Successfully reported this slideshow.
Your SlideShare is downloading. ×

Dealing with the Internet of Insecure Things

Nov. 24, 2017
1 like 376 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_Infosecgirls
Loading in …3
×

Check these out next

Ijcet 06 07_002
IAEME Publication
Internet of things in AI presentation
Hazrat Sharif
Principals of IoT security
IoT613
352 356
Editor IJARCET
Internet of things: dispelling common myths
Vish Nandlall
efficient io t management with resilience to unauthorized access to cloud sto...
Venkat Projects
an efficient spam detection technique for io t devices using machine learning
Venkat Projects
IoT
Mphasis
1 of 30 Ad

Dealing with the Internet of Insecure Things

Nov. 24, 2017
1 like 376 views

Download to read offline

Education

We are in an age of the ‘Internet of Everything’ where boundaries between citizens, governments, media, and societal organisations are becoming increasingly fuzzy as interconnected digital devices enable the collection and exchange of vast amounts of information across the globe. The availability of data gathered by these devices, coupled with advances in channels of digitally mediated communication, has created a host of new systems that are embedded into a range of human activities, including agriculture, energy, transportation, healthcare, policing, and education – creating the potential for a ‘smarter planet’. However, these cyber-physical, socio-technical systems also open the door to new threats from a range of sources, from attackers with malicious intent to opportunists exploiting vulnerabilities in systems to cause deliberate or accidental harm. This talk provides an overview of the challenges created by this ‘Internet of Insecure Things’ and argues for adopting human-centric engineering approaches for addressing these challenges.

We are in an age of the ‘Internet of Everything’ where boundaries between citizens, governments, media, and societal organisations are becoming increasingly fuzzy as interconnected digital devices enable the collection and exchange of vast amounts of information across the globe. The availability of data gathered by these devices, coupled with advances in channels of digitally mediated communication, has created a host of new systems that are embedded into a range of human activities, including agriculture, energy, transportation, healthcare, policing, and education – creating the potential for a ‘smarter planet’. However, these cyber-physical, socio-technical systems also open the door to new threats from a range of sources, from attackers with malicious intent to opportunists exploiting vulnerabilities in systems to cause deliberate or accidental harm. This talk provides an overview of the challenges created by this ‘Internet of Insecure Things’ and argues for adopting human-centric engineering approaches for addressing these challenges.

Education
Advertisement

Recommended

Chariot generic presentation owaspwia_Infosecgirls
Vandana Verma
509 views
12 slides
Different applications and security concerns in Iot by Jatin Akad
Jatin Akar
34 views
16 slides
Security of iot device
Mayank Pandey
207 views
10 slides
IOT
Aashiq Ahamed N
143 views
11 slides
Internet of Things and i's Applications
Aakashjit Bhattacharya
108 views
20 slides
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...
IJNSA Journal
80 views
15 slides
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...
IJECEIAES
23 views
8 slides
THE INTERNET OF THINGS
Chidiogo Mbonu
818 views
10 slides
Advertisement

More Related Content

Slideshows for you (20)

Ijcet 06 07_002
IAEME Publication
231 views
Internet of things in AI presentation
Hazrat Sharif
72 views
Principals of IoT security
IoT613
594 views
352 356
Editor IJARCET
443 views
Internet of things: dispelling common myths
Vish Nandlall
64 views
efficient io t management with resilience to unauthorized access to cloud sto...
Venkat Projects
116 views
an efficient spam detection technique for io t devices using machine learning
Venkat Projects
978 views
IoT
Mphasis
657 views
security and privacy-Internet of things
sreelekha appakondappagari
3.3k views
A survey in privacy and security in Internet of Things IOT
University of Ontario Institute of Technology (UOIT)
3.7k views
Iot ppt
Krishna Saini
3.1k views
Emerging trends in computer science and related technologies
SidraAfreen
8.1k views
Five applications of computer network
Mobashshirur Rahman 👲
34 views
International Journal of Information Security and Applications(IJISA)
MiajackB
10 views
WHAT IS IoT
Taresh Khandekar
201 views
Case studies in io t smart-home
vishal choudhary
715 views
Iot and ethics
Erling Hesselberg
622 views
IoT Research & Education at LNU
Francesco Flammini
77 views
IoT Security Elements
Eurotech
6.1k views
International Journal of Information Security and Applications(IJISA)
MiajackB
8 views
Ijcet 06 07_002
IAEME Publication
231 views
10 slides
Internet of things in AI presentation
Hazrat Sharif
72 views
17 slides
Principals of IoT security
IoT613
594 views
15 slides
352 356
Editor IJARCET
443 views
5 slides
Internet of things: dispelling common myths
Vish Nandlall
64 views
6 slides
efficient io t management with resilience to unauthorized access to cloud sto...
Venkat Projects
116 views
3 slides

