The document discusses Internet of Things (IoT) security. It defines IoT as physical objects containing technology to communicate and interact with their environment. The economic impact of IoT is estimated to be $6.2 trillion annually by 2025. IoT security faces challenges as it cuts across IT, operational technology, and telecommunications networks. The document proposes an approach using Guardtime's Keyless Signature Infrastructure (KSI) to securely integrate IoT across systems by verifying data integrity and authenticating devices. KSI would address constraints of real-time networks and help mitigate security risks like sensor network attacks.
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
Abstract: Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment.
Keywords: Mist, Insider data stealing, Bait information, Lure Files, Validating user
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
Abstract: Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment.
Keywords: Mist, Insider data stealing, Bait information, Lure Files, Validating user
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
The Internet of Things (IoT) is an extensive system of networks and connected devices with minimal human interaction and swift growth. The constraints of the System and limitations of Devices pose several challenges, including security; hence billions of devices must protect from attacks and compromises. The resource-constrained nature of IoT devices amplifies security challenges. Thus standard data communication and security measures are inefficient in the IoT environment. The ubiquity of IoT devices and their deployment in sensitive applications increase the vulnerability of any security breaches to risk lives. Hence, IoT-related security challenges are of great concern. Authentication is the solution to the vulnerability of a malicious device in the IoT environment. The proposed Multi-level Elliptic Curve Cryptography based Key Distribution and Authentication in IoT enhances the security by Multi-level Authentication when the devices enter or exit the Cluster in an IoT system. The decreased Computation Time and Energy Consumption by generating and distributing Keys using Elliptic Curve Cryptography extends the availability of the IoT devices. The Performance analysis shows the improvement over the Fast Authentication and Data Transfer method.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
Big Data and Security - Where are we now? (2015)Peter Wood
Peter Wood started looking at Big Data as a solution for Advanced Threat Protection in 2013. This presentation examines how Big Data is being used for security in 2015, how this market is developing and how realistic vendor offerings are.
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
An Internet of Things Reference Architecture Symantec
The Internet of Things (IoT) already helps billions of people. Thousands of smart, connected devices deliver new experiences to people throughout the world, lowering costs, sometimes by billions of dollars. Examples include connected cars, robotic manufacturing, smarter medical equipment, smart grid, and countless industrial control systems. Unfortunately, this growth in connected devices brings increased security risks. Threats quickly evolve to target this rich and vulnerable landscape. Serious risks include physical harm to people, prolonged downtime, and damage to equipment such as pipelines, blast furnaces, and power generation facilities. As several such facilities and IoT systems have already been attacked and materially damaged, security must now be an essential consideration for anyone making or operating IoT devices or systems, particularly for the industrial Internet.
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
The Internet of Things (IoT) is an extensive system of networks and connected devices with minimal human interaction and swift growth. The constraints of the System and limitations of Devices pose several challenges, including security; hence billions of devices must protect from attacks and compromises. The resource-constrained nature of IoT devices amplifies security challenges. Thus standard data communication and security measures are inefficient in the IoT environment. The ubiquity of IoT devices and their deployment in sensitive applications increase the vulnerability of any security breaches to risk lives. Hence, IoT-related security challenges are of great concern. Authentication is the solution to the vulnerability of a malicious device in the IoT environment. The proposed Multi-level Elliptic Curve Cryptography based Key Distribution and Authentication in IoT enhances the security by Multi-level Authentication when the devices enter or exit the Cluster in an IoT system. The decreased Computation Time and Energy Consumption by generating and distributing Keys using Elliptic Curve Cryptography extends the availability of the IoT devices. The Performance analysis shows the improvement over the Fast Authentication and Data Transfer method.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
Big Data and Security - Where are we now? (2015)Peter Wood
Peter Wood started looking at Big Data as a solution for Advanced Threat Protection in 2013. This presentation examines how Big Data is being used for security in 2015, how this market is developing and how realistic vendor offerings are.
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
An Internet of Things Reference Architecture Symantec
The Internet of Things (IoT) already helps billions of people. Thousands of smart, connected devices deliver new experiences to people throughout the world, lowering costs, sometimes by billions of dollars. Examples include connected cars, robotic manufacturing, smarter medical equipment, smart grid, and countless industrial control systems. Unfortunately, this growth in connected devices brings increased security risks. Threats quickly evolve to target this rich and vulnerable landscape. Serious risks include physical harm to people, prolonged downtime, and damage to equipment such as pipelines, blast furnaces, and power generation facilities. As several such facilities and IoT systems have already been attacked and materially damaged, security must now be an essential consideration for anyone making or operating IoT devices or systems, particularly for the industrial Internet.
