ECEN 5053-002

Developing the Industrial Internet of Things

Week 5 - Lecture
Security
Dave Sluiter - Spring 2018
Warning - Ethics, Law, and University Policies
To defend a system you need to be able to think like an attacker, and that includes
understanding techniques that can be used to compromise security. However, using those
techniques in the real world may violate the law or the University’s rules, and it may be
unethical. Under some circumstances, even probing for weaknesses may result in severe
penalties, up to and including expulsion, civil fines, and jail time. Our policy in this class is that
you must respect the privacy and property rights of others at all times, or else you will fail the
course.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and
Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of
several laws that govern “hacking.” Understand what the law prohibits — you don’t want to
end up like this guy. If in doubt, we can refer you to an attorney.
Please review CU's acceptable use policy of IT resources for guidelines concerning proper use
of information technology, as well as the Engineering Honor Code.

Source: Eric Wustrow

Footnote/Reference 2
Material
• Security overview
• Encryption techniques, one time pad, symmetric encryption, asymmetric
encryption
• Diffie-Hellman
• Hashes, Message Authentication Codes (MACs)
• Attack vectors: AES, key, man-in-the-middle, replay
• Key protection, hardware techniques
• Side-channel attacks
• Chain of Trust
• Examples of poor security implementations
• How web browsers establish a secure connection
• Blockchains

Footnote/Reference 3
Learning Outcomes
• Develop a “Security” mindset
• Address security at all levels and at all interfaces in a
system
• Make it difficult for attackers to walk through the door.
• Difference between symmetric and asymmetric
encryption, Diffie-Hellman, Hashes, MACs, key protection
schemes, man-in-the-middle and replay attacks
• Awareness of US security standards

Footnote/Reference 4
Security Overview

Footnote/Reference 5
But first, a comic

Footnote/Reference 6
What does it mean to be secure?
Bob Insecure channel
Alice
“Hi Bob, Hi Alice”

Eve

Footnote/Reference 7
What does it mean to be secure?
Bob Insecure channel
Alice
“Nxz Yk1 a6qb 7”

Eve

Footnote/Reference 8
 The Security Mindset - Bruce Schneier
• https://www.schneier.com/blog/archives/2008/03/
the_security_mi_1.html
“Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They
can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the
security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.

SmartWater is a liquid with a unique identifier linked to a particular owner. "The idea is for me to paint this stuff on my
valuables as proof of ownership," I wrote when I first learned about the idea. "I think a better idea would be for me to paint it
on your valuables, and then call the police.” Really, we can't help it.

This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about
how things can be made to work; the security mindset involves thinking about how things can be made to fail. It
involves thinking like an attacker, an adversary or a criminal. You don't have to exploit the vulnerabilities you find, but if you
don't see the world that way, you'll never notice most security problems.”

Footnote/Reference 9
The Security Mindset - Dave Sluiter
• When working in security, it is an unwise mental mindset to make statements such
as: “That’s impossible”, or “No one will ever figure this out” and other such
absolute statements.
• A better mindset is one that blurs the line between TRUE and FALSE, mental
positions such as likely/unlikely, probable/improbable, practical/impractical.
• The world is full of some very clever and well funded people.
• Examples:
• WWII German Enigma machine
• US NSA
• Israeli Mossad
• There is no 100% security, only approaches/solutions deemed “good enough”.
• “Security through obscurity is not security” - courtesy of Don Matthews

Footnote/Reference 10
Kerckhoffs's Principle

• Stated by Dutch cryptographer Auguste Kerckhoff in the

19th century:
• A crypto system should be secure even if everything
about the system, except the key, is public
knowledge.