Similar to Dealing with the Internet of Insecure Things (20)

People in the Machine: Human-centric Software Engineering for Smart Systems
Arosha Bandara
504 views
76 s201918
IJRAT
31 views
Data Science for IoT
Olivera Kotevska, Ph.D.
210 views
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Eswar Publications
129 views
Io t security_review_blockchain_solutions
Shyam Goyal
128 views
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
ijccsa
4 views
The Internet of Things: What's next?
PayamBarnaghi
1.2k views
Novel authentication framework for securing communication in internet-of-things
IJECEIAES
12 views
Semantic Technologies for the Internet of Things: Challenges and Opportunities
PayamBarnaghi
3k views
IoT Security proposal.pptx
saaaatt
13 views
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docx
todd521
3 views
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...
AlAtfat
5 views
March 2023: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
5 views
January 2023: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
16 views
Cyber Physical System
GRD Journals
269 views
AGI Part 4.pdf
Bob Marcus
3 views
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
vishal dineshkumar soni
69 views
ASDF WSS 2014 Keynote Speech 1
Association of Scientists, Developers and Faculties
771 views
March 2022 - Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
68 views
An effecient spam detection technique for io t devices using machine learning
Venkat Projects
145 views
People in the Machine: Human-centric Software Engineering for Smart Systems
Arosha Bandara
504 views
22 slides
76 s201918
IJRAT
31 views
5 slides
Data Science for IoT
Olivera Kotevska, Ph.D.
210 views
67 slides
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Eswar Publications
129 views
7 slides
Io t security_review_blockchain_solutions
Shyam Goyal
128 views
17 slides
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
ijccsa
4 views
12 slides
Advertisement

More from Arosha Bandara (6)

My STEM Journey - Arosha K. Bandara
Arosha Bandara
250 views
Working at the Edge: Developing a Cross-disciplinary Research Agenda
Arosha Bandara
324 views
SEF - Applying for a PhD
Arosha Bandara
486 views
Privacy Dynamics: Learning Privacy Norms for Social Software
Arosha Bandara
1.1k views
Code Club Assembly Presentation
Arosha Bandara
1.5k views
See it, shake it, set it
Arosha Bandara
440 views
My STEM Journey - Arosha K. Bandara
Arosha Bandara
250 views
7 slides
Working at the Edge: Developing a Cross-disciplinary Research Agenda
Arosha Bandara
324 views
25 slides
SEF - Applying for a PhD
Arosha Bandara
486 views
12 slides
Privacy Dynamics: Learning Privacy Norms for Social Software
Arosha Bandara
1.1k views
33 slides
Code Club Assembly Presentation
Arosha Bandara
1.5k views
11 slides
See it, shake it, set it
Arosha Bandara
440 views
25 slides

Recently uploaded (20)

