The document discusses Internet of Things (IoT) security challenges and countermeasures. It begins with basics of IoT and sensors, then discusses how IoT connects to the internet. It outlines several approaches to securing IoT, including restricted access, encryption of network and data, managing default APIs, addressing human elements of security, and learning from past exploits. Specific threats like denial of service attacks, man-in-the-middle attacks, and brute force/dictionary attacks are examined. The document concludes that IoT security design must enable open yet secure infrastructure while respecting user privacy through individual policies.
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
https://www.cablelabs.com/informed/
This presentation discusses about IoT, challenges associated with it, common threats to IoT. It also briefs about how OWASP introduces Vulnerabilities in IoT.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
As a novel computing platform in network, IoT will bring many security challenges to enterprise networks, and create new opportunities for security industry. This talk will provide a general overview of enterprise network security problems, especially the data security, caused by IoT. After that, a few existing security technologies are evaluated as necessary elements of a holistic network security that cover IoT devices. These technologies include : (a) IoT security monitoring and control; (b) FOTA for firmware vulnerability management; (c) NetFlow based big data security analysis. In the end, the practice of standard security protocols (such as OpenIoC and IODEF) will be strongly advocated for delivering effective IoT security solutions.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
We did not predict the Internet, the Web, social networking, Facebook, Twitter, millions of apps for smart-phones, etc. New research problems arise due to the large scale of devices, the connection of the physical and cyber worlds, the openness of the systems of systems, and continuing problems of privacy and security. It is hoped that there is more cooperation between the research communities in order to solve the myriad of problems sooner as well as to avoid re-inventing the wheel when a particular community solves a problem.
Understanding what is IoT security
What is the scope of IoT security
Uses of IoT and where do we see it in our daily life
Possible attack surface and likelihood of IoT-related attacks
IoT specific security assessment (understanding approach, IoT protocols, how it is a combination of different type assessments)
The myths of IoT security and the way it has progressed in past few years and how far fetched it can be.
Available Resources and Tools
Network security presentation that briefly covers the aspect of security in networks. The slide consists of procedural steps for network security then some of the important network security components are described. To give it a practical approach, attacks on networks are also covered.
The Internet of Things (IoT) offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues. Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
https://www.cablelabs.com/informed/
This presentation discusses about IoT, challenges associated with it, common threats to IoT. It also briefs about how OWASP introduces Vulnerabilities in IoT.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
As a novel computing platform in network, IoT will bring many security challenges to enterprise networks, and create new opportunities for security industry. This talk will provide a general overview of enterprise network security problems, especially the data security, caused by IoT. After that, a few existing security technologies are evaluated as necessary elements of a holistic network security that cover IoT devices. These technologies include : (a) IoT security monitoring and control; (b) FOTA for firmware vulnerability management; (c) NetFlow based big data security analysis. In the end, the practice of standard security protocols (such as OpenIoC and IODEF) will be strongly advocated for delivering effective IoT security solutions.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
We did not predict the Internet, the Web, social networking, Facebook, Twitter, millions of apps for smart-phones, etc. New research problems arise due to the large scale of devices, the connection of the physical and cyber worlds, the openness of the systems of systems, and continuing problems of privacy and security. It is hoped that there is more cooperation between the research communities in order to solve the myriad of problems sooner as well as to avoid re-inventing the wheel when a particular community solves a problem.
Understanding what is IoT security
What is the scope of IoT security
Uses of IoT and where do we see it in our daily life
Possible attack surface and likelihood of IoT-related attacks
IoT specific security assessment (understanding approach, IoT protocols, how it is a combination of different type assessments)
The myths of IoT security and the way it has progressed in past few years and how far fetched it can be.
Available Resources and Tools
Network security presentation that briefly covers the aspect of security in networks. The slide consists of procedural steps for network security then some of the important network security components are described. To give it a practical approach, attacks on networks are also covered.
The Internet of Things (IoT) offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues. Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
International Refereed Journal of Engineering and Science (IRJES)irjes
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
The Grapeboard is a credit-card sized Secure Networking Communication Device, delivering enterprise-class performance and security capabilities to consumer, networking and Internet of Things applications alike, including comprehensive IoT Gateway solutions.