Footnote/Reference 11
The Security Mindset
• What can we learn from wood-block puzzles?
• How to think “orthogonal” or unconventional

Footnote/Reference 12
Basics

Footnote/Reference 13
Terminology

• Plaintext, often denoted by P (sometimes called clear-

text), is what you want to protect/encrypt
• Ciphertext, often denoted by C, is what you get after
encryption

Footnote/Reference 14
Encryption Techniques
• Caesar Cipher, named after Julius Caesar
• Substitution cipher, based on a shift

Footnote/Reference 15
Encryption Techniques A=0, B=1, C=2, … Z=25

Plain text M E E T T O N I G H T

• One time pad (OTP)

12 4 4 19 19 14 13 8 6 7 19

Key D Z H S U I M W E K C

• So-called “perfect” encryption 3 25 7 18 20 8 12 22 4 10 2

• Impractical for real-world Sum 15 29 11 37 39 22 25 30 10 17 21

Sum mod 26 15 3 11 11 13 22 25 4 10 17 21

Cipher Text P D L L N W Z E K R V

Cipher text P D L L N W Z C K R V

15 3 11 11 13 22 25 4 10 17 21

Key D Z H S U I M W E K C

3 25 7 18 20 8 12 22 4 10 2

Diff 12 -22 4 -7 -7 14 13 -18 6 7 19

Sum mod 26 12 4 4 19 19 14 13 8 6 7 19

Plain text M E E T T O N I G H T

Footnote/Reference 16
AES (Advanced Encryption Standard)
• Established by US NIST (National Institute of Standards)
• Block cipher: 16-bytes in, 16-byte out
• 3 key lengths: 128-, 192-, 256-bits
• High-level description
• 1) With N=number of rounds, round keys are extracted from the
cipher key (where N = 10, 12, 14, for 128-, 192- or 256-bits)
• 2) Round 0
• 3) Rounds 1 to N-2
• 4) Final round N-1
• Believed to be secure, but we don’t know how to prove it

Footnote/Reference 17
AES Encryption
Encryption

round keys
round keys
round keys
cipher key round keys
round keys
round keys
round keys
Key expansion round keys
round keys
round keys

plain text
cipher text
16-bytes
16-bytes

AES core

Footnote/Reference 18
AES Decryption
Decryption

round keys
round keys
round keys
cipher key round keys
round keys
round keys
round keys
Key expansion round keys
round keys
round keys

cipher text
plain text
16-bytes
16-bytes

AES core

Footnote/Reference 19
AES

• When AES is implemented as per specification, it is

known as Electronic Code Book (ECB)
• Shouldn’t this be good enough?
• Can you think of any issues that might arise?

Footnote/Reference 20
AES ECB mode

• The same plain-text always encrypts to the same

cipher-text
• The result is, it leaks information

AES ECB

Footnote/Reference 21
AES CBC (Cipher Block Chaining Mode)

Footnote/Reference 22
AES CBC (Cipher Block Chaining Mode)

Footnote/Reference 23
AES CBC mode

AES CBC

Footnote/Reference 24
AES CBC mode

• Initialization vector/value (IV) should be chosen wisely

• Ideally, each 16-byte block would have a unique AND
unpredictable IV (not a counter)

Footnote/Reference 25
AES XTS mode

• NIST added XTS mode for storage devices

• Specified in SP800-38E
• Deemed “better than” CBC
• AES is known as a symmetric encryption algorithm
because the same key is used for encryption and
decryption

Footnote/Reference 26
Asymmetric Encryption

• Also known as Public Key Encryption (Public Key

Cryptography)
• Uses a pair of keys: 1 public, 1 private
• Provides two functions:
• Encryption
• Authentication, verifies the message came from the
holder of the matching private key

Footnote/Reference 27
Asymmetric Encryption

Computationally Public
Easy
Large
Key Computationally
random
Generation difficult / Impractical
number

Private

Footnote/Reference 28
 Asymmetric Encryption Alice wants to receive secure
communication from Bob
Alice
Insecure channel
Public

Bob Alice Alice Alice

Public K K Private

Xc5hIi
Encrypt D
sk7
Decrypt “Hi
“Hi
D Alice”
Alice”

Does Alice know that the

message really came from Bob?

What if Eve had Alices’s public key?

Footnote/Reference 29
 Asymmetric Encryption Alice wants to receive secure
communication from Bob
Bob Insecure channel Bob
Public Public

Bob Bob Alice

Private K K

zKiErT
Encrypt D
qVa
Decrypt “Hi
“Hi
D Alice”
Alice”

Does Alice know that the

message really came from Bob?

What if Eve had Bob’s public key?

