AWS IOT + Resin.io. How to prevent illegal key generation


#1

Hello,

I have downloaded the AWS IOT Lambda Handler for resin.io.

https://github.com/resin-io-projects/resin-aws-lambda

So when a new device goes online, it generates the necessary keys with AWS IOT and activates them.
My concern is: What if someone replicates the image of the iot devices. This would mean that a potential attacker gets new keys every time through the automation process.
How should one prevent this?

Thank you!


#2

Hi,

This project is just one example of how an AWS IOT integration could work. What it does is it allows devices to automatically get credentials generated for AWS IOT via a lambda handler. This lambda handler will verify that the device belongs to your resin account, generate new credentials and stores them in the resin API for the device. The device is then able to read them as environment variables.

If your image is stolen (because the sd card is stolen for example) a potential attacker could generate multiple keys for this device.

The lambda handler only talks to the resin API and to AWS API. So you could also develop a different AWS provisioner, that creates credentials for AWS for a device and stores them in the resin API as env. variables for the specific device.

Cheers
Andreas


#3

I run code similar to that Lambda function on a local server in the same VLAN that the devices will be connected to during provisioning in the factory. So an attacker would need to both have the image and be connected to that network.

This may or may not work for your use case, but I also generate a mostly-useless “default” policy for each device at provisioning time. That policy only allows the device to send/receive messages to setup/${device_id} to announce its presence and respond to basic queries (like its type). Once a customer receives the device and adds it to their account, additional policies are generated to allow the device to do useful things.