The Grapeboard is ideal for applications that require a combination of CPU performance, high-speed networking, data storage and retrieval; including sensor gateways, communication hubs and secure edge devices.
Combining a 64-bit ARM® v8-based processor (LS1012A) with network packet acceleration and QorIQ trust architecture security capabilities, the Grapeboard features line-rate networking performance at low power all on a small form factor board.
Internet of things , presentation, rajiv gandhi universityPulakMandal14
What Is an IoT Device?
It’s a physical object that connects to the Internet. It can be a fitness tracker, a thermostat, a lock or appliance – even a light bulb.
Imagine shoes that track your heartbeat… and can flag potential health problems. You don’t have to imagine – these “smart” shoes already exist!
How Will It Affect Me?
The Internet of Things has arrived and it’s going to introduce incredible opportunity over the next five years. And while smart things are exactly that, the IoT industry has a long way to go in terms of overall security. Many of today’s IoT devices are rushed to market with little consideration for basic security and privacy protections: “Insecurity by design.”
This puts you and everyone else at risk: from unwittingly being spied on or having your data compromised to being unable to lock your own home. You could even become part of a botnet that attacks the Internet. Your insecure webcam – along with millions of others – could be used to attack the power grid of an entire country.
From dental sensors that can monitor what a person eats to kitty litters that can track a cat’s every movement, it can be difficult to sort fact from fiction when it comes to the Internet of Things. Can you tell which is real and which is not?
Read More
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
test test test test testtest test testtest test testtest test testtest test ...
Iot Security
1. DEPT. OF ELECTRONICS AND INSTRUMENTATION
TECHNOLOGY
2016-17
TECHNICAL SEMINAR
GUIDE : SMT. S S VIDYA
HOD : DR. M B
MEENAVATHI
PRESENTED BY :
MAITREYA
3. INDEX
• Basics of IOT and Sensors.
• Internet and IOT.
• Securing the IOT.
• Exploiting the IOT(Challenges).
• Practical Exploit (example) – Optional.
• Conclusion.
• References.
4. IOT (INTERNET OF THINGS)
IOT: The term was first coined in 1999 by Kevin Ashton .The Internet of
things is the inter - networking of physical devices, vehicles (also
referred to as "connected devices" and "smart devices“), buildings and
other items - with electronics, software, sensors, actuators, and network
connectivity that enable these objects to collect and exchange data .
5. IOT AND SENSORS
The communication part can be handled by the API of
connected device and the predefined RFC protocols (Internet),
but the sensing needs to be still done and from Instrumentation
Point of view we need sensors and actuators to get “smart”
results. Different types of sensors are available in the market for
different purposes in an unbelievable range . Basic sensing and
actuation logic is shown in the side diagram. Some famous
sensors are :
Proximity sensors , Ultrasonic sensors , Accelerometer and
Webcam etc.
6. HOME SECURITY (WITH OBJECT SENSOR)
Object
Object Sensor(IR,
Ultrasonic &
Webcam)
Node McU (SMTP
server) with PI
Internet
Root(mail)
Exploring the many ways of Object
Detection:
The basic diagram aside explains how
to detect the object in an Iot
connected room . The
Basic IR and ultrasonic sensors can be
used in
conjunction with the NodeMcu
(esp826) to construct an Iot home
security system to send message via
7. IOT SECURITY
The IOT Security can be divided
into following propaganda:
1. Restricted Access
2. Encryption (network and
data)
3. Default API
4. Human Element (as usual)
5. Defensive Dark Arts
(DEFCON 22)
8. RESTRICTED ACCESS !
This is probably what will be the most
basic and first step in securing your
IOT device.
(KEEP IT IN A ISOLATED NETWORK)
If you can ,you should always keep
your IOT devices in a restricted
isolated network away from the
devices that you keep normally
connected to the internet.
What this will achieve will be a way of
isolation for your Iot devices which
9. ENCRYPTION
Encryption:
The Iot Security relies upon the encryption of two basic
separate aspects i.e. first the encryption of network access
(especially IOT network and the other the encryption of data
send via the internet).
