Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT...
Transcript of Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT...
![Page 1: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/1.jpg)
European Union Agency for Network and Information Security
Introduction to IoT security
Christina Skouloudi, Apostolos Malatras | ENISA IoT Security teamENISA-FORTH NIS Summer School| 26.09.2018
![Page 2: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/2.jpg)
Structure of Day 1
![Page 3: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/3.jpg)
3
• Round table
• Intro & ENISA’s efforts on IoT
• IoT 101
• Intro and definition• Ecosystem (including assets and components)• IoT platforms• IoT protocols
• IoT Security
• Challenges• Threats• Attack scenarios
• Case-study: BLE Security
• LAB
Day 1
![Page 4: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/4.jpg)
4
Positioning ENISA activities
POLICY Support MS & COM in
Policy implementation Harmonisation across EU
CAPACITY Hands on activities
EXPERTISE Recommendations Independent Advice
![Page 5: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/5.jpg)
5
Horizontal and vertical Studies
Expert Groups
Validation Workshops
Conferences
Summer School
ENISA’s efforts on IoT Security
![Page 6: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/6.jpg)
6
ENISA’s efforts on IoT Security
Industry 4.0 Baseline IoT Security
![Page 7: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/7.jpg)
7
IoT security in sectors
• Understand threats & assets
• Consider context of use
• Highlight security good practices in specific sectors
• Provide recommendations to enhance cyber security
• Expert groups
![Page 8: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/8.jpg)
8
• Baseline Security Recommendations for IoT
• Map existing IoT security initiatives
• Address the problem holistically engaging
with wider community
• Utilize sectorial knowhow
• Provide horizontal cybersecurity
recommendations and security measures
• One stop shop for IoT cybersecurity
in Europe
ENISA and IoT cybersecurity
https://enisa.europa.eu/iot
![Page 9: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/9.jpg)
IoT 101
![Page 10: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/10.jpg)
1010
What is IoT to you?
![Page 11: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/11.jpg)
11
“
”11
IoT
ENISA defines IoT as a cyber-physical ecosystem of interconnected sensors and actuators which
enable intelligent decision making.
![Page 12: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/12.jpg)
12
Sensor
![Page 13: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/13.jpg)
13
Sensor
element that allows to monitor the environment and the context on which IoT systems operate
• accelerometers • temperature sensors • pressure sensors • light sensors • acoustic sensors
sensors can measure defined physical, chemical or biological indicators, and on the digital level, they collect information about the network and applications
![Page 14: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/14.jpg)
14
Actuator
![Page 15: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/15.jpg)
15
Actuator
the entity responsible for moving or controlling a system or mechanism.
an actuator operates in the reverse direction of a sensor; it takes an electrical input and turns it into physical action.
![Page 16: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/16.jpg)
16
Sensor + Actuator + ..
Structure of an IoT embedded system
• medical implants • wearables (smart watches) • connected lights • smart thermostats
![Page 17: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/17.jpg)
17
Intelligent Decision Making
![Page 18: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/18.jpg)
18
Everything becomes connected
Business side
• “Everything connected” hype
- Competitors do IoT, hence we must do IoT
- Competitors don’t do IoT, let’s be the first one!
• Financial gains
• New business models and opportunities
• Advanced data collection and processing
![Page 19: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/19.jpg)
19
![Page 20: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/20.jpg)
2020
Components of IoT?
![Page 21: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/21.jpg)
21
IoT Ecosystem
GATEWAYS
ENDPOINT DEVICES (SENSORS, ACTUATORS, EMBEDDED DEVICES etc.)
