Internet of Things Security
21
Internet of Things IoT Security Tutun Juh Telecommunication Engineering Depart School of Electrical Engineering & Informa Institut Teknologi Ban | Conference , 22 June 2015 ter Science Dept., Faculty of Mathematics and Natural Sciences tut Pertanian Bogor
-
Upload
tutun-juhana -
Category
Technology
-
view
113 -
download
2
Transcript of Internet of Things Security
Internet of Things
IoT
Security
Tutun JuhanaTelecommunication Engineering Department
School of Electrical Engineering & InformaticsInstitut Teknologi Bandung|
Mini Conference , 22 June 2015Computer Science Dept., Faculty of Mathematics and Natural SciencesInstitut Pertanian Bogor
IoT is (will be)…….
2/22
IoT offers comforts
3/22
www.refitsmarthomes.org
Smart Homes
4/22
Health and Activity Monitoring
www.ece.uah.edu
5/22
VANET
Vehicle Ad-Hoc Network
6/22
IoT can also be nightmares
7/22
Pacemaker Attack
8/22
IP camera peeping
https://sites.google.com/site/web1camera/
Google Hacks
9/22
10/22
http://zeecure.com/free-cctv-and-security-tools/complete-list-of-every-ip-camera-default-username-password-and-ip-address/
11/22
Smart refrigerator
• Your fridge is full of spam• www.proofpoint.com
12/22
How vulnerable are we?
13/22
Research findings by HP
Internet of Things Research Study - 2014 report
Privacy concerns
Insufficient authentication and authorization
Lack of transport encryption
Insecure software and firmware
14/22
15/22
Recommended Security Controls
Analyze privacy impacts to stakeholders and adopt a Privacy-by-Design approach to IoT development and deployment
Apply a Secure Systems Engineering approach to architecting and deploying a new IoT System
Implement layered security protections to defend IoT assets
Implement data protection best-practices to protect sensitive information
Define lifecycle controls for IoT devices
Define and implement an authentication/authorization framework for the organization’s IoT Deployments
Define and implement a logging/audit framework for the organization’s IoT ecosystem
Further reading: Security Guidance for Early Adopters of the Internet of Things (IoT), CSA, April 2015
16/22
Cyber Security Pillars for Internet of Things Products
Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond, Prepared by: Ollie Whitehouse 17/22
“Conventional Security” Tech doesn’t applied to IoT• The longevity of the device
• Updates are harder (or impossible)
• The size of the device• Capabilities are limited – especially around crypto
• The fact there is a device• Usually no UI for entering userids and passwords
• The data• Often highly personal
• The mindset• Appliance manufacturers don’t think like security experts
• Embedded systems are often developed by grabbing existing chips, designs, etc
Securing the Internet of Things, Paul Fremantle, Paul Madsen 18/22
Device Classes – IETF RFC 7228 • Class 2: • Data size (memory): 50 KB• Code size (flash, disk): 250 KB • Can interact with Internet nodes. Example protocol: HTTP-over-SSL/TLS
• Class 1: • Data size (memory):10 KB • Code size (flash, disk): 100 KB • May interact with Internet nodes. Example protocol: CoAP-over-DTLS
• Class 0: • Data size (memory): <<10 KB• Code size (flash, disk): <<100 KB • Depend on intermediaries (e.g. class 1 or 2 components) to interact with
Internet nodes 19/22
Crypto
Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
20/22
Thank You
