Wireless Security and the Internet of Things                                                                 Nick Hunn    ...
The Legal Requirement   In the EU proposal for the revision of the R&TTE directive, it states that:                       ...
Some examples of what has been hacked           •   Pacemakers           •   Insulin Pumps           •   Weir Gates       ...
The Consequences of Hacking     •   People know where you are.     •   People  know  where  you  aren’t.     •   People  k...
What is the Internet of Things?     Some are born with Sensors,     Some acquire sensors, and     Some have sensors thrust...
Machine to Machine (M2M)                       Many current M2M deployments are cellular               Wireless Security a...
Appcessories and The Quantified SelfConsumer growth is most likely to come from the world of Appcessories.                ...
The Smart HomeIt will take time coming, but homes will get monitored.                         Wireless Security and the In...
To 40 billion and Beyond                Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The  missing  25  billion  may  be  “Desirable”                                    Annual Sales of Appcessories           ...
Which gives 40 billion opportunities to  steal  or  corrupt  someone’s  data.          Every second of every day          ...
Addressing Security  Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
The Topology of the Internet of Things                                                                                    ...
The Simple Case of the Smart Thermostat   Senso                            Gateway                            Router     r...
The Backend Environment  Phone                                                                                            ...
And  don’t  forget  the  Weak  Link…                                                                            Phone     ...
“Elements  of  Security”• Most IoT architectures consist of a collection of separate,  connected elements, each of which m...
The AES128 Datasheet       Misconception“But  I’m  using  Wi-Fi / Bluetooth / ZigBee.         That’s  got  security  built...
Practical Considerations     Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
Build a Security Model•   You MUST develop a complete end-to-end security model. Just    implementing Wireless security is...
Design for Autonomous Operation                 X                                      X                 X                ...
Security & Usability• No security makes getting to 40 billion devices easy.• High security makes it very difficult.But…• M...
And…• Pairing remains the biggest problem for most wireless  products, both in terms of usability and security.• Many of t...
But…                                                                                   Annual Sales of Appcessories       ...
Questions?Nick HunnCTOmob: +44 7768 890 148email: nick@wifore.comweb: www.wifore.com                           www.wireles...
Upcoming SlideShare
Loading in …5
×

Wireless security and the internet of things nick hunn

495 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
495
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Wireless security and the internet of things nick hunn

  1. 1. Wireless Security and the Internet of Things Nick Hunn WiFore Consulting Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  2. 2. The Legal Requirement In the EU proposal for the revision of the R&TTE directive, it states that: Article 3 Radio equipment shall be so constructed that it complies with the following essential requirements: (c) radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected;https://www.gov.uk/government/consultations/radio-equipment-directive-proposal#downloadhttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0584:FIN:EN:PDF Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  3. 3. Some examples of what has been hacked • Pacemakers • Insulin Pumps • Weir Gates • Set Top Boxes • Fitness Monitors • Smart Meters Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  4. 4. The Consequences of Hacking • People know where you are. • People  know  where  you  aren’t. • People  know  who  you’re  with. • People  know  what  you’re  doing. • People  think  you’re  someone  else. • Your lights go out. • Your bills go up. • Things stop working. • Things start working differently. • Your business fails. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  5. 5. What is the Internet of Things? Some are born with Sensors, Some acquire sensors, and Some have sensors thrust upon them. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  6. 6. Machine to Machine (M2M) Many current M2M deployments are cellular Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  7. 7. Appcessories and The Quantified SelfConsumer growth is most likely to come from the world of Appcessories. Find out more about Appcessories at http://www.nickhunn.com/2ubiquity Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  8. 8. The Smart HomeIt will take time coming, but homes will get monitored. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  9. 9. To 40 billion and Beyond Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  10. 10. The  missing  25  billion  may  be  “Desirable” Annual Sales of Appcessories 14,000 12,000 10,000 8,000 Millions 6,000 4,000 2,000 - 2014 2015 2016 2017 2018 2019 2020 Source: WiFore Consulting Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  11. 11. Which gives 40 billion opportunities to steal  or  corrupt  someone’s  data. Every second of every day Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  12. 12. Addressing Security Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  13. 13. The Topology of the Internet of Things dB & App Sensors Where cellular is Integrated with sensors it will remove some steps in the chain. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  14. 14. The Simple Case of the Smart Thermostat Senso Gateway Router r Boiler PC PCT Switch Installer Supplied Customer Supplied Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  15. 15. The Backend Environment Phone External Web Interface Service ProviderRouter I/O Application Manager dB & Analysis 3rd Party Data MDMS, etc. Device Security PC Manager Manager Service Provision Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  16. 16. And  don’t  forget  the  Weak  Link… Phone PC Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  17. 17. “Elements  of  Security”• Most IoT architectures consist of a collection of separate, connected elements, each of which may have their own security.• Systems  composed  of  “Off  the  Shelf”  components   generally have different levels of security, which need to be stitched into a whole. This can be trickier than designing from scratch.• The order of installation can be critical. But guaranteeing the correct order may be impossible.• Existing security of wireless may be a false security. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  18. 18. The AES128 Datasheet Misconception“But  I’m  using  Wi-Fi / Bluetooth / ZigBee. That’s  got  security  built  in.     Why  do  I  need  to  do  anything  else?” Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  19. 19. Practical Considerations Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  20. 20. Build a Security Model• You MUST develop a complete end-to-end security model. Just implementing Wireless security is not enough.• Write  an  RMADS  as  soon  as  you’ve  done  your  first  draft  of  system   architecture, and then reiterate both until they work and are consistent.• Consider device management, end to end authentication and link key management. dB & App BTS / WPA2 TLS TLS / PW Encryption / Authentication Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  21. 21. Design for Autonomous Operation X X X X dB & App Think about what happens when: • Internal or external comms links or the web service fail • The mobile phone goes out of the house • The gateway / router fails or is replaced • The consumer moves home The consumer expects their HVAC and lights to continue working Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  22. 22. Security & Usability• No security makes getting to 40 billion devices easy.• High security makes it very difficult.But…• Major security failures scare customers and may kill the market altogether. If the reaction to new security threats is simplistically to add even stronger protection, then the costs of that additional security will result in M2M solutions that are not economically viable. Beecham Research 2013 www.beechamresearch.com Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  23. 23. And…• Pairing remains the biggest problem for most wireless products, both in terms of usability and security.• Many of these IoT & M2M products will have much longer lives than current consumer products. That means that new components will be added to the system and existing ones replaced. That is a security challenge.• More security = more processing = shorter battery life.• Make  sure  that  firmware  updates  don’t  compromise  the   security.    Or  that  the  security  model  doesn’t  prevent  them   being deployed.• Remember that many of these devices may have NO user interface. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  24. 24. But… Annual Sales of Appcessories 14,000 12,000 10,000 8,000 Millions 6,000 4,000 2,000 - 2014 2015 2016 2017 2018 2019 2020 If we get it right, the market is five times bigger than the mobile phone market.    It’s  worth  getting  it  right. Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
  25. 25. Questions?Nick HunnCTOmob: +44 7768 890 148email: nick@wifore.comweb: www.wifore.com www.wireless-book.com Creative Connectivity Blog: www.nickhunn.com Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013

×