Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
IoT - Insecurity of Things Insegurança das Coisas João Paulo Barraca <jpbarraca@ua.pt> Imagem: Flickr, Steve Crane
Apresentação • Professor Auxiliar @ DETI.UA • Programação, Informática, redes, Segurança • Investigador/Coordenador de Gru...
Interfaces Processos Plataforma IoT Infraestrutura Telco Dispositivos
90% dos dispositivos recolhem no mínimo um dado de informação pessoal através do dispositivo, serviços ou aplicação m...
Hardware SeguroImagem: Tesla Model 3
Hardware Seguro: Riscos • Negação de Serviço • Desativar sistemas • Firmware oficioso • Adicionar/alterar funções • Backdo...
Hardware Seguro: Soluções • Execução Segura de Software • Bootloader cifrado e SO assinado • Mecanismos de limitação de A...
Bootloader Firmware 1 Firmware 2 Flash & Swtich
Imagem: Flickr, coreforce Comunicações Seguras
Comunicações Seguras: Riscos • Negação da comunicação • Bloquear alarmes/relatórios • Acesso aos dados transmitidos • Obt...
Comunicações Seguras: Soluções • Usar meios de comunicação fisicamente robustos • Resistentes a interferências • Resisten...
Comunicações Seguras: Soluções • Utilização de cifras seguras • Comunicações cifradas e autenticadas • Chave Partilhada (e...
Comunicações Seguras: Soluções • Chaves Assimétricas (ex: TLS_ECDHE_ECDSA_AES_128_CCM_8) • Servidor/Dispositivo possuem ch...
Comunicações Seguras: Problemas • Arduino (e companhia) executam MQTT/CoAP • Grande impulsionadores de soluções de IoT • M...
Serviços Seguros
Serviços Seguros: Riscos • Acesso massivo a informação • Pacientes, clientes, faturação, conversas • Negação de serviço • ...
Serviços Seguros: Soluções • Standardização: ISO 27001 e outros • Autenticação multifactorial • Smart cards, telemóveis, t...
Segurança em IoT • Tem de ser considerada desde o início • irá alterar toda a interação com o dispositivo • Implica custos...
Questões? Imagem: Flickr, Steve Davis
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Insecurity of things - Insegurança das Coisas
Upcoming SlideShare
Loading in …5
×

Insecurity of things - Insegurança das Coisas

914 views

Published on

Segurança (e falta dela) na Internet das Coisas atual e as necessidades de a aplicar a vários níveis. Focado nas comunicações, dispositivos e serviços.

Apresentada no evento BEST InnovationNow 2016 em Aveiro.

Published in: Software
License: CC Attribution License
no profile picture user
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
Show More