The Internet of Things (IoT) is one of the most active and fascinating innovations in information and communications technology.
https://www.infosectrain.com/courses/iot-bootcamp-certification-training/
The Internet of Things (IoT) hacking is the hacking of IoT devices. IoT is a network of devices embedded with sensors, software, and other technologies to connect and exchange data and information with other devices and systems over the Internet. It primarily refers to the fast-expanding network of linked devices that use embedded sensors to collect and exchange data in real-time. Although IoT hacking is a relatively new phenomenon, it has already shown a vast capacity for destruction in a relatively short period.
This blog presentation discusses the growing significance of IoT Security Testing in a world where billions of devices are getting connected via the Internet of Things.
The Internet of Things (IoT) already helps billions of people. Thousands of smart, connected devices deliver new experiences to people throughout the world. Examples include connected cars, robotic manufacturing, smarter medical equipment, smart grid, countless industrial control systems and many more. Unfortunately, this growth in connected devices brings increased security risks. Threats quickly evolve to target this rich and vulnerable landscape. Serious risks include physical harm to people, prolonged downtime, and damage to equipment such as pipelines, blast furnaces, power generation facilities etc. As several such facilities and IoT systems have already been attacked and materially damaged, security must now be an essential consideration for anyone making or operating IoT devices or systems, particularly for the industrial Internet.
How can anyone secure the IoT? IoT systems are often highly complex, requiring end-to-end security solutions that span cloud and connectivity layers, and support resource-constrained IoT devices that often aren’t powerful enough to support traditional security solutions. Security must be comprehensive or attackers simply exploit the weakest link. Of course, traditional Information Technology (IT) systems often drive and handle data from IoT systems, but IoT systems themselves have unique additional security needs.
The security solution should be powerful and easy-to-deploy foundations of security architectures to mitigate the vast majority of security threats to the Internet of Things, including advanced and sophisticated threats. This paper describes the necessity and strategies for easy and effective implementation. No single, concise document can cover all of the important details unique to each vertical. Instead, this paper attempts to provide advice applicable to all verticals, including automotive, energy, manufacturing, healthcare, financial services, government, retail, logistics, aviation, consumer, and beyond.
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
Final Research Project - Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices.
Bottom of Form
Top of Form
Bottom of Form
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems have. There are, howe.
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
Final Research Project - Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices.
Bottom of Form
Top of Form
Bottom of Form
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems have. There are, howe ...
White Paper: IoT Security – Protecting the Networked SocietyEricsson
The Internet of Things (IoT) is expanding rapidly, and is expected to comprise 18 billion connected devices by 2022. But the assumptions of trust which formed the backdrop to the early development of the internet no longer apply in the early stages of IoT development. Privacy and security concerns are ever increasing, especially given the growing significance of IoT in corporate, government, and critical infrastructure contexts. Likewise, the commodification of IoT components incorporated across diverse product ranges and deployed in both managed and unmanaged use cases brings significant security challenges and creates potential for novel types of attack. The proactive cooperation of all key stakeholders will be necessary to realize the considerable economic benefits of the IoT, while protecting security, safety, and privacy.
Understanding and Solving Common IoT Security Problems.pdfSeasiaInfotech2
According to them, mobile apps can also be a point of connection for various IoT devices. If you need help with IoT app development, then take the guidance of professionals.
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...Dark Bears
The Internet of Things (IoT) has revolutionized the way we interact with technology. From smart homes to industrial automation, IoT devices have become an integral part of our daily lives. However, with this increasing dependency on interconnected devices comes the pressing concern of security vulnerabilities. As the number of IoT devices grows, so does the risk of cyberattacks and data breaches. This article explores the importance of hiring skilled developers to build secure IoT applications and the benefits they bring in protecting your devices.