Some Basic encryption for IOT involves SSL , Public Key
Cryptography, Hash Functions (SHA -3), Block Ciphers and
Stream Ciphers. The network encryption involves AES,
WPA/WPA-2 and WEP etc. Some of the basic communication
encryption methods are discussed further.
10. BLOCK CIPHERS
A block cipher is a deterministic and
computable function of k-bit keys and n-bit
(plaintext) blocks to n-bit (cipher text) blocks.
(More generally, the blocks don't have to be
bit-sized, n-character-blocks would fit here,
too). This means, when you encrypt the same
plaintext block with the same key, you'll get
the same result. (We normally also want that
the function is invertible, i.e. that given the key
and the cipher text block we can compute the
plaintext.)
To actually encrypt or decrypt a message (of
any size), you don't use the block cipher
directly, but put it into a mode of operation.
The simplest such mode would be electronic
code book mode (ECB), which simply cuts the
message in blocks, applies the cipher to each
block and outputs the resulting blocks. (This is
generally not a secure mode, though.)
11. STREAM CIPHERS
A stream cipher is a symmetric key
cipher where plaintext digits are
combined with a pseudorandom cipher
digit stream (keystream). In a stream
cipher, each plaintext digit is encrypted
one at a time with the corresponding
digit of the keystream, to give a digit of
the cipher text stream. Since encryption
of each digit is dependent on the current
state of the cipher, it is also known as
state cipher. In practice, a digit is
typically a bit and the combining
12. PUBLIC KEY CRYPTOGRAPHY
In a public key encryption system, any
person can encrypt a message using the
public key of the receiver, but such a
message can be decrypted only with the
receiver's private key. For this to work it
must be computationally easy for a user to
generate a public and private key-pair to
be used for encryption and decryption. The
strength of a public key cryptography
system relies on the degree of difficulty
(computational impracticality) for a
properly generated private key to be
determined from its corresponding public
key. Security then depends only on
13. SSL (SECURE SOCKETS LAYER)
SSL (Secure Sockets Layer) is the standard security
technology for establishing an encrypted link between a
web server and a browser. This link ensures that all
data passed between the web server and browsers
remain private and integral. SSL is an industry standard
and is used by millions of websites in the protection of
their online transactions with their customers.
To be able to create an SSL connection a web server
requires an SSL Certificate. When you choose to activate
SSL on your web server you will be prompted to
complete a number of questions about the identity of
your website and your company. Your web server then
creates two cryptographic keys - a Private Key and a
Public Key.
The Public Key does not need to be secret and is placed
into a Certificate Signing Request (CSR) - a data file also
containing your details. You should then submit the
CSR. During the SSL Certificate application process, the
Certification Authority will validate your details and
issue an SSL Certificate containing your details and
14. LIGHTWEIGHT CRYPTOGRAPHY & HASH
(FUTURE RESEARCH)
Basically the ciphers having smaller digital
print and most apt for the IOT devices . It`s a
good trade-off for security , cost and
performance.
Ex- DES (X/L) based on AES (Advanced
Encryption Standard) being used in RFID and
other IOT lightweight applications since it
processes 4bit/6 bit words rather than 32/48
bits. Ciphers discussed earlier are used in
development of lightweight cryptography.
HASH - MD5 hash functions / SHA-3 are a
topic of research . Since the memory footprints
are quite larger to be implemented for IOT
15. API MANAGEMENT (DEVELOPER`S SIDE)
Application Programming Interface is
responsible for everything in your IOT
device– gateways, security and access
management as well as the API key
control.
On the IoT, data is everywhere — flowing
from devices to the cloud, from the cloud
to your back-end systems, from users
back to their devices — all enabled by
APIs. API Management enables you to
govern this flow of data with the security
you need to protect sensitive
information, and the performance
required to support connected cars,
16. HUMAN ELEMENT
This vulnerability has been since the
beginning of the technology and same
holds true for IOT devices. The
fundamentals here are the same
everywhere ,some of which can be listed
as:
1. Change default passwords. !!!!
2. Don`t share your PGP private keys.
3. Restricted access for your LAN.
4. Regular updated patches.
17. IOT EXPLOITATION (CHALLENGES)
The some of the most basic limitations of IOT devices
and attacks can be comprised as:
1. Device Limitations.
2. MITM .
3. DOS/DDOS (most common)
4. Botnet
5. Data and Identity theft
6. Brute force/Dictionary (authentication attacks)
18. DEVICE LIMITATIONS
The first and foremost challenge
we face in securing the IOT devices
is the devices limitations itself.
