SlideShare a Scribd company logo

Io t security and azure sphere

Download as PPTX, PDF
P
Pushkar Saraf

Iot Security and Azure Sphere

Technology
1 of 23
IoT Security and Azure Sphere Pune DevCon 2018 Pushkar Saraf #PuneDevCon 1
 History  Why consider security  Device Attacks and its effects  Principles of highly secured devices  Azure and IoT the Love Birds  Azure Sphere overview  Getting Started with VS  Azure Sphere SDK  Connecting your Sphere to IoT Hub Agenda
IoT applications across domains
History http://avancer.in
Agenda
Shared Responsibility
240 102 570 912 302 138 734 1174 373 186 946 1506 459 251 1221 1931 541 327 1589 2457 631 415 2071 3118 0 500 1000 1500 2000 2500 3000 3500 Endpoint Security Gateway Security Professional Services Total IoT Security Growth Potential : Gartner 2016 2017 2018 2019 2020 2021
General types IoT attacks  BoTNets  Man in the Middle  Data and Identity Thefts  DDos  Jamming
Disastrous Attacks  BrickerBoT – Hardware devices  Botnet Barrage – Network Infra  Finland Cold – Infrastructure  Fishtank Jumpbox – Casino  Hackable Cardiac Devices - HealthCare  TrendNet WebCam Hack – Monitoring and Surveillance  The Jeep Hack – Automotive
How to Crack a Rpi  Use your own Rpi  Get the SD Card  Edit the file cmdline.txt | Append ‘init=/bin/sh’  Remount the drive in in RW ( Read write) mode  Enter your desired password as the Super user  Done! the device is compromised
What is Azure’s offering
 Spoofing - Steal credentials and use them as your own  Tampering - Modification of the source information/ flowing information between devices  Repudiation- Associated with users who deny performing an action without other parties having any way to prove otherwise  Information Disclosure -Involves the exposure of information to individuals who are not supposed to have access to it  Denial of Service - Denial of service (DoS) attacks deny service to valid users.  Elevation of Privilege -An unprivileged user gains privileged access and gradually gains access to all other systems STRIDE
Properties of Highly Secure Devices  Hardware Root of Trust  Small Trusted Computing Base  Defense in Depth  Compartmentalization  Certificate Based Authentication  Renewable Security  Failure Reporting  Device Identity secured by hardware  Security breach and Device Integrity  TCB protection  Post facto Security Improvisation  Certificate instead of password  Auto Updates  Compromised device reporting
• Hardware to protect Device Identity • Hardware to Secure Boot • Hardware to attest System Integrity • Hardware to Create Barriers • Security Configured compartmentsegrity • Updates Pushed through Cloud • In-built update manager • Hardware to Roll Back Integrity Azure Sphere
Azure Sphere MCU Overview • CONNECTED with built-in networking • SECURED with built-in Microsoft silicon security technology including the Pluton Security Subsystem • CROS SOVER Cortex-A processing power brought to MCUs for the first time
Secure Application Sandboxes Compartmentalize code for agility, robustness & security On-chip Cloud Services Provide update, authentication, and connectivity Custom Linux kernel Empowers agile silicon evolution and reuse of code Security Monitor Guards integrity and access to critical resources Azure Sphere OS Architecture
 hardware-based root of trust; device secrets are protected in the Pluton security subsystem  provides a small trusted computing base; for most operations  supports certificate-based authentication; for example, private keys stored in the Pluton security subsystem can form the basis of a secure per-device certificate chain  compartmentalization; for example, separate compartments can be implemented using isolated address spaces enabled by the upgraded CPU.  supports renewable security; use the multiple layers of hardware-protected defense in depth to implement renewable security  supports failure reporting; for example, failure handling code that runs on the it can collect data about failures and relay that information to a failure analysis service
How to get Started Experimenting MT3620  Brush up your C skills  Order a Dev Kit : Seeed Studio  Get Azure Sphere SDK for Visual Studio
Hands on with MT3620  Azsphere login - > Login to your Org Account  azsphere tenant create --name <my-tenant> |  azsphere device claim  azsphere device wifi show-status  azsphere device wifi add --ssid <yourSSID> --key <yourNetworkKey>  azsphere device prep-debug | Ataches a debug server to your device  Connect to IoT Hub  Refer Development Board user guide for detailed control  Get Grove shield to experiment more on device capabilities
Hands on with MT3620
Get connected… http://www.puneusergroup.org http://www.facebook.com/puneusergroup http://twitter.com/puneusergroup http://www.linkedin.com/groups/Pune-User-Group-2023294 #PuneDevCon 21
Get connected… http://www.puneusergroup.org http://www.facebook.com/puneusergroup http://twitter.com/puneusergroup http://www.linkedin.com/groups/Pune-User-Group-2023294 #PuneDevCon 22
Celebrating 14 glorious years of sharing passion 23 PUG Technology Foundation

