Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Overview of IoT and Security issues


Published on

Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.

Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.

Published in: Internet
  • Hey guys! Who wants to chat with me? More photos with me here 👉
    Are you sure you want to  Yes  No
    Your message goes here
  • Learned a lot at a high level! Thank you!
    Are you sure you want to  Yes  No
    Your message goes here
  • Good presentation.
    Are you sure you want to  Yes  No
    Your message goes here

Overview of IoT and Security issues

  1. 1.
  2. 2. • Introduction to IoT & Market • Smart Applications • Technology & Research Challenges • Security Threats • Wireless Sensor Network Security • Security Visualization • Conclusions Outline of the Presentation CTTC 2015 seminar by Prof. A.A. Economides 2
  3. 3. Introduction to Internet of Things (IoT) 3CTTC 2015 seminar by Prof. A.A. Economides 2020 forecast : • 25 - 50 billion devices (Cisco, Ericsson, IDC, ABI, Gartner) • 26 objects/ person (Intel) • Economic impact: $ 2 - 5 trillion (Cisco, McKinsey Global Institute, IDC, GSMA & Machina Research, Gartner, Harbor) “Worldwide ICT infrastructure that enables ubiquitous services among interacting humans, machines, data and applications”
  4. 4. 75% of companies are already exploring the IoT. 15 % of companies already have an IoT solution in place (21 % of transportation & logistics companies) 53 % plan to implement one within the next 24 months, and another 14 % in the next two to five years. (source: Zebra Technologies / Forrester Consulting). IoT deployment CTTC 2015 seminar by Prof. A.A. Economides 4
  5. 5. 5CTTC 2015 seminar by Prof. A.A. Economides
  6. 6. Cisco predicts that IoT will cause IP traffic to reach 1.6 zettabytes by 2018 (300% increase compared to 2013). By 2018, 57% of IP traffic will come from devices other than PCs. Wi-Fi will generate 49% of IP traffic, other mobile-connected devices will generate 12% of it. Cisco will invest $1 billion to build the world's largest Intercloud network to tackle the IoT. Cisco plans an Intercloud network 6CTTC 2015 seminar by Prof. A.A. Economides
  7. 7. Healthcare & Wellbeing, e.g. Angel Sensor, Fitbit, Hexoskin, Intraway, Jawbone, Nymi, InKol Health Hub, Pebble, Philips Lifeline, Withings, Zebra MotionWorks, Home & Building, e.g. Belkin, Nest, Neurio, Quirky, Sensorflare, SMA, SmartThings, Vivint, WallyHome, Withings, ZEN Thermostat, City & Community, e.g. Bigbelly, Bitlock¸ FUKUSHIMA Wheel, Kiunsys, Placemeter, Silver Spring Networks, Waspmote, Utilities, e.g. Enevo, Mayflower CMS, MeterNet, Osprey Informatics, Paradox, Trilliant, Environment, Agriculture & Livestock, e.g. FilesThruTheAir, Fruition Sciences, OnFarm, Semios, Topcon Precision Agriculture, Car & Transportation, e.g. Audi, CarKnow, Connected Rail, Dash drive smart, Delphi Connect, Ericsson, Libelium, Logitrac, PowerFleet, Industry & Services, e.g. Argon Underground Mining Safety, Condeco Sense, DAQRI’s Smart Helmet, Numerex, Perch. Smart Applications 7CTTC 2015 seminar by Prof. A.A. Economides
  8. 8. 83 projects across 12 areas: sensors monitor traffic, parking spaces, street lights, air pollution, meteorological conditions, humidity of green spaces in parks, trash bins ... Street lights in Born are shut down automatically if they don’t detect any activity nearby. They also monitor humidity, temperature, pollution, and noise. Expected to have 3,360 lights on 160 streets by 2015. The trash cans alert sanitation workers on a tablet that they need to be emptied. The irrigation systems in Poblenou Central Park monitor the moisture in the soil and turning on pop-up sprinklers. Parks employees can also access meteorological data and rain gauges and adjust the quantity of water used. Barcelona Smart City 8CTTC 2015 seminar by Prof. A.A. Economides
  9. 9. Technology CTTC 2015 seminar by Prof. A.A. Economides 9 Sensors & Actuators Wireless Communications: RFID, WiFi, Bluetooth, Cellular, Satellite, etc. Cloud Computing – Storage, Processing, Analytics, Security, etc. Networks (HW & SW) Addressing
  10. 10. CTTC 2015 seminar by Prof. A.A. Economides 10
  11. 11. Application/Data Layer Transport Layer NWK Layer DataLink Layer PHY Layer SEP 2.0 ZigBee Wi-Fi IEEE 802.15.4 Bluetooth 4.0 LowEnergy 3GPP RFID/NFC IPv6 TCP HTTP CoAP RPL 6LoWPAN TCP/UDP Application 1 Application 2 Application N° ° ° ° ONEM2M/ETSI M2M Service Layer CTTC 2015 seminar by Prof. A.A. Economides Source:
  12. 12. • AllSeen Alliance • Eclipse Foundation • Industrial Internet Consortium • Internet of Things Consortium • Internet Protocol for Smart Objects (IPSO) Alliance • IoT Alliance • Oasis • OneM2M • Open Interconnect Consortium (OIC) • Thread Group • ZigBee Alliance IoT Alliances 12CTTC 2015 seminar by Prof. A.A. Economides
  13. 13. 13CTTC 2015 seminar by Prof. A.A. Economides Source: D.Culler (2011). The Internet of Every Thing - steps toward sustainability. CWSN.
