1. No category

Endpoints in the New Age: Apps, Mobility, and

SESSION ID: ECO-T07R
Endpoints in the New Age:
Apps, Mobility, and the
Internet of Things
Benjamin Jun
CTO
Chosen Plaintext Partners
@BenjaminJun
#RSAC
v18
Lots of connected devices!
@BenjaminJun
#RSAC
PCs
IP phones
Mobile phones
Consumer Electronics
Machine-to-Machine
Source: Cisco
2
@BenjaminJun
#RSAC
Endpoint security today
Monitor
Recover
Manage

React to anomalous data/behavior

Respond quickly to 0 day

System repair

Centralized policy enforcement

Deployment management
Endpoint Security Platforms Market
The Radicati Group, Inc. (2014)
3
@BenjaminJun
#RSAC
Endpoint security today

Complexity hurts defense (a)


(b)
Platform
– new
onesgenerated
have poor
security[9].(Left) is a correctly predicted sample, (ce
Figure 5:diversity
Adversarial
examples
for AlexNet
ference
between
correct image,
image/ device
predicted/ incorrectly
magnified by 10x (values shifted by
Lots
of apps,
smeared
acrossand
cloud
IoT
clamped), (right) adversarial example. All images in the right column are predicted to be an “ ostrich
camelus” . Average distortion based on 64 examples is 0.006508. Plase refer to ht t p: / / goo. gl /
for full
resolutionhas
images.
The examples are strictly randomly chosen. ThereRube
is notGoldberg
any postselection
Archives
 Machine
learning
limits




Machine recognition cuts through complexity
…but lousy against skilled adversaries
Result: race-to-update!
Attackers are more subtle (a)
+ deep (APT)

HARD to tune false positive vs. false negative
“car”
“NOT
(b)car”
delta
Intriguing properties of neural networks, Szegedy et al
Figure 6: Adversarial examples for QuocNet [10]. A binary car classifier was trained on top of the
features without fine-tuning. The randomly
4 chosen examples on the left are recognized correctly as c
What lies ahead…
Internet of Things
Device Federation
#RSAC
Application Portability
Complex Trust Domains
@BenjaminJun
#RSAC
The Internet of Things
The physical world is becoming a type of
information system [with] sensors and
actuators embedded in physical objects...
When objects can both sense the environment and
communicate, they become tools for understanding
complexity and responding to it.
– McKinsey & Company
6
Challenge: Break physical stuff, at scale

Enron fakes grid transactions to
manipulate market (2001)

Stuxnet targets programmable
logic controller (2010)
Siemens Simatic S7-315
The devices: Radio Ranges

IOActive demo’d vulnerabilities in
Washington DC traffic
management system (2014)
Hacking US Traffic Control Systems
Cesar Cerrudo, IOActive
7
@BenjaminJun
#RSAC
Place (GPS)
Challenge: Time and Place

IoT policies sensitive to time/location


@BenjaminJun
#RSAC
App logic, pricing, proximity assessment,
identity, pairing, DRM, …
Today’s approaches not private, spoofable
Captured RQ-170 Sentinel

CJ6 GPS Jammer
Prediction:
Chipset
jammerstore.com
On the Requirements for
Captured RQ-170 Sentinel
Successful
GPS
Spoofing
Attacks
cores for environment attestation
Tippenhauer, Pöpper, Rasmussen, Capkun
Christian Science Monitor, 12/15/2011

Independent CPU maintains GPS + time history

Digitally sign data, traceable to module security certification
#RSA
28
8
Christian Science Monitor 12/15/2011
@BenjaminJun
#RSAC
Challenge: IoT device maintainabiliy

Unmanaged IoT hard to update, no clear owner, no mgmt $

But today’s endpoint security relies on updates!