Footnote/Reference 30
 Diffie-Hellman

A method to securely establish a

known secret (a “key”) between
2 parties over an insecure channel.

Source: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
Footnote/Reference 31
 Diffie-Hellman

Note: Larger values of a, b and p would

be needed to make this secure, g is
usually a small number.

Also Note:

(g ) = (g )
a b b a

Source: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
Primitive root mod n: http://math.stackexchange.com/questions/795414/what-are-primitive-roots-modulo-n

Footnote/Reference 32
 Diffie-Hellman

Source: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
Footnote/Reference 33
Diffie-Hellman

• Alice and Bob now use symmetric encryption (AES XTS

for example) on an insecure channel, using s as the
common encryption/decryption key.

Footnote/Reference 34
PGP (Pretty Good Privacy)

• Created by Phil Zimmerman in 1991

• Follows the OpenPGP standard (RFC 4880)

Footnote/Reference 35
 PGP (Pretty Good Privacy) Insecure
channel
Random Encrypted
Gen Key Random Key
Random D
Bob Key
Alice Encrypt
Public K

“Hi D
Alice” zKiErT
Encrypt qVa
K
Encrypted
Data

Footnote/Reference 36
 PGP (Pretty Good Privacy)
Encrypted
Data

zKiErT
qVa D Alice
“Hi
Decrypt
Alice”
Random K
D Key
Alice Decrypt
Encrypted
Private K
Random Key

Footnote/Reference 37
 RSA (Rivest-Shamir-Adleman)
• Involves 4 steps
• Key generation
• Key distribution
• Encryption
• Decryption

Source: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

Footnote/Reference 38
 RSA
• It is practical to find 3 very large positive integers e, d and
n such that with modular exponentiation for all integers m,
we have:
(m ) ≡ m(mod n)
e d
y
b %m
and
Integer b raised to y,
(m ) ≡ m(mod n)
d e divided by the modulus m
to produce a remainder

And that even knowing e, m and n, it can be very difficult to determine d

Footnote/Reference 39
RSA Key Generation
• Choose two distinct prime number p and q
• Chosen at random, similar magnitudes
• Compute n = p*q
• n is used as the modulus, this is the key length
• Compute λ (n) = lcm( p − 1,q − 1) kept private
• Choose an integer e, such that 1 < e < λ (n)
• where e and λ (n) are coprime
• Determine d as d ≡ e−1 (mod λ (n))

40
RSA Key Distribution
• The public key consists of n and e and is distributed
• The private key consists of n and d and is kept secret
• p, q and λ (n) must also be kept secret

41
 RSA Encryption
• Bob wants to send Alice a message M after receiving n and e
from Alice
• Bob reduces his message to an integer m where 0 <= m <= n by
using a previously agreed upon reversible protocol known as a
padding scheme. Cipher text is then computed as:
c ≡ m (mod n)
e

For padding explanation, see: https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding 42

RSA Decryption
• Alice computes:

c d ≡ (me ) d ≡ m(mod n)
• And then reversing the padding scheme

43
 Hash Functions
• Maps a message of arbitrary length to a fixed number of bits, referred
to as the hash value (or message digest, or simply digest)
• “Good” cryptographic hash functions have 5 properties:
• Deterministic: same input, same output every time
• Quick to compute, computationally inexpensive
• Impractical to determine a message from the hash value
• Has the notion of being a “one-way” function
• A small change in input results in a large change in the output
• Impractical to find two messages that map to the same hash value
• Used to check the integrity of data transmission
See: https://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions for a list of cryptographic hash functions

Footnote/Reference 44
 Uses for Hash Functions
Password Table (digests)

• Saving passwords
• Login: UserName 0xF1324578

• Password: Xh8_i27vZ

Hash () Same?

• See also the SHA-2 family of

hash functions as per FIPS 180-4 • Are there weaknesses?
• Well studied, haven’t spotted a • What about dictionary Yes / No
problem yet attacks?