CLOUD PLATFORM, BACKEND AND
SERVICES
![Page 22: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/22.jpg)
22
• Smart appliances
• Smartphones
• Smart ‘things’
IoT Components – Endpoint Devices
![Page 23: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/23.jpg)
23
• WiFi
• Zigbee
• Z-Wave
• NFC
• RFID
• BLE
• LoRAWAN
• MQTT/SIP/CoAP
IoT Components - Communications
SESSION AMQP, CoAP, DDS, MQTT, XMPP
NETWORK ENCAPSULATION 6LowPAN, Thread
ROUTING CARP, RPL
DATALINK Bluetooth / BLE, Wi-Fi / Wi-Fi HaLow, LoRaWAN, Neul, SigFox, Z-Wave, ZigBee, USB
![Page 24: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/24.jpg)
24
![Page 25: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/25.jpg)
25
![Page 26: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/26.jpg)
26
• Data and storage
• Web-based services
• Device management (config, etc)
IoT Components - Cloud
![Page 27: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/27.jpg)
27
IoT Cloud platform
![Page 28: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/28.jpg)
28
• Consumer Electronics
• Automotive
• Healthcare
• Industrial IoT
• Wearables
• Logistics
• Sport & Fitness
IoT Components - Use case / context
![Page 29: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/29.jpg)
2929
What are the assets of IoT?Group of 4 – 5’
![Page 30: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/30.jpg)
30
IoT Assets
![Page 31: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/31.jpg)
3131
Development for IoT
![Page 32: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/32.jpg)
32
• ThingBox
• Node-RED
• M2MLabs Mainspring
• Kinoma
• Eclipse IoT Project
• Arduino
IoT development platforms
![Page 33: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/33.jpg)
33
• Apio
• Arduino Nano
• Arduino Pro Mini
• Arduino Uno
• Arduino Yún
• Arietta G25
• BeagleBoard
• Flutter
• Flutter
• IMUduino BTLE
• Intel Edison
• Intel Galileo
• Libelium Waspmote
• LightBlue Bean
• Local Motors Connected Car
• Microduino
• Nanode
• OpenKontrol Gateway
• OpenPicus
• panStamps
• PicAxe
• Pinoccio
• Raspberry Pi 2
• RasWIK
• SAM R21 Xplained Pro
• SmartEverything
• SODAQ
• SparkFun RedBoard
• Tessel
• Tessel 2
• The AirBoard
• The Rascal
• TinyDuino
• UDOO
• WIOT
• XinoRF
IoT hardware platforms
![Page 34: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/34.jpg)
34
Home Automation
• Eclipse SmartHome
• Home Gateway Initiative (HGI)
• Ninja Blocks
• openHAB
• PrivateEyePi
• RaZberry
• The Thing System
Middleware
• IoTSyS
• Kaa
• OpenIoT
• OpenRemote
Operating Systems
• AllJoyn
• Contiki
• Raspbian
• RIOT
• Spark
IoT software platforms
![Page 35: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/35.jpg)
35
• Canopy
• Chimera IoT
• DeviceHive(IoT Integration Tools and Horizontal Platforms )
• net
• Distributed Services Architecture (DSA)
• IoT Toolkit
• M2MLabs Mainspring
• Mango
• Nimbits
• Open Source Internet of Things (OSIOT)
• OpenRemote
• Pico Labs (Kynetx open source assigned to Pico Labs)
• prpl Foundation
• RabbitMQ
• SiteWhere
• ThingSpeak
• webinos
• Yaler
IoT Iintegration platforms
![Page 36: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/36.jpg)
36
https://nodered.org/
Presentation Title | Speaker Name ( To edit click Insert/ Header & footer)
Node-Red
![Page 37: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/37.jpg)
IoT Security
![Page 38: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/38.jpg)
3838
What could possibly go wrong?
![Page 39: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/39.jpg)
39
What could possibly go wrong?
![Page 40: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/40.jpg)
40
• IoT botnet
• IoT devices used for DDoS attacks
Based on a real life example
![Page 41: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/41.jpg)
41
No device is fully secured
• Reliance on third-party components, hardware and software
• Dependency on networks and external services
• Design of IoT/connected devices
• Vulnerabilities in protocols
• Security by design NOT the norm.
IoT security is currently limited
• Investments on security are limited
• Functionalities before security
• Real physical threats with risks on health and safety
• No legal framework for liabilities
Why IoT security matters?
