Security issues and solutions : IoT
-
Upload
jinia-bhowmik -
Category
Internet
-
view
202 -
download
10
Transcript of Security issues and solutions : IoT
INTERNET OF THINGS
IoT
Presented By:15MCA0154: Jinia Bhowmik15MCA0130: Prantik Das Barman15MCA0091: Athar Basha S A
Under the supervision of
Assistant Prof. Malathy E.
WHAT IS TH
E
BUZZ ALL
ABOUT?
Series of
Sensors
Network
IoT
Automated Home
Connected Cars
Smart Devices
Automated Office
IoT
Smart Industries
THEN WHY IS IT NOT OUT YET ?
Because...
SECURITY is the #1 challenge to making the Internet of Things a reality.
WHY?Because, • In order to be useful, IoT devices must make
real-time bi-directional connections to the internet, and that type of communication is challenging to secure.
• Security for IoT devices is nascent and rarely sufficient.
** Whereas security protocols and best practices for servers, personal computers, and smart-phones are well-understood and broadly adopted,
IoT
• “An open and comprehensive network of intelligent objects that have the
capacity to auto-organize, share information, data and resources, reacting and
acting in face of situations and changes in the environment” - Journal of
Computer and Communications, 2015, 3, 164-173 (Published Online May 2015
in SciRes)
• “Despite the immense potential of IoT in the various spheres, the whole
communication infrastructure of the IoT is flawed from the security standpoint and
is susceptible to loss of privacy for the end users.” - Survey of Security and
Privacy Issues of Internet of Things by Tuhin Borgohain, Sugata Sanyal &
Uday Kumar
LITERATURE SURVEY
• “Due to lack of proper infrastructures and servers to exchange messages among
nodes, authentication is particularly difficult in IoT scenarios. Furthermore, things
have scarcer resources comparing to PCs, cell phones, etc., to carry out complex
computing. Some solutions about authentication have been proposed, but they all
have serious problems and can’t help solve the man-in-the-middle attack problem.
” -A Survey of the Internet of Things by De-Li Yang Feng Liu Yi-Duo Liang
(School of Management Science and Engineering Dalian University of Technology,
Dalian, 116024, P.R. China)
PROBLEMS• Unprotected devices will be attacked
• Flaws in Encryption & Processing
• Access control
POSSIBLE SOLUTIONS• Offload as much security into the Network as possible.
• Apply AES & proper processing
• Control the access with “TOKENS”
REQUIREMENTS
1. DEVICES MUST NOT HAVE OPEN INBOUND PORTS
“Any device on the Internet with an open inbound port will be attacked. It’s a matter of when, not if.”
2. END-TO-END ENCRYPTION
The message body is encrypted with AES, but the surrounding envelope, which can contain key data to be used midstream, is only encrypted at the endpoints with TLS.”
AES & TLS/SSL DATA ENCRYPTION & ACCESS CONTROL
• Secure all communications with multiple data encryption standards like AES and TLS/SSL
• Manage permission for your real-time apps and data, down to the person, device or channel
KEY FEATURES
• Protect your apps with enterprise-grade encryption and fine-grain access control
• Encryption, including built-in AES encryption for all major APIs and optional TLS/SSL encryption
• Device Access Manager for fine grain Publish and Subscribe permissions down to person, device or channel
3. TOKEN-BASED ACCESS CONTROL
The network effectively serves as a traffic cop, both authorizing device access and managing which devices can speak and listen on the network based on the tokens the network distributes.
4. DEVICE STATUS MONITORING
“An offine device could mean local tampering is taking place, or a broader issue like a power or Internet outage has occurred”
5. USER-FRIENDLY SETUP & UPGRADES
“A publish/subscribe paradigm makes it easy to securely set up and provision IoT devices”
SECURE - REMOTE FIRMWARE UPGRADES
CONCLUSION• One vision of the future is that IoT becomes a utility with
increased sophistication in sensing, actuation, communications, control, and in creating knowledge from vast amounts of data.
• We did not predict the Internet, the Web, social networking, Facebook, Twitter, millions of apps for smart-phones, etc. New research problems arise due to the large scale of devices, the connection of the physical and cyber worlds, the openness of the systems of systems, and continuing problems of privacy and security.
• It is hoped that there is more cooperation between the research communities in order to solve the myriad of problems sooner as well as to avoid re-inventing the wheel when a particular community solves a problem.