SlideShare a Scribd company logo

IoT Product Life Cycle and Security

O
omeili

This presentation aims to create awareness for IoT device makers on the various aspects they might encounter with their products. Security challenges which need to be addressed are listed to try to guide developers along the right path.

1 of 16
Download to read offline
Embedded/IoT Product Life-Cycle Why the Secure Development Life-Cycle Sucks Oliver Meili @oooohhhmmy, null SG, 2016-01-19
Agenda • Embedded Devices and the IoT • Product Life-Cycle – Development – Sales and Deployment – Operations and Maintenance • Security in the Product Life-Cycle Oliver Meili @oooohhhmmy
Generic IoT Architecture Thing Cloud Thing Thing Gateway Big Data Little Data Device Mgmt Analy- tics Visuali- zation Oliver Meili @oooohhhmmy
The Thing • Your Fridge, Washing Machine, Sensor on an Assembly Line • Software built by ageing (mechanical, electrical) engineers who are experts in – Interfacing the electronics with the physical world – Dealing with limited memory (16+kB ROM, 1+kB RAM) – Dealing with real-time constraints – Reliability Based on Small Microcontroller 8-bit, 16-bit, 32-bit (Cortex-M) No or Embedded (RT)OS FreeRTOS, TinyOS, Contiki OS, RIOT-OS Low Power Sleep Modes Interfaces with Physical World Connects Sensors Network Interface BLE, 802.15.4, WiFi Oliver Meili @oooohhhmmy
The Gateway • Your Home or Industrial Router • Often based on OSS and third-party components • Software built by software engineers • Needs to support new functionality – Device Management – Key Management – New wireless interfaces Based on Large CPU 32-bit (Cortex-A, Intel x86) Powerful Embedded OS Linux, Windows (CE), QNX Low Power Sleep Modes Separates the Things from the Internet Might be an Application Gateway Network Interface WiFi, Ethernet, 3G, 4G Oliver Meili @oooohhhmmy
Product Life-Cycle: Development • Consists of mechanics, electronics and software – They have to work together! • Can take several years, depending on complexity – Products exist in various variants and with tons of configuration options • Software is becoming more and more componentized – Third-party and open-source components • Testing is very difficult – Need to test real world interfaces, unknown conditions Development Oliver Meili @oooohhhmmy
Product Life-Cycle: Development Development • Hardware-in-the-Loop Testing – Simulating the real world, functional testing Oliver Meili @oooohhhmmy
Product Life-Cycle: Development Development • There is an embedded way of writing software – everything is static – No heap/memory allocation to improve reliability – Software is configured statically, i.e. OS tacks, stack size, features • Firmware contains very few parameter checks for efficiency reasons (runtime and code size) – Parameter checks only activated during functional testing • Modern Things have a network interface! – Firmware engineers know little about networking protocols and very little about security – Integration of lwIP or mIP, maybe (D)TLS Oliver Meili @oooohhhmmy
Product Life-Cycle: Sales • Embedded products stay on the market for years – How often do home appliances get refreshed in stores? • For more complex products, there is a provisioning step when deploying a device – Someone needs to configure the Thing before it can be used • Reliability is often more important than the number of features – Extreme case: air traffic control Sales Oliver Meili @oooohhhmmy
Operations & Maintenance Product Life-Cycle: Operations • Embedded products stay in operations for a very long time – Cars reach an average age of 13 years – How often do you exchange home appliances? – How old is the oldest MRT train in Singapore? • Spare parts need to be available – Components (mechanical/hardware) will be reused – Not just software bits ;-) Oliver Meili @oooohhhmmy
Operations & Maintenance Product Life-Cycle: Operations • Traditionally there are no or only very few software updates – This is changing drastically with connected devices – And no security management • Any update requires re-testing – Use of huge test equipment, old software – Upgrade of third-party software is a big risk • Requires detailed analysis of changes in components Oliver Meili @oooohhhmmy
Operations & Maintenance The Product Life-Cycle • Embedded Products – Take years to develop • Verification is one of the hardest tasks to do – Are sold for a considerable amount of time • How long do you find a new car model for sale at the dealer? – Are in operations for a very long time • When was the last time you bought a new washing machines? Development Sales Oliver Meili @oooohhhmmy
Security Requirements • Things in foreign lands – Developers don’t know the Thing’s environment and it’s not going to be a well protected network (IPv6 instead of NAT, firewalls?) • Enterprise integration – Identity and key management, authentication, logging • Minimizing attack surface – Does every Thing need a webserver, a shell and other ports open? • Things need identities – And they need to be managed • Over-the-air (OTA) update is a must! Oliver Meili @oooohhhmmy
Security Challenges • Threat modeling? – Physical security: theft of parts and Things • Secure architecture and design? – Integration into enterprise solutions (auth, PKI, …) – Logging on small devices, anyone? • Secure coding? – Input validation! • Understanding of security concepts? – “just disable feature XY and it will work” – “some even enable firewalls on gateways!” – “security has to deal with protocols” Oliver Meili @oooohhhmmy
Security Challenges • Documentation of software components? • Examples or demos of third-party software? • Verification and validation – Working test environment for the whole product life-cycle, particularly during maintenance • Vulnerability management? – Internal and external vulnerabilities – For the whole product life-cycle – Disclosure! Oliver Meili @oooohhhmmy
Conclusion • Things in the Internet of Things sometimes live a very long time – Think multiple decades – Testing and maintenance are the tough part • Developers are not always up to the task to implement security – There are still mechanical engineers writing firmware • Configuration management is crucial – Manage variants and vulnerabilities Oliver Meili @oooohhhmmy

