SlideShare a Scribd company logo

KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper

Martin Ruubel
Martin Ruubel

The document discusses Internet of Things (IoT) security. It defines IoT as physical objects containing technology to communicate and interact with their environment. The economic impact of IoT is estimated to be $6.2 trillion annually by 2025. IoT security faces challenges as it cuts across IT, operational technology, and telecommunications networks. The document proposes an approach using Guardtime's Keyless Signature Infrastructure (KSI) to securely integrate IoT across systems by verifying data integrity and authenticating devices. KSI would address constraints of real-time networks and help mitigate security risks like sensor network attacks.

1 of 12
Download to read offline
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY Internet of Things (IoT) Security Turning Defense into Offence guardtime.com
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY Internet of Things (IoT) economic impact is estimated at $6.2 trillion annually by 2025. Mckinsey Global Institute study, May 2013
INTERNET OF THINGS (IOT) SECURITY PAGE 3 OF 11 Defined by Gartner as: “Network of physical objects that contain embedded technology to communicate and sense or interact with their internal state or the external environment.” Proliferation of low cost wearable devices, in home sensors, driver less cars, smart phones, and cloud-based applications are all enabling IoT to become a reality. IoT security architecture and products are evolving. IoT solutions cut across raditional technology boundaries of Information Technology (IT), Operational Technology (OT) and Telecom cellular networks (TN). Focus on data protection and privacy becomes paramount. Welcome to the Future Imagine the future, you are in 2020, the alarm clock coordinates with your wearable sleep sensor to gently wake you up. Simultaneously, your car reviews the calendar, determining you need to be at the airport in three hours, and starts monitoring traffic patterns. The coffee maker starts to grind and brew the perfect cup of coffee. The car sends you a text: ‘best routes to San Francisco airport and what time to leave’. Coffee is ready, cooled to temperature and ready for drinking as the car takes you to the airport. You have time to catch up on emails and voicemails as the car navigates to the departure gate. Home security, lighting, plant watering and HVAC systems adjust to the calendar, knowing you will be out for three days. You get out of the car at the departure gate; the car drives off to self-park in the long-term parking lot. But wait! You land, an urgent text arrives, and your car is not in the parking lot, your home has been broken into, your personal electronic records compromised. Your worst nightmare, thousands of miles away and you are a victim of a new wave of crime sweeping the country: “Sensor Network Attacks”. Monitoring and security agen- cies are fighting to contain the outbreak, déjà vu the early days of the Internet! At Guardtime, we understand IoT security requires a different mindset, one where security is tied to your data, protecting data through keyless signatures wherever the data moves, changes or is accessed, creating digital foot- prints to monitor and report any malicious or suspicious activities. Irrespective of where the data resides, in the cloud, your car, home or on your smart phone. 1 2 3 IoT primer
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY The Industrial Internet will have a $270 billion impact to GE businesses. Jeff Immelt, GE CEO
INTERNET OF THINGS (IOT) SECURITY PAGE 5 OF 11 The Challenges of IoT Security The social, economic and political impacts of IoT are just starting to be understood and debated. The effects on quality of life, health, environment, productivity, agricul- ture will unleash the next wave of innovation as we tran- sition from the consumer internet to the industrial internet. Projections by McKinsey model 10-20% cost reductions in chronic disease management, up to 5% improve-ments in manufacturing operating costs, 10%- 20% improvements in travel time and congestion control and 20% increase in yields from precision application of fertilizer and irrigation by famers. Ecosystem of supporting innovation facilitates the adop- tion of IoT technologies, with low cost low power embed- ded sensors, LTE / 4G IP cellular networks, smart phones, cloud infra and IPV 6.0. In contrast, security technologies, procedures and policies leverage the investments made in Information Technology, Operational Technology and Telecommunication – Cellu- lar networks creating a fortress mentality to protect and defend assets via: • Physical appliances: firewalls and network access control • Virtual and private networks with monitoring • Digital certificates, anti virus and malware scanning • Patch management of critical security defects • Intrusion detection and prevention systems • Vulnerability and penetration testing tools • Data encryption and data segregation Although these are all valid and good practices to adopt, many of these practices are IT focused and are limited in how they can be deployed into real time plant networks or directly managing physical objects. These environments have four major constraints: • Real time, 24x7x365 infrastructures cannot be brought down for security updates and patching. • Low latency, proprietary protocols limit the ability to deploy anti virus and malware software. • Embedded processors, running RTOS (real time operating systems) have limited processor and memory capacity to execute security software. • Traditional anti-virus and malware detection does not work for the proprietary protocols, applications and real-time embedded operating systems traditionally used in IOT. IoT will drive the convergence of IT, OT and Telecommunication Cellular networks. IT – systems, applications, networks, servers, storage to automate business processes. Hosted in data centers. OT – hardware and software operating in real time environments that sense, detect, respond to changes in physical devices. TN – Telecommunications Networks, cellular wireless networks served by cell sites performing cell, voice and data processing and subscriber functions. IoT primer 4 IoT primer
