NUS-ISS Learning Day 2019- AI and Cybersecurity – Solution or Threat?NUS-ISS
This document summarizes a presentation on AI and cybersecurity given by Sergey Ulasen. The presentation covers how AI can be used to both power businesses and enhance cybersecurity, but also presents threats from AI such as adversarial attacks. Specific topics discussed include how to securely employ AI in businesses, applications of AI in cybersecurity like threat detection and malware analysis, and challenges around AI security and privacy compliance. Ransomware protection is also discussed as a growing cybersecurity problem.
NUS-ISS Learning Day 2019-Building IoT solutions with the PiNUS-ISS
This document provides an overview of a hands-on workshop on building IoT solutions with Raspberry Pi. It introduces Raspberry Pi and the GrovePi+ starter kit for connecting sensors. It describes how AWS services like IoT Core and Alexa can be used to build IoT systems. The workshop demonstrates setting up a basic IoT system with Raspberry Pi, testing sensors connected to it, and broadcasting sensor data to the AWS cloud. It aims to help participants understand how to create synergy between sensors, devices, and cloud services to develop health and other applications.
Tomorrow Starts Here - Security Everywhere Cisco Canada
The document discusses Cisco's security solutions and services. Some key points:
- Cisco conducts a large amount of threat intelligence gathering from network traffic and other sources.
- Cisco offers a range of security products including next-generation firewalls, advanced malware protection, and threat defense.
- Cisco provides managed threat defense services where security experts monitor customer networks and respond to threats.
Vikram Kalkat of Kaspersky Lab argues that cybersecurity strategies developed for information technology (IT) are not necessarily the best fit for protecting operational technology (OT) due to differences in security needs and requirements. While IT security focuses on data confidentiality, OT security prioritizes system availability. Customized security solutions are needed for industrial controls and OT systems, as IT security alone will not meet their requirements. Kalkat believes responsibility for OT cybersecurity should remain with business units rather than IT, and recommends breaking down OT security into its components - people, processes, and technologies - to properly assess risks.
How is ai important to the future of cyber security Robert Smith
Today’s era is driven by technology in every aspect of our lives, so much that we’ve now increased our dependence on technology on a daily basis. With an increase in the dependency, we’re now very vulnerable and exposed to the intermittent threat posed as cyber-attacks. Cyber-attack threats have plagued businesses, corporates, governments, and institutions.
This document discusses the merging of IT and OT systems due to increased connectivity from IoT devices and the need for cooperation between IT and OT on security strategies. Experts provide perspectives on how IoT is changing the relationship and highlight that while IT and OT have different skills and responsibilities, cooperation and cross-training are essential for security. They recommend practical tips like communication, collaboration, integration, observation and role-based training to help IT and OT work together effectively.
NUS-ISS Learning Day 2019- AI and Cybersecurity – Solution or Threat?NUS-ISS
This document summarizes a presentation on AI and cybersecurity given by Sergey Ulasen. The presentation covers how AI can be used to both power businesses and enhance cybersecurity, but also presents threats from AI such as adversarial attacks. Specific topics discussed include how to securely employ AI in businesses, applications of AI in cybersecurity like threat detection and malware analysis, and challenges around AI security and privacy compliance. Ransomware protection is also discussed as a growing cybersecurity problem.
NUS-ISS Learning Day 2019-Building IoT solutions with the PiNUS-ISS
This document provides an overview of a hands-on workshop on building IoT solutions with Raspberry Pi. It introduces Raspberry Pi and the GrovePi+ starter kit for connecting sensors. It describes how AWS services like IoT Core and Alexa can be used to build IoT systems. The workshop demonstrates setting up a basic IoT system with Raspberry Pi, testing sensors connected to it, and broadcasting sensor data to the AWS cloud. It aims to help participants understand how to create synergy between sensors, devices, and cloud services to develop health and other applications.
Tomorrow Starts Here - Security Everywhere Cisco Canada
The document discusses Cisco's security solutions and services. Some key points:
- Cisco conducts a large amount of threat intelligence gathering from network traffic and other sources.
- Cisco offers a range of security products including next-generation firewalls, advanced malware protection, and threat defense.
- Cisco provides managed threat defense services where security experts monitor customer networks and respond to threats.
