The document discusses internet of things (IoT) security. It begins by defining IoT and its security issues, including privacy, access control, policy enforcement, trust, mobile security, secure middleware, authentication and confidentiality. Examples of security breaches are provided. Recommendations for IoT security include designing for security, making devices more user-friendly, emphasizing technical knowledge, and re-evaluating business structures. Security principles like the Australian Privacy Principles and OWASP principles are covered. Predictions for the future of IoT security include more devices and DDoS attacks, the rise of smart cities, more use of artificial intelligence, more secure routers, use of software defined networking, and an end-to
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
Internet & iot security
1. Internet & IOT
security
Usman Anjum
SID:37081, BIT(Networking)
Project 2, Part A: study of Emerging Trends in Networking
Victorian Institute of Technology(Melbourne)
2. 1What Is IOT ?
You can simply impress your audience and add a
unique zing and appeal to your Presentations. Easy to
change colors, photos and Text.
2Security Issues in IOT
You can simply impress your audience and add a
unique zing and appeal to your Presentations. Easy to
change colors, photos and Text.
3A security Breach Examples
You can simply impress your audience and add a
unique zing and appeal to your Presentations. Easy to
change colors, photos and Text.
4Recommondations
You can simply impress your audience and add a
unique zing and appeal to your Presentations. Easy to
change colors, photos and Text.
Overview
5Security Principals
You can simply impress your audience and add a
unique zing and appeal to your Presentations. Easy to
change colors, photos and Text.
Future Direction
You can simply impress your audience and add a
unique zing and appeal to your Presentations. Easy to
change colors, photos and Text.
6
4. What is IOT ?
.
The Internet of Things, also called The Internet of Objects, refers to a wireless network
between objects, usually the network will be wireless and self configuring, such as household
appliances.
------Wikipedia
Internet of Things refers to the concept that the Internet is no longer just a global network
for people to communicate with one another using computers, but it is also a platform for
devices to communicate electronically with the world around them.”
--Center for Data and Innovation
The term "Internet of Things" has come to describe a number of technologies and
research disciplines that enable the Internet to reach out into the real world of physical
objects.
------IoT 2008
Things having identities and virtual personalities operating in smart spaces using
intelligent interfaces to connect and communicate within social, environmental,
and user contexts”.
-------IoT in 2020
“Internet of Objects” “Machine-to-Machine Era” “Internet of Everything”
The term Internet of Things was first used by Kevin Ashton in 1999. Refers to uniquely
identifiable objects (things) and their virtual representations in an Internet-like
structure
5. Security Issues in IOT
What Is IT Security ?
Measures taken to protect a
computer/device/system on
the internet or off interne
from unauthorized access or
attacks
6. Security Issues in IOT
Privacy
The most dangerous part of IoT is
that consumers are surrendering
their privacy, bit by bit, without
realizing it,because they are
unaware of what data is being
collected and how it is being used.
Access Control
Access control deals with access
rights given to the things/devices in
IoT environment. In traditional
database systems, processing of
discrete data is done, however in IoT
processing of flowing data is done.
Some of the challenges related to
Access Control in IoT context involve:
How to handle the huge amount of
transmitted data (i.e., in the form of
stream data) in a common recognized
representation? How to support the
identification of?
Policy Enforcement
Policy enforcement refer to the
approaches used for the application of a
set of defined principals in a system.
Policies are set of defined rules which
desire to be acted for the purpose of
maintaining order, security, and
consistency on data. Only few works from
describe literature because of
Trust
The trust idea is used in different contexts
and with different explanations. Trust is a
complicated concept about which no
explanatory acquiescence endures in the
scientific literature, furthermore its
importance is dimensionally identified [7].
A core problem with many applications
towards trust description is that they do not
contribute themselves to the
demonstration of metrics and computation
methodologies.
Andrew Newman , CEO and Founder of Reason Software Company
“IoT security suffers today because the industry currently has many non-standard communication protocols,
making security for these devices incredibly complex.