Recommended

SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Securitynetlogix
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Symantec
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General PresentationKsenia Kondratieva
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 

Recommended

SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Securitynetlogix
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Symantec
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General PresentationKsenia Kondratieva
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsChristopher Gerritz
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
Introducing Azure Sphere
Introducing Azure SphereIntroducing Azure Sphere
Introducing Azure SphereMirco Vanini
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Andrew Ryan
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewWindows Developer
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Introducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentIntroducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentKaspersky
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copyNimrod Levy
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Mirco Vanini
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereMirco Vanini
 

More Related Content

What's hot

DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsChristopher Gerritz
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
Introducing Azure Sphere
Introducing Azure SphereIntroducing Azure Sphere
Introducing Azure SphereMirco Vanini
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Andrew Ryan
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewWindows Developer
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Introducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentIntroducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentKaspersky
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copyNimrod Levy
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 

What's hot (20)

DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
 
Introducing Azure Sphere
Introducing Azure SphereIntroducing Azure Sphere
Introducing Azure Sphere
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overview
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Introducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentIntroducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light Agent
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copy
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Security
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 

Similar to Io t security and azure sphere

Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Mirco Vanini
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereMirco Vanini
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeAxel Dittmann
 
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...Windows Developer
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Thuan Ng
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Mirco Vanini
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Azure IoT from groundup
Azure IoT from groundupAzure IoT from groundup
Azure IoT from groundupRaminder Singh
 
IoT Day 2019 Naples - Microsoft Azure Shpere
IoT Day 2019 Naples - Microsoft Azure ShpereIoT Day 2019 Naples - Microsoft Azure Shpere
IoT Day 2019 Naples - Microsoft Azure ShpereMirco Vanini
 
한컴MDS_Microsoft Azure IoT Overview
한컴MDS_Microsoft Azure IoT Overview한컴MDS_Microsoft Azure IoT Overview
한컴MDS_Microsoft Azure IoT OverviewHANCOM MDS
 
Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)
Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)
Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)Codit
 
Architecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureArchitecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureAlon Fliess
 
Gestire i devices con Azure IoT Hub e IoT Edge
Gestire i devices con Azure IoT Hub e IoT EdgeGestire i devices con Azure IoT Hub e IoT Edge
Gestire i devices con Azure IoT Hub e IoT EdgeMarco Parenzan
 

Similar to Io t security and azure sphere (20)

Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure Sphere
 
Azure Sphere
Azure SphereAzure Sphere
Azure Sphere
 
Azure Sphere
Azure SphereAzure Sphere
Azure Sphere
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edge
 
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
 
IoT on azure
IoT on azureIoT on azure
IoT on azure
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Azure IoT from groundup
Azure IoT from groundupAzure IoT from groundup
Azure IoT from groundup
 
IoT-Device-Security.pptx
IoT-Device-Security.pptxIoT-Device-Security.pptx
IoT-Device-Security.pptx
 
IoT Day 2019 Naples - Microsoft Azure Shpere
IoT Day 2019 Naples - Microsoft Azure ShpereIoT Day 2019 Naples - Microsoft Azure Shpere
IoT Day 2019 Naples - Microsoft Azure Shpere
 
한컴MDS_Microsoft Azure IoT Overview
한컴MDS_Microsoft Azure IoT Overview한컴MDS_Microsoft Azure IoT Overview
한컴MDS_Microsoft Azure IoT Overview
 
Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)
Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)
Living on the (IoT) edge (Sam Vanhoutte @TechdaysNL 2017)
 
Building Secure IoT Solutions using Azure Sphere
Building Secure IoT Solutions using Azure SphereBuilding Secure IoT Solutions using Azure Sphere
Building Secure IoT Solutions using Azure Sphere
 
Architecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureArchitecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft Azure
 
Gestire i devices con Azure IoT Hub e IoT Edge
Gestire i devices con Azure IoT Hub e IoT EdgeGestire i devices con Azure IoT Hub e IoT Edge
Gestire i devices con Azure IoT Hub e IoT Edge
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Io t security and azure sphere

