SCC (Security Control Center)
1 like401 views
This document presents a Security Control Center (SCC) that monitors and analyzes security attacks on IoT devices. It discusses the need for an SCC due to increasing IoT security issues and lack of security in manufactured devices. The SCC collects information from IoT devices to monitor secure key storage, secure boot, firmware updates, remote attestation, login attempts, and network packets. It uses a client-server architecture with a web-based front-end for device management and security controls. A demonstration of the SCC is available online for device registration, monitoring, and firmware updates.
SCC (Security Control Center)
- 1. - 1 - Mobile & Embedded System Lab. Dept. of Computer Engineering Kyung Hee Univ. SCC (Security Control Center) Presented by Junyoung Jung Capstone Design Ⅱ
- 2. - 2 - Kyung Hee University Mobile Embedded System Lab. Contents Motivation Related works Proposed System SCC: Security Control Center Demonstration
- 3. - 3 - Kyung Hee University Mobile Embedded System Lab. Motivation Recent Trends Accelerated the launch of a variety of IoT products & services Increased interest in IoT device security issues Problems Manufactured without considering security level Absence of a security control system ▶ Difficult to respond to security attacks Need for a Security Control System (Collecting and Analyzing the information about security attacks.)
- 4. - 4 - Kyung Hee University Mobile Embedded System Lab. Related works SecurePi: Secure Raspberry Pi (Using TPM*) Linux based high-end secure COTS IoT device platform ① Secure Key Storage & Management ② Secure Boot ③ Secure Firmware Update ④ Remote Attestation ⑤ Secure Communication ⑥ Mandatory Access Control ⑦ Filesystem Integrity ⑧ Filesystem Encryption *TPM : Trusted Platform Module
- 5. - 5 - Kyung Hee University Mobile Embedded System Lab. Related works SArduino: Secure Arduino (Using SE*) RTOS/Firmware based Low-end secure COTS IoT device platform ① Secure Key Storage & Management ② Secure Boot ③ Secure Firmware Update ④ Remote Attestation ⑤ Secure Communication *SE : Secure Elements
- 6. - 6 - Kyung Hee University Mobile Embedded System Lab. Proposed System Functional requirements (for performing Security Controls) ① Ensure availability of sensitive data ▶ Storing and managing the encryption key data in TPM/SE ▶ Secure Key Storage & Management Monitoring ② Ensure F/W integrity (Secure Boot) ▶ Firmware replacement attacks prevention ▶ Secure Boot Monitoring ③ Ensure secure F/W update ▶ The previous versions of firmware install prevention ▶ Secure Firmware Update Monitoring
- 7. - 7 - Kyung Hee University Mobile Embedded System Lab. Proposed System Functional requirements (for performing Security Controls) ④ Ensure F/W integrity (Remote Attestation) ▶ Firmware replacement attacks prevention through other device ▶ Remote Attestation Monitoring ⑤ Detect the device login attempt ▶ Checking the login log(/var/log/auth.log) periodically ▶ Login Monitoring ⑥ Detect the device allow/deny packet ▶ Checking the iptables log periodically ▶ Packet Monitoring
- 8. - 8 - Kyung Hee University Mobile Embedded System Lab. SCC: Security Control Center System Architecture IoT Control Platform SSL Administrator Web browser HTTP SCC-Server SCC-Web Database JSON On-demand Event Secure Pi SCC-Client SecureKeyManagement Monitor Front-end Back-end EJS Node.js .css .js express AJAX Transaction Upload the SCC-Client Info. to Database Remote Attestation Server Firmware Update Server Secure Boot Monitor SecureFWUpdate Monitor RemoteAttestation Monitor Login Monitor Packet Monitor SCC table LOG table …
- 9. - 9 - Kyung Hee University Mobile Embedded System Lab. Demonstration http://163.180.118.193:3000 ① Device registration ② Device detail view ③ Device Firmware Update • Secure Key Storage & Management • Secure Boot • Secure Firmware Update • Remote Attestation ④ Login & Packet Monitoring
- 10. - 10 - Kyung Hee University Mobile Embedded System Lab. Thank you