The Internet of things IoT is a relatively new concept. It presents numerous benefits to consumers and proves a financial boon for businesses. Pervasive introduction of sensors and devices into currently intimate spaces, such as homes, cars, and wearables, poses some challenges. There are also challenges in deploying IoT by government agencies and private industries. This paper attempts to address these challenges and offers solutions. Matthew N. O. Sadiku | Adedamola Omotoso | Shuza Binzaid | Sarhan M. Musa "Internet of Things: Challenges and Solutions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29302.pdf Paper URL: https://www.ijtsrd.com/engineering/electrical-engineering/29302/internet-of-things-challenges-and-solutions/matthew-n-o-sadiku
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
In the era of computing technology, Internet of Things (IoT) devices are now popular in each and every domains like e-governance, e-Health, e-Home, e-Commerce, and e-Trafficking etc. Iot is spreading from small to large applications in all fields like Smart Cities, Smart Grids, Smart Transportation. As on one side IoT provide facilities and services for the society. On the other hand, IoT security is also a crucial issues.IoT security is an area which totally concerned for giving security to connected devices and networks in the IoT .As, IoT is vast area with usability, performance, security, and reliability as a major challenges in it. The growth of the IoT is exponentially increases as driven by market pressures, which proportionally increases the security threats involved in IoT The relationship between the security and billions of devices connecting to the Internet cannot be described with existing mathematical methods. In this paper, we explore the opportunities possible in the IoT with security threats and challenges associated with it.
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems have. There are, however, some challenges that are unique to IoT.
1. Embedded Passwords. Embedding passwords in IoT devices make it easy for remote support technicians to access devices for troubleshooting and simplifies the installation of multiple devices. Of course, it also simplifies access to devices for malicious purposes.
2. Lack of device authentication. Allowing IoT devices access to the network without authenticating opens the network to unknown and unauthorized devices. Rogue devices can serve as an entry point for attacks or even as a source of attacks.
3. Patching and upgrading. Some IoT devices do not provide a simple (or any) means to patch or upgrade software. This results in many IoT devices with vulnerabilities continuing to be in use.
4. Physical hardening. Physical access to IoT devices can introduce risk if those devices are not hardened against physical attack. Such an attack may not be intended to damage the device, but rather to extract information. Simply removing a microSD memory card to read its contents can give an attacker private data, as well as information such as embedded passwords that may allow access to other devices.
5. Outdated components. When vulnerabilities are discovered in hardware or software components of IoT devices, it can be difficult and expensive for manufacturers or users to update or replace them. As with patches, this results in many IoT devices with vulnerabilities continuing to be used.
6. Device monitoring and management. IoT devices do not always have a unique identifier that facilitates asset tracking, monitoring, and management. IT personnel do not necessarily consider IoT devices among the hosts that they monitor and manage. Asset tracking systems sometimes neglect to include IoT devices, so they sit on the network without being managed or monitored.
Most of these issues can be attributed to security being an afterthought (if a thought at all) in the design and manufacturing of IoT devices. Even tho ...
Similar to KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper (20)
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
1. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY
Internet of
Things (IoT)
Security
Turning
Defense into
Offence
guardtime.com
2. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY
Internet of
Things (IoT)
economic
impact is
estimated at
$6.2 trillion
annually by
2025.
Mckinsey Global
Institute study,
May 2013
3. INTERNET OF THINGS (IOT) SECURITY PAGE 3 OF 11
Defined by Gartner as:
“Network of physical objects that
contain embedded technology
to communicate and sense or
interact with their internal state or
the external environment.”
Proliferation of low cost wearable
devices, in home sensors,
driver less cars, smart phones,
and cloud-based applications
are all enabling IoT to become
a reality.
IoT security architecture and
products are evolving. IoT
solutions cut across raditional
technology boundaries of
Information Technology (IT),
Operational Technology (OT) and
Telecom cellular networks (TN).
Focus on data protection and
privacy becomes paramount.
Welcome to
the Future
Imagine the future, you are in 2020, the alarm clock
coordinates with your wearable sleep sensor to gently
wake you up.
Simultaneously, your car reviews the calendar, determining
you need to be at the airport in three hours, and starts
monitoring traffic patterns. The coffee maker starts to
grind and brew the perfect cup of coffee. The car sends
you a text: ‘best routes to San Francisco airport and what
time to leave’. Coffee is ready, cooled to temperature
and ready for drinking as the car takes you to the airport.
You have time to catch up on emails and voicemails as
the car navigates to the departure gate. Home security,
lighting, plant watering and HVAC systems adjust to the
calendar, knowing you will be out for three days. You get
out of the car at the departure gate; the car drives off to
self-park in the long-term parking lot.