  • Be the first to like this

Insecurity of things - Insegurança das Coisas

  1. 1. IoT - Insecurity of Things Insegurança das Coisas João Paulo Barraca <jpbarraca@ua.pt> Imagem: Flickr, Steve Crane
  2. 2. Apresentação • Professor Auxiliar @ DETI.UA • Programação, Informática, redes, Segurança • Investigador/Coordenador de Grupo @ Instituto de Telecomunicações • Redes, IoT, Serviços e Virtualização
  3. 3. Interfaces Processos Plataforma IoT Infraestrutura Telco Dispositivos
  4. 4. 90% dos dispositivos recolhem no mínimo um dado de informação pessoal através do dispositivo, serviços ou aplicação móvel 70% dos dispositivos comunicam sem recurso a cifras 60% dos dispositivos com interface de utilizador são vulneráveis a ataques como XSS e credenciais fracas 80% dos dispositivos, serviços e aplicações falham na exigência da complexidade das senhas 70% dos dispositivos, serviços e aplicações permitem identificar utilizadores enumerando contas Internet of things HPE Security Research Study, Craig Smith and Daniel Miessler, HPE Fortify, June 2014
  5. 5. Hardware SeguroImagem: Tesla Model 3
  6. 6. Hardware Seguro: Riscos • Negação de Serviço • Desativar sistemas • Firmware oficioso • Adicionar/alterar funções • Backdoors • Provocar erros, aceder a informação • Acesso/Manipulação dos dados • Segredos indústriais, provocar erros Imagem: Flickr, Guto Araki
  7. 7. Hardware Seguro: Soluções • Execução Segura de Software • Bootloader cifrado e SO assinado • Mecanismos de limitação de Acesso • Armazenamento Seguro • Cifrar dados com chave única • Módulos seguros • Mecanismo de atualização remota
  8. 8. Bootloader Firmware 1 Firmware 2 Flash & Swtich
  9. 9. Imagem: Flickr, coreforce Comunicações Seguras
  10. 10. Comunicações Seguras: Riscos • Negação da comunicação • Bloquear alarmes/relatórios • Acesso aos dados transmitidos • Obter informação • Alteração dos dados transmitidos • Forjar acontecimentos Imagem: Flickr, Alan Strakey
  11. 11. Comunicações Seguras: Soluções • Usar meios de comunicação fisicamente robustos • Resistentes a interferências • Resistentes à inspeção • Frequency Hopping • Alternar a frequência de emissão (de forma aleatória) • Spread Spectrum • Espalhar comunicações em várias portadoras (frequências) Imagem: Flickr, Anne Petersen
  12. 12. Comunicações Seguras: Soluções • Utilização de cifras seguras • Comunicações cifradas e autenticadas • Chave Partilhada (ex: TLS_PSK_AES_CCM_128) • Dispositivos partilham chave com servidor • Acesso à chave permite decifrar comunicações (passadas e futuras) • Problemas: • pelo menos mais 15-20 KB ROM, 3.9KB RAM • atraso de dezenas/centenas de milisegundos
  13. 13. Comunicações Seguras: Soluções • Chaves Assimétricas (ex: TLS_ECDHE_ECDSA_AES_128_CCM_8) • Servidor/Dispositivo possuem chaves públicas de cada um • Acesso a chaves não compromete comunicações passadas • Problemas: • pelo menos mais 15-20 KB ROM, 4KB RAM • atraso de vários segundos • Gestão de chaves? • Muito mais complexo • Validação de CRL, OCSP, Stapling, RTC, NTP,
  14. 14. Comunicações Seguras: Problemas • Arduino (e companhia) executam MQTT/CoAP • Grande impulsionadores de soluções de IoT • Mas nunca de forma segura! 16Mhz, 32KB ROM, 2KB RAM +----------------------+-----------------+ | | DTLS | | +--------+--------+ | | ROM | RAM | +----------------------+--------+--------+ | State Machine | 8.15 | 1.9 | | Cryptography | 3.3 | 1.5 | | DTLS Record Layer | 3.7 | 0.5 | +----------------------+--------+--------+ | TOTAL | 15.15 | 3.9 | +----------------------+--------+--------+ +----------------------------+---------------+ | Cryptographic functions | Code size | +----------------------------+---------------+ | MD5 | 4,856 bytes | | SHA1 | 2,432 bytes | | HMAC | 2,928 bytes | | RSA | 3,984 bytes | | Big Integer Implementation | 8,328 bytes | | AES | 7,096 bytes | | RC4 | 1,496 bytes | | Random Number Generator | 4,840 bytes | +----------------------------+---------------+https://tools.ietf.org/html/draft-ietf-lwig-tls-minimal-01
  15. 15. Serviços Seguros
  16. 16. Serviços Seguros: Riscos • Acesso massivo a informação • Pacientes, clientes, faturação, conversas • Negação de serviço • Impacto direto no negócio/imagem/faturação • Cloud é opaca por definição • Tudo segue para lá • Não se sabe onde está informação, quem acede Imagem: Flickr, Joaquin Casarini
  17. 17. Serviços Seguros: Soluções • Standardização: ISO 27001 e outros • Autenticação multifactorial • Smart cards, telemóveis, tokens • Separação entre serviços Web e sistemas IoT • E mais barreiras internas • Recolher apenas informação essencial • Atualmente favorece-se a recolha massiva SHIP IT! Imagem: Flickr, bizilica
  18. 18. Segurança em IoT • Tem de ser considerada desde o início • irá alterar toda a interação com o dispositivo • Implica custos bastante superiores • Processadores mais poderosos, mais RAM, mais Flash, . • Implica maior percentagem de falhas • Número de dispositivos muito elevados • 1% de falhas em 1.000.000 são 10.000 dispositivos • Implica ser aplicada a toda a stack • Dispositivos, comunicações, serviços (pessoas, processos, etc..) Imagem: Flickr, Maurits Verbiest
  19. 19. Questões? Imagem: Flickr, Steve Davis

×