7. Security Issues in IOT
www.free-powerpoint-templates-design.com
Mobile security
The common IoT vulnerabilities that I often see tie
into poor security on mobile applications," said
Deral Heiland, a veteran penetration tester
(pictured below) who leads Rapid7's IoT security
division[15]. "One of my biggest gripes is data
being stored on mobile apps.". What happens if a
worker simply loses a smartphone with valuable
data on it and that isn't backed up elsewhere?
Secure Middleware
The middleware has several tasks to
perform simultaneously, the primary
being to act as platform for different
technologies, protocols, network
environments, data replication. The top
vulnerabilities because of an insecure
middleware could be: Privacy concerns,
Insufficient authorization, Lack of
transport encryption, Insecure web
interface Inadequate software protection
Authentication & Confidentiality
Different works, describe different protocols and
mechanisms to deal with authentication of a user and
confidentiality of data in the context of IoT. IoT
enables a
constant transfer and sharing of data among things
and
users. In such a sharing environment, authentication,
authorization, access control and non-repudiation are
important to ensure secure communication.
Kyle Wilhoit, Senior Cybersecurity Threat Researcher at Domain Tools
“Any unsecured web-connected device could give cybercriminals an access point to the “backbone”
of a home’s computer network, and lead to the compromising of more important devices.
8. Security Breach Examples
1 2 3
4 5 6
3
Facebook's stock has
plunged by more
than 6.7 percent
after an analytics
firm admitted it
stole data from over
50 million users to
push targeted
political advertising.
9. Recommendations
Cyber security expert Bruce
Schneier has called for
government regulation of the
IoT, concluding that both IoT
manufacturers and their
customers don’t care about
the security of the 8.4 billion
internet-connected devices in
current use.
10. Recommendations
Security by Design
it is important that any
decision on the introduction
of new
technologies and new
procedures should be taken
only after a privacy, security
and technology impact
assessment
. The new devices / technologies should
also address discriminatory or
exclusionary aspects of how information
is presented to citizens (including IT-
illiterates). We would like to develop
technologies that people use and not
just for the sake of it, so their
requirements should be a key
consideration.
Make devices /
technologies more user
friendly, be
„inclusive‟
Technical Knowledge
A very important consideration in this
is key management: such a holistic
framework should identify the actors
generating the encryption keys
(private/public keys), how these will
be distributed, (which
agencies/organizations/authorities)
will eventually be given access to
such keys when necessary
Armin Ebrahimi, Founder & CEO of Showcard
“We are currently at the point of maximum IoT vulnerability. A device can still get into the hands of a cyber
criminal, and there is no such thing as a ‘hack-proof’ device. Therefore to minimise enterprise vulnerability we
need to focus on identifying and validating the user.
11. Recommendations
. The new devices / technologies should
also address discriminatory or
exclusionary aspects of how information
is presented to citizens (including IT-
illiterates). We would like to develop
technologies that people use and not
just for the sake of it, so their
requirements should be a key
consideration.
Make devices / technologies
more user friendly, be
„inclusive‟
Re-evaluate existing
business structures AND
Find New model
IoT encourages enterprises to perform vertical
business process integration improvement, the
process improvement itself also guides the
evolution of the IoT implementation
(e.g., where to put the sensors, what types of
new readers are needed). More importantly,
enterprises should regard IoT beyond
incremental improvement and investigate
totally new business models (e.g., new way of
air transportation) to achieve strong
competitive advantages.
In October 2016, the
world was introduced
to the very first
“Internet of Things”
malware. The Mirai
malware accessed the
devices using default
password and usernames.
The malware then turns
the affected devices into
a botnet in order to
facilitate a Distributed
Denial of Service (DDoS)
attack
Hagai Feiner, CEO of
Access Networks
“As IoT devices become
more common in homes,
security will need to be at
the forefront of product
design. IoT device
manufacturers need to
address the primary
vulnerabilities within their
operating systems (OS) and
applications (apps).”
12. Security Principals
A principal in computer security is an entity that can be
authenticated by a computer system or network. It is
referred to as a security principal in Java and Microsoft
literature. Principals can be individual people, computers,
services, computational entities such as processes and
threads, or any group of such things.
13. Security Principals
Australian Privacy Principles (APPs)
01 Open and transparent management of personal information
02 Collection of identity information that is not required for the business
purpose, collecting data just because you can is not permissible.