  14. 14.  Devices (Sensors, Actuators, etc.),  Networking & Communications,  Data Management,  Decision Making,  Security & Privacy,  Social & Legal issues,  Economics,  Human Behavior & Usability,  Marketing, etc. Research Challenges CTTC 2015 seminar by Prof. A.A. Economides 14
  15. 15. #1 New threats to data / physical security (42 % responders) #2 Inability of IT systems to keep pace with change (38 % responders) #3 Regulatory or compliance challenges (32 % responders) Biggest Drawbacks of IoT (Cisco survey) 15CTTC 2015 seminar by Prof. A.A. Economides
  16. 16.  The Center for Strategic and International Studies estimated that $100 billion is lost annually to the US economy, and 508,000 US jobs are lost, because of malicious online activity.  Ponemon Institute estimated that the average cost of an organizational data breach was $5.4 million in 2014 ($4.5 million in 2013). Losses due to attacks 16CTTC 2015 seminar by Prof. A.A. Economides
  17. 17. Nearly half (46%) of the IT leaders said that they will invest more next year in:  access control,  intrusion prevention,  identity management,  virus and malware protection. ComputerWorld Survey 17CTTC 2015 seminar by Prof. A.A. Economides
  18. 18.  M2M Network Security market will grow at a CAGR of 22.9 % over the period 2013-2018 (TechNavio)  IoT and Industrial Security Market to exceed $ 675 million by 2018 (Infonetics) Network Security market 18CTTC 2015 seminar by Prof. A.A. Economides
  19. 19. What do you think the greatest threat IoT will be over the next 5 years? 19CTTC 2015 seminar by Prof. A.A. Economides source: SANS survey
  20. 20. Where do you consider the greatest risk to be in “Things” connecting to your network and the Internet? 20CTTC 2015 seminar by Prof. A.A. Economides source: SANS survey
  21. 21. Given the current state of your security program, how would you rate your ability to provide security to IoT ? 21CTTC 2015 seminar by Prof. A.A. Economides source: SANS survey
  22. 22. • 25 % - 50 % of remote workers and IT personnel who work remotely in critical infrastructure industries report that they have at least one IoT device connected to corporate networks. • 75 % admit to accessing corporate documents from their home networks. • only 30 % of IT professionals believe their company has the technology necessary to adequately evaluate the security of IoT devices, • 59 % of IT personnel are concerned that IoT could become “the most significant security risk on their network.” • 20 % of respondents state that they have “no visibility” into current protection levels. Tripwire & AtomicResearch surveys 22CTTC 2015 seminar by Prof. A.A. Economides
  23. 23. Chief Information Security Officers and Security Operations executives at 1700 companies in nine countries (2015): • Only 10% of Internet Explorer users run the latest version. • Less than 50% of respondents use standard tools such as patching and configuration to help prevent security breaches and ensure that they are running the latest versions. Cisco Security Capabilities Benchmark 23CTTC 2015 seminar by Prof. A.A. Economides
  24. 24. • 6 out of the 10 popular IoT devices did not use encryption when downloading software updates. • 90 % of the devices collected at least one piece of personal information via the device, the cloud, or its mobile application. • 70 % of the devices used unencrypted network service and transmitted credentials in plain text. Hewllet Packard tested 10 IoT devices 24CTTC 2015 seminar by Prof. A.A. Economides
  25. 25. 1. Insecure web interface 2. Insufficient authentication 3. Insecure network services 4. Lack of transport encryptions 5. Privacy concerns 6. Insecure cloud interface 7. Insecure mobile interface 8. Insufficient security configurability 9. Insecure software 10. Poor physical security OWASP Top 10 security problems with IoT devices 25CTTC 2015 seminar by Prof. A.A. Economides
  26. 26. Avast: Routers will be a prime target for hackers. Hackers may want to take over the local network. WatchGuard: - criminals stealing billions in digital assets, - nation states launching long-term attacks. NOT to worry about IoT security (for now): NOT much value attacking your watch or TV. Symantec: Attacks on IoT will focus on smart home. NOT expect any large-scale attacks, but instead one-off attacks against connected devices, e.g. home routers, smart TVs & connected car apps. Security predictions for 2015 26CTTC 2015 seminar by Prof. A.A. Economides
