Security issues associated with the Internet of hings (IoT)
Security issues associated with the Internet of hings (IoT)
"Let’s Get Physical"Cyber Security in an IP-Enabled World
A simple, easy to use, online, B2B procurement portal for purchasing products and services to identify, minimise and manage the security threat to business data. www.riskfactory.com
Encryption Cracking Data Slurping Cookies Script Scrapers Script Kiddies SpywareMockingbirds Road Apples Zombie Spim M alwar Botnets s SQL Injection Spoofers e Google Stealth Bombs Port Scanning Hacking Worm Root Kits Backdoors s Pharmin War Crackers gEavesdroppingSteganography Driving Denial of Service Attacks X-Site Crawler Ear Wigging Scripting s Phishing Man-in-the Middle Adware Data Mining AttacksSuppression Screen Grabbers FingerprintingViruses Stripping Smurfing Social Engineering
Always do whateversnext…• Wireless• Bluetooth• Cloud
Our Internet BasedOn… …• 60’s concepts, requirements & funding• 70’s computing environments• 80’s operating systems, applications, networks, and programming languages• 90’s security technology• 2000’s operational and business practices
The End is Neigh In the next 2 years the present IP address space (IPv4) will reach its capacity.
Birth Follows EveryDeath It will be replaced by IPv6 which has addresses enough(about 5x10 to the 28 thpower) for each of the 6.8 billion human beings on the planet.
In Other Words... Every human being on the planet could have their own personal network the size of today’s internet.
Why?• The Internet is preparing to leave its virtual world and enter our physical world.• IPv6 provides an infrastructure for assigning IP addresses to physical “things”• The networking of the virtual world to the physical world• The networking of “things”• Evolution: from a network of interconnected computers to a network of interconnected objects …
The "average" person owns somewhere between 1000 to 5000 things – possessions.
Imagine • What if you could put them all on your own network? • Have a complete inventory of everything you own and know where it is – real-time? • What if you could connect this network of your things to other networks and interact? • Life on this planet would be significantly and profoundly changed. • We’d never run out of anything. • No more theft as we know it – we’d know exactly where things are at any given movement anywhere on the planet
Wake Up • It’s all ready here • Internet of Things (IoT) • Concept founded by Auto-ID Centre at in MIT back in 1999 • Phase 1 underway, bottom up, level- specific functionality • Internet Protocol for Smart Objects (IPSO) Alliance founded 2008
IoT Characteristics Pervasive: present throughout Ubiquitous: everywhere at the same time Evolving: constantly changing Global: everywhere on this planet
Beyond Accidental"Anytime, anywhere, by anyone and everything"
First Things First• Everything on the electrical grid - first• Balance of power (grids) – Plant to substations – Substations to lines – Lines – transformers – Transformers to homes
Second Things Second• Any “thing” with a power source to any “thing” with a power source and vice versa… – Refrigerator to a television – Toaster to smoke detector – Fire alarms to ovens – Smoke detectors to gas supplier
And Last But Not Least• Any “person” to any “thing” or any person? – You to your house – You to your appliances – You to your car – You to your….
Communication is Key • Need mobile “smart” communication devices to connect: – Things to things – People to things • IP Smart Objects (IPSO) • RFID chip the leader
IoT Language Hello: My UID is 1234567fa and my challenge is X4665 Bonjour: My UID is af7654321 and the answer to your challenge is Ab455839
FrameworkNetless: is an anamorphic structure of nodes that is capableof holding some amounts of digital data. each node is a small,low-power wireless digital transponder. There is no permanentnetwork connection. Every time any node would appear in thevicinity of any other node - they would establish a wireless linkand swap the data that was stored internally.Keywords: permission-less, parasitic network, off-line data-sharing, city-net, WAN, othernet, decentralized, node-network,sneakernet, sensor-network, grassroots-network, wireless.
Soylent Green is People!Newly developed ‘RFIDPowder’, as invisible as aspeck of dust: 0.05 mm x0.05 x 0.005mmChips are packed with 128bits of static memory,enough to store a unique38-digit ID number, 2.45GHz, 1mWCan be embed directly intopieces of paperCurrent favored application:anti-counterfeiting
Already There• Retail stores using RFID for stock control• Vehicles paying by RFID on motorways• Cows, Dogs, Cats, Sheep implanted with RFID chips• Consumer products from cars and mobiles to children’s tennis shoes now equipped with GPS RFID chips
Security RequirementsCan our current C.I.A. definition fit the IoT?Pervasive: present throughout?Ubiquitous: everywhere simultaneously?Emerging: constantly evolving?Global: everywhere on this planet?
IP ChallengesPacket spoofingNetwork traffic analysisDevice analysisDevice spoofingEncryptionKey distributionPrivacy protectionIdentity protectionIdentity and identifiermanagement
IPSO Challenges• Devices are not reachable – Most of the time a device is not connected• Devices can be lost and stolen – Makes security difficult when the device is not connected• Devices are not crypto-engines – Strong security difficult without processing power• Devices have finite life – Credentials need to be tied to lifetime• Devices are transportable – Will cross borders• Devices need to be recognised by many readers
Privacy Challenges• What things you own• Where you bought them• The price you paid for them• Where they are located• What you use them for• How often you use them• What they connect to• Who they connect to
Professional Challenges• See the bigger picture - now• Anticipate the potential problems• Security professionals are always “catching up” to technology• Step up. Consider the implications of the next world of networked things• Prepare for it – now• Lead - Don’t follow.
26 Dover Street London United Kingdom W1S 4LY +44 (0)20 3586 1025+44 (0)20 7763 7101(fax)