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY The Internet of Everything will have a $14.7 trillion economic impact. John T Chambers, Cisco CEO
INTERNET OF THINGS (IOT) SECURITY PAGE 7 OF 11 Securing IoT the Right Way Architecting an IoT security strategy requires an under- standing of the core principles by which of IoT applications and solutions will be built and deployed. Guardtime experience in securing massive scale and reli- able digital assets for security and government agencies, provides the experience and foundation to define the fol- lowing key IoT security principles: Event Driven – sense, detect and react to events intelligently. An event is a change in state of the phys- ical object. Traceable – record and play back events over time horizons to aid in discovery and root cause analysis. Assurance – verify the reliability and integrity of the data, preserving time and authenticity. Identity – authentication and authorization of physical devices with IoT applications. To address the number and complexity of potential vul- nerabilities within an IoT solution requires an alternative approach to how security has historically been designed and managed. Security within IT, OT and Telecommunica- tions Cellular networks is secondary to the functionality and services being delivered to the customer. Security is a back office, technically focused organization that is called upon usually after product design or as a result of a major attack. Guardtime is leading the think- ing, envisioning a future of IoT solutions, where Security is at the forefront and an integral component of business strategy. At Guardtime, we believe security should and must be seen as a competitive advantage to organizations looking to capitalize on IoT opportunities. Technology trends in Cloud, Big Data and Mobility will fuel the innovation and growth of IoT applications and solutions. Cloud technology enables a more cost effective and scalable means to deliver compute infrastructure and software applications on a pay as you go basis. Big Data technologies allow for massive amounts of structured (relational) and unstructured data (media) to be analyzed on low cost commodity hardware (Cloud based) to model and predict future scenarios and trade-offs. Mobile technologies such as smart phones and tablets provide substantial processing capabilities and high bandwidth connectivity to LTE / 4G networks to empower remote workers and control physical devices remotely. 5 IoT primer
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY Google’s $3.2 billion acquisition of Nest allows Google to tie home devices with Google software.
INTERNET OF THINGS (IOT) SECURITY PAGE 9 OF 11 Guardtime’s KSI for IoT Guardtime’s technology assigns a unique “keyless” signa- ture to any type of data. The signature, is stored with the data, as an attribute which can be used to verify the time of creation, identity of creator and integrity of the data, in- dependently from keys, secrets and certificates. Real time verification of the data signature occurs and notifications sent should data integrity be compromised and / or unauthorized access occur. The outcome of deploying a Keyless Signature Infrastruc- ture (KSI) within IoT solutions is the ability to seamlessly integrate into IT, OT and Telecommunication Networks, se- curing IoT data, ensuring integrity and accountability. KSI’s technology addresses the three constraints identified with real time plant networks, by providing firmware code, ses- sion and data integrity between the physical device and external IoT systems. KSI signed data KSI signatre verification Alert if vertification fails + = Electronic Data Keyless Signature Guardtime Electronic Data ! “Which code is the machine executing?” MachineA. Executable Integrity Machine “Who communicated with the machine?” B. Session Log Integrity Machine “What data was the machine collecting?” C. Machine Data Integrity IoT infrastructures will depend on the design, configuration and security of Wireless Sensor Networks (WSN). • A Wireless Sensor Net- work can consist of the following components: • RFID tags and readers • Sensors configured to de- tect temperature, humidity, moisture, weight, traffic flow etc. • WIFI 802.15.4 / ZigBee / Bluetooth / 802.11ah • Access points • Encryption • Gateways • Data Collection Engines 6 IoT primer
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY The Internet of Things will take more than 10 years to become mainstream, mainly due to security challenges, privacy and standards. Gartner 2012 IoT paper
INTERNET OF THINGS (IOT) SECURITY PAGE 11 OF 11 Conclusion To mitigate Sensor Network Attacks now and in the future, Guardtime’s technologies protect IoT infrastruc- tures by providing a 360-degree view of the data at any- time, anywhere and on any device, static or in motion. Legacy operating systems and applications mean per- sistent vulnerabilities in control system architectures that cannot be mitigated until a technology refresh. Due to the long cycle times to tech refresh these systems (think windows XP used extensively), the only way to do advanced persistent threat detection post support expiring is KSI and continuous monitoring.  Indeed, KSI extends the life and deployment of these legacy systems with real-time monitoring and resilience attributes in the event of an implementation specific vulnerabilities. Selecting Guardtime’s KSI technology will allow organi- tions and governments planning IoT projects to gain the following advantages: • Trusted partner to security and government agencies worldwide. • Attribution: prevent data loss of important digital assets, assure the integrity of the networks and verify behaviors across service providers. • Exabyte-scale Integrity: independent verification for the absence of compromise in systems, networks, devices and data. • Auditability: Indemnification for organizations as there is independent mathematical audit trail for what happened when across all networks and devices. • Monitoring: Real time monitoring to prevent data loss, monitoring changes to state, access, custody and identity. • Integration and interoperability: leverage existing investments in Security and Network infrastructure. • Service lifetime extension: extends the life and deployment of these legacy systems with real-time monitoring and resilience attributes.
PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY © 2014 Guardtime