  • 1. IoT Security and Azure Sphere Pune DevCon 2018 Pushkar Saraf #PuneDevCon 1
  • 2.  History  Why consider security  Device Attacks and its effects  Principles of highly secured devices  Azure and IoT the Love Birds  Azure Sphere overview  Getting Started with VS  Azure Sphere SDK  Connecting your Sphere to IoT Hub Agenda
  • 8. General types IoT attacks  BoTNets  Man in the Middle  Data and Identity Thefts  DDos  Jamming
  • 9. Disastrous Attacks  BrickerBoT – Hardware devices  Botnet Barrage – Network Infra  Finland Cold – Infrastructure  Fishtank Jumpbox – Casino  Hackable Cardiac Devices - HealthCare  TrendNet WebCam Hack – Monitoring and Surveillance  The Jeep Hack – Automotive
  • 10. How to Crack a Rpi  Use your own Rpi  Get the SD Card  Edit the file cmdline.txt | Append ‘init=/bin/sh’  Remount the drive in in RW ( Read write) mode  Enter your desired password as the Super user  Done! the device is compromised
  • 11. What is Azure’s offering
  • 12.  Spoofing - Steal credentials and use them as your own  Tampering - Modification of the source information/ flowing information between devices  Repudiation- Associated with users who deny performing an action without other parties having any way to prove otherwise  Information Disclosure -Involves the exposure of information to individuals who are not supposed to have access to it  Denial of Service - Denial of service (DoS) attacks deny service to valid users.  Elevation of Privilege -An unprivileged user gains privileged access and gradually gains access to all other systems STRIDE
  • 13. Properties of Highly Secure Devices  Hardware Root of Trust  Small Trusted Computing Base  Defense in Depth  Compartmentalization  Certificate Based Authentication  Renewable Security  Failure Reporting  Device Identity secured by hardware  Security breach and Device Integrity  TCB protection  Post facto Security Improvisation  Certificate instead of password  Auto Updates  Compromised device reporting
  • 14. • Hardware to protect Device Identity • Hardware to Secure Boot • Hardware to attest System Integrity • Hardware to Create Barriers • Security Configured compartmentsegrity • Updates Pushed through Cloud • In-built update manager • Hardware to Roll Back Integrity Azure Sphere
  • 15. Azure Sphere MCU Overview • CONNECTED with built-in networking • SECURED with built-in Microsoft silicon security technology including the Pluton Security Subsystem • CROS SOVER Cortex-A processing power brought to MCUs for the first time
  • 16. Secure Application Sandboxes Compartmentalize code for agility, robustness & security On-chip Cloud Services Provide update, authentication, and connectivity Custom Linux kernel Empowers agile silicon evolution and reuse of code Security Monitor Guards integrity and access to critical resources Azure Sphere OS Architecture
  • 17.  hardware-based root of trust; device secrets are protected in the Pluton security subsystem  provides a small trusted computing base; for most operations  supports certificate-based authentication; for example, private keys stored in the Pluton security subsystem can form the basis of a secure per-device certificate chain  compartmentalization; for example, separate compartments can be implemented using isolated address spaces enabled by the upgraded CPU.  supports renewable security; use the multiple layers of hardware-protected defense in depth to implement renewable security  supports failure reporting; for example, failure handling code that runs on the it can collect data about failures and relay that information to a failure analysis service
  • 18. How to get Started Experimenting MT3620  Brush up your C skills  Order a Dev Kit : Seeed Studio  Get Azure Sphere SDK for Visual Studio
  • 19. Hands on with MT3620  Azsphere login - > Login to your Org Account  azsphere tenant create --name <my-tenant> |  azsphere device claim  azsphere device wifi show-status  azsphere device wifi add --ssid <yourSSID> --key <yourNetworkKey>  azsphere device prep-debug | Ataches a debug server to your device  Connect to IoT Hub  Refer Development Board user guide for detailed control  Get Grove shield to experiment more on device capabilities
  • 20. Hands on with MT3620
  • 23. Celebrating 14 glorious years of sharing passion 23 PUG Technology Foundation