Footnote/Reference 45
Message Authentication Codes (MACs)

• Accepts as inputs:
• A secret key
• A message of arbitrary length
• Outputs a fixed-size MAC value (also know as a tag)
• A cryptographic hash function is one method to generate a
MAC value.
• See HMAC-SHA256, RFC 2104
• Often used for authentication

Footnote/Reference 46
 Here we are concerned about authenticity -
MAC Usage did this message really com from Bob?
And integrity - has the message been modified
in transit?
Shared Insecure
secret key channel
Bob Alice
Private MAC () Tag Tag

Shared Yes / No
secret key Same?

Private

“Hi “Hi MAC () Tag

Alice” Alice”
Regenerated MAC value

Footnote/Reference 47
Open source software downloads

• How many of you have seen/used an MD5 checksum?

• Vulnerabilities have been discovered that make it
unsuitable for use as a cryptographic hash function, but
can still be used for data integrity.
• For example: Has anyone messed with the .zip file I
downloaded?

Footnote/Reference 48
 Software/Firmware Updates
• Should always be authenticated! • Authentication
• Build this into the system from day one • Integrity
• Asymmetric encryption would be a fair design choice • Security

Secure Server Device

Shared Shared
secret key Insecure secret key
channel MAC ()
Private MAC () Tag Private
Tag Same?

Tag Tag
Binary
D Binary
Software D
Encrypt Software
Image Binary
Private K Image Decrypt
Public Software
K Image

Footnote/Reference 49
Key Generation
• In order to be effective, the keys used for security should be random
numbers so an adversary cannot guess them.
• My advice is to steer away from pseudo-random number generation
because these have a predictable pattern.
• Very hard to generate “true” random numbers.
• Use the output or “measures” of physical systems that are inherently
entropic, such that they are indistinguishable from “true” random
numbers. Choices may include:
• Temperature
• Vibration
• Flow rate
• Ring oscillator
• Then mix these sources into your key generation

Footnote/Reference 50
 Threat Vectors

• A threat vector (aka an attack surface) is an avenue

that an attacker can exploit to gain access to a system,
or to cause a system to leak information
• During the process of engineering systems, you have to
ask the question: “What are we trying to protect
against?”
• Be constantly applying the security mindset.

Footnote/Reference 51
 Brute Force Attack on AES-256

• AES 256 has 256-bit keys

• 2^256 = 1.157 x 1077 possibilities
• Using 1 trillion computers, and trying 1 key per
picosecond, it would take
• 1.157 x 1077 / 1 x 1012 * 1 x 10-12 = 1.157 x 1053 secs or
3.7 x 1045 years!

Footnote/Reference 52
 Attacking AES

If I had
the Key
AES

Footnote/Reference 53
Protecting The Key(s) - Key Management
• Key management is the hard part
• This is where you can get clever/creative
• But never modify known algorithms
• In order to get certifications (such as NIST or others) your device
has to provide responses to known-answer tests : so trust the
known algorithms
• Each key should have 1 purpose
• Vulnerability of keys increases:
• The more you use it
• The more places you store it
• The longer you have it
Footnote/Reference 54
 Protecting The Key(s)
Alice
Private Encrypted Key store Database

D
... Encrypt Private
K
Secret ...

D
Secret
Decrypt
Strong Password
K

Private keys are “wrapped” with a password

Footnote/Reference 55
 Man in the middle attack
Alice wants to receive secure
communication from Bob
Eve
Bob Public Bob Public Eve Public Eve Public

“Hi 7cI5oP
Decrypt

Encrypt
Bob Private Decrypt
Alice” x2B
Bob Alice
Encrypt

zKiErT “Hi
Eve Private
qVa Alice”
“Hi
Alice”

Alice believes she is securely

communicating with Bob!

Footnote/Reference 56
 Defeating Man in the middle attacks
Requires establishing some type of secure
communication channel
Bob Public
Alice wants to receive secure
communication from Bob

Eve ? Bob Public

Bob Private Decrypt

zKiErT
Bob qVa
Alice
Encrypt

zKiErT “Hi
qVa Alice”
“Hi Determine some kind of shared secret:
Alice” a) Phone call
b) Meeting in person
c) Diffie-Hellman when you know for sure
you’re communicating with the real person

Footnote/Reference 57
 Replay Attacks
Insecure
channel
Yes, then
Open Lock
Private Same?
MAC () Tag Tag

Open
Open MAC ()
Lock Tag
Lock

Private
Eve

Footnote/Reference 58
 Nonce
• A nonce is a “Number used Once”.
• In its simplest form can be a counter value
• But counter values might be guessed
• A better approach would be to use a pseudo-random
number sequence. For example the output of a linear
feedback shift register (LFSR). This might be guessed/
calculated as well.
• An even better approach would be to use an
“unpredictable” sequence.