  27. 27.  A wireless network consisting of a large number of autonomous sensors that are spatially distributed in area of interest in order to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, pollutants, etc.  Sensor: Wireless Sensor Network (WSN) 27CTTC 2015 seminar by Prof. A.A. Economides Sensors ADC Processor Memory Transceiver Location finding system (optional) Mobilizer (optional) Sensing Unit Processing Unit Power unit Communication Unit
  28. 28. WSN Architecture 28CTTC 2015 seminar by Prof. A.A. Economides Internet, Satellite Sink Sink Task Manager User Sensor Field Sensor Node Figure –The big picture
  29. 29. WSNs are vulnerable to various types of attacks 29 CTTC 2015 seminar by Prof. A.A. Economides Internet, Satellite Sink Sink Task Manager User Sensor Field Sensor Node Spoofed Routing information Wormhole Attack
  30. 30.  Eavesdropping: an attacker intercepts packets transmitted over the air for further cryptanalysis or traffic analysis.  Traffic analysis: allows an attacker to determine that there is activity in the network, the location of the BSs, and the type of protocols being used.  Message injection: an adversary injects bogus control information into the data stream.  Message modification: a previously captured message is modified before being retransmitted  Node capture: An embedded device is considered being compromised when an attacker, through various means, gains control to the node itself.  Denial-of-Service (DoS) attacks: can be grouped into two categories  Service degradation (e.g., collision attack), and  Service disablement through power exhaustion (e.g. jamming) Attack Models 30CTTC 2015 seminar by Prof. A.A. Economides PassiveattacksActiveattacks
  31. 31. Layer-based attack categorization CTTC 2015 seminar by Prof. A.A. Economides 31 Application Layer Transport Layer Network Layer Data Link Layer Physical Layer FloodingAttack | Desynchronization attacks ReplayAttack | SybilAttack | Spoofed, altered, or replayed routing information | Sinkhole, Wormhole Attack | Hello FloodAttack CollisionAttack | SybilAttack | Node Replication |Acknowledgement SpoofingAttack Eavesdropping | Jamming | Battery Exhaustion PowerManagementPlane MobilityManagementPlane TaskManagementPlane DataAggregation Distortion | Message Injection or Modification Figure – Sensor Network Protocol Stack
  32. 32. Attacks on specific protocols Selective forwarding: A malicious node refuses to forward all or a subset of the packets it receives and simply drops them. If a malicious node drops all the packets, the attack is then called black hole. CTTC 2015 seminar by Prof. A.A. Economides 32 Acknowledgement spoofing: Spoof link layer acknowledgements (ACKs) to trick other nodes to believe that a link or node is either dead or alive. Attack against TinyOS beaconing: The base station periodically broadcasts beacons or “route updates”. An attacker can use this mechanism to create routing loops by announcing a different node as the BS. Figure-Attack againstTinyOS beaconing
  33. 33. Spoofed, altered, or replayed routing information 33 CTTC 2015 seminar by Prof. A.A. Economides This type of attack may be used for:  loop construction  attracting or repelling traffic,  extending or shortening the source route In this example, an adversary pollutes the entire network by sending bogus routing information stating for instance that “I am the base station”. Figure -An adversary spoofing a routing update from a base station
  34. 34. Wormhole and Sinkhole Attacks The attacker uses two transceivers and one high quality out-of-band channel in order to create a ‘wormhole’. Then, the attacker tunnels the packets received at one location of the network and replays them in another location. The wormhole can drop packets directly (sinkhole) or more subtly selectively forward packets to avoid detection. CTTC 2015 seminar by Prof. A.A. Economides 34 Wormhole link Figure -A laptop-class adversary using a wormhole to create a sinkhole inTinyOS beaconing.
  35. 35. HELLO Flood Attack CTTC 2015 seminar by Prof. A.A. Economides 35 Every new node broadcasts “Hello messages” to find its neighbors. Also, it broadcasts its route to the BS. Other nodes may choose to route data through this new node if the path is shorter. A laptop-class adversary that can retransmit a routing update with enough power to be received by the entire network leaves many nodes stranded. Target nodes attempt to reply, but the adversary node is out of radio range. However, they have chosen this node as their parent This attack puts the network in a state of confusion. Figure - HELLO flood attack.