Vikram Kalkat of Kaspersky Lab argues that cybersecurity strategies developed for information technology (IT) are not necessarily the best fit for protecting operational technology (OT) due to differences in security needs and requirements. While IT security focuses on data confidentiality, OT security prioritizes system availability. Customized security solutions are needed for industrial controls and OT systems, as IT security alone will not meet their requirements. Kalkat believes responsibility for OT cybersecurity should remain with business units rather than IT, and recommends breaking down OT security into its components - people, processes, and technologies - to properly assess risks.
How is ai important to the future of cyber security Robert Smith
Today’s era is driven by technology in every aspect of our lives, so much that we’ve now increased our dependence on technology on a daily basis. With an increase in the dependency, we’re now very vulnerable and exposed to the intermittent threat posed as cyber-attacks. Cyber-attack threats have plagued businesses, corporates, governments, and institutions.
This document discusses the merging of IT and OT systems due to increased connectivity from IoT devices and the need for cooperation between IT and OT on security strategies. Experts provide perspectives on how IoT is changing the relationship and highlight that while IT and OT have different skills and responsibilities, cooperation and cross-training are essential for security. They recommend practical tips like communication, collaboration, integration, observation and role-based training to help IT and OT work together effectively.
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
Talk by Marcel van der Heijden, SpeedInvest & Aircloak (Silicon Valley | AT | DE), at Stanford on Feb 26 2018, in our session: 'New EU Data Privacy Rules : Lessons & Risks for Silicon Valley Corporations & Startups || GDPR'.
Website: http://www.StanfordEuropreneurs.org
YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs
Twitter: @Europreneurs
5 benefits that ai gives to cloud security venkat k - mediumusmsystem
As cyber threats become more exceptional with each passing year, so should the technologies that businesses achieve to advance cybersecurity and prevent cyberattacks and data exposures.
null is an open security community started in 2008 with over 1000 members that focuses on advanced security research, responsible vulnerability disclosure, and security awareness. The community organizes security awareness camps for organizations and holds monthly meetups in chapters located in major Indian cities. Members include security researchers from reputed vendors and organizations who have disclosed vulnerabilities and assisted law enforcement with cyber investigations. The community also coordinates various software projects and plans to hold their first technical security conference, nullcon.
Close the Security Gaps of a Remote Workforcejlieberman07
The Covid-19 pandemic demanded that businesses immediately shift to remote work environments. The quick shift however, may have created security gaps. Cyber security experts and IT executives steps companies should take to ensure secure access to sensitive corporate data when enabling employees to work from home.
Let us help you stand up a secure remote work environments in 24 hours! https://bit.ly/2ScpL22
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
The Internet of Things (IoT) has the potential to drive new innovation in products, services, and improve "how things are done" in manufacturing. However IoT also brings-to-light safety and security issues when purpose-built computing and network devices are exposed to the internet. This session will review case studies of IoT enabled exploits, explore some of the underlying cause of the vulnerabilities, and briefly review of steps vendors and end-users are taking to mitigate the risk.
From the 2014 Taking Shape Summit: The Internet of Things & the Future of Manufacturing.
Peter Wood, CEO of First Base Technologies, gave a presentation on how big data and advanced analytics can help with cybersecurity challenges. He discussed how the threat landscape has become more complex with stealth malware and targeted attacks. Traditional defenses like signatures and firewalls may be insufficient. Big data can help through improved SIEM tools with real-time updates, behavior models, and correlation to detect advanced threats. However, big data analytics requires significant investment and specialized skills that are only available to large organizations currently. Cloud-based solutions may help other organizations also gain security benefits from big data.
The 1st Step to Zero Trust: Asset Management for Cybersecuritynathan-axonius
Eight years after former Forrester analyst John Kindervag introduced the Zero Trust model, the concept has hit the mainstream. As current Forrester analyst Chase Cunningham says, 85% of his calls involve zero trust. With the amount of interest in the concept, many organizations are rushing to understand how to implement the zero-trust model. In this guide, we’ll look at the first step to implementing zero trust: asset management.
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Securing medical apps in the age of covid finalDevOps.com
The COVID-19 pandemic has drastically altered the connected healthcare landscape, accelerating the usage of telemedicine and other remote healthcare delivery systems by as much as 11,000% for some populations. How has this unprecedented push affected healthcare and medical device application security? The security team at Intertrust recently analyzed 100 Android and iOS medical apps to find out.