The force on an object is F = 15 j. For the vector v = 5 i4j, find.pdf
amolmobileshop
0 views
The following side-by-side stemplot displays the total number of poi.pdf
amolmobileshop
0 views
The formula s= 16t ^2 is used to approximate the distance S, in feet.pdf
amolmobileshop
0 views
From the book, An Introduction to Business Ethics what is hte de.pdf
amolmahale23
0 views
The function below has at least one rational zero.Use this fact to.pdf
amolmobileshop
0 views
the following table gives the average monthly exchange rate between .pdf
amolmobileshop
0 views
the frequency distribution of the mark awarded to 100 candidates is .pdf
amolmobileshop
0 views
from an economic standpoint are some customers worth more to a compa.pdf
amolmahale23
0 views
The function f(x) = (x 8)2 + 4, x 8.is one-to-one. Find its inve.pdf
amolmobileshop
0 views
Framing a Firms StrategyActivity InstructionsDescribe the stra.pdf
amolmahale23
0 views
the function below has at least one rational zero. use this fact to .pdf
amolmobileshop
0 views
The genes for eye color for a certain male fruit fly are (R,W). The .pdf
amolmobileshop
0 views
From a risk management viewpoint, which of the following options is .pdf
amolmahale23
0 views
From city A to city B, a plane flies 850 miles at a bearing of N 58d.pdf
amolmahale23
0 views
The formulaD= 5 e-0.4hcan be used to fid the number of milligram.pdf
amolmobileshop
0 views
From a sack of fruit containing 3 oranges, 2 apples, and 3 bananas, .pdf
amolmahale23
0 views
AHLI JAWATANKUASA PROGRAM BUBUR LAMBUK.docx
aisyaheryanti2
0 views
The GPAs of all students enrolled at a large university have an appr.pdf
amolmobileshop
0 views
The follwing are monthly actual and forcasted demand levels from May.pdf
amolmobileshop
0 views
The fortune Xn of a gambler evolves as Xn = ZnXnu22121, where the Z.pdf
amolmobileshop
0 views
The force on an object is F = 15 j. For the vector v = 5 i4j, find.pdf
amolmobileshop
0 views
1 slide
The following side-by-side stemplot displays the total number of poi.pdf
amolmobileshop
0 views
1 slide
The formula s= 16t ^2 is used to approximate the distance S, in feet.pdf
amolmobileshop
0 views
1 slide
From the book, An Introduction to Business Ethics what is hte de.pdf
amolmahale23
0 views
1 slide
The function below has at least one rational zero.Use this fact to.pdf
amolmobileshop
0 views
1 slide
the following table gives the average monthly exchange rate between .pdf
amolmobileshop
0 views
1 slide
Advertisement