Recommended

Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
Temok IT Services
 

Recommended

Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
Temok IT Services
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
CODE BLUE
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Big security for_big_data
Big security for_big_dataBig security for_big_data
Big security for_big_dataShyam Sarkar
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412Hai Nguyen
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
Cognizant
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
Happiest Minds Technologies
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportCamilo do Carmo Pinto
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 

More Related Content

What's hot

Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
CODE BLUE
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Big security for_big_data
Big security for_big_dataBig security for_big_data
Big security for_big_dataShyam Sarkar
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412Hai Nguyen
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
Cognizant
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
Happiest Minds Technologies
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 

What's hot (20)

Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Big security for_big_data
Big security for_big_dataBig security for_big_data
Big security for_big_data
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 

Similar to KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper

Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
infosec train
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
Infosectrain3
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
Asiri Hewage
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
#essaywriting
 
sample assignment
sample assignmentsample assignment
sample assignment
#essaywriting
 
IoT and security
IoT and securityIoT and security
IoT and security
IET India
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
tjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
lmelaine
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
Ericsson
 
Understanding and Solving Common IoT Security Problems.pdf
Understanding and Solving Common IoT Security Problems.pdfUnderstanding and Solving Common IoT Security Problems.pdf
Understanding and Solving Common IoT Security Problems.pdf
SeasiaInfotech2
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
Karel Van Isacker
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
Dark Bears
 
Internet of Things Challenges and Solutions
Internet of Things Challenges and SolutionsInternet of Things Challenges and Solutions
Internet of Things Challenges and Solutions
ijtsrd
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Things
ijsrd.com
 
Strengthening IoT Security Against Cyber Threats.pdf
Strengthening IoT Security Against Cyber Threats.pdfStrengthening IoT Security Against Cyber Threats.pdf
Strengthening IoT Security Against Cyber Threats.pdf
SeasiaInfotech2
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
vrickens
 

Similar to KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper (20)

Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
 
sample assignment
sample assignmentsample assignment
sample assignment
 
IoT and security
IoT and securityIoT and security
IoT and security
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 
Future of Internet.pptx
Future of Internet.pptxFuture of Internet.pptx
Future of Internet.pptx
 
Understanding and Solving Common IoT Security Problems.pdf
Understanding and Solving Common IoT Security Problems.pdfUnderstanding and Solving Common IoT Security Problems.pdf
Understanding and Solving Common IoT Security Problems.pdf
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
 
Internet of Things Challenges and Solutions
Internet of Things Challenges and SolutionsInternet of Things Challenges and Solutions
Internet of Things Challenges and Solutions
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Things
 
Strengthening IoT Security Against Cyber Threats.pdf
Strengthening IoT Security Against Cyber Threats.pdfStrengthening IoT Security Against Cyber Threats.pdf
Strengthening IoT Security Against Cyber Threats.pdf
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 

KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper

  • 1. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY Internet of Things (IoT) Security Turning Defense into Offence guardtime.com
  • 2. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY Internet of Things (IoT) economic impact is estimated at $6.2 trillion annually by 2025. Mckinsey Global Institute study, May 2013
  • 3. INTERNET OF THINGS (IOT) SECURITY PAGE 3 OF 11 Defined by Gartner as: “Network of physical objects that contain embedded technology to communicate and sense or interact with their internal state or the external environment.” Proliferation of low cost wearable devices, in home sensors, driver less cars, smart phones, and cloud-based applications are all enabling IoT to become a reality. IoT security architecture and products are evolving. IoT solutions cut across raditional technology boundaries of Information Technology (IT), Operational Technology (OT) and Telecom cellular networks (TN). Focus on data protection and privacy becomes paramount. Welcome to the Future Imagine the future, you are in 2020, the alarm clock coordinates with your wearable sleep sensor to gently wake you up. Simultaneously, your car reviews the calendar, determining you need to be at the airport in three hours, and starts monitoring traffic patterns. The coffee maker starts to grind and brew the perfect cup of coffee. The car sends you a text: ‘best routes to San Francisco airport and what time to leave’. Coffee is ready, cooled to temperature and ready for drinking as the car takes you to the airport. You have time to catch up on emails and voicemails as the car navigates to the departure gate. Home security, lighting, plant watering and HVAC systems adjust to the calendar, knowing you will be out for three days. You get out of the car at the departure gate; the car drives off to self-park in the long-term parking lot. But wait! You land, an urgent text arrives, and your car is not in the parking lot, your home has been broken into, your personal electronic records compromised. Your worst nightmare, thousands of miles away and you are a victim of a new wave of crime sweeping the country: “Sensor Network Attacks”. Monitoring and security agen- cies are fighting to contain the outbreak, déjà vu the early days of the Internet! At Guardtime, we understand IoT security requires a different mindset, one where security is tied to your data, protecting data through keyless signatures wherever the data moves, changes or is accessed, creating digital foot- prints to monitor and report any malicious or suspicious activities. Irrespective of where the data resides, in the cloud, your car, home or on your smart phone. 1 2 3 IoT primer
  • 4. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY The Industrial Internet will have a $270 billion impact to GE businesses. Jeff Immelt, GE CEO
  • 5. INTERNET OF THINGS (IOT) SECURITY PAGE 5 OF 11 The Challenges of IoT Security The social, economic and political impacts of IoT are just starting to be understood and debated. The effects on quality of life, health, environment, productivity, agricul- ture will unleash the next wave of innovation as we tran- sition from the consumer internet to the industrial internet. Projections by McKinsey model 10-20% cost reductions in chronic disease management, up to 5% improve-ments in manufacturing operating costs, 10%- 20% improvements in travel time and congestion control and 20% increase in yields from precision application of fertilizer and irrigation by famers. Ecosystem of supporting innovation facilitates the adop- tion of IoT technologies, with low cost low power embed- ded sensors, LTE / 4G IP cellular networks, smart phones, cloud infra and IPV 6.0. In contrast, security technologies, procedures and policies leverage the investments made in Information Technology, Operational Technology and Telecommunication – Cellu- lar networks creating a fortress mentality to protect and defend assets via: • Physical appliances: firewalls and network access control • Virtual and private networks with monitoring • Digital certificates, anti virus and malware scanning • Patch management of critical security defects • Intrusion detection and prevention systems • Vulnerability and penetration testing tools • Data encryption and data segregation Although these are all valid and good practices to adopt, many of these practices are IT focused and are limited in how they can be deployed into real time plant networks or directly managing physical objects. These environments have four major constraints: • Real time, 24x7x365 infrastructures cannot be brought down for security updates and patching. • Low latency, proprietary protocols limit the ability to deploy anti virus and malware software. • Embedded processors, running RTOS (real time operating systems) have limited processor and memory capacity to execute security software. • Traditional anti-virus and malware detection does not work for the proprietary protocols, applications and real-time embedded operating systems traditionally used in IOT. IoT will drive the convergence of IT, OT and Telecommunication Cellular networks. IT – systems, applications, networks, servers, storage to automate business processes. Hosted in data centers. OT – hardware and software operating in real time environments that sense, detect, respond to changes in physical devices. TN – Telecommunications Networks, cellular wireless networks served by cell sites performing cell, voice and data processing and subscriber functions. IoT primer 4 IoT primer
  • 6. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY The Internet of Everything will have a $14.7 trillion economic impact. John T Chambers, Cisco CEO
