Digital Security for the Internet of Things

Columbia UniversityVera Ho ￭ Wei Cai ￭ Salar Fattahi

Why Digital Security?

Many pieces of technology are now becoming "smart" devices

○ Health Care○ Appliances (Washers/Dryers, Refrigerators, etc)○ Locks & Surveillance

These are very personal items but new technology is typically not very secured

○ For example, when email was first invented, it was not secure at all and became exploited

○ When these new devices are exploited, people no longer feel safe in their own homes

Example of Exploited IoT

"Hackers Remotely Kill a Jeep on the Highway - With Me in It" by Andy Greenberg (Wired)

○ Controlled experiment between 2 hackers and a driver

○ Hackers used a laptop 10 miles away○ Took control over climate controls, wipers and

radio settings

Example of Exploited IoT

"Hackers Remotely Kill a Jeep on the Highway - With Me in It" by Andy Greenberg (Wired)

○ Transmission can be cut and the accelerator no longer responded to the driver

○ The Jeep slowed to a stop in the middle of highway traffic

○ The breaks could also be controlled

Why Digital Security?

Our project is to explore how security works for the Internet of Things. Specifically, we are simulating our own "smart" lock system because:

○ Locks to our homes represent our trust to keep everything we hold dear safe from criminals and thieves

○ Locks inherently require a secure functionality and setup

Project Design Overview

There are 3 components to our smart lock:○ Phone application for the user to communicate with

the lock○ The lock will authenticate the user before

locking/unlocking○ Parse is used to store activity as log information

Project Design DetailsRaspberry Pi

○ Simulating the GUI of the lock (reporting it's state) and the user interface of the phone application

○ Connected to WiFi with a dongleAtmel WINC1500, SAMD21 microcontroller and CryptoAuthentication Chips

○ Emulating the lock hardware itself○ Authenticates user ○ Connects hardware to Wi-FI

Parse Cloud Platform○ Stores login information each time a user attempts

to change the lock state

Atmel Hardware Details

The Atmel microcontroller is programmed using C○ Micro Control Unit (MCU)○ USB interface, Virtual COM Port.

Atmel Hardware Details

Atmel WINC1500○ IEEE 802.11 b/g/n○ Station mode, AP mode, P2P mode○ TCP and UDP sockets

Atmel CryptoAuthXplained ○ ATSHA204, ATAES132A, ATECC108A○ Provides SHA-256 hash algorithm○ Symmetric/Asymmetric Crypto○ Store up to 16 keys

Authentication

Key Authentication

User Interface and Interactions

○ User Interface implemented on Raspberry Pi.○ Entry fields for username and password logins and new user

setup.○ Login attempts will be pushed to the cloud.

Raspberry Pi Details

When each button is pressed, the GUI will communicate with either Parse or Atmel

○ Parse via RESTful API using HTTP requests○ Atmel via TCP sockets

Sample ScenariosApp Interface: User can use his phone to

login and unlock the door

Front Door: Valid users can login on the front door to lock/unlock the door

Inside the House: Master users can add temporary users for a limited

time

Parse Cloud Details

Communicates with Raspberry Pi using the RESTful API by using HTTP requests

○ Create new users and record their login information○ Log the time and date each user attempts to use the

lock○ Report information back to the Raspberry Pi if

requested

Parse Cloud InterfaceUser: Attempted usernamesisValid: Validity of username/passwordLocked: Status of the LockupdateAt: Date and time of updatecreatedAt: Date and time of creation