Smart Cities in the IoT Era
-
Upload
opposing-force-srl -
Category
Presentations & Public Speaking
-
view
897 -
download
0
Transcript of Smart Cities in the IoT Era
Smart Citiesin the IoT EraMatteo Beccaro || IoT Tech Expo
Berlin – June 14th, 2016
Me ||
§ Matteo Beccaro
§ Founder& Chief Technology Officer at Opposing Force§ The first Italian company specialize in offensive physical security
§ Twitter: @_bughardy_ | @_opposingforce
§ Web: www.opposingforce.it
Starting from May 2016Opposing Force is member of
Agenda ||
§ Smart cities building technologies
§ Smart transportation systems
§ The role of cyber-‐physical security
§ Smart parking meter case study
Agenda ||
§ Smart cities building technologies
§ Smart transportation systems
§ The role of cyber-‐physical security
§ Smart parking meter case study
Smart transportation systems
Smart transportation systems ||
§ Smart traffic control
§ Smart parking
§ Smart street lighting
§ Smart public transport system
Smart resources systems
Smart resources systems ||
§ Smart energy management
§ Smart water management
§ Smart waste management
Smart security and safety systems
Smart security and safety systems ||
§ Connected security cameras
§ Connected alarm systems
§ Connected safety systems
§ Connected access control systems
Agenda ||
§ Smart cities building technologies
§ Smart transportation systems
§ The role of cyber-‐physical security
§ Smart parking meter case study
let’s see the taxonomy ofsmart transportation systems
Citizens
Smart Traffic Control
Smart Lighting Control Smart Transportation
Smart Parking System
Smart Traffic Control
Smart Lighting Control Smart Transportation
Smart Parking System
Citizen
going more in details…
Smart transportation systems ||Physical world data
Physical world data
Agenda ||
§ Smart cities building technologies
§ Smart transportation systems
§ The role of cyber-‐physical security
§ Smart parking meter case study
the smart security
securing the ecosystem
The role of cyber-‐physical security ||
Edge domain security ||
Device Issues Impact Risk
Traffic Sensors
Identities validation MiTM attacks High
Data integrity Data spoofing High
Data confidentiality Data sniffing Low
Data availability Denial of Service Medium
Cloud domain security ||
Device Issues Impact Risk
Admin Panel
Authorization process Authorization bypass High
Authentication process Authentication bypass High
Data validation SQL Injection, XSS, etc. High
Data storing process Data leakage Medium
Client domain security ||
Device Issues Impact Risk
Mobile App
Data storage Data leakage Medium
Communication process MiTM attacks Medium
Hardcoded credentials Secrets/keys leakage High
Authentication process Authentication bypass High
..and definitely: assess the securityof your products, always..
Agenda ||
§ Smart cities building technologies
§ Smart transportation systems
§ The role of cyber-‐physical security
§ Smart parking meter case study
Smart parking meter case study ||
Sorry.. we are still working with the vendor for fixingthe hardware and software bugs we found..
Smart parking meter case study ||
CLIENT DOMAINEDGE DOMAIN CLOUD DOMAIN
USB GSM
NFC
Smart parking meter case study ||
CLIENT DOMAINEDGE DOMAIN CLOUD DOMAIN
No data validation
Trust in the Edge Device provided information
Stay tuned!details on our research will be presented
at DEF CON 24 in Vegas
Q&A ||
Any question?Don’t be shy..
Thank you
Contacts – [email protected] || www.opposingoforce.it || @_opposingforce