In this webinar, we'll discuss:
Medical application and device threat trends
The top mHealth security vulnerabilities uncovered in our analysis
Strategies to keep your mHealth apps safe
Future advances in digital healthcare and how your security can evolve with it
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksMighty Guides, Inc.
James Shank recommends that CISOs take three key steps to secure OT/ICS environments:
1) Examine network connectivity with the outside world and carefully evaluate inbound and outbound data transfers, implementing real-time monitoring.
2) Control all portable media and mobile devices that access the ICS network by implementing a strict PMD program.
3) Integrate multiple layers of defense with updated threat intelligence to better detect suspicious activity, as a single layer of defense can be easily defeated.
The document discusses cybersecurity, artificial intelligence, and how AI can help improve cybersecurity. It notes that while organizations spend billions on cybersecurity, chief information security officers still feel highly exposed. Traditional security methods focus on preventing infiltration but are always one step behind evolving threats. The document argues that AI can help enforce cyber hygiene practices like least privilege to shrink the attack surface, making the problem more bounded and manageable compared to always chasing threats. It discusses how AI is well-suited for understanding intended application behavior based on established rules and data from good software.
802 Secure develops software defined radio and big data analytics to secure wireless networks and the Internet of Things. The company's technology detects and prevents exploitation of advanced wireless threats using deceptive networking techniques. 802 Secure's products include a real-time wireless security system to protect first responder communications and a Wireless Risk Audit Tool to identify vulnerabilities across multiple wireless spectrums before incidents occur. The company aims to secure the growing number of wireless devices as the Internet of Things market expands dramatically.
Cybersecurity | Meta Networks: Software defined perimeter platformVertex Holdings
In this installment of our 9-part series, we feature our portfolio company, Meta Networks, a cybersecurity startup that leverages the cloud to build a global, zero-trust network that is agile and scalable for the way business is done today. Meta Networks was recently acquired by Proofpoint for USD 120M.
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
This document discusses security and privacy challenges with Internet of Things (IoT) systems. It notes that IoT provides broad functionality but also raises important challenges regarding privacy and security. Some key issues discussed include insufficient authentication, lack of transport encryption, insecure interfaces, default credentials, lack of secure coding practices, and privacy concerns regarding personal data collection. The document recommends approaches to address these challenges, such as base device analysis, network traffic verification, secure code reviews, and end-to-end penetration testing.
With the majority of everyday work handled over the internet, it no longer makes sense to backhaul traffic to centralized data centers—the MPLS costs are too high and the bandwidth too scarce. You need a new approach to networking and security.
The document describes a course on cybersecurity analytics offered by Object Automation Software Solutions Pvt Ltd. The course aims to cover fundamentals of cybersecurity concepts and applications of data science and machine learning in cybersecurity. It is divided into 8 modules over 8 weeks that will teach topics ranging from introductions to cybersecurity, data science, machine learning, and Python libraries, to applications of these areas like fraud detection, intrusion detection, spam detection, and detecting malicious URLs. The objectives and outcomes of each module are provided.
Advance security in cloud computing for military weaponsIRJET Journal
This document proposes a system to securely transmit military weapon launch codes through cloud storage using multiple security techniques. The system uses steganography to hide launch codes in image captchas. Visual cryptography is then used to split the captcha images into shares distributed to authorized users. Each share undergoes image encryption and watermarking before being sent via email. To obtain the launch code, users decrypt their shares, verify the watermarks through de-watermarking, and use visual cryptography to reconstruct the original captcha and extract the hidden launch code text. The proposed multi-layered approach aims to securely transmit sensitive military information through cloud storage.
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
Talk by Marcel van der Heijden, SpeedInvest & Aircloak (Silicon Valley | AT | DE), at Stanford on Feb 26 2018, in our session: 'New EU Data Privacy Rules : Lessons & Risks for Silicon Valley Corporations & Startups || GDPR'.
Website: http://www.StanfordEuropreneurs.org
YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs
Twitter: @Europreneurs
5 benefits that ai gives to cloud security venkat k - mediumusmsystem
As cyber threats become more exceptional with each passing year, so should the technologies that businesses achieve to advance cybersecurity and prevent cyberattacks and data exposures.
null is an open security community started in 2008 with over 1000 members that focuses on advanced security research, responsible vulnerability disclosure, and security awareness. The community organizes security awareness camps for organizations and holds monthly meetups in chapters located in major Indian cities. Members include security researchers from reputed vendors and organizations who have disclosed vulnerabilities and assisted law enforcement with cyber investigations. The community also coordinates various software projects and plans to hold their first technical security conference, nullcon.
