Your SlideShare is downloading. ×
  • Like
Risk Factory: Let's Get Physical
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Risk Factory: Let's Get Physical

  • 999 views
Published

Security issues associated with the Internet of hings (IoT)

Security issues associated with the Internet of hings (IoT)

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
999
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Give out cards
  • Give out cards
  • Oldest crime on record – not prostitution First recorded case of identity theft Bible: Genesis XXX

Transcript

  • 1. "Let’s Get Physical"Cyber Security in an IP-Enabled World
  • 2. A simple, easy to use, online, B2B procurement portal for purchasing products and services to identify, minimise and manage the security threat to business data. www.riskfactory.com
  • 3. Encryption Cracking Data Slurping Cookies Script Scrapers Script Kiddies SpywareMockingbirds Road Apples Zombie Spim M alwar Botnets s SQL Injection Spoofers e Google Stealth Bombs Port Scanning Hacking Worm Root Kits Backdoors s Pharmin War Crackers gEavesdroppingSteganography Driving Denial of Service Attacks X-Site Crawler Ear Wigging Scripting s Phishing Man-in-the Middle Adware Data Mining AttacksSuppression Screen Grabbers FingerprintingViruses Stripping Smurfing Social Engineering
  • 4. Always do whateversnext…• Wireless• Bluetooth• Cloud
  • 5. Our Internet BasedOn… …• 60’s concepts, requirements & funding• 70’s computing environments• 80’s operating systems, applications, networks, and programming languages• 90’s security technology• 2000’s operational and business practices
  • 6. The End is Neigh In the next 2 years the present IP address space (IPv4) will reach its capacity.
  • 7. Birth Follows EveryDeath It will be replaced by IPv6 which has addresses enough(about 5x10 to the 28 thpower) for each of the 6.8 billion human beings on the planet.
  • 8. In Other Words... Every human being on the planet could have their own personal network the size of today’s internet.
  • 9. Why?• The Internet is preparing to leave its virtual world and enter our physical world.• IPv6 provides an infrastructure for assigning IP addresses to physical “things”• The networking of the virtual world to the physical world• The networking of “things”• Evolution: from a network of interconnected computers to a network of interconnected objects …
  • 10. The "average" person owns somewhere between 1000 to 5000 things – possessions.
  • 11. Imagine • What if you could put them all on your own network? • Have a complete inventory of everything you own and know where it is – real-time? • What if you could connect this network of your things to other networks and interact? • Life on this planet would be significantly and profoundly changed. • We’d never run out of anything. • No more theft as we know it – we’d know exactly where things are at any given movement anywhere on the planet
  • 12. Wake Up • It’s all ready here • Internet of Things (IoT) • Concept founded by Auto-ID Centre at in MIT back in 1999 • Phase 1 underway, bottom up, level- specific functionality • Internet Protocol for Smart Objects (IPSO) Alliance founded 2008
  • 13. IoT Characteristics Pervasive: present throughout Ubiquitous: everywhere at the same time Evolving: constantly changing Global: everywhere on this planet
  • 14. Beyond Accidental"Anytime, anywhere, by anyone and everything"
  • 15. A Day in the Life…
  • 16. First Things First• Everything on the electrical grid - first• Balance of power (grids) – Plant to substations – Substations to lines – Lines – transformers – Transformers to homes
  • 17. Second Things Second• Any “thing” with a power source to any “thing” with a power source and vice versa… – Refrigerator to a television – Toaster to smoke detector – Fire alarms to ovens – Smoke detectors to gas supplier
  • 18. And Last But Not Least• Any “person” to any “thing” or any person? – You to your house – You to your appliances – You to your car – You to your….
  • 19. Communication is Key • Need mobile “smart” communication devices to connect: – Things to things – People to things • IP Smart Objects (IPSO) • RFID chip the leader
  • 20. IoT Language Hello: My UID is 1234567fa and my challenge is X4665 Bonjour: My UID is af7654321 and the answer to your challenge is Ab455839
  • 21. Communication
  • 22. FrameworkNetless: is an anamorphic structure of nodes that is capableof holding some amounts of digital data. each node is a small,low-power wireless digital transponder. There is no permanentnetwork connection. Every time any node would appear in thevicinity of any other node - they would establish a wireless linkand swap the data that was stored internally.Keywords: permission-less, parasitic network, off-line data-sharing, city-net, WAN, othernet, decentralized, node-network,sneakernet, sensor-network, grassroots-network, wireless.
  • 23. Looks Like
  • 24. Soylent Green is People!Newly developed ‘RFIDPowder’, as invisible as aspeck of dust: 0.05 mm x0.05 x 0.005mmChips are packed with 128bits of static memory,enough to store a unique38-digit ID number, 2.45GHz, 1mWCan be embed directly intopieces of paperCurrent favored application:anti-counterfeiting
  • 25. Already There• Retail stores using RFID for stock control• Vehicles paying by RFID on motorways• Cows, Dogs, Cats, Sheep implanted with RFID chips• Consumer products from cars and mobiles to children’s tennis shoes now equipped with GPS RFID chips
  • 26. Security RequirementsCan our current C.I.A. definition fit the IoT?Pervasive: present throughout?Ubiquitous: everywhere simultaneously?Emerging: constantly evolving?Global: everywhere on this planet?
  • 27. Application Challenges
  • 28. IP ChallengesPacket spoofingNetwork traffic analysisDevice analysisDevice spoofingEncryptionKey distributionPrivacy protectionIdentity protectionIdentity and identifiermanagement
  • 29. IPSO Challenges• Devices are not reachable – Most of the time a device is not connected• Devices can be lost and stolen – Makes security difficult when the device is not connected• Devices are not crypto-engines – Strong security difficult without processing power• Devices have finite life – Credentials need to be tied to lifetime• Devices are transportable – Will cross borders• Devices need to be recognised by many readers
  • 30. Privacy Challenges• What things you own• Where you bought them• The price you paid for them• Where they are located• What you use them for• How often you use them• What they connect to• Who they connect to
  • 31. Fraud Challenges • "Thing" Theft • Counterfeit • Piracy
  • 32. Professional Challenges• See the bigger picture - now• Anticipate the potential problems• Security professionals are always “catching up” to technology• Step up. Consider the implications of the next world of networked things• Prepare for it – now• Lead - Don’t follow.
  • 33. 26 Dover Street London United Kingdom W1S 4LY +44 (0)20 3586 1025+44 (0)20 7763 7101(fax)