CyberSystem
PhysicalSystem
![Page 42: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/42.jpg)
42
• Very large attack surface and widespread deployment
• Limited device resources
• Lack of standards and regulations
• Safety and security process integration
• Security by design not a top priority
• Lack of expertise
• Applying security updates
• Insecure development
• Unclear liabilities
IoT Security – Main challenges
![Page 43: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/43.jpg)
43
![Page 44: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/44.jpg)
4444
What are the threats to IoT?Group of 4 – 5’
![Page 45: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/45.jpg)
45
IoT Threat Landscape
![Page 46: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/46.jpg)
4646
Which way would you attack IoT?Attack scenarios
![Page 47: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/47.jpg)
47
• Attacks over the entire IoT ecosystem
• Sensors/actuators- E.g. draining the battery of pacemakers
• Communications- E.g. intercepting Bluetooth LE communication
• Decision making (data integrity, etc.)- E.g. modification of messages to modify smart car
behavior
• Information privacy- E.g. smart toys exploited to eavesdrop on children
Many ways to attack IoT
![Page 48: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/48.jpg)
48
IoT Attack Scenarios
IoT administration system compromised
![Page 49: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/49.jpg)
49
IoT Attack Scenarios
Botnet / Commands injection
![Page 50: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/50.jpg)
Class ExerciseBotnet (Mirai)
![Page 51: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/51.jpg)
51
![Page 52: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/52.jpg)
52
Shodan
IP Angry
Shodan
![Page 53: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/53.jpg)
53
• What we are exposing on the internet
• Online scanners
• The use of shodan, and the many grey areas.
• Who is a potential target of these kind of scanners?
• Are shodan results an indicator of potential attacks and more sophisticated version of current attacks? (eg. Mirai evolved to target specific ports – why?)
What to understand
![Page 54: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/54.jpg)
54
IP Angry
![Page 55: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/55.jpg)
55
Study Mirai code on github:
https://github.com/jgamblin/Mirai-Source-Code
Code of a Botnet
![Page 56: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/56.jpg)
56
• AIOTI High Level Architecture functional model
• FP7-ICT – IoT-A Architectural reference model
• NIST Network of Things (NoT)
• ITU-T IoT reference model39
• ISO/IEC CD 30141 Internet of Things Reference Architecture
• ISACA Conceptual IoT Architecture
• oneM2M Architecture Model
• IEEE P2413 - Standard for an Architectural Framework
IoT Security Architectures
![Page 57: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/57.jpg)
57
High-level IoT reference model
![Page 58: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/58.jpg)
Case-study
Demo on Smart Health Security
![Page 59: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/59.jpg)
59
Sensor
Sensor(RGB sensor)
High
Med
Low
1 = red0 = green-1 = blue
1
0
-1
Display?/LED
![Page 60: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/60.jpg)
60
Interconnectivity
Sensor(RGB sensor)1 = red
0 = green-1 = blue
reading
![Page 61: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/61.jpg)
61
Decision Making
If(red) add blue
If(green) do nothing
If(blue) add red
High
Med
Low
1
0
-1
Based on reading, we want to increase or decrease value to get optimal state
![Page 62: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/62.jpg)
62
Actuator
If(red) add blue
![Page 63: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/63.jpg)
63
Scenario 1: Sensor tampering
modifying the values read by sensors or their threshold values and settings
![Page 64: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/64.jpg)
64
Real life practice – Electronic thermometer
![Page 65: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/65.jpg)
65
Scenario 2: Man-In-the-Middle
modifying the values intercepted from the man in the middle
![Page 66: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/66.jpg)
66
Real life practice – Pacemaker
![Page 67: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/67.jpg)
67
Scenario 3: Unauthorised access
modifying or sabotaging normal settings of the device
![Page 68: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/68.jpg)
68
Real life practice – Unauthorisedsyringe injections
![Page 69: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/69.jpg)
69
• IoT 101
• IoT Security
• Challenges
• Threats
• Attack scenarios
• Case-study
Summary
![Page 70: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/70.jpg)
7070
What follows..
Lab exercises on BLE attacksTime to set up the VMachines!
![Page 71: Structure of Day 1 - edisciplinas.usp.br...3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components)](https://reader033.fdocuments.us/reader033/viewer/2022060810/608eb79eb4e18b3cb12e2181/html5/thumbnails/71.jpg)
1 Vasilissis Sofias Str, Maroussi 151 24, Attiki, Greece
Tel: +30 28 14 40 9711
www.enisa.europa.eu
Thank you