Editor's Notes

  1. Spoofing Involves illegally accessing and then using another user's authentication information, such as username and password Tampering Involves the malicious modification of data. Examples include unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the Internet Repudiation Associated with users who deny performing an action without other parties having any way to prove otherwise—for example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. Non-Repudiation refers to the ability of a system to counter repudiation threats. For example, a user who purchases an item might have to sign for the item upon receipt. The vendor can then use the signed receipt as evidence that the user did receive the package Information Disclosure Involves the exposure of information to individuals who are not supposed to have access to it—for example, the ability of users to read a file that they were not granted access to, or the ability of an intruder to read data in transit between two computers Denial of Service Denial of service (DoS) attacks deny service to valid users—for example, by making a Web server temporarily unavailable or unusable. You must protect against certain types of DoS threats simply to improve system availability and reliability Elevation of Privilege An unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. Elevation of privilege threats include those situations in which an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed
  2. Highly secure devices have a hardware-based root of trust. Device secrets are protected by hardware and the hardware contains physical countermeasures against side-channel attacks. Unlike software, hardware has two important properties that may be used to establish device security. First, single-purpose hardware is immune to reuse by an attacker for unintended actions. Second, hardware can detect and mitigate against physical attacks; for example, pulse testing the reset pin to prevent glitching attacks is easily implemented in hardware. When used to protect secrets and device correctness, hardware provides a solid root of trust upon which rich software functionality can be implemented securely and safely. 4 Highly secure devices have a small trusted computing base. The trusted computing base (TCB) consists of all the software and hardware that are used to create a secure environment for an operation. The TCB should be kept as small as possible to minimize the surface that is exposed to attackers and to reduce the probability that a bug or feature can be used to circumvent security protections. On the contrary, in less secure systems, all security enforcement is implemented in a software stack that contains no protection boundaries. Highly secure devices have defense in depth. In these devices, multiple mitigations are applied to each threat. In systems with only a single layer of defense, just a single error in design or implementation can lead to catastrophic compromise. Attackers are creative; threats are often not completely anticipated, so having multiple countermeasures often becomes the difference between a secure or compromised system. Highly secure devices provide compartmentalization. Compartments are protected by hardware enforced boundaries to prevent a flaw or breach in one software compartment from propagating to other software compartments of the system. Compartmentalization introduces additional protection boundaries within the hardware and software stack to create additional layers of defense in depth. For example, a common technique is to use operating systems processes or independent virtual machines as compartments. On the contrary, many low-cost devices employed an RTOS design with no software separation. Highly secure devices use certificate-based authentication. Certificates, instead of passwords, are used to prove identities for mutual authentication when communicating with other local devices and with servers in the cloud. A certificate is a statement of identity and authorization that is signed with a secret private key and validated with a known public key. Unlike passwords or other authentication mechanisms that are based on shared secrets, certificates can’t be stolen, forged, or otherwise used to authenticate an impostor. Highly secure devices have renewable security. A device with renewable security can update to a more secure state automatically even after the device has been compromised. Security threats evolve and attackers discover new attack vectors. To counter emerging threats, device security must be renewed regularly. In extreme cases, when compartments and layers of a device are compromised by zero-day exploits, lower layers must rebuild and renew the security of higher levels of the system. Remote attestation and rollback protections guarantee that once renewed, a device cannot be reverted to a known vulnerable state. A device without renewable security is a crisis waiting to happen. Highly secure devices have failure reporting. When a failure occurs on these devices, a failure report is collected automatically and sent to a failure analysis system in a timely manner. In the best case, a failure is triggered by imperfect programming for an extremely rare sequence of events. In the worst case, a failure is triggered by attackers probing for new attack vectors. Whatever the case, a failure analysis system correlates failure reports that have similar root causes. With a sufficiently large reporting base, even extremely rare failure events can be diagnosed and corrected, and new attack vectors can be identified and isolated before they are widely exploited. Failure reporting creates a global ‘immune system’ for highly secure devices. Without failure reporting, device manufacturers are left in the dark as to the device failures experienced by their customers and may be caught off guard by emerging attacks.