But wait! You land, an urgent text arrives, and your car
is not in the parking lot, your home has been broken
into, your personal electronic records compromised.
Your worst nightmare, thousands of miles away and you
are a victim of a new wave of crime sweeping the country:
“Sensor Network Attacks”. Monitoring and security agen-
cies are fighting to contain the outbreak, déjà vu the early
days of the Internet!
At Guardtime, we understand IoT security requires a
different mindset, one where security is tied to your data,
protecting data through keyless signatures wherever the
data moves, changes or is accessed, creating digital foot-
prints to monitor and report any malicious or suspicious
activities. Irrespective of where the data resides, in the
cloud, your car, home or on your smart phone.
1 2 3
IoT primer
4. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY
The Industrial
Internet will
have a
$270 billion
impact to GE
businesses.
Jeff Immelt,
GE CEO
5. INTERNET OF THINGS (IOT) SECURITY PAGE 5 OF 11
The Challenges
of IoT Security
The social, economic and political impacts of IoT are just
starting to be understood and debated. The effects on
quality of life, health, environment, productivity, agricul-
ture will unleash the next wave of innovation as we tran-
sition from the consumer internet to the industrial internet.
Projections by McKinsey model 10-20% cost reductions in
chronic disease management, up to 5% improve-ments in
manufacturing operating costs, 10%- 20% improvements
in travel time and congestion control and 20% increase in
yields from precision application of fertilizer and irrigation
by famers.
Ecosystem of supporting innovation facilitates the adop-
tion of IoT technologies, with low cost low power embed-
ded sensors, LTE / 4G IP cellular networks, smart phones,
cloud infra and IPV 6.0.
In contrast, security technologies, procedures and policies
leverage the investments made in Information Technology,
Operational Technology and Telecommunication – Cellu-
lar networks creating a fortress mentality to protect and
defend assets via:
• Physical appliances:
firewalls and network access control
• Virtual and private networks with monitoring
• Digital certificates, anti virus and malware scanning
• Patch management of critical security defects
• Intrusion detection and prevention systems
• Vulnerability and penetration testing tools
• Data encryption and data segregation
Although these are all valid and good practices to
adopt, many of these practices are IT focused and
are limited in how they can be deployed into real time
plant networks or directly managing physical objects.
These environments have four major constraints:
• Real time, 24x7x365 infrastructures cannot be
brought down for security updates and patching.
• Low latency, proprietary protocols limit the ability to
deploy anti virus and malware software.
• Embedded processors, running RTOS (real time
operating systems) have limited processor and
memory capacity to execute security software.
• Traditional anti-virus and malware detection does not
work for the proprietary protocols, applications and
real-time embedded operating systems traditionally
used in IOT.
IoT will drive the convergence of IT,
OT and Telecommunication Cellular
networks.
IT – systems, applications,
networks, servers, storage to
automate business processes.
Hosted in data centers.
OT – hardware and software
operating in real time environments
that sense, detect, respond to
changes in physical devices.
TN – Telecommunications
Networks, cellular wireless
networks served by cell sites
performing cell, voice and data
processing and subscriber
functions.
IoT primer
4
IoT primer
6. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY
The Internet
of Everything
will have a
$14.7 trillion
economic
impact.
John T Chambers,
Cisco CEO
7. INTERNET OF THINGS (IOT) SECURITY PAGE 7 OF 11
Securing IoT
the Right Way
Architecting an IoT security strategy requires an under-
standing of the core principles by which of IoT applications
and solutions will be built and deployed.
Guardtime experience in securing massive scale and reli-
able digital assets for security and government agencies,
provides the experience and foundation to define the fol-
lowing key IoT security principles:
Event Driven – sense, detect and react to events
intelligently. An event is a change in state of the phys-
ical object.
Traceable – record and play back events over time
horizons to aid in discovery and root cause analysis.
Assurance – verify the reliability and integrity of the
data, preserving time and authenticity.
Identity – authentication and authorization of physical
devices with IoT applications.
To address the number and complexity of potential vul-
nerabilities within an IoT solution requires an alternative
approach to how security has historically been designed
and managed. Security within IT, OT and Telecommunica-
tions Cellular networks is secondary to the functionality
and services being delivered to the customer.
Security is a back office, technically focused organization
that is called upon usually after product design or as a
result of a major attack. Guardtime is leading the think-
ing, envisioning a future of IoT solutions, where Security
is at the forefront and an integral component of business
strategy.