Footnote/Reference 59
 Defeating Replay Attacks
Nonce+1
Nonce
No

Private Same?
MAC () Tag Tag

Open
Open MAC ()
Lock Tag
Lock

Private
Nonce
Nonce+1
Eve
After usage, each side
advances their nonce value

Footnote/Reference 60
 Hardware Techniques
• Every communication channel in and out of a cryptographic
module needs to have security concerns addressed.
Cryptographic module Cryptographic module
Secure Server/Sending Node End Node

MAC ()
Command Command Tag

Status Request
MAC ()

Tag

Code Update
Secret Same?
Secret
Yes / No

Footnote/Reference 61
 Hardware Techniques (con’t)
• Every communication channel in and out needs to have
security concerns addressed.
End Node

Ethernet

MAC ()
Command Tag

Tag

Ethernet Secret Same?

Cryptographic module Yes / No

Footnote/Reference 62
 Hardware Techniques (con’t)
• Every communication channel in and out needs to have
security concerns addressed.
End Node
Challenge Table

Ethernet Challenge Question 4

I want to communicate:ID Challenge Question 5

Challenge Question 6
Send challenge question
Response Table
Response:ID Challenge Response 4
Ethernet
Challenge Response 5

Equal? Challenge Response 6

Footnote/Reference 63
 Additional Hardware Techniques
• Implement a Memory Protection Unit (MPU)
• Run “application” code in user mode and the “kernel”
in supervisor mode
• Only supervisor mode has access to the MPU
• Prohibits “rogue” application code from accessing
memory of other processes
• Recently in the news Intel’s Spectre and Meltdown
exploits, see this link

Footnote/Reference 64
 Other Protection Methods

• Tamper evidence
• Sticker
• Epoxy resin (conformal coating), deterrent, but
difficult for returned unit failure analysis
• Proximity detection, enclosure breach

Footnote/Reference 65
 Software Techniques
• Every communication channel in and out needs to have security
concerns addressed.
• Bounds check everything
• What happens when an attacker enters 1 million characters into a
web login page - or a command packet arrives at your device that is
a million times larger than what you specified as the maximum size
in your hardware and software specifications?
• What about values on the stack?
• Apply security analysis to all levels of all protocols
• Conduct numerous design reviews with cross-functional team
members

Footnote/Reference 66
 Other Threat Vectors?

• Can you think of any unanticipated access channels an

attacker might use?
• Power
• RF
• Scan-chains
• JTAG port
• Temperature
•?

Footnote/Reference 67
 Side Channel Attacks

• Differential power analysis

• RF analysis
• Power glitching
• Puts hardware into an unknown and potentially
compromised state
• Radiation
• See: Cryptography Research (a division of Rambus) for
more information
Footnote/Reference 68
 Additional Info
• Cloud Security Alliance
• https://cloudsecurityalliance.org/download/security-as-a-
service-working-group-charter/
• Bloomberg’s ‘What is Code?’ article
• https://www.bloomberg.com/company/announcements/
bloomberg-businessweek-releases-code-issue-special-multi-
platform-package-demystifying-code/
• Wall Street Journal
• http://partners.wsj.com/bitdefender/history-of-hacking/
watch-evolution-cyber-crime/

Footnote/Reference 69
 Chain of Trust
Chip NAND
N Secondary NOR
Error Authentic? boot EEPROM
Root of loader Disk
Trust Tag Network
ROM or Y
eFuse
Run Application
code 1
ROM boot Tag
loader
N
Authentic?
Application
Error code 2 etc.
Y
CPU Tag

Run

Footnote/Reference 70
 Chain of Trust (con’t)

Source: https://en.wikipedia.org/wiki/Chain_of_trust

Source: https://www.embedded.com/design/prototyping-and-development/4007195/Employ-a-secure-flavor-of-Linux