Recommended

IOT DATA MANAGEMENT AND COMPUTE STACK.pptx
IOT DATA MANAGEMENT AND COMPUTE STACK.pptxIOT DATA MANAGEMENT AND COMPUTE STACK.pptx
IOT DATA MANAGEMENT AND COMPUTE STACK.pptx
MeghaShree665225
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with Fog
Achu Anna
 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoT
Amit Dev
 
Introduction to IoT Architecture
Introduction to IoT ArchitectureIntroduction to IoT Architecture
Introduction to IoT Architecture
Emertxe Information Technologies Pvt Ltd
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoT
sreelesh balan
 
IoT Networking
IoT NetworkingIoT Networking
IoT Networking
Hitesh Mohapatra
 
Iot - Internet of Things
Iot - Internet of ThingsIot - Internet of Things
Iot - Internet of Things
KIET Group of Institutions, Ghaziabad
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 

Recommended

IOT DATA MANAGEMENT AND COMPUTE STACK.pptx
IOT DATA MANAGEMENT AND COMPUTE STACK.pptxIOT DATA MANAGEMENT AND COMPUTE STACK.pptx
IOT DATA MANAGEMENT AND COMPUTE STACK.pptx
MeghaShree665225
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with Fog
Achu Anna
 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoT
Amit Dev
 
Introduction to IoT Architecture
Introduction to IoT ArchitectureIntroduction to IoT Architecture
Introduction to IoT Architecture
Emertxe Information Technologies Pvt Ltd
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoT
sreelesh balan
 
IoT Networking
IoT NetworkingIoT Networking
IoT Networking
Hitesh Mohapatra
 
Iot - Internet of Things
Iot - Internet of ThingsIot - Internet of Things
Iot - Internet of Things
KIET Group of Institutions, Ghaziabad
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 
Logical design of io t
Logical design of io tLogical design of io t
Logical design of io t
Kunal Bangar
 
Ethics_Internet of Things
Ethics_Internet of ThingsEthics_Internet of Things
Ethics_Internet of Things
alengadan
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee Presentation
Maathu Michael
 
1. Introduction to IoT
1. Introduction to IoT1. Introduction to IoT
1. Introduction to IoT
Abhishek Das
 
Introduction to IoT
Introduction to IoTIntroduction to IoT
Introduction to IoT
Sameer Tathare
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
Dinis Guarda
 
5G
5G5G
5G
bhavna singhal
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
IoT Security
IoT SecurityIoT Security
IoT Security
Peter Waher
 
Iot architecture
Iot architectureIot architecture
Iot architecture
Anam Iqbal
 
Fog computing
Fog computingFog computing
Fog computing
Mahantesh Hiremath
 
Gi-Fi ppt
Gi-Fi pptGi-Fi ppt
Gi-Fi ppt
Tushar Choudhary
 
Internet of Things (IOT)
Internet of Things (IOT)Internet of Things (IOT)
Internet of Things (IOT)
Kunal Adhikari
 
