SlideShare a Scribd company logo
1 of 14
Security Challenges in D2D
Communications
AJITHKUMAR VYASARAO
CCNA Cyber Ops, CCIE Service Provider, Cisco Security Ninja Black Belt
Agenda
• Introduction
• Security and Privacy Challenges
Introduction
• We are witnessing revolution in Device to device communication.
There are standards of personal area networks, such as Blue- tooth
and ZigBee.
• These technologies mainly been focused on reliable and fast
communication.
• At the same time, need to provide more safety in this domain.
D2D communications scope
• Device to Device communication encompass technologies
• Blue-tooth
• Wifi
• IOT
• Mobile and Handheld devices
D2D communication
• Vulnerable to various Security issues
• Passive Eaves dropping
• Active eaves dropping
• Side channel attacks
D2D Communication
• Confidentiality
• Integrity
• Availability
Network based anomaly detection
• Collect and Analyze flows
• Establish baseline
• Alarm on anomalies detected
Alerts and Actions
• All decisions of security controls can be classified as one of the following:
• True positives: The security control, such as an IPS or IDS sensor, acted as a
consequence of malicious activity, which represents normal and optimal
operation.
• False positives: The security control that is acted as a consequence of non-
malicious activity, which represents an error, generally caused by too tight
proactive controls (which do not permit all legitimate traffic) or too relaxed
reactive controls (with too broad descriptions of the attack).
• True negatives: The security control has not acted, because there was no
malicious activity, which represents normal and optimal operation.
• False negatives: The security control has not acted, even though there was
malicious activity, which represents an error, generally caused by too relaxed
proactive controls (which permit more than just minimal legitimate traffic) or too
specific reactive controls (with too-specific descriptions of the attack).
Cyber Kill Chain Model
• There are 2 models
• Cyber Kill chain model
• Diamond model
Cyber Kill Chain Model
• Cyber kill chain model explains various stages of attack
Reconnaissance
Weaponization
Delivery
Exploitation
Installationn
Command-and-control
Actions on Objectives
Cyber Kill Chain
• Originally introduced by Lockheed Martin
• The cyber kill chain has 7 stages.
• Attackers do not necessarily need to follow the exact steps and
sequences of the cyber kill chain
Diamond Model
Adversary
Infrastructure
Victim
Capability
Diamond Model
• Developed by Caltagirone, Pendergast, and Betzis
• The four nodes in the model are: adversary, capability, infrastructure,
victim
• An event is described as an adversary deploys a capability over some
infrastructure against a victim
Q&A

More Related Content

What's hot

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Digital Bond
 
Lecture 5 software to control network
Lecture 5 software to control networkLecture 5 software to control network
Lecture 5 software to control networkTanveer Malik
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsETCenter
 
Enterprise Forensics 101
Enterprise Forensics 101Enterprise Forensics 101
Enterprise Forensics 101Mona Arkhipova
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principlessluge
 
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...SBA Research
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial  systemsCybersecurity for modern industrial  systems
Cybersecurity for modern industrial systemsItex Solutions
 

What's hot (20)

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)
 
Lecture 5 software to control network
Lecture 5 software to control networkLecture 5 software to control network
Lecture 5 software to control network
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assets
 
Enterprise Forensics 101
Enterprise Forensics 101Enterprise Forensics 101
Enterprise Forensics 101
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principles
 
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial  systemsCybersecurity for modern industrial  systems
Cybersecurity for modern industrial systems
 

Similar to Security challenges in d2d communication by ajithkumar vyasarao

Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5   session 4 - st dev con 2016 - life cycle management for webTrack 5   session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webST_World
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2RazorEQX
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesNGINX, Inc.
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfareNicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel Avila2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel AvilaReenergize
 
Certes webinar securing the frictionless enterprise
Certes webinar   securing the frictionless enterpriseCertes webinar   securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
Outpost24 Webinar - To agent or not to agent
Outpost24 Webinar - To agent or not to agent Outpost24 Webinar - To agent or not to agent
Outpost24 Webinar - To agent or not to agent Outpost24
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 

Similar to Security challenges in d2d communication by ajithkumar vyasarao (20)

Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5   session 4 - st dev con 2016 - life cycle management for webTrack 5   session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
012
012012
012
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
 
Avila 3 b
Avila 3 bAvila 3 b
Avila 3 b
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Software Security
Software SecuritySoftware Security
Software Security
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel Avila2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel Avila
 
Certes webinar securing the frictionless enterprise
Certes webinar   securing the frictionless enterpriseCertes webinar   securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Outpost24 Webinar - To agent or not to agent
Outpost24 Webinar - To agent or not to agent Outpost24 Webinar - To agent or not to agent
Outpost24 Webinar - To agent or not to agent
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 

More from Cysinfo Cyber Security Community

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K ACysinfo Cyber Security Community
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviCysinfo Cyber Security Community
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKCysinfo Cyber Security Community
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiCysinfo Cyber Security Community
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaCysinfo Cyber Security Community
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques   	monnappa k aUnderstanding evasive hollow process injection techniques   	monnappa k a
Understanding evasive hollow process injection techniques monnappa k aCysinfo Cyber Security Community
 

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Analysis of android apk using adhrit by Abhishek J.M
 Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques   	monnappa k aUnderstanding evasive hollow process injection techniques   	monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr   siddharth muraleeDynamic binary analysis using angr   siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc -	ashutosh ahelleyaBit flipping attack on aes cbc -	ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
 
Security Analytics using ELK stack
Security Analytics using ELK stack	Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis	Linux Malware Analysis
Linux Malware Analysis
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation	Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat	ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack	XXE - XML External Entity Attack
XXE - XML External Entity Attack
 

Recently uploaded

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfOverkill Security
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 

Security challenges in d2d communication by ajithkumar vyasarao

  • 1. Security Challenges in D2D Communications AJITHKUMAR VYASARAO CCNA Cyber Ops, CCIE Service Provider, Cisco Security Ninja Black Belt
  • 2. Agenda • Introduction • Security and Privacy Challenges
  • 3. Introduction • We are witnessing revolution in Device to device communication. There are standards of personal area networks, such as Blue- tooth and ZigBee. • These technologies mainly been focused on reliable and fast communication. • At the same time, need to provide more safety in this domain.
  • 4. D2D communications scope • Device to Device communication encompass technologies • Blue-tooth • Wifi • IOT • Mobile and Handheld devices
  • 5. D2D communication • Vulnerable to various Security issues • Passive Eaves dropping • Active eaves dropping • Side channel attacks
  • 6. D2D Communication • Confidentiality • Integrity • Availability
  • 7. Network based anomaly detection • Collect and Analyze flows • Establish baseline • Alarm on anomalies detected
  • 8. Alerts and Actions • All decisions of security controls can be classified as one of the following: • True positives: The security control, such as an IPS or IDS sensor, acted as a consequence of malicious activity, which represents normal and optimal operation. • False positives: The security control that is acted as a consequence of non- malicious activity, which represents an error, generally caused by too tight proactive controls (which do not permit all legitimate traffic) or too relaxed reactive controls (with too broad descriptions of the attack). • True negatives: The security control has not acted, because there was no malicious activity, which represents normal and optimal operation. • False negatives: The security control has not acted, even though there was malicious activity, which represents an error, generally caused by too relaxed proactive controls (which permit more than just minimal legitimate traffic) or too specific reactive controls (with too-specific descriptions of the attack).
  • 9. Cyber Kill Chain Model • There are 2 models • Cyber Kill chain model • Diamond model
  • 10. Cyber Kill Chain Model • Cyber kill chain model explains various stages of attack Reconnaissance Weaponization Delivery Exploitation Installationn Command-and-control Actions on Objectives
  • 11. Cyber Kill Chain • Originally introduced by Lockheed Martin • The cyber kill chain has 7 stages. • Attackers do not necessarily need to follow the exact steps and sequences of the cyber kill chain
  • 13. Diamond Model • Developed by Caltagirone, Pendergast, and Betzis • The four nodes in the model are: adversary, capability, infrastructure, victim • An event is described as an adversary deploys a capability over some infrastructure against a victim
  • 14. Q&A