IoT infrastructure has 5x longer field life than mobile device

System components have short lived support



Chipset SW team builds Board Support Package (BSP)
ODM builds device functionality
Product vendor makes customization
AhnLab
V3 Mobile
Version
Report
150101
Date
Jan/2015
Protection
Protection against malicious
Android apps
Detection of a representa
tive set of malicious
2,950 samples used
apps discovered in
the last 4 weeks (AV-TEST
January
reference set)
Usability
Protecti on Score
Impact of the security
Performance: The
Performance: The
software on the usability
app does not impact
app does not slow
False warnings during
False warnings during
981 samples used
of the device
the battery life
January Industry
average
down the device during
app does not generate
1,932 samples used
normal usage
too much traffic
installation and usage
installation and usage
of legitimate apps
from Google Play
of legitimate software
Store
from third party app
stores
Features
Usability Score
Further important security
Anti-Thef t (Remote-L
Call Blocker: Block
/ Locate): Locate,
or stolen
and/or against phishing
or observe the activity
to SD-card or cloud
of children on the
device
AV-TEST Independent IT-Security Institute
Android Testing Methodology (2013)
Encryption: Any kind
0
0
January
device when it is lost
for unwanted content
of malicious websites
Features to control
data can be saved
Lock or Wipe your
or unknown numbers
messages and/or mails
Safe Browsing: Protection
Parental Control:
0
0
6.0/6.0
features
ock / Remote-W ipe
calls from specific
Message Filter: Filter
Backup: Personal
of encryption is supported
Other features:
storage
(e.g. device encryption
, SD-card encryption
or VPN)
Network Managem
ent
9
Industry
average
6.0/6.0
Malware detection test:
“We use only recent
malware, which is not
older than 4 weeks.”
Performance: The
…will the last one in the building
patch the vulnerability?
During January 2015
we evaluated 31 mobile
security products for
used the most current
Android using their
version of all products
default settings. We
always
for the testing. They
query their in-the-clou
were allowed to update
d services. We focused
themselves at any time
on malware detection
and
positives. Products
and usability, including
had to demonstrate
performance and false
their capabilities using
all components and
protection layers.
2.1
Platform Android
5.0.1
Copyright © 2015
by AV-TEST GmbH,
Klewitzst r. 7, 39112
Phone +49 (0) 391
Magdeburg, Germany
60754-60, Fax +49
(0) 391 60754-69,
www.av-test.org
What lies ahead…
Internet of Things
Device Federation
#RSAC
Application Portability
Complex Trust Domains
@BenjaminJun
#RSAC
Device federation
M2M peer cooperation

To assess device environment

For control + data flows

When one device proxies a human
Need to discover, create, manage,
and authenticate endpoint identities
11
Fridge: Marjan Lazarevski
S-beam: wonderhowto.com
…best practice for device federation?
@BenjaminJun
#RSAC
Problem: wifi-enroll a new printer
1.
New printer defaults as open wifi AP
2.
“HP Auto Wireless Connect”



3.
Runs on your PC
Scrapes wifi access code from OS
Connects to printer AP and gives access
code to printer
Printer joins your wireless network!
Genius or Scary?
12
www.wikihow.com
Authentication standards filling out…

Fast IDentity Online (FIDO) Alliance




OAuth, OpenID



People authentication
Leverages security features on user device
Agnostic to device authentication technology
API access (robot) authentication
Client enrolled and given a key
…not M2M / endpoint solutions!

Need device discovery, P2P connection
13
FIDO
@BenjaminJun
#RSAC
@BenjaminJun
#RSAC
Ease of 1st Connection
Decentralized device federation
Embedded agent
Proximity &
web-of-trust
CryptoManager
Enroll to local hub
Enroll to central service
Degree of Centralization
Web of trust: www.linux.com
Bluetooth: cloudlink.soasta.com
CryptoManager: rambus.com
S-beam: wonderhowto.com
What lies ahead…
Internet of Things
Device Federation
#RSAC
Application Portability
Complex Trust Domains
@BenjaminJun
#RSAC
Workspaces of the future
Instant global connectivity
Cross-domain collaboration
Hierarchical control
“Mobile [as a distinction] is dead
…I expect to use any screen”
– Matias Duarte
VP of Design, Google
16
@BenjaminJun
#RSAC
Application portability
Seamless sessions across independently managed devices.


Securely “throw” app to different device

Immediate response

Minimal admin (BYOD, friends house, hotel)

Application bound to user, not device
When app and data really matter!
17
Attackers target interoperability controls

Example: HDCP content pipe


@BenjaminJun
#RSAC
“High Bandwidth Digital Copy Protection”
Protects digital content, interoperability

Ease of use: Fast, offline, any-to-any

No one device contains global secret
but a group of 40 devices reveals it!

Commercial exploit!
A Cryptanalysis of the High-bandwidth Digital Content Protection System
(Crosby, Goldberg, Johnson, Song, Wagner)
18
image from www.hdmi.org
App control is bound to keys...
manage them well!