03 Dealing with unsolicited personal information
04 Notification of collection of personal information
IoT SECURITY
GUIDELINE V1.2 16
November 2017
14. Security Principals
• Australian Privacy Principles (APPs)
5 use or disclosure of personal information
6 Direct marketing.
7 Cross border disclosure of personal information
8 Adoption, use or disclosure of government-related identifiers
The Office of the
Australian Information
Commissioner (OAIC) has
published a range of
relevant guidance on its
website, www.oaic.gov.au.
Brian Geisel, CEO of
Geisel Software
“In 10 years, we’re going to
see security in the IoT
mature, much as we’ve seen
the networked PC do over
the past 15 years. By that
point, security will actually
be one of the key points used
by product reviewers for
devices.”
15. Security Principals
Australian Privacy Principles (APPs)
9 Quality of personal information
10 Security of personal information.
11 Access to personal information
12 Correction of personal information
Matt Kozloski, VP
of Professional
Services at Kelser
Corporation.
“As the number of
sensors watching and
interacting with our
lives increases over
the next 10-15 years,
we’re going to need
OSHA-like regulations
for the security of
these devices, from
their development to
integration and use.
16. Security Principals
OWASP(Open web application security principals ) Principles of Security
IoT systems should have capabilities to
respond to compromises, hostile participants,
malware, or other adverse events.
Plan for the Worst
New encryption, advances in protocols, new attack methods and
techniques, and changing topology all necessitate that IoT systems
be capable of addressing emerging security.
The Long Haul
Attackers will identify the weakest component and
attempt to exploit it. Mobile interfaces, hidden API's, or
resource constrained environments must enforce
security in the same way as more robust or feature rich
interfaces.
Attackers Target Weakness
To the extent possible limit access based on acceptable use criteria.
There's no advantage in exposing a sensor interface to the entire
internet if there's no good case for a remote user in a hostile country.
Limit access to white lists of rules that make sense.
Limit What You Can
Automated systems are extremely capable of presenting
misinformation in convincing formats. IoT systems should always verify
data from the edge in order to prevent autonomous misinformation
from tainting a system
Internet of Lies
Phil Richards, CISO
at Ivanti
“As we see IoT
adoption and expand
into new markets, new
products and new
services; security will
become an increasingly
larger component of
these tools.”
17. Future Of IOT Security
Predictions
Storm Of Devices
By 2020, it is estimated that there will be
up to 21 billion connected devices
1
More DDoS attacks
Hackers will continue to use IoT devices
to facilitate DDoS attacks
2
Smart Cities
More cities will become "smart. Consumers won’t be
the only ones using IoT devices. Cities and
companies, will also start adopting “smart”
technologies.
3
Artificial intelligence will really become a “thing”
smart home hubs, thermostats, lighting systems
and even coffee makers all collect data on your
habits and patterns of usage. All of this data is
collected to help facilitate what is called machine
learning.
4
Routers will become more secure and “smarter”
The router is essentially the entry point of the
Internet into your home. While the connected devices
cannot be protected by themselves, the router has
the ability to provide protection at the entry point.
5
SDN
With the help of software defined
networking , physical networks would
much easier to manage and control 6
Secure first, then
connect: The
future of IoT
security
18. Future of IOT Security
IOT Security forecasts
www.free-powerpoint-templates-design.com
01
An increasing use of artificial intelligence for real-time
security monitoring, depending on the use case
02
Appearance of blockchain (distributed ledger technology)
in IoT security and an ongoing integration of IoT and
blockchain.
03
Reliance on partners and system integrators with clear
SLAs for security and privacy.
04 A shift of focus to and end-to-end security approach with
embedded security by design.
05
Policy Regulations and security standards will be
deployed..
19. CONCLUSION
In short, current security services are insufficient for such contradictory
technologies and communication standard. As IoT deals with interconnecting various
heterogeneous things, currently there are many challenges occurring while building
it. So this area has many open research issues. The future research directions mainly
consists of how to deal with the challenges, may be related to security issues, faced
by IoT. I hope this research will be helpful in order to allow a valuable deployment of
IoT systems and in suggesting the future security research directions