Zigbee ppt
Zigbee pptZigbee ppt
Zigbee ppt
kondalarao7
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
SHAAMILIVARSAGV
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Fog computing technology
Fog computing technologyFog computing technology
Fog computing technology
Nikhil Sabu
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
Mahantesh Hiremath
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
A reference architecture for the internet of things
A reference architecture for the internet of thingsA reference architecture for the internet of things
A reference architecture for the internet of things
Charles Gibbons
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
Sumit Sharma
 

More Related Content

What's hot

Logical design of io t
Logical design of io tLogical design of io t
Logical design of io t
Kunal Bangar
 
Ethics_Internet of Things
Ethics_Internet of ThingsEthics_Internet of Things
Ethics_Internet of Things
alengadan
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee Presentation
Maathu Michael
 
1. Introduction to IoT
1. Introduction to IoT1. Introduction to IoT
1. Introduction to IoT
Abhishek Das
 
Introduction to IoT
Introduction to IoTIntroduction to IoT
Introduction to IoT
Sameer Tathare
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
Dinis Guarda
 
5G
5G5G
5G
bhavna singhal
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
IoT Security
IoT SecurityIoT Security
IoT Security
Peter Waher
 
Iot architecture
Iot architectureIot architecture
Iot architecture
Anam Iqbal
 
Fog computing
Fog computingFog computing
Fog computing
Mahantesh Hiremath
 
Gi-Fi ppt
Gi-Fi pptGi-Fi ppt
Gi-Fi ppt
Tushar Choudhary
 
Internet of Things (IOT)
Internet of Things (IOT)Internet of Things (IOT)
Internet of Things (IOT)
Kunal Adhikari
 
Zigbee ppt
Zigbee pptZigbee ppt
Zigbee ppt
kondalarao7
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
SHAAMILIVARSAGV
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Fog computing technology
Fog computing technologyFog computing technology
Fog computing technology
Nikhil Sabu
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
Mahantesh Hiremath
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 

What's hot (20)

Logical design of io t
Logical design of io tLogical design of io t
Logical design of io t
 
Ethics_Internet of Things
Ethics_Internet of ThingsEthics_Internet of Things
Ethics_Internet of Things
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee Presentation
 
1. Introduction to IoT
1. Introduction to IoT1. Introduction to IoT
1. Introduction to IoT
 
Introduction to IoT
Introduction to IoTIntroduction to IoT
Introduction to IoT
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
 
5G
5G5G
5G
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Iot architecture
Iot architectureIot architecture
Iot architecture
 
Fog computing
Fog computingFog computing
Fog computing
 
Gi-Fi ppt
Gi-Fi pptGi-Fi ppt
Gi-Fi ppt
 
Internet of Things (IOT)
Internet of Things (IOT)Internet of Things (IOT)
Internet of Things (IOT)
 
Zigbee ppt
Zigbee pptZigbee ppt
Zigbee ppt
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Fog computing technology
Fog computing technologyFog computing technology
Fog computing technology
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 

Viewers also liked

A reference architecture for the internet of things
A reference architecture for the internet of thingsA reference architecture for the internet of things
A reference architecture for the internet of things
Charles Gibbons
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
Sumit Sharma
 
Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3
Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3
Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3
Proactive Advisor Magazine
 
프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기
프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기
프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기
전 윤희
 
Internet of Things and the Value of Tracking Everything
Internet of Things and the Value of Tracking EverythingInternet of Things and the Value of Tracking Everything
Internet of Things and the Value of Tracking Everything
Paul Barsch
 
Experience Presentation
Experience PresentationExperience Presentation
Experience Presentation
DAN FRIEDLANDER
 
Overzicht Foutcodes DTCO VDO Digitale Tachograaf - Engels
Overzicht Foutcodes DTCO VDO Digitale Tachograaf - EngelsOverzicht Foutcodes DTCO VDO Digitale Tachograaf - Engels
Overzicht Foutcodes DTCO VDO Digitale Tachograaf - Engels
Stefan Groen in 't Woud
 
