Iot secure connected devices indicthreads

Post on 06-Apr-2017

348 views 3 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Iot secure connected devices indicthreads

Building Secure Connected

DevicesKedar Sovani

Who am I?

• IoT @ Marvell for 7 years

• 1st Apple HomeKit SDK, 1st Google Weave on μC

• Powering millions of Wi-Fi IoT devices in the field

Anywhere and Everywhere

Google for the term IoT Security

Result Type I: Doomsday Hacking Scenarios

Yes, security is a concern

• Increased surface area for attacks• Connects to the physical world around us• Newer and tinier hardware• Newer developers

Courtesy: Darkreading.com

Result Type II: Buy Our Product

But How Do I Build for Security?

Secure By Design

Device Interactions #1

Remote Access

Standards!

• No home-grown security schemes• Rely on established security standards #2

TLS

• Transport Layer Security• Certificate-based Server Authentication • Secure Key Exchange• Encrypted Channel• Certificate-based Device Authentication• Secures Bank Transactions

Technology Advancements

• Hardware Capability• Memory• CPU

• Strong Software• Many Open Source implementations

Courtesy: Ars Technica

An interesting search engine

Malformed Content?

• What about: malware/viruses?• Communicate with known server

• controller by known entities• Write protection

Local Access

Local Network

• Acts as a client for outside world• router firewall

• Encrypted traffic at the MAC layer• Requires Password/Certificate for access (explicit

delegation)

Switch Network?

• Remember AP Security• Force physical access to reset-to-factory

New Device

Setup?

Authenticate the other endpoint! #3

Authenticate the other endpoint!

Compromised User

• Guest access to the network?• Malware on user’s phone?• Additional Cryptographic layers on top of the MAC

layer• User Management

Tradeoff

Physical Access

Physical modification

• Change the server address/keys?• Change the firmware?• Trusted Boot

• Signed Firmware• Encryption

Device Phishing

• Completely change the device?• Device Authentication – PKI

Zarro Boogs Found!

• Firmware upgradeability• Connectivity Bonus: evolving appliances

• Fix security vulnerabilities• Possible attack vector

Scrutinize #4

@kedarsovani

Thank You!

Top related

Davra IoT Solution Smart Connected School Bus
 Technology
INTERNET OF THINGS AND CONNECTED DEVICES › wp-content › uploads › 2016 › 11 › ...INTERNET OF THINGS AND CONNECTED DEVICES Security IoT Testing IoT Agile IoT Comtrade Digital
 Documents
Top 10 innovative IoT connected devices
 Technology
IOT/Mobile/Cloud - Next Connected World
 Mobile
Connected Retail: Running the Store with IoT
 Business
Connected smart bench #IoT #internet
 Internet
Mobile IoT: 3GPP standard per reti LPWA e IoT security · Mobile IoT: 3GPP standard per reti LPWA e IoT security. ... Connected Consumer Electronics 4 Million Connected Car ... Module
 Documents
EKKO: Paper based web connected objects & IoT
 Technology
IoT and Connected World in Traditional Business
 Business
J2EE, SOA and Web2 - IndicThreads › ... › SOA_web2_j2ee-Indicthreads... · 12/1/2006  · J2EE, SOA & Web2.0 Speaking at IndicThreads conference on Java Technologies Pune, December
 Documents
GSA conference - IOT and the Connected Life
 Documents
IoT Meetup Stockholm - Designing Connected Products
 Design
Introduction to Startupbootcamp IoT | Connected Devices
 Technology
IoT and Future of Connected world
 Internet
IoT-O, a Core-Domain IoT Ontology to Represent Connected Devices Networks · 2020-05-28 · IoT-O, a core-domain IoT ontology to represent connected devices networks Nicolas Seydoux
 Documents
IoT testing and quality assurance indicthreads
 Software
Davra IOT Platform - Connected Healthcare
 Technology
Building Connected IoT Gadgets with Particle.io & Azure
 Technology
IoT, M2M, architecture, protocols, Connected objects,
 Documents
IOT - Connected world and related security issues
 Technology

Copyright © 2022 FDOCUMENTS