Footnote/Reference 71
Examples of Poor Security Implementations

The following examples of compromised security come from

“Abusing the Internet of Things, Blackouts, Freakouts and Stakeouts”,
first addition, by Nitesh Dhanjani

Footnote/Reference 72
 Onity HT Door Lock

3 tracks
Onity uses track 3

Source: Cody Brocious http://demoseen.com/bhpaper.html

Footnote/Reference 73
Onity HT Door Lock - Data on a card key
16-bit ident value
Value assigned identifies which lock the card is associated with.
Employee master key = employeeID.
8-bit flags byte
Used for misc options.
16-bit expiration date
Defines length of time card is valid.
24-bit unknown field
Set to all 0’s.
24-bit keycode value + look-ahead value
Locks are programmed with these values, ex: 100 and 50, lock would
accept cards with values 100 to 150.
Every time a valid card is inserted, the lock resets its keycode value to the keycode
value from the card, thereby invalidating older cards.
Keycodes representing master keys are also programmed into the locks.

Footnote/Reference 74
Onity HT Door Lock - Open Process
The fields on the mag strip are encrypted with a sitecode, a random 32-bit value,
assigned by the manufacturer to identify a specific property. Encryption algorithm is
custom.
Process

Card swiped Data is decrypted ident and expiration keycode value is checked
using the sitecode date is checked and if in look-ahead range
the lock opens.
Lock saves keycode value
What data does the lock have?
sitecode
ident value (which lock am I?)
keycodes for master keys
date and time
most recent keycode value from last card swipe/lock open operation

Footnote/Reference 75
 Onity HT Door Lock - Portable Programmer

sitecode
$50 Arduino
dump memory master keycode

open cmd
Portable
make master keys
Programmer
Programming port

Footnote/Reference 76
 Consequences

• Many burglaries were reported

• Tarnished the reputation of:
• Onity
• Hotels

Footnote/Reference 77
 Onity’s Response
• Issued a response that they would:
• Place a mechanical cap over programming port, torx screw
• Update the firmware
• Issues:
• Torx wrenches are easy to obtain
• Design of the PCB needed to be updated to enable secure firmware
update
• Onity apparently quietly worked with hotel chains to replace the PCB’s
• Millions of PCBs replaced, at what cost?

Footnote/Reference 78
 Z-Wave Door Lock

Z-Wave controller

Source: Behrang Fouladi, Sahand Ghanoun

Footnote/Reference 79
 Z-Wave Door Lock
Researcher’s controller

Z-Wave controller

1. Device is unpaired, initial key exchange is performed

2. Common key determined, stored in EEPROM, device now paired
3. Frame encryption key generated, used to encrypt payloads in subsequent communications
4. Data origin authentication key generated used to generate a MAC value to address replay attacks

The flaw:
The researchers could transmit a new key-exchange packet.
The lock firmware failed to check if there was already an existing common key in EEPROM,
and so went through the key exchange sequence again, enabling an attacker to pair and unlock the lock.

Source: Behrang Fouladi, Sahand Ghanoun

Footnote/Reference 80
 Bluetooth BLE Vulnerabilities

Bluetooth BLE Bluetooth BLE

Slave Master

Source: Mike Ryan whitepaper: “Bluetooth: With Low Energy Comes Low Security”
https://lacklustre.net/bluetooth/Ryan_Bluetooth_Low_Energy_USENIX_WOOT.pdf

Footnote/Reference 81
Bluetooth Vulnerabilities
Bluetooth BLE Bluetooth BLE
Slave Master

Master and slave can use encryption to secure data exchange.

Must establish a shared secret known as the Long-Term-Key (LTK).

The exchange process starts by selecting a temporary key (TK).

According to the BLE specification, TK=0 if “Just Works” mode is selected.
Just Works mode is used for devices with no display/input capability. Otherwise
a TK value from 0 to 999999 is used.
Once the TK is established, the devices establish a Short-Term-Key (STK), and eventually
establish a LTK.