New Framework for Improving Bigdata Analaysis Using Mobile Agent
New Framework for Improving Bigdata Analaysis Using Mobile AgentNew Framework for Improving Bigdata Analaysis Using Mobile Agent
New Framework for Improving Bigdata Analaysis Using Mobile Agent
Mohammed Adam
 
Journée de la Femme
Journée de la FemmeJournée de la Femme
Journée de la Femme
LinkedIn
 
Manuscript Speech (Oral Communication Grade 11)
Manuscript Speech (Oral Communication Grade 11)Manuscript Speech (Oral Communication Grade 11)
Manuscript Speech (Oral Communication Grade 11)
stephanieluise
 
Guide to IoT Projects and Architecture with Microsoft Cloud and Azure
Guide to IoT Projects and Architecture with Microsoft Cloud and AzureGuide to IoT Projects and Architecture with Microsoft Cloud and Azure
Guide to IoT Projects and Architecture with Microsoft Cloud and Azure
Barnaba Accardi
 
cloud of things Presentation
cloud of things Presentation cloud of things Presentation
cloud of things Presentation
Assem mousa
 
Apache server 2 bible hungry minds
Apache server 2 bible hungry mindsApache server 2 bible hungry minds
Apache server 2 bible hungry minds
grregwalz
 
logistics and the internet of things
logistics and the internet of thingslogistics and the internet of things
logistics and the internet of things
Sergey Zhdanov
 

Viewers also liked (14)

A reference architecture for the internet of things
A reference architecture for the internet of thingsA reference architecture for the internet of things
A reference architecture for the internet of things
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3
Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3
Patrick Letizia – Proactive Advisor Magazine – Volume 2, Issue 3
 
프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기
프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기
프로코밀『 W3.ow.to 』 톡 w2015 ♡ 프로코밀판매,프로코밀판매사이트,프로코밀직구,프로코밀정품판매,프로코밀복용후기,프로코밀구입후기
 
Internet of Things and the Value of Tracking Everything
Internet of Things and the Value of Tracking EverythingInternet of Things and the Value of Tracking Everything
Internet of Things and the Value of Tracking Everything
 
Experience Presentation
Experience PresentationExperience Presentation
Experience Presentation
 
Overzicht Foutcodes DTCO VDO Digitale Tachograaf - Engels
Overzicht Foutcodes DTCO VDO Digitale Tachograaf - EngelsOverzicht Foutcodes DTCO VDO Digitale Tachograaf - Engels
Overzicht Foutcodes DTCO VDO Digitale Tachograaf - Engels
 
New Framework for Improving Bigdata Analaysis Using Mobile Agent
New Framework for Improving Bigdata Analaysis Using Mobile AgentNew Framework for Improving Bigdata Analaysis Using Mobile Agent
New Framework for Improving Bigdata Analaysis Using Mobile Agent
 
Journée de la Femme
Journée de la FemmeJournée de la Femme
Journée de la Femme
 
Manuscript Speech (Oral Communication Grade 11)
Manuscript Speech (Oral Communication Grade 11)Manuscript Speech (Oral Communication Grade 11)
Manuscript Speech (Oral Communication Grade 11)
 
Guide to IoT Projects and Architecture with Microsoft Cloud and Azure
Guide to IoT Projects and Architecture with Microsoft Cloud and AzureGuide to IoT Projects and Architecture with Microsoft Cloud and Azure
Guide to IoT Projects and Architecture with Microsoft Cloud and Azure
 
cloud of things Presentation
cloud of things Presentation cloud of things Presentation
cloud of things Presentation
 
Apache server 2 bible hungry minds
Apache server 2 bible hungry mindsApache server 2 bible hungry minds
Apache server 2 bible hungry minds
 
logistics and the internet of things
logistics and the internet of thingslogistics and the internet of things
logistics and the internet of things
 

Similar to IoT Product Life Cycle and Security

How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...
How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...
How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...
InfluxData
 
AWS Finland March meetup 2017 - selecting enterprise IoT platform
AWS Finland March meetup 2017 - selecting enterprise IoT platformAWS Finland March meetup 2017 - selecting enterprise IoT platform
AWS Finland March meetup 2017 - selecting enterprise IoT platform
Rolf Koski
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2
 
OSGi -Simplifying the IoT Gateway - Walt Bowers
OSGi -Simplifying the IoT Gateway - Walt BowersOSGi -Simplifying the IoT Gateway - Walt Bowers
OSGi -Simplifying the IoT Gateway - Walt Bowers
mfrancis
 