  • 7. INTERNET OF THINGS (IOT) SECURITY PAGE 7 OF 11 Securing IoT the Right Way Architecting an IoT security strategy requires an under- standing of the core principles by which of IoT applications and solutions will be built and deployed. Guardtime experience in securing massive scale and reli- able digital assets for security and government agencies, provides the experience and foundation to define the fol- lowing key IoT security principles: Event Driven – sense, detect and react to events intelligently. An event is a change in state of the phys- ical object. Traceable – record and play back events over time horizons to aid in discovery and root cause analysis. Assurance – verify the reliability and integrity of the data, preserving time and authenticity. Identity – authentication and authorization of physical devices with IoT applications. To address the number and complexity of potential vul- nerabilities within an IoT solution requires an alternative approach to how security has historically been designed and managed. Security within IT, OT and Telecommunica- tions Cellular networks is secondary to the functionality and services being delivered to the customer. Security is a back office, technically focused organization that is called upon usually after product design or as a result of a major attack. Guardtime is leading the think- ing, envisioning a future of IoT solutions, where Security is at the forefront and an integral component of business strategy. At Guardtime, we believe security should and must be seen as a competitive advantage to organizations looking to capitalize on IoT opportunities. Technology trends in Cloud, Big Data and Mobility will fuel the innovation and growth of IoT applications and solutions. Cloud technology enables a more cost effective and scalable means to deliver compute infrastructure and software applications on a pay as you go basis. Big Data technologies allow for massive amounts of structured (relational) and unstructured data (media) to be analyzed on low cost commodity hardware (Cloud based) to model and predict future scenarios and trade-offs. Mobile technologies such as smart phones and tablets provide substantial processing capabilities and high bandwidth connectivity to LTE / 4G networks to empower remote workers and control physical devices remotely. 5 IoT primer
  • 8. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY Google’s $3.2 billion acquisition of Nest allows Google to tie home devices with Google software.
  • 9. INTERNET OF THINGS (IOT) SECURITY PAGE 9 OF 11 Guardtime’s KSI for IoT Guardtime’s technology assigns a unique “keyless” signa- ture to any type of data. The signature, is stored with the data, as an attribute which can be used to verify the time of creation, identity of creator and integrity of the data, in- dependently from keys, secrets and certificates. Real time verification of the data signature occurs and notifications sent should data integrity be compromised and / or unauthorized access occur. The outcome of deploying a Keyless Signature Infrastruc- ture (KSI) within IoT solutions is the ability to seamlessly integrate into IT, OT and Telecommunication Networks, se- curing IoT data, ensuring integrity and accountability. KSI’s technology addresses the three constraints identified with real time plant networks, by providing firmware code, ses- sion and data integrity between the physical device and external IoT systems. KSI signed data KSI signatre verification Alert if vertification fails + = Electronic Data Keyless Signature Guardtime Electronic Data ! “Which code is the machine executing?” MachineA. Executable Integrity Machine “Who communicated with the machine?” B. Session Log Integrity Machine “What data was the machine collecting?” C. Machine Data Integrity IoT infrastructures will depend on the design, configuration and security of Wireless Sensor Networks (WSN). • A Wireless Sensor Net- work can consist of the following components: • RFID tags and readers • Sensors configured to de- tect temperature, humidity, moisture, weight, traffic flow etc. • WIFI 802.15.4 / ZigBee / Bluetooth / 802.11ah • Access points • Encryption • Gateways • Data Collection Engines 6 IoT primer
  • 10. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY The Internet of Things will take more than 10 years to become mainstream, mainly due to security challenges, privacy and standards. Gartner 2012 IoT paper
  • 11. INTERNET OF THINGS (IOT) SECURITY PAGE 11 OF 11 Conclusion To mitigate Sensor Network Attacks now and in the future, Guardtime’s technologies protect IoT infrastruc- tures by providing a 360-degree view of the data at any- time, anywhere and on any device, static or in motion. Legacy operating systems and applications mean per- sistent vulnerabilities in control system architectures that cannot be mitigated until a technology refresh. Due to the long cycle times to tech refresh these systems (think windows XP used extensively), the only way to do advanced persistent threat detection post support expiring is KSI and continuous monitoring.  Indeed, KSI extends the life and deployment of these legacy systems with real-time monitoring and resilience attributes in the event of an implementation specific vulnerabilities. Selecting Guardtime’s KSI technology will allow organi- tions and governments planning IoT projects to gain the following advantages: • Trusted partner to security and government agencies worldwide. • Attribution: prevent data loss of important digital assets, assure the integrity of the networks and verify behaviors across service providers. • Exabyte-scale Integrity: independent verification for the absence of compromise in systems, networks, devices and data. • Auditability: Indemnification for organizations as there is independent mathematical audit trail for what happened when across all networks and devices. • Monitoring: Real time monitoring to prevent data loss, monitoring changes to state, access, custody and identity. • Integration and interoperability: leverage existing investments in Security and Network infrastructure. • Service lifetime extension: extends the life and deployment of these legacy systems with real-time monitoring and resilience attributes.
  • 12. PAGE 2 OF 6INTERNET OF THINGS (IOT) SECURITY © 2014 Guardtime