By Dr. Woo Kang Wei, Executive Director, QuantumCIEL - Smart City Solutions
Moving IoT sits at the cross-road of two critical trends, viz. the IT/OT convergence and the cyber/physical security convergence. Drawing from different examples in wearable devices, (industrial) robots, bike-sharing/ride-sharing/asset-sharing apps, and drones/autonomous vehicles, this talk will highlight the new security challenges presented by IoT assets on the move (sometimes at high speeds) and the dynamic security context based on geolocation.
3. #ISSlearn #
What are Internet of Things?
The Internet of Things are defined as a global
infrastructure for the information society,
enabling advanced services by connecting
(physical and virtual) things based on
existing and evolving interoperable
information and communication
technologies.
Recommendation ITU-T Y.2060 (06/2012)
14. #ISSlearn #
STRIDE Threat Model
Threat Defender's
Goal
Attacker's
Action
Example
(Cyber)
Example
(Physical)
Spoofing Authentication Impersonate Stolen
password
Cloned credit
card
Tampering Integrity Alter without
authorization
Alter memory
(malware)
Alter count in
e-vote device
Repudiation Accountability Disclaim the
action
Fail to receive
email
Fail to log the
sensor reading
Information
Disclosure
Confidentiality Disclose w/o
authorization
Leak medical
records
Edward
Snowden
Denial of
Service
Availability Deny/degrade
service
DDoS attack
on a website
Blackout
Elevation of
Privilege
Authorization Gain capability
without
authorization
Gain
administrator's
privilege
Gain remote
access to the
power grid
15. #ISSlearn #
Safety and Security of A Vehicle
References:
Road Vehicles - Functional Safety, ISO 26262:2011.
C. Valasek & C. Miller, A Survey of Remote Automotive Attack Surfaces (2014).
• 20-100 ECU
• most ECU communicate on an internal network
• some ECU communicate on an external network
16. #ISSlearn #
Threat Modeling using STRIDE
Reference:
Z. Ma & C. Schmittner, Threat Modeling for Automotive Security Analysis.