At Guardtime, we believe security should and must be
seen as a competitive advantage to organizations looking
to capitalize on IoT opportunities.
Technology trends in Cloud, Big
Data and Mobility will fuel the
innovation and growth of IoT
applications and solutions.
Cloud technology enables a more
cost effective and scalable means
to deliver compute infrastructure
and software applications on a
pay as you go basis.
Big Data technologies allow for
massive amounts of structured
(relational) and unstructured
data (media) to be analyzed on
low cost commodity hardware
(Cloud based) to model and
predict future scenarios and
trade-offs.
Mobile technologies such
as smart phones and tablets
provide substantial processing
capabilities and high bandwidth
connectivity to LTE / 4G
networks to empower remote
workers and control physical
devices remotely.
5
IoT primer
8. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY
Google’s
$3.2 billion
acquisition of
Nest allows
Google to tie
home devices
with Google
software.
9. INTERNET OF THINGS (IOT) SECURITY PAGE 9 OF 11
Guardtime’s
KSI for IoT
Guardtime’s technology assigns a unique “keyless” signa-
ture to any type of data. The signature, is stored with the
data, as an attribute which can be used to verify the time
of creation, identity of creator and integrity of the data, in-
dependently from keys, secrets and certificates.
Real time verification of the data signature occurs and
notifications sent should data integrity be compromised
and / or unauthorized access occur.
The outcome of deploying a Keyless Signature Infrastruc-
ture (KSI) within IoT solutions is the ability to seamlessly
integrate into IT, OT and Telecommunication Networks, se-
curing IoT data, ensuring integrity and accountability. KSI’s
technology addresses the three constraints identified with
real time plant networks, by providing firmware code, ses-
sion and data integrity between the physical device and
external IoT systems.
KSI signed data KSI signatre
verification
Alert if
vertification fails
+ =
Electronic Data Keyless Signature Guardtime
Electronic Data
!
“Which code is the machine executing?”
MachineA. Executable Integrity
Machine
“Who communicated with the machine?”
B. Session Log Integrity
Machine
“What data was the machine collecting?”
C. Machine Data Integrity
IoT infrastructures will depend
on the design, configuration
and security of Wireless Sensor
Networks (WSN).
• A Wireless Sensor Net-
work can consist of the
following components:
• RFID tags and readers
• Sensors configured to de-
tect temperature, humidity,
moisture, weight, traffic
flow etc.
• WIFI 802.15.4 / ZigBee /
Bluetooth / 802.11ah
• Access points
• Encryption
• Gateways
• Data Collection Engines
6
IoT primer
10. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY
The Internet
of Things will
take more
than 10 years
to become
mainstream,
mainly due to
security
challenges,
privacy and
standards.
Gartner 2012
IoT paper
11. INTERNET OF THINGS (IOT) SECURITY PAGE 11 OF 11
Conclusion
To mitigate Sensor Network Attacks now and in the
future, Guardtime’s technologies protect IoT infrastruc-
tures by providing a 360-degree view of the data at any-
time, anywhere and on any device, static or in motion.
Legacy operating systems and applications mean per-
sistent vulnerabilities in control system architectures that
cannot be mitigated until a technology refresh.
Due to the long cycle times to tech refresh these systems
(think windows XP used extensively), the only way to do
advanced persistent threat detection post support expiring
is KSI and continuous monitoring. Indeed, KSI extends the
life and deployment of these legacy systems with real-time
monitoring and resilience attributes in the event of an
implementation specific vulnerabilities.
Selecting Guardtime’s KSI technology will allow organi-
tions and governments planning IoT projects to gain the
following advantages:
• Trusted partner to security and government
agencies worldwide.
• Attribution: prevent data loss of important digital
assets, assure the integrity of the networks and verify
behaviors across service providers.
• Exabyte-scale Integrity: independent verification for
the absence of compromise in systems, networks,
devices and data.
• Auditability: Indemnification for organizations as
there is independent mathematical audit trail for what
happened when across all networks and devices.
• Monitoring: Real time monitoring to prevent data
loss, monitoring changes to state, access, custody
and identity.
• Integration and interoperability: leverage existing
investments in Security and Network infrastructure.
• Service lifetime extension: extends the life and
deployment of these legacy systems with
real-time monitoring and resilience attributes.