Footnote/Reference 82
Bluetooth Vulnerabilities
Ryan created a tool called Crackle.
Ryan captured the BLE data exchange and input the data to crackle.
Crackle attempts to brute-force the TK by choosing values from 0 to 999999.
Once the TK is found, the STK can be found by decrypting it with the TK. Then
the LTK can be found by decrypting it with the STK.

The flaw:
The range of TK’s is relatively small. In this case it was practical to try every key.

Devices don’t have to use the “Just Works” BLE specification and can rely on schemes where the
keys are 128-bits.

Footnote/Reference 83
Incidents In The News

Footnote/Reference 84
 Incident Response
• If your company’s products or services are hacked/compromised, what
do you say:
• To your Employees?
• To your Customers?
• To the Public?
• Important to prepare a response(s) in advance
• NIST: https://www.nist.gov/el/intelligent-systems-division-73500/
incident-response-scenarios
• Microsoft: https://www.microsoft.com/en-us/cybersecurity/
default.aspx

Footnote/Reference 85
Web Browsers

86
 TLS / SSL
• Transport Layer Security
• Secure Socket Layer (predecessor to TLS)
• When a connection is secured by TLS, in our case a web browser
and a server, the connection will have one or more of the
following properties:
• The connection is private (secure) via symmetric encryption
• The identity of the communicating parties can be authenticated
using public-key encryption, they are who they say they are
• The connection has integrity because each message exchanged
is protected by a MAC to detect alteration

Footnote/Reference 87
 Web Browser Examples

Encrypted and authenticated

(standard certificate)

Encrypted and authenticated

(extended validation (EV) certificate)

Encrypted, not authenticated

Not encrypted

Footnote/Reference 88
 What is a Digital Signature and Certificate
Company that owns
the web server
creates a certificate
and sends to a CA to Certificate Authority (CA) CA Private
be “signed”

Cryptographic
digest Encrypt signature
Hash
Public
insert signature

signature
Back to Requesting company

Public
Make key publicly available CA Public

Source: http://searchsecurity.techtarget.com/definition/digital-signature

Footnote/Reference 89
 Steps Web Server
Many options exists for the
• 1 Client makes an SSL client and the server to establish
connection request Client
what signing and encryption
• 2 Server responds with an algorithms are used.
SSL certificate 1
• 3 Client validates 2 signature

(Authenticates) the
certificate (next slide)
3 Public Private
• 4 Client generates a Generate a
symmetric session key, sends session key
to server 4
Encrypt Decrypt
• 5 SSL session is established 5
using the session key, used session key
for subsequent Public

communication
Footnote/Reference 90
 Step 3 - Authenticate Certificate
From the CA
Client

CA Public

From the
digest Decrypt signature signature
server
Same?
Public
Cryptographic
digest
Hash
Public

If the same, the browser now “trusts” the server

Footnote/Reference 91
Certificate Examples

Footnote/Reference 92
 TLS/SSL Summary
• Certificates are issued by trusted organizations such as VeriSign or
RSA Security, known as Certificate Authorities
• Example:
• Your bank requests a certificate from VeriSign, includes the
bank’s public key
• VeriSign confirms identity of the bank/server, creates a
certificate and signs it. Gives it back to the bank for the bank’s
server to hand out
• Browser receives certificate and checks the certificate’s
authenticity
• Trust is established
Footnote/Reference 93
Blockchains

Footnote/Reference 94
 Blockchains
• In 2009 a hacker (or group of hackers) known as Satoshi
Nakamoto unveiled the world’s first digital currency
• The technology works on the principle that at its
foundation, money is just an accounting tool
• It defines a method for:
• Abstracting value
• Assigning ownership
• Providing a means for transacting
Source: IEEE Spectrum, October 2017

Footnote/Reference 95
 Blockchains (con’t)
• Cash has been the historical means
• Processing the physical tokens (coins, bills) equals
ownership
• It’s up to individuals to negotiate transactions among
themselves
• As long as cash is sufficiently difficult to replicate, there is
no need for a complete accounting of who owns what
portion of the money supply, or for the details of who the
various holders were of a single $10 bill going all the way
back to when it was printed
Footnote/Reference 96
 Blockchains (con’t)
• If you could piece together a running tabulation of who
held every bill, then the physical representation would
become unnecessary
• Banks and payment processors have partially sublimated
physical currency into digital records within their closed
systems
• Bitcoin completed the transformation by creating a single,
universally accessible digital ledger, called a blockchain
• It’s called a chain because changes can be made only by
adding new information to the end
Footnote/Reference 97
 Blockchains (con’t)
• Each new addition (a block) contains a new set of
transactions. These new transactions reference previous
transactions in the chain
time