Dealing with the Internet of Insecure Things

  1. 1. Dealing with the Internet of Insecure Things Arosha K. Bandara – The Open University arosha.bandara@open.ac.uk / @arosha
  2. 2. Dealing with the Internet of Insecure Things Overview 3 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  3. 3. Background: Internet of Things 4 aka Cyber Physical Systems: co-engineered interacting networks of physical and computational components … Food & Agriculture Transport Policing Health & Wellbeing + … Heterogeneous IoT Cloud IoT Intranet Hybrid IoT
  4. 4. Background: Internet of Things 5 operate at different scales, from individuals to cities and nations … Large-scale
  5. 5. Background: Internet of Things 6 Data Actions Learn Adapt Analyse Interact driven by data collected from the world … Data-driven
  6. 6. Background: Internet of Things 7 Data Actions Learn Adapt Analyse Interact depend on software to weave together different technologies … Software-intensive Data-driven
  7. 7. Dealing with the Internet of Insecure Things Overview 10 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  8. 8. Background: Security 11
  9. 9. Background: Security 12 Risk Countermeasures Security goals/ requirements Policies Assets Threats Vulnerabilities Attacks Problem Space Solution Space Undiscovered vulnerabilities Unexpected attacks Variable risk Violated/changing policies Unknown threats Variable assets or asset values Failure (hidden bug/cascading failure) Failed/changing goals/reqs Conflict with other goals/reqs
  10. 10. Dealing with the Internet of Insecure Things Research Challenge 13 Engineering adaptive systems that continue to satisfy their security and privacy requirements and that are forensics ready. Autonomous, Reactive, Automated, Dynamic, Runtime Cyber-physical, Socio-technicalSystematic Goals, Assets, Threats, Context Validation & Verification, Argumentation, Proof Design-time
  11. 11. Dealing with the Internet of Insecure Things Overview 15 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  12. 12. Internet of Insecure Things 16 Coding Practices Software Updates Configuration
  13. 13. Internet of Insecure Things ●New attack surfaces through the physical environment ●For example, acoustic attacks can target gyroscopic sensors in autonomous vehicles to cause shutdowns. New Challenges: Physical Channel Attacks 17 Sound Wave @ Resonant Frequency of Gyroscope Attacker Drone
  14. 14. Dealing with the Internet of Insecure Things Opportunities: Collaborative Cyber-Physical Security 21 Component 1 Component 2 Component 3 Component 4 Operational Environment E Component 1 Component 2 Component 4 Secure Operational Environment Mediator Requirements analysis1 Feature Selection Features-driven Mediator Synthesis 2 3 Security control Selected features Requirements R Capabilities Objective 1 2 3 Selecting and configuring components Making components collaborate Identify adequate security control Technique Mediator synthesis Feature modelling + Constraint programming Goal modelling1 2 3 Bennaceur, A.; Tun, T.T.; Bandara, A. K.; et al. (2017). Feature-driven Mediator Synthesis: Supporting Collaborative Security in the Internet of Things. ACM Transactions on Cyber-Physical Systems
  15. 15. Dealing with the Internet of Insecure Things Overview 23 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  16. 16. People in the Machine 24 IoT systems involve many different types of people … IoT Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  17. 17. People in the Machine 25 Engineer - Stakeholder Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  18. 18. Gathering Requirements Smart System Exemplars 26Bennaceur, Amel; Mccormick, Ciaran; et al (2016). Feed me, Feed me: An Exemplar for Engineering Adaptive Software. In: 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, May 2016. Requirements
  19. 19. Gathering Requirements Contravision Technique 27Mancini, Clara; Rogers, Yvonne; et al (2010). Contravision: Exploring users' reactions to futuristic technology. In: Proceedings of the 28th International Conference on Human factors in computing systems, April 2010. Requirements
  20. 20. People in the Machine 28 Engineer – Smart System Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  21. 21. Supporting System Design IoT Privacy Guidelines 29Perera, C.; Mccormick, C.; et al (2016). Privacy-by-Design Framework for Assessing IoT Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), November 2016. Process/Techniques
  22. 22. Supporting Software Design IoT Privacy Guidelines 30Perera, C.; Mccormick, C.; et al (2016). Privacy-by-Design Framework for Assessing IoT Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), November 2016. Process/Techniques
  23. 23. People in the Machine 31 User – Smart System Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  24. 24. User - System Interactions Privacy Itch & Scratch 32Mehta, V.; Bandara, A. K.; et al (2016). Privacy Itch and Scratch:
 On Body Privacy Warnings and Controls. In: ACM Conference on Human Factors in Computing Systems, May 2016. UserInterfaces
  25. 25. User - System Interactions Privacy Band 33 Arduino( Nano( Bluetooth( LE( 3.7V(LiPo( Ba7ery( Power(Booster( Vero( Board( On<Off(Switch( (a)( 7.5cm&7.5cm& Vibe&Boards& Fabric& Patch&1& Fabric& Patch&2& (b)& UserInterfaces Mehta, V.; Bandara, A. K.; et al (2016). Privacy Itch and Scratch:
 On Body Privacy Warnings and Controls. In: ACM Conference on Human Factors in Computing Systems, May 2016.
  26. 26. People in the Machine 34 IoT systems involve many different types of people … Smart Systems Users Software Engineers Policy Makers Administrators + others Human-centric Security & Privacy
  27. 27. Dealing with the Internet of Insecure Things Overview 36 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  28. 28. Dealing with the Internet of Insecure Things Future Directions 37 Effective Security Collaborative Composition Forensic readiness Transparency Socio-technical resilience
  29. 29. Dealing with Internet of Insecure Things ●People are an integral part of the Internet of Things. ●Engineering security and privacy needs to encompass the cyber-physical-social dimensions of the Internet of Things. ●Human-centric approaches are a critical addressing the future challenges of securing the Internet of Things. Key Messages 38
  30. 30. Dealing with the Internet of Insecure Things 39 Thank You

×