Competition model○ Home model
Security Goals
● Promote security within all aspects of the project (Beyond CS scope)
● Increase marketability● Provide security mitigation to CIA/P
concerns● Promote security through flexibility
throughout the house's lifecycle● Provide fallback and disaster recovery plans
for both competition and home models
Learning
The house will receive data from environmental sensors and use that information to make decisions on:● Energy conservation
○ Turn appliances on/off○ Window shade control
● Maximizing resident comfort○ Climate control
Learning/Smart Features
Learning:● Weather patterns (Built in weather station)● Time of day / outside light (Sensors)● Room capacity (Sensors)● Power usage (Appliances)
Smart:● Centralized appliance control(Mobile app)● Built in wireless network
High Level Security Concerns
● Confidentiality○ Aggregation of user data○ Mobile app usage (User profiles)
● Integrity○ Sensor/appliance data flow into sensor module
■ Wired■ Wireless
○ Wireless network dependability○ Weather data authentication○ Appliance communication
High Level Security Concerns (cont.)
● Availability○ Weather station data○ Sensor data○ Sensor module ○ Appliance data○ Mobile application○ Wireless network○ Communication with service providers(Power,
internet etc.)
High Level Security Concerns (cont.)
● Privacy○ Power consumption aggregation(smart meter)○ Resident movements and habits○ Personal information on network
CS Team Goals
Create software and infrastructure for learning features and control● Web Server (Windows Server 2008)● DataBase (MongoDB)● Learning algorithm● Alternate website (Main is done by VisTech)● Mobile application (Android)
CS Team Level Security Concerns
● Confidentiality○ Aggregation of usage data (Power, appliances etc.)○ Centralized billing information○ Centralized payment information
● Integrity○ Flow of data from sensor module to webserver○ Flow of data into and within the DB○ Communication with mobile application and website○ Historical data (Weather)
CS Team Level Security Concerns (cont.)
● Availability○ Server data○ DB data○ WiFi communications○ User profiles○ Physical machine (Server/DB)
● Privacy○ Personal information (User profiles)○ Stored learned information (Learning algorithm
output)○ Historical information
Usage and Threat Scenarios
● Decathlon Model○ No outside attackers○ No privacy concerns○ Focus on integrity and availability○ Disaster recovery as a high value○ Marketability - Creates shift in focus towards future
use (Home model)
Usage and Threat Scenarios (Cont.)
● Home Model○ Outside attackers ○ Privacy as a high value target○ Flexibility of interchangeable parts
■ Hardware■ Software■ Appliances■ Sensors
Attacker Models
● Honest but Curious○ Users with low access levels○ Users of a potential outside mobile application
■ Judges (competition model)● Malicious
○ Identity thieves ○ Disgruntled employees (Utility companies)○ Recreational hackers○ DoS networks○ Burglars (Gather information from smart features)
Solar Decathlon Cysec
Presentation IILaura Cerrito, Maunil Sanghavi, Alexis
Moore, Daniel Delaney, Assaf Kipnis, Justin Frech
Asset Identification (Back End)
● Operating System○ Windows Server 2008 R2
● Web Server○ Windows Server 2008 R2
● Database○ MongoDB
● Wireless Router ○ NetGear N750
● Programming Languages○ Java and PHP
Identified Vulnerabilities
● NoSQL injection(DB)● Script injection attacks(DB)● No encryption of data files (DB)● No encryption in transit or rest (DB)● No auditing ability (DB)● Passwords and usernames stored in MD5
hash by default (DB)● Privilege escalation(OS)● Directory Traversal attack(OS)● XSS(server)
Mitigation
● Explicitly encrypt sensitive info in the DB● Must "hide" traffic behind HTTP proxy for in
transit encryption(Server)● Define permissions on HTTP proxy● All user input must be sanitized ● Change MD5 hash to SHA256● Create detached audit table ● Access control lists● Disallow users to upload any documents● Disallow any user input on the app or site
Asset Identification (Front End)
● Additional server (Disconnected from Internet) (in discussion)○ Jurors
● Programming languages○ HTML5○ JSON - Mobile app○ Java - Android
Identified Vulnerabilities
● NoSQL injections● JavaScript injections● Session Hijacking● Fuzzing attacks● Certificate Spoofing
Mitigations
● Input sanitation● Access control lists● Encrypt server communications
○ Incoming ○ outgoing
● Preemptive fuzzing
Identification of chokepoints
● Central module (EE control)○ All house communications
● Sensor module (EE control)○ All sensor communications
● CS module (server)● Mobile application
Mitigation
● Discuss with EE's replacement modules○ Fallback to wired connection to Server module
(Xbee)● Secondary server
○ Competition model: Outside the house○ Home Model: Seamless replacement
● Secondary mobile app○ Competition model: Replacement tablet/web app○ Home model: Web app fallback
User Groups
● Competition model○ Superuser
■ All rights ○ Juror
■ View limited data (high level power usage)■ Limited usability (Turn lights on/off)
● Home model○ Superuser
■ All rights○ Visitor
■ Malleable access rights
Solar Decathlon Cysec
Presentation IIILaura Cerrito, Maunil Sanghavi, Alexis
Moore, Daniel Delaney, Assaf Kipnis, Justin Frech
Threat Profile
● Spoofing○ Man in the middle attacks○ Cross site request forgery
● Tampering○ Session hijacking○ Virtual defacement○ Cross Site Scripting (XSS)
● Repudiation○ Modification attacks ○ Certificate spoofing/expiration
Threat Profile (cont.)
● Information Disclosure○ Resident/user data exposure
● DoS○ SYN Spoofing○ Floods (ICMP, UDP, SYN)○ Reflection/amplification attacks
● 0-Day attacks○ Previously unknown attack vectors
Security Strategy4 Layer Defense in Depth
1. Perimeter defense○ Firewall (traffic filtering) ○ Proxy servers○ DoS attacks
2. OS and application security○ Physical access○ Patching○ Service packs
Security Strategy4 Layer Defense in Depth (cont.)
3. Host protection○ Attacks from within the network○ HIDS (Host based IDS)○ Internal firewalls○ Anti-Virus software○ Access policy
4. Data/Information protection ○ Data encryption
■ Transit■ Rest
Security Architecture Model
● Detection○ Identify intrusion○ Follow intrusion path○ IDS (Intrusion Detection System)
● Prevention○ Prevent unauthorized access○ Prevent and control changes○ IPS
● Monitoring○ Security policy and assessments
● Management○ Allow flexibility of the above for future changes
Test Plan
Viewpoints:● Black Box (External)
○ External testing○ Reconnaissance (social engineering)○ Enumeration (nmap)○ Abuse of web protocols
● White Box (Internal)○ Internal testing (attack from within the network)○ Privilege escalation○ Configuration changes
Test Plan (cont.)
Techniques:● Review (Documents, procedures, logs)● Target identification (Network discovery, port
scan, vulnerability scan, wireless scan)● Target vulnerability validation (Password
cracking, penetration testing)● Fuzzing ● Buffer overflow
Questions?
top related