Previous Block Previous Block New Block

Ted pays Priyanka a bitcoin Priyanka pays Vishvesh a bitcoin Vishvesh pays Helmut a bitcoin

Footnote/Reference 98
 Blockchains (con’t)
• Bitcoin’s block chain (i.e. ledger) is replicated on networked
computers around the globe
• Accessible to anyone with a computer and an internet
connection
• A class of participants on this network, called miners, are
responsible for:
• Detecting transactions
• Validating the transactions
• Adding them to the blockchain as new blocks

Footnote/Reference 99
 Blockchains (con’t)
• Validation entails:
• Verifying that a person actually owns the bitcoins in a
transaction
• Verifying those bitcoins have not been spent elsewhere
• Ownership on the bitcoin blockchain is determined by a pair
of public/private keys
• The public key resides in the blockchain for anyone to see
• The owner keeps the private key private

Footnote/Reference 100
 Blockchains (con’t)
• For Helmut’s transaction:
• The transaction is combined with the private key
• Calculations are performed producing a long number
• Anyone who has the original transaction and knows the
public key can then do some calculations of their own
to prove that the long number was in fact created with
the private key

Footnote/Reference 101
 Blockchains (con’t)
• The main role of miners is to insure the irreversibility of
new transactions, making them final and tamperproof
• “The method they use for doing so is thought to be the most
significant contribution Satoshi Nakamoto (whoever he, she or
they are) made to the field of computer science.”

Footnote/Reference 102
Blockchains (con’t)

Footnote/Reference 103
 Blockchains (con’t)
• Other uses for blockchains
• Ethereum
• Unlike bitcoin, Ethereum uses miniprograms (called smart
contracts) that can be written with unlimited complexity
• Users can then interact with the miniprograms by sending
them transactions loaded with instructions, which miners then
process
• What this means is that anyone can embed a software
program into a transaction and know that it will remain there,
unaltered and accessible for the life span of the blockchain

Footnote/Reference 104
 Blockchains (con’t)
• In theory, Ethereum could replace
• Facebook, Twitter, Uber, Spotify or any other digital
service, with new versions that would be invulnerable
to censors and with high integrity
• Another use: Initial Coin Offering (ICO) - think application
specific coins, like tokens for a laundromat

Footnote/Reference 105
 Blockchains (con’t)
• Downsides:
• Computing power consumption
• Privacy laws
• Each country has specific privacy laws: financial
institutions, medical records

Footnote/Reference 106
Blockchains (con’t)

Footnote/Reference 107
US Security Specifications
• NIST (National Institute of Standards and Technology), see: https://
www.nist.gov
• FIPS (Federal Information Processing Standards) and SP800s (Special
Publications), see Computer Security Resource Center: https://
csrc.nist.gov
• A recent addition is SP800-193, Platform Firmware Resiliency
Guidelines, protect against:
• Unauthorized changes
• Detecting unauthorized changes
• Recovery from attacks
• Microsoft has an initiative as well: https://www.microsoft.com/en-
us/research/publication/cyber-resilient-platforms-overview/
Footnote/Reference 108
Summary
• Develop a Security Mindset, apply “orthogonal” thinking
• Be clear about what are you trying to protect
• Information/Communication
• Use encryption
• Authenticity / Authentication
• Use MACs
• Integrity
• Use Hashes
• Use the current algorithms that are thought to be “secure” at the time
• Address security at all levels and all interfaces in a system
• Always authenticate software/firmware updates - build this into your systems from day one
• Key management is the hard part, but also where you can be creative
• Security is only ever “good enough”
• Security is a never-ending game of cat and mouse
• For more in-depth learning take Eric Wustrow’s course “Introduction to Computer Security”

Footnote/Reference 109
 End

Footnote/Reference 110