Abstract
The Internet of Things (IoT) allows the collection and communication of data from physical things as well as sending and receiving commands for interaction and actuation. Thus, it is one of the key enablers for digitalization and indispensable to seizing promised potentials like increasing the efficiency of processes. As a result, the IoT grows continuously, expands in dedicated strains like the Industrial IoT (IIoT) for industry or the Consumer IoT for everyday applications, and comes in touch with more and more sensitive data and commands, making it a sweet spot for attackers. Therefore, a secure and safe operation is essential to protect, e.g., workers laboring in the operating space of machines and the environment, which were shown to suffer from the misoperation of critical IIoT deployments. As a foundation for such a secure and safe operation IIoT protocols nowadays include security features. However, it is unclear whether these developments of protocol specifications lead to a secure IIoT in practice or whether and why insecure deployments remain in operation. In this dissertation, we address the open research gap of the current uncertainty on IIoT security and encourage secure-by-default deployments. To this end, we first set out to assess the security of today’s IIoT. Second, we analyze the pitfalls that hinder operators from operating securely despite the existence of secure protocols. Last, we propose novel approaches to help operators secure their future deployments. Our first three contributions show from various angles that the majority of Internet-exposed IIoT deployments are insecurely configured, independently of their potential deployment date and the protocol used being either secure-by-design or retrofitted. For example, 92 % of 1,114 Internet-exposed OPC UA deployments suffer from deficient security configurations. Similarly, only a minority of 6.5 % of 967,551 deployments protect their communication via Transport Layer Security (TLS). Even if deployments implement secure communication, they are often only seemingly secure: Most prominently, various deployments reuse compromised secrets, neglecting any security benefits. In our fourth contribution, we trace this problem back to modern technologies like containerization that ease deployment processes but also disguise security issues. Specifically, we analyze 337,171 public container images and show that 8.5 % of them include secrets. Even more alarming, 275,269 TLS and SSH hosts on the Internet rely their authentication on these secrets. To overcome such issues, in our last two contributions, we (i) propose ColPSA that—without requiring security expertise—gives deployment-agnostic security advice to users after crowdsourcing configuration possibilities and (ii) present LUA-IoT, our user-friendly authentication scheme for the whole IoT, that reduces the configuration barrier for secure communication and enables automatic certificate enrollment to IoT deployments. Our contributions underpin the vast amount of issues in IIoT security despite the existence of strong security features in today’s protocol specifications and sketch countermeasures to tackle the identified pitfalls that operators tap into when configuring their deployments. Overall, this dissertation encourages shifting from secure-by-design to secure-by-default protocols and establishes two approaches as a foundation to support operators in configuring today’s protocols.