IoT, ready for business
IoT, ready for businessIoT, ready for business
IoT, ready for business
Jon Mikel Inza
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?
5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?
5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?
GlobalLogic Latinoamérica
 
How to Test the Internet of Everything
How to Test the Internet of EverythingHow to Test the Internet of Everything
How to Test the Internet of Everything
SQALab
 
Reshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to ConsiderReshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to Consider
Eurotech
 
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Considermeet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
Roberto Siagri
 
The Transformation of Healthcare.gov: Two years of innovation in how our gov...
The Transformation of Healthcare.gov: Two years of innovation in how our gov...The Transformation of Healthcare.gov: Two years of innovation in how our gov...
The Transformation of Healthcare.gov: Two years of innovation in how our gov...
New Relic
 
Getting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj ShahGetting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj Shah
momoahmedabad
 
Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy
Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs BuyMicrosoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy
Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy
Fernando Luiz Cola
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
WSO2
 
The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015
Eduardo Pelegri-Llopart
 
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Marius Zaharia
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
Nitesh Malviya
 
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Dominik Obermaier
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Open Mobile Alliance
 
Autonomous Systems Lab
Autonomous Systems LabAutonomous Systems Lab
Autonomous Systems Lab
Elliot Duff
 

Similar to IoT Product Life Cycle and Security (20)

How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...
How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...
How Olympus Controls Automates Predictive Maintenance with Telit, MQTT and In...
 
AWS Finland March meetup 2017 - selecting enterprise IoT platform
AWS Finland March meetup 2017 - selecting enterprise IoT platformAWS Finland March meetup 2017 - selecting enterprise IoT platform
AWS Finland March meetup 2017 - selecting enterprise IoT platform
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
 
OSGi -Simplifying the IoT Gateway - Walt Bowers
OSGi -Simplifying the IoT Gateway - Walt BowersOSGi -Simplifying the IoT Gateway - Walt Bowers
OSGi -Simplifying the IoT Gateway - Walt Bowers
 
IoT, ready for business
IoT, ready for businessIoT, ready for business
IoT, ready for business
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?
5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?
5º MeetUP ARQconf 2016 - IoT: What is it really and how does it work?
 
How to Test the Internet of Everything
How to Test the Internet of EverythingHow to Test the Internet of Everything
How to Test the Internet of Everything
 
Reshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to ConsiderReshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to Consider
 
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Considermeet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
 
The Transformation of Healthcare.gov: Two years of innovation in how our gov...
The Transformation of Healthcare.gov: Two years of innovation in how our gov...The Transformation of Healthcare.gov: Two years of innovation in how our gov...
The Transformation of Healthcare.gov: Two years of innovation in how our gov...
 
Getting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj ShahGetting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj Shah
 
Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy
Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs BuyMicrosoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy
Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015
 
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
 
Autonomous Systems Lab
Autonomous Systems LabAutonomous Systems Lab
Autonomous Systems Lab
 

Recently uploaded

Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 

Recently uploaded (12)

Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 

IoT Product Life Cycle and Security

  • 1. Embedded/IoT Product Life-Cycle Why the Secure Development Life-Cycle Sucks Oliver Meili @oooohhhmmy, null SG, 2016-01-19
  • 2. Agenda • Embedded Devices and the IoT • Product Life-Cycle – Development – Sales and Deployment – Operations and Maintenance • Security in the Product Life-Cycle Oliver Meili @oooohhhmmy
  • 4. The Thing • Your Fridge, Washing Machine, Sensor on an Assembly Line • Software built by ageing (mechanical, electrical) engineers who are experts in – Interfacing the electronics with the physical world – Dealing with limited memory (16+kB ROM, 1+kB RAM) – Dealing with real-time constraints – Reliability Based on Small Microcontroller 8-bit, 16-bit, 32-bit (Cortex-M) No or Embedded (RT)OS FreeRTOS, TinyOS, Contiki OS, RIOT-OS Low Power Sleep Modes Interfaces with Physical World Connects Sensors Network Interface BLE, 802.15.4, WiFi Oliver Meili @oooohhhmmy
  • 5. The Gateway • Your Home or Industrial Router • Often based on OSS and third-party components • Software built by software engineers • Needs to support new functionality – Device Management – Key Management – New wireless interfaces Based on Large CPU 32-bit (Cortex-A, Intel x86) Powerful Embedded OS Linux, Windows (CE), QNX Low Power Sleep Modes Separates the Things from the Internet Might be an Application Gateway Network Interface WiFi, Ethernet, 3G, 4G Oliver Meili @oooohhhmmy
  • 6. Product Life-Cycle: Development • Consists of mechanics, electronics and software – They have to work together! • Can take several years, depending on complexity – Products exist in various variants and with tons of configuration options • Software is becoming more and more componentized – Third-party and open-source components • Testing is very difficult – Need to test real world interfaces, unknown conditions Development Oliver Meili @oooohhhmmy
  • 7. Product Life-Cycle: Development Development • Hardware-in-the-Loop Testing – Simulating the real world, functional testing Oliver Meili @oooohhhmmy
  • 8. Product Life-Cycle: Development Development • There is an embedded way of writing software – everything is static – No heap/memory allocation to improve reliability – Software is configured statically, i.e. OS tacks, stack size, features • Firmware contains very few parameter checks for efficiency reasons (runtime and code size) – Parameter checks only activated during functional testing • Modern Things have a network interface! – Firmware engineers know little about networking protocols and very little about security – Integration of lwIP or mIP, maybe (D)TLS Oliver Meili @oooohhhmmy
  • 9. Product Life-Cycle: Sales • Embedded products stay on the market for years – How often do home appliances get refreshed in stores? • For more complex products, there is a provisioning step when deploying a device – Someone needs to configure the Thing before it can be used • Reliability is often more important than the number of features – Extreme case: air traffic control Sales Oliver Meili @oooohhhmmy
  • 10. Operations & Maintenance Product Life-Cycle: Operations • Embedded products stay in operations for a very long time – Cars reach an average age of 13 years – How often do you exchange home appliances? – How old is the oldest MRT train in Singapore? • Spare parts need to be available – Components (mechanical/hardware) will be reused – Not just software bits ;-) Oliver Meili @oooohhhmmy
  • 11. Operations & Maintenance Product Life-Cycle: Operations • Traditionally there are no or only very few software updates – This is changing drastically with connected devices – And no security management • Any update requires re-testing – Use of huge test equipment, old software – Upgrade of third-party software is a big risk • Requires detailed analysis of changes in components Oliver Meili @oooohhhmmy
  • 12. Operations & Maintenance The Product Life-Cycle • Embedded Products – Take years to develop • Verification is one of the hardest tasks to do – Are sold for a considerable amount of time • How long do you find a new car model for sale at the dealer? – Are in operations for a very long time • When was the last time you bought a new washing machines? Development Sales Oliver Meili @oooohhhmmy
  • 13. Security Requirements • Things in foreign lands – Developers don’t know the Thing’s environment and it’s not going to be a well protected network (IPv6 instead of NAT, firewalls?) • Enterprise integration – Identity and key management, authentication, logging • Minimizing attack surface – Does every Thing need a webserver, a shell and other ports open? • Things need identities – And they need to be managed • Over-the-air (OTA) update is a must! Oliver Meili @oooohhhmmy
  • 14. Security Challenges • Threat modeling? – Physical security: theft of parts and Things • Secure architecture and design? – Integration into enterprise solutions (auth, PKI, …) – Logging on small devices, anyone? • Secure coding? – Input validation! • Understanding of security concepts? – “just disable feature XY and it will work” – “some even enable firewalls on gateways!” – “security has to deal with protocols” Oliver Meili @oooohhhmmy
  • 15. Security Challenges • Documentation of software components? • Examples or demos of third-party software? • Verification and validation – Working test environment for the whole product life-cycle, particularly during maintenance • Vulnerability management? – Internal and external vulnerabilities – For the whole product life-cycle – Disclosure! Oliver Meili @oooohhhmmy
  • 16. Conclusion • Things in the Internet of Things sometimes live a very long time – Think multiple decades – Testing and maintenance are the tough part • Developers are not always up to the task to implement security – There are still mechanical engineers writing firmware • Configuration management is crucial – Manage variants and vulnerabilities Oliver Meili @oooohhhmmy