  3. Azure Sphere certified microcontrollers (MCUs): Basically, an MCU functions as the brain of the device. It is in the form of a tiny chip. Azure Sphere certified MCUs are another class of MCUs that has both real-time and application processors with built-in Microsoft security innovation and network. Each chip incorporates custom silicon security innovation from Microsoft, propelled by 15 years of experience and learnings from Xbox, to secure this new class of MCUs and the devices they control.   Azure Sphere Operating System: This Operating System is a purpose-built Operating System that offers unequalled security and capability. Dissimilar to the RTOSes regular to MCUs today, the defense-in-depth IoT OS offers multiple layers of security. It combines security developments in Windows, a security screen, and a custom Linux part to make a profoundly secured programming condition and a reliable stage for new IoT encounters.   Azure Sphere Security Service: A turnkey is a cloud service that protects each Azure Sphere device, handling trust for device to-device and device to-cloud communication through certificate-based authentication validation, distinguishing rising security threats over the whole Azure Sphere environment through online failure reporting, and re-establishing security through software updates. It brings the accuracy and scale Microsoft has worked over decades ensuring their devices and information in the cloud to MCU controlled devices. Microsoft is working specifically with pioneers in the MCU space to construct a wide ecosystem of silicon partners and will be joining Microsoft’s silicon security innovations with their unique capacities to convey Azure Sphere certified chips. With these silicon partners, they have made a progressive new age of MCUs. These chips have connectivity, unequalled security and advanced processing power to empower new customer experiences. Each Azure Sphere chip incorporates Microsoft Pluton security subsystem, run the Azure Sphere OS, and associate with the Azure Sphere Security Service for basic and secure updates, failure reporting, and authentication. The first Azure Sphere chip will be the MediaTek MT3620. Other early accomplices incorporate Arm, who worked intimately with Microsoft to fuse their Cortex-An application processors into Azure Sphere MCUs.
  4. The Pluton security subsystem forms the hardware root of trust for Sopris. Unlike the much more primitive memory protection unit (MPU) found in most microcontrollers, the MMU on the Sopris processor supports multiple levels of isolation and multiple independent address spaces from which an OS can create process-isolation compartments. The addition of on-die SRAM allows easy experimentation with many OS configurations while maintaining the security of on-die memory. Central to our work is the belief that practically any type of device can be converted into a highly secure device with a set of modest changes. We hypothesize that this can be done by including in the device an isolated hardware security module to provide a hardware-based secure root of trust and modifying the rest of the device hardware architecture to allow defense in depth and compartmentalization. We have created a hardware security module we call Pluton.3 We believe that adding Pluton, or an equivalently-featured security module, to a device design is a significant necessary step towards creating highly-secure devices. The Pluton security subsystem includes a Security Processor (SP) CPU, cryptographic engines, a hardware random number generator (RNG), a key store, and a cryptographic operation engine (COE). The cryptographic engines in Pluton include an AES [10] symmetric-key decryption and encryption engine, a SHA [11] hashing engine used for measuring code and checking certificates, and a public key engine for accelerating RSA [12] and ECC [13] public key operations. The hardware RNG is used to randomize the execution of the boot firmware so an adversary can’t easily precisely time an attack, and for key generation and other cryptographic needs. The COE performs operations that require more than one cryptographic engine. An example of a COE command includes an attestation where a code measurement register is appended with a challenge from another device using the SHA engine, and the result is signed using the attestation private key in the key store using the public key engine.
  5. The Pluton security subsystem forms the hardware root of trust for Sopris. Unlike the much more primitive memory protection unit (MPU) found in most microcontrollers, the MMU on the Sopris processor supports multiple levels of isolation and multiple independent address spaces from which an OS can create process-isolation compartments. The addition of on-die SRAM allows easy experimentation with many OS configurations while maintaining the security of on-die memory. Central to our work is the belief that practically any type of device can be converted into a highly secure device with a set of modest changes. We hypothesize that this can be done by including in the device an isolated hardware security module to provide a hardware-based secure root of trust and modifying the rest of the device hardware architecture to allow defense in depth and compartmentalization. We have created a hardware security module we call Pluton.3 We believe that adding Pluton, or an equivalently-featured security module, to a device design is a significant necessary step towards creating highly-secure devices. The Pluton security subsystem includes a Security Processor (SP) CPU, cryptographic engines, a hardware random number generator (RNG), a key store, and a cryptographic operation engine (COE). The cryptographic engines in Pluton include an AES [10] symmetric-key decryption and encryption engine, a SHA [11] hashing engine used for measuring code and checking certificates, and a public key engine for accelerating RSA [12] and ECC [13] public key operations. The hardware RNG is used to randomize the execution of the boot firmware so an adversary can’t easily precisely time an attack, and for key generation and other cryptographic needs. The COE performs operations that require more than one cryptographic engine. An example of a COE command includes an attestation where a code measurement register is appended with a challenge from another device using the SHA engine, and the result is signed using the attestation private key in the key store using the public key engine.