@BenjaminJun
#RSAC
Apple Airplay protects digital content,
interoperability, and user binding

Fast, offline, any-to-any

Pipe + direct connection to Internet sources
Security design

RSA keypairs for different roles

Global keys extracted
shairport, James Laird
19
Portability requires centralized policies

Cloud sync helps data
portability

Sync + console greatly
improve management tools

But security of distributed
data only as strong as
weakest link

Controls are coarse
@BenjaminJun
#RSAC
Centralization helps.
But device security is the limiting reagent!
20
www.dropbox.com (accessed 2/13/2015)
Portability requires sandboxing
… but are software sandboxes robust?
The Great Cloud Reboot of 2014
@BenjaminJun
#RSAC
Content as threat vector
Xen Security Advisory CVE2014-7188
21
https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
Portability requires secure UI
… but we can’t even do this locally!



@BenjaminJun
#RSAC
User interface == communication channel

Isolation, privacy, integrity

Many groups working on this
Guiding lights?

SE Linux has right focus on interfaces

PIN pad standards (DUKPT)
Um, separated UI is good for security!

…did iMessage just kill SMS 2-factor?
22
http://blog.billguard.com/2014/07/look-easily-can-thwart-even-sophisticated-atm-skimmer/
What lies ahead…
Internet of Things
Device Federation
#RSAC
Application Portability
Complex Trust Domains
The good old days (pre-2010)


@BenjaminJun
#RSAC
Hierarchical structure

Device Admin = Owner = Root

OS/BIOS in charge

Policies via endpoint security
product
Reality: “Possession is nine tenths of the law”
24
www.historyforkids.net
@BenjaminJun
#RSAC
Many cooks in the kitchen!
Entities
Privileges
Device owner
User(s)
Applications
Application developer
App store
BYOD administrator(s)
Mobile carrier / system operator
OS vendor
Device manufacturer
Chip manufacturer
Run app
Unlock data
Read location info
Application keys
Access to crash logs
Platform attestation
Allow SW update
Debug unlock
Privileged developer hooks
Peripheral authentication
Encrypted key store
25
@BenjaminJun
#RSAC
Pressure on trust boundaries

App doesn’t trust user

Nobody trusts the software

App doesn’t trust root


User cannot touch app’s keys
No single administrator:
multiple, limited authorities

Auditable privilege limits
26
@BenjaminJun
#RSAC
Well intentioned but limited
Red/black isolation too simplistic
Sandboxes incomplete, make developers lazy
Key rolling w/o device robustness?
TPM attestation not for complex SW
27
eventwristbands.com
Infineon TPM overview, 2008
Docker
One ring to rule them all?

@BenjaminJun
#RSAC
Multiple “owners”, transparent limits,
privilege transfers, situational override,
auditable logs and limits

Not trusted: Root / OS / vendor / govt

Platform enforces data/program domains

Privilege handoffs over device lifecycle

Can remotely audit system attributes

Enforced in HW, not by OS
28
Chart: Credo Construction
#RSAC
Healthy Endpoints
@BenjaminJun
#RSAC
Endpoint foundation


What gets to run on the platform?

Boot / code authentication

Secure debug lock
Do my secrets remain opaque?

Application partitioning

Hardware-based secure key storage
UI
App
App
OS / TrustZone /
Hypervisor
Hardware

Am I in the real world or the matrix?

Environment attestation

Peripheral authentication
30
Secure Key / ID
store + manager
Crypto
@BenjaminJun
#RSAC
Trust from the top down
DB

Device enrollment

App deployment & updates

System audit & risk management

Online revocation

Policy management
DB
App
server
UI
App
server
App
App
OS / TrustZone /
Hypervisor
Hardware
Secure Key / ID
store + manager
31
Crypto
@BenjaminJun
#RSAC
Trust meets in the middle
Device
Mfg.
Server
DB
Identity + key provisioning
Authentication service
Policy management
Security updates
DB
App
server
UI
App
server
App
App
OS / TrustZone /
Hypervisor
Identity + key management
Sandboxed secrets
Partitioning of critical state
Reliability & integrity
Hardware
Secure Key / ID
store + manager
32
Crypto
Apply what you have learned

Near term


Mid term



Understand endpoint security systems (walk show floor!)
Appreciate where your roadmap deviates from your endpoint tools
Use available security building blocks!
Long term

Advocate for platform improvements
33
@BenjaminJun
#RSAC
Endpoints In
the New Age
Questions?
@ Benjamin Jun
[email protected]
Internet of Things
Device Federation
#RSAC
Application Portability
Complex Trust Domains

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz