Smart City Lecture 3 - An Open And/Or Secure Smart City

© Waher Data AB, 2018.
Smart City Lecture 3
An Open and/or Secure Smart City?

1. Recapture

Smart City / Society
 Automation
 Open Data
 Transport
 Traffic (C-ITS)
 Parking
 Utilities
 Health Care
 Law enforcement
 Schools
 Libraries
 Waste management
 Citizens?
 …
Smart for whom?

Vision of a Smart City
 Ubiquitous access to interoperable
sensors and things.
 Ubiquitous access to data and
information from society’s authorities.
 Access to smart services in all niches of
society.
 Definition of ownership of information.
 Protection of Privacy, by design and by
default.
 Market for access to things and data.

2. IoT

Ex-Director of National Intelligence
James R. Clapper
http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
”America's greatest
threat is the
Internet of Things”
Feb 9, 2016

Problem domain
IoT systems particularly vulnerable:
 Long-term operation
 Technologies become obsolete
 Lack of updates
 Invisible operation
 No visible clues something is wrong
 No human operator (for normal use case)
 Lack of supervision
 Larger scale
 More units and attack surfaces

Vulnerabilities
 National Security
 Exploiting
 Surveillance
 Logistics
 Utilities
 Health Care
 Traffic (C-ITS)
 Residential systems
 Law enforcement
 Waste management
 Schools
 Parking
 Libraries
 Monitoring citizens
 …

What is Government Doing?
Mayor of Stockholm (2017) wants to “turn
Stockholm into the world's smartest city”
Also:
 “I don't have the answers”
 “powered rubbish bins”
 “making small steps forward”
 “being a connected city”
 “how little interest there has been locally”
 “Security is one of the biggest questions … when we're
talking about key and lock systems”
No strategy at all. Can you compete in
world’s most vulnerable city?
https://www.thelocal.se/20170731/meet-karin-wanngard-the-mayor-who-wants-to-turn-stockholm-into-the-worlds-smartest-city

What must Governments do?
Governments must make sure to provide
a strong foundation on which smart
services can be built.
 Broadband access were
infrastructure projects.
 Giving access to broadband for
everyone was a strategy.
 Likewise, Smart City Infrastructure
must be defined, required in RFPs, and
provided to everyone.

Options?
Sealed secure systems?
or
Open, Interoperable, but vulnerable
systems?
or is it possible to have:
Open, Interoperable & secure systems?

3. Openness

Open Society
How are open societies defined?
 Personal decisions
 Exchange of ideas
 Pluralism
 Responsibility under the law
 Government transparency
 Privacy

Digital Open Society
How do we digitally model:
 Personal decisions?
 Exchange of ideas?
 Pluralism?
 Responsibility under the law?
 Government transparency?
 Privacy?

Personal decisions
To allow maximum freedom of choice:
 Loosely coupled
Architectures
Communication Patterns
Data representation
 Federation
✓✓✓✓ XMPP, IoT Harmonization
✓✓✓ CoAP(S)
✓✓ HTTP(S), LWM2M
✓ MQTT, Blockchain

Exchange of Ideas
Translate into Interoperability:
 Transport (Communication)
 Representation
 Operation
✓✓✓ LWM2M, IoT Harmonization
✓✓ CoAP(S), HTTP(S)
✓ XMPP, MQTT
✗ Blockchain

Pluralism
Same infrastructure can support:
 Different types of devices
 Different types of solutions
 Different manufacturers
 Different service providers
 Different operators
✓✓✓✓✓ HTTP(S), CoAP(S), XMPP, IoT Harmonization
✓✓ LWM2M, MQTT
✓ Blockchain

Responsibility under the law
Requires:
 Strong identities
Verifiable
Legal
 Smart Contacts
 Digital Signatures
✓✓✓✓ Blockchain, IoT Harmonization
✓ HTTP(S), LWM2M, XMPP
✗ CoAP(S), MQTT

Government Transparency
5-star Open Data:
 Availability
 Structured
 Open format
 URIs
 Links
⋆⋆⋆⋆ CoAP(S), HTTP(S), IoT Harmonization
⋆⋆⋆ LWM2M
⋆⋆ Blockchain, MQTT, XMPP

Privacy
Basic requirements (see lectures 1 & 2):
 Processing on the Edge
 Data ownership
 Actively protects privacy
 Does not contradict GDPR requirements
✓✓✓✓ IoT Harmonization
✓✓ XMPP
✓ HTTP(S), CoAP(S), MQTT, LWM2M
✗ Blockchain

Openness Summary
Block
chain
CoAP HTTP IoT.H. LW
M2M
MQTT XMPP
Personal ✓ ✓✓✓ ✓✓ ✓✓✓✓ ✓✓ ✓ ✓✓✓✓
Interop. ✗ ✓✓ ✓✓ ✓✓✓ ✓✓✓ ✓ ✓
Plurality ✓ ✓✓✓✓✓ ✓✓✓✓✓ ✓✓✓✓✓ ✓✓ ✓✓ ✓✓✓✓✓
Law ✓✓✓✓ ✗ ✓ ✓✓✓✓ ✓ ✗ ✓
Transparency ⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆ ⋆⋆ ⋆⋆
Privacy ✗ ✓ ✓ ✓✓✓✓ ✓ ✓ ✓✓
8 15 15 24 12 7 15

4. Security

Identities
Identities affect your security:
 Anonymity
 Strong identities
Pseudonyms

Anonymity
 Protects
Whistle blower
Dissident
(Criminal)
(Terrorist)
 Security decisions difficult
 Facilitates leaking personal data
How do you protect sensitive information, if you don’t know
who’s on the other end?

Strong Identities
 Protects information owners
 Allows selective responses
 Can be used to track
individuals
Logging for security purposes is legitimate. How can you
make sure logging is only used for security purposes?
(One answer: Use of standardized, open software that are
agnostic to the purposes of processing, such as brokers and
End-to-End encryption of payloads.)

Decentralization
Decentralization has security implications:
 More attack surfaces.
 But value of each node is small.
 Value/Effort ratio small.
 Easier to protect.
 Massive data breaches difficult.
 You don’t put all your eggs into the same basket.
 More resilient.
 End-to-end encryption.

4.1 Security
HTTP / HTTPS

HTTP(S)
 Standardized by IETF
 Popular
 Well known
 Request/Response communication pattern
 Web-socket
 Bidirectional
 Asynchronous
 TLS transport encryption
 Problems:
 Topology
 Middleware
 Distributed/Global Identities
 Difficult to make secure

Topology Problem
 Actors
 Client
 Server
 Server must be reachable by the client
 Thing a server
 Natural, from a conceptual perspective.
 Sacrifices security: “hole punching”
 Thing a client
 Unnatural
 Sacrifices privacy
 Creates potential bottlenecks
 Server or Middleware processing

Middleware
 How can a client communicate with a client?
 “Middle”-ware: Software in the middle of clients.
 Acts as servers to both clients.
 Proprietary solutions
 Multitudes
 Hybrid solutions
 LWM2M (just data collection)
 MQTT (proprietary HTTP bindings)
 Standardized solutions
 XMPP (BOSH or Web-socket bindings)

Scalability Problem
 C10K problem
 Difficulty in creating scalable middleware.
 Vulnerability increases by scale
 Alternative: Federated middleware
 XMPP (standardized option)

Identity Problem
 Authentication
 Server typically manages accounts
 Distributed identities difficult
 Reversed original architecture
 Difficult to make security decisions in a
distributed environment.
Server
Client
Client
Client
Client Client
Server
Server
Server
Server

4.2 Security
MQTT

MQTT
 Standardized by OASIS
 Popular
 Most used protocol for IoT
 Publish/Subscribe communication pattern
 Efficiently distributes data to multiple
subscribers
 The broker solves the topology problem.
 TLS Transport Encryption
 Problems:
 Multiple serious design-vulnerabilities
 Scalability
 Identities

Publish/Subscribe

Vulnerabilities by design 1(2)
 No forwarded identities
 Authorization becomes impossible by things
 Makes injection a great threat
 Control signals
 False data
 Bandwidth depletion
 Lack of privacy
 No negotiation of who can subscribe
 Access control out-of-band (proprietary)
 Wildcards
 Makes it easy to eavesdrop
 Scalability
 Topic tree and number of devices have limits
 No natural way to federate
 How do you interoperate across domains?

Vulnerabilities by design 2(2)
 Passwords in clear text*
 Out-of-band (proprietary) authentication with
client certificates required
 Lack of content meta-data*
 Impedes interoperability
 Indeterministic
 Cannot foresee the consequences of an operation
 Relies on careful operation of broker
 Overview of topic tree difficult
 Who operates the broker across domains?
(*) Partially solved if explicitly used in MQTT v5.

Warnings
 Governments warn against bad
MQTT implementations.
 MQTT is notoriously difficult to use
securely.
 Use it only in internal secured networks.
https://cert.se/2016/09/mqtt-i-sverige

4.3 Security
CoAP / CoAPS

CoAP(S)
 “Binary HTTP”
 Resource-constrained networks
 Resource-constrained devices
 UDP
 Solves C10K problem
 Communication Patterns
 Request Response
 Event Subscription
 Multi-casting
 DTLS transport encryption
 Not for multi-casting

Limitations
 Still has topology problem
 Assumes middleware for Internet use
 LWM2M is standardized middleware
 Some interoperability
 IPSO Smart Objects
 Only for data collection
 Difficult to interoperate between things
 Distributed identities still difficult.

4.4 Security
LWM2M

LWM2M
 Standardized by OMA
 IPSO Smart Objects
 Adds security to CoAP
Manages keys and authentication
Bootstrapping
Device Management
Access Control Lists

4.5 Security
XMPP

XMPP
 Federated
 Globally scalable
 Extensible
 XML namespaces
 Open
 Robust
 Secure
 Interoperable
 Binding
 Socket, HTTP, WebSocket

Communication
 Brokers
 Accounts
 Rosters
 Routing
 Federation
 Topology insensitive
 Server-less
 Peer-to-peer
 Authentication
 SASL
 Encryption
 TLS
 E2E

Federated Brokers
 Authenticate clients
 SASL
 Cooperate (federation)
 Forward identities
 Authorization
 Roster
 Presence
 Subscription
 Solve
 Topology problem.
 Latency problem.
 Scalability problem.

Security
Standard layers of security:
 Global Identities (always forwarded)
 Authentication (SASL)
 Encryption (TLS)
 Authorization (presence subscription)
 Blocking
 Spam reporting
 Provisioning

Communication Patterns
Intrinsic patterns:
 Asynchronous messages (message)
 Request/Response (iq)
 Publish/Subscribe (presence)
Extended
 Publish/Subscribe
(extended by XEP-0060, 0163)
 Multicasting
(extended by XEP-0045)

XMPP & Privacy
Data protection by design & by default:
 Decentralization
 Ubiquitous encryption
 Even end-to-end encryption
 Global identities
 Authenticated
 Forwarded
 Authorization
 Consent-based negotiation

Communication Patterns (Flexibility)
CoAP HTTP IoT.H. LW
M2M
MQTT XMPP
Async. Msg. ✓ ✓ ✓ ✓
Req/Resp. ✓ ✓ ✓ ✓ ✓
Pub/Sub. ✓✓✓ ✓ ✓✓✓
Federation ✓ ✓ ✓ ✓
Broker ✓ ✓ ✓
Severless ✓ ✓ ✓
P2P7 ✓ ✓
4 2 9 2 2 9

4.6 Security
Blockchain

Blockchain
 Cryptographic Algorithms fixed
 Has an implicit built-in expiration time
 Lends itself to future frauds
 Vulnerable in Heterogenous networks
Requires constant hardware updates
 Severe privacy issues
 Energy inefficient

Blockchain & Privacy
 Blocks cannot
 be deleted
on request
after a given time
… or ever
 be corrected
 Access is given to all or nothing
 Public access has to be assumed
 Hashes of personal information is still
personal
Blockchain is not suitable for personal information at all.

5. Summary

Security Summary
Block
chain
CoAP HTTP IoT.H. LW
M2M
MQTT XMPP
Identities ✓ ✓ ✓ ✓ ✓
Authentication ✓ ✓ ✓ ✓ ✓
Authorization ✓ ✓ ✓
Encryption ✓ ✓ ✓ ✓ ✓ ✓
E2E ✓ ✓
Consent ✓ ✓
Decentralized ✓ ✓ ✓ ✓
By design ✓ ✓ ✓
Flexibility 4 2 9 2 2 9
Openness 8 15 15 24 12 7 15
11 21 20 41 19 10 32

6. Openness + Security
For Things

Strong Foundation
Things are “stupid” and need help with:
 Decision Support
 Ownership
 Owner consent
 Lifecycle
 Transfer of ownership
 Decommissioning
 Discovery
 Interoperability
 Data
 Operations

IoT Harmonization (IEEE 1451-99)
 Sensor Data
 Control Operations
 Localization (M2M, M2H)
 Tokens for distributed transactions
 Decision Support (for devices)
 Provisioning (for owners)
 Peer-to-Peer communication
 End-to-end encryption
 Concentrator/Bridge (“Thing of things”)
 Discovery
 Ownership
 Clock Synchronization
 Secure Account Creation
 Legal Identities
 Contracts
 Automated provisioning
 Economic feedback
https://gitlab.com/IEEE-SA/XMPPI/IoT

Backbone
 Efficiency
 Global scalability
 Bridges technologies
vs

7. Events

Smart City Lectures*
1. How to build a Smart City (Oct 4th)
2. Privacy in the Smart City (Oct 18th)
3. An Open and/or Secure Smart City (Oct 25th)
4. Harmonizing the Internet of Things (Nov 8th)
5. Introduction to Encryption (Nov 15th)
6. Earning by Sharing in the Smart City (Nov 22th)
7. …
8. …
(*) Funded by Swedish Internet Fund.

Smart City Labs*
1. Sensors and actuators (Oct 10th)
2. Connect and chat with your device (Oct 17th)
3. Publishing data from your sensor (Oct 24th)
4. Publishing and discovering devices (Nov 7th)
5. Controlling actuators (Nov 14th)
6. Decision Support for your devices (Nov 21th)
7. …
8. …
(*) Funded by Swedish Internet Fund.

 Raspberry Pi & Arduino
 Sensors, Actuators, Controllers,
Concentrators, Bridges
 Protocols:
MQTT, HTTP, CoAP, LWM2M, XMPP
 Social Interaction
 Decision Support
 Product Lifecycle
 IoT Service Platforms
 IoT Harmonization
 Security
 Privacy
Amazon
Packt
Microsoft Store
Contact: https://waher.se/, https://littlesister.se/
Mastering Internet of Things

8. Open Discussion
Ownership?
Privacy?
Security?
Surveillance?
Interoperability?
Cool stuff?
Qué?
Where’s the Money?
Who pays?
What could go wrong?
Little Sister?
Harmonization?

Smart City Lecture 3 - An Open And/Or Secure Smart City

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Smart City Lecture 3 - An Open And/Or Secure Smart City

Similar to Smart City Lecture 3 - An Open And/Or Secure Smart City (20)

More from Peter Waher

More from Peter Waher (20)

Recently uploaded

Recently uploaded (20)

Smart City Lecture 3 - An Open And/Or Secure Smart City