The typical IOT device with 8-bit
processor and 2-4 MB flash
memory is not able to process the
different HASH functions and
encryption algorithms and being a
relatively new concept , the
methods are still under research
(ex-DESL) to use the functions on
typical IOT devices.
But nonetheless lightweight
cryptography is still an option here.
19. BOTNET
A botnet is a network of systems combined
together with the purpose of remotely taking
control and distributing malware. Controlled by
botnet operators via Command-and-Control-
Servers (C&C Server), they are used by criminals
on a grand scale for many things: stealing
private information, exploiting online-banking
data, DDos-attacks or for spam and phishing
emails.
With the rise of the IoT, many objects and
devices are in danger of, or are already being
part of, so called thingbots – a botnet that
incorporates independent connected objects.
Ex- It is easy for a smtp filter to stop malicious
request from one client but not from a dozens
or hundreds of client sending the malicious
20. DOS/DDOS(DENIAL OF SERVICE)
A denial of service (DoS) attack happens
when a service that would usually work is
unavailable. There can be many reasons for
unavailability, but it usually refers to
infrastructure that cannot cope due to
capacity overload.
In a Distributed Denial of Service (DDoS)
attack, a large number of systems
maliciously attack one target. This is often
done through a botnet, where many devices
are programmed (often unbeknownst to the
owner) to request a service at the same time.
(Often a DoS attack lends itself to hacktivists
21. (MITM) ATTACK/ DATA AND IDENTITY
THEFT
The man-in-the-middle concept is where
an attacker or hacker is looking to interrupt
and breach communications between two
separate systems. It can be a dangerous
attack because it is one where the attacker
secretly intercepts and transmits messages
between two parties when they are under
the belief that they are communicating
directly with each other. As the attacker
has the original communication, they can
trick the recipient into thinking they are
still getting a legitimate message.
These attacks can be extremely dangerous
in the IoT, because of the nature of the
“things” being hacked.
Ex- Many cases have already been reported
22. BRUTE FORCE/DICTIONARY ATTACK
(CLASSICS)
These are probably the oldest type
of automated attacks still used
widely.
Brute-force - Basically, the attempt
to uncover the password is done by
trying a wide variety of
letter/number combinations to
figure out what a password is so that
an account can be taken over.
Dictionary -On the flipside of things,
dictionary attacks involve the hacker
trying to determine your password
by trying hundreds or sometimes
23. CONCLUSION
To conclude I would say that we still have a far way to go in
securing the IOT infrastructure but some of the key things can
be generalized for securing the IOT devices are:
1. IOT security design should enable an open, pervasive and
interoperable yet secure infrastructure .
2. For the sake of privacy and security, IOT or smart devices
must be capable of implementing indivual user set policies.
3. Infrastructural security services should be accessible
transparently and regardless of the connection uses by
nomadic smart IOT objects.
“SECURITY IS A MYTH” – DEFCON 22
24. REFERENCES:
• DEFCON 22 : https://www.defcon.org/html/defcon-22/dc-22-
index.html
• LIGHTWEIGHT CRYPTOGRAPHY white paper :
https://www.iab.org/wp-content/IAB-
uploads/2011/03/Kaftan.pdf
• IOT SECURITY :
https://www.forbes.com/sites/gilpress/2017/03/20/6-hot-
internet-of-things-iot-security-technologies/#7e7ad1c51b49
• HASH and ENCRYPTION white paper : http://repository.root-
me.org/RFC/EN%20-%20rfc1321.txt (rfc1321)
• SHA -1/2/3 white paper : http://repository.root-
me.org/RFC/EN%20-%20rfc5754.txt (rfc5754)