Security challenges for IoT
-
Upload
wso2 -
Category
Technology
-
view
362 -
download
4
description
Transcript of Security challenges for IoT
![Page 1: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/1.jpg)
Your Thing is pwnd Security Challenges for the Internet
of Things
Paul Fremantle CTO and Co-‐Founder, WSO2 @pzfreo #wso2 #wso2con
![Page 2: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/2.jpg)
Firstly, does it even maAer?
![Page 3: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/3.jpg)
![Page 4: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/4.jpg)
“Google Hacking”
![Page 5: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/5.jpg)
![Page 6: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/6.jpg)
My three rules for IoT security
• 1. Don’t be dumb
• 2. Think about what’s different
• 3. Do be smart
![Page 7: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/7.jpg)
My three rules for IoT security
• 1. Don’t be dumb – The basics of Internet security haven’t gone away
• 2. Think about what’s different – What are the unique challenges of your device?
• 3. Do be smart – Use the best pracQce from the Internet
![Page 8: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/8.jpg)
![Page 9: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/9.jpg)
http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
![Page 10: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/10.jpg)
![Page 11: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/11.jpg)
http://freo.me/1pbUmof http://freo.me/1pbUmof
![Page 12: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/12.jpg)
So what is different about IoT?
• The fact there is a device – Yes – its hardware! – Ease of use is almost always at odds with security
• The longevity of the device – Updates are harder (or impossible)
• The size of the device – CapabiliQes are limited – especially around crypto
• The data – OXen highly personal
• The mindset – Appliance manufacturers don’t always think like security experts – Embedded systems are oXen developed by grabbing exisQng chips, designs, etc
![Page 13: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/13.jpg)
Physical Hacks
A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
![Page 14: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/14.jpg)
![Page 15: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/15.jpg)
Or try this at home? hAp://freo.me/1g15BiG
![Page 16: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/16.jpg)
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html
![Page 17: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/17.jpg)
Hardware recommendaQons
• Don’t rely on obscurity
![Page 18: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/18.jpg)
Hardware recommendaQons
• Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity
![Page 19: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/19.jpg)
Hardware RecommendaQon #2
• Unlocking a single device should risk only that device’s data
![Page 20: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/20.jpg)
The Network
![Page 21: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/21.jpg)
hAp://ubertooth.sourceforge.net/ hAps://www.usenix.org/conference/woot13/workshop-‐program/presentaQon/ryan
![Page 22: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/22.jpg)
Crypto on small devices
• PracQcal ConsideraQons and ImplementaQon Experiences in Securing Smart Object Networks – hAp://tools.ied.org/html/draX-‐aks-‐crypto-‐sensors-‐02
![Page 23: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/23.jpg)
ROM requirements
![Page 24: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/24.jpg)
ECC is possible (and about fast enough)
![Page 25: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/25.jpg)
Crypto
Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
![Page 26: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/26.jpg)
Won’t ARM just solve this problem?
![Page 27: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/27.jpg)
Cost maAers
8 bits $5 retail $1 or less to embed
32 bits $25 retail $?? to embed
![Page 28: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/28.jpg)
Another opQon?
![Page 29: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/29.jpg)
SIMON and SPECK
https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
![Page 30: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/30.jpg)
Datagram Transport Layer Security (DTLS)
• UDP based equivalent to TLS • hAps://tools.ied.org/html/rfc4347
![Page 31: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/31.jpg)
Key distribuQon
![Page 32: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/32.jpg)
Passwords
• Passwords suck for humans • They suck even more for devices
![Page 33: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/33.jpg)
![Page 34: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/34.jpg)
![Page 35: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/35.jpg)
![Page 36: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/36.jpg)
Why Federated IdenQty for Things?
• Enable a meaningful consent mechanism for sharing of device data • Giving a device a token to use on API calls beAer than giving it a
password – Revokable – Granular
• May be relevant for both – Device to cloud – Cloud to app
• “IdenQty is the new perimeter”
![Page 37: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/37.jpg)
MQTT
![Page 38: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/38.jpg)
MQTT and OAuth2
![Page 39: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/39.jpg)
An Open Source IdenQty and EnQtlement Management Server
Apache Licensed LDAP, JDBC, AcQve Directory, SCIM, SPML SAML2, OpenID Connect, WS-‐Trust, Kerberos OAuth 1.0/2.0, XACML 2.0, XACML 3.0 XDAS, Web Console, SOAP Admin MulQ-‐tenant, Clusterable, HA, 24x7 support
39
What is WSO2 IdenQty Server?
![Page 40: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/40.jpg)
Other WSO2 technology to help you
• WSO2 BAM – monitoring • WSO2 CEP – realQme fraud detecQon • WSO2 API Manager – securing API endpoints
![Page 41: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/41.jpg)
Real Qme event processing
41
![Page 42: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/42.jpg)
Are you setting up for the next privacy or
security breach?
![Page 43: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/43.jpg)
![Page 44: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/44.jpg)
Exemplars
• Shields • Libraries • Server Frameworks • Standards and Profiles
![Page 45: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/45.jpg)
Summary
• 1. Don’t be dumb • 2. Think about the differences • 3. Be smart • 4. Create and publish exemplars
![Page 46: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/46.jpg)
WSO2 Reference Architecture for the Internet of Things http://freo.me/iot-ra
![Page 47: Security challenges for IoT](https://reader033.fdocuments.us/reader033/viewer/2022050903/540d82878d7f72767e8b4a05/html5/thumbnails/47.jpg)
Thank You