  36. 36. Sybil Attack  “a malicious node illegitimately claims multiple identities”  The Sybil attack can disrupt geographic and multi-path routing protocols. 36 Adversary A at actual location (3,2) forges location advertisements for non-existent nodes A1, A2, and A3 as well as advertising her own location. After hearing these advertisements, if B wants to send a message to C: (0,2), it will attempt to do so through A3. This transmission can be overheard and handled by the adversary A.
  37. 37.  Confidentiality is provided through the use of encryption technologies. Cryptographic algorithms such as the DES, RC5, RSA are used to protect the secrecy of a message.  MAC (Message Authentication Code) or Digital Signature Algorithms (DSA) can be used to assure the recipient’s integrity of the data and authenticity of the message  Digital Signatures can be used to ensure non-repudiation.  Availability can be achieved by adding redundant nodes. Multi path and probabilistic routing can also be used to minimize the impact of unavailability.  Data freshness is ensured by adding a counter value in each message. Overview of Countermeasures 37CTTC 2015 seminar by Prof. A.A. Economides
  38. 38. • SNEP (Secure Network Encryption Protocol) • μTESLA • TinySec 1. authenticated encryption (TinySec-AE) Data payload is encrypted MAC is used to authenticate packet 2. authentication only (TinySec-Auth) Standalone Security Protocols for WSNs 38CTTC 2015 seminar by Prof. A.A. Economides
  39. 39. A summary of attacks against routing protocols 39CTTC 2015 seminar by Prof. A.A. Economides Protocol Relevant Attacks Directed diffusion and its multipath variants Bogus routing information, selective forwarding, sinkholes, Sybil attack, wormholes, HELLO floods Geographic routing (GPSR, GEAR) Bogus routing information, selective forwarding, Sybil attack Minimum cost forwarding Bogus routing information, selective forwarding, sinkholes, wormholes, HELLO floods Clustering-based protocols (LEACH, TEEN, PEGASIS) Selective forwarding, HELLO floods Rumor routing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes Energy conserving topology maintenance (SPAN, GAF, CEC, AFECA) Bogus routing information, Sybil attack, HELLO floods
  40. 40. • Link layer security – Simple link layer encryption and authentication using a globally shared key can prevent the majority of outsider attacks: bogus routing information, Sybil, Selective Forwarding, Sinkholes. – Link layer security mechanisms provide little protection against insiders, HELLO floods, and Wormholes. • Wormhole and sinkhole attacks – Routing protocols that construct a topology initiated by a base station are the most vulnerable against these types of attacks.  Solution: Geographic protocols that construct topology on demand using localized node interactions instead of using the base station. Secure Routing – Countermeasures 40CTTC 2015 seminar by Prof. A.A. Economides
  41. 41. • Various security mechanisms have been proposed to address the security concerns of WSNs. • Despite the fast development of computer security mechanisms, the scale and complexity of the generated wireless data put major challenges to the representation and understanding of security- relevant network information. • To address this issue, efficient visualization techniques have been adopted by the researchers to bridge the gap. A new security discipline emerges! Network Security Visualization 41CTTC 2015 seminar by Prof. A.A. Economides
  42. 42. • Network traffic visualization is one of the first directions to take when it comes to understanding, and analyzing information in vast amounts of network data. • Many visualization tools graphically monitor real-world or simulated WSNs (e.g. Surge, MoteView, Octopus, SNA, TOSSIM, OPNET, NS-3). • While these tools offer some form of visualization, they are designed for applications other than wireless security. Accordingly, these tools: – lack the specialized techniques in visualizing security-related data. – tend to miss abnormalities and security attacks that occur unpredictably. Until now…Visualization only for network traffic monitoring 42CTTC 2015 seminar by Prof. A.A. Economides
  43. 43.  The power of visualization should go beyond the simple ”illustration” of network behavior in order to help the analysts discriminate between normal and abnormal network activities.  Network security visualization provides insight into areas that other system fail to enlighten by integrating visualization and machine learning techniques. In the near future… Visualization for network security 43CTTC 2015 seminar by Prof. A.A. Economides
  44. 44. Security Visualization Techniques 44CTTC 2015 seminar by Prof. A.A. Economides Node Links Glyphs Parallel Coordinates Bundle Diagrams Radial Panels
  45. 45.  IoT enables dramatic society transformation!  IoT Security is at risk!  WSN Security challenge! Conclusions CTTC 2015 seminar by Prof. A.A. Economides 45
  46. 46. 46 CTTC 2015 seminar by Prof. A.A. Economides