Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Iot security problems and solutions
1. Security In Iot
Problems & Solutions
Presented by:-
Purvesh .R. Kachhiya(14CE047)
1Internet of Things(CE413)
2. What is Iot?
• Everyday physical objects will be connected to the Internet and will
be able to identify themselves to other devices
• Enable communications with & among smart objects
Internet of Things(CE413) 2
3. Security
• Regulating access to electronic assets according to some set
policies
• These 'set policies' for security are in fact a result of privacy and
safety policies
• “...without trust and security built into IoT technology and systems
in a holistic way, we will not see an Internet of Things, but continue
to see silos of things.”
- Zach Shelby
[Director of Technology for IoT, ARM Inc. ]
Internet of Things(CE413) 3
4. Security
• It is clear that a system cannot be viable if it is not secure and if it
does not maintain privacy.
• Security will be a major concern wherever networks are deployed at
large scale
• However, protecting IoT is a complex and difficult task
• Video Link: https://youtu.be/u1ymmRQ_p3k
Internet of Things(CE413) 4
5. What are the Security threats?
• Denial of service(DoS)
• Physical Damage
• Eavesdropping
• Node Capture
• Controlling
Internet of Things(CE413) 5
6. Denial of service(DoS)
• Beyond traditional Internet DoS attacks that exhaust service
provider resources and network bandwidth.
• The actual wireless communication infrastructure of most data
acquisition networks can also be targeted
Internet of Things(CE413) 6
7. Physical Damage
• In this attacker model, active attackers usually lack technical
knowledge, and can only hinder the provisioning of IoT services by
destroying the actual ‘things’.
• This is a realistic attack in the IoT context, because things might
be easily accessible to anyone.
Internet of Things(CE413) 7
8. Eavesdropping
• Passive attackers can target various communication channels in
order to extract data from the information flow.
• An internal attacker that gains access to a particular
infrastructure will be able to extract the information that circulates
within that infrastructure.
Internet of Things(CE413) 8
9. Node Capture
• Instead of destroying ''Things'', an active attacker can try to extract
the information they contain.
• 'Instead of things, active attackers can also target other
infrastructures that store information, such as data processing or
data storage entities.
Internet of Things(CE413) 9
10. Controlling
• As long as there is an attack path, active attackers can try to gain
partial or full control over an IoT entity.
Internet of Things(CE413) 10
11. Authentication & Authorization
• Problem: Without authentication, it will not be possible to assure
that the data flow produced by a certain entity contains what it is
supposed to contain Without authorization (access control),
everything will be accessed by everyone, which is neither viable nor
realistic
• Solution: Device ID Certificates issued to each device at the point of
manufacturing to establish identity
• We need cryptographic add-ons to Deluge such algorithms spend
large amount of resources (energy and bandwidth) both at the
source and the destination
Internet of Things(CE413) 11
12. Communication
• Problem: As messages are communicated,
Messages and data could be intercepted, captured, or manipulated
while in transit
• Solution: Data in the cloud and IoT environment should be encrypted to
prevent interception and to maintain data confidentiality
• Assigning a unique identification key and certificate to each device...
• Most secure communication protocols (e.g. TLS or DTLS)
Internet of Things(CE413) 12
13. Data Integrity
• Problem: Devices spend most of the time unattended
• Data can be modified by adversaries while it is stored in the node or
when it traverses the network
• Data integrity is usually ensured by protecting data with passwords
• Solution: Need to guarantee that an adversary cannot modify data
in the transaction without the system detecting the change.
• Protect messages according to the Keyed-Hash Message
Authentication Code (HMAC) scheme
Internet of Things(CE413) 13
14. Protocol & Network Security
• Problem: Constrained devices will interact with various
heterogeneous devices either directly or through gateways
• Need to adapt or create lightweight security protocols that offer an
end-to-end secure communication channel
• Solution: These protocols require credentials
• Optimal key management systems must be implemented to
distribute these credentials to help in establishing the necessary
session keys between peers
Internet of Things(CE413) 14