Close the Security Gaps of a Remote Workforcejlieberman07
The Covid-19 pandemic demanded that businesses immediately shift to remote work environments. The quick shift however, may have created security gaps. Cyber security experts and IT executives steps companies should take to ensure secure access to sensitive corporate data when enabling employees to work from home.
Let us help you stand up a secure remote work environments in 24 hours! https://bit.ly/2ScpL22
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
The Internet of Things (IoT) has the potential to drive new innovation in products, services, and improve "how things are done" in manufacturing. However IoT also brings-to-light safety and security issues when purpose-built computing and network devices are exposed to the internet. This session will review case studies of IoT enabled exploits, explore some of the underlying cause of the vulnerabilities, and briefly review of steps vendors and end-users are taking to mitigate the risk.
From the 2014 Taking Shape Summit: The Internet of Things & the Future of Manufacturing.
Peter Wood, CEO of First Base Technologies, gave a presentation on how big data and advanced analytics can help with cybersecurity challenges. He discussed how the threat landscape has become more complex with stealth malware and targeted attacks. Traditional defenses like signatures and firewalls may be insufficient. Big data can help through improved SIEM tools with real-time updates, behavior models, and correlation to detect advanced threats. However, big data analytics requires significant investment and specialized skills that are only available to large organizations currently. Cloud-based solutions may help other organizations also gain security benefits from big data.
The 1st Step to Zero Trust: Asset Management for Cybersecuritynathan-axonius
Eight years after former Forrester analyst John Kindervag introduced the Zero Trust model, the concept has hit the mainstream. As current Forrester analyst Chase Cunningham says, 85% of his calls involve zero trust. With the amount of interest in the concept, many organizations are rushing to understand how to implement the zero-trust model. In this guide, we’ll look at the first step to implementing zero trust: asset management.
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Securing medical apps in the age of covid finalDevOps.com
The COVID-19 pandemic has drastically altered the connected healthcare landscape, accelerating the usage of telemedicine and other remote healthcare delivery systems by as much as 11,000% for some populations. How has this unprecedented push affected healthcare and medical device application security? The security team at Intertrust recently analyzed 100 Android and iOS medical apps to find out.
In this webinar, we'll discuss:
Medical application and device threat trends
The top mHealth security vulnerabilities uncovered in our analysis
Strategies to keep your mHealth apps safe
Future advances in digital healthcare and how your security can evolve with it
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksMighty Guides, Inc.
James Shank recommends that CISOs take three key steps to secure OT/ICS environments:
1) Examine network connectivity with the outside world and carefully evaluate inbound and outbound data transfers, implementing real-time monitoring.
2) Control all portable media and mobile devices that access the ICS network by implementing a strict PMD program.
3) Integrate multiple layers of defense with updated threat intelligence to better detect suspicious activity, as a single layer of defense can be easily defeated.
The document discusses cybersecurity, artificial intelligence, and how AI can help improve cybersecurity. It notes that while organizations spend billions on cybersecurity, chief information security officers still feel highly exposed. Traditional security methods focus on preventing infiltration but are always one step behind evolving threats. The document argues that AI can help enforce cyber hygiene practices like least privilege to shrink the attack surface, making the problem more bounded and manageable compared to always chasing threats. It discusses how AI is well-suited for understanding intended application behavior based on established rules and data from good software.
802 Secure develops software defined radio and big data analytics to secure wireless networks and the Internet of Things. The company's technology detects and prevents exploitation of advanced wireless threats using deceptive networking techniques. 802 Secure's products include a real-time wireless security system to protect first responder communications and a Wireless Risk Audit Tool to identify vulnerabilities across multiple wireless spectrums before incidents occur. The company aims to secure the growing number of wireless devices as the Internet of Things market expands dramatically.
Cybersecurity | Meta Networks: Software defined perimeter platformVertex Holdings
In this installment of our 9-part series, we feature our portfolio company, Meta Networks, a cybersecurity startup that leverages the cloud to build a global, zero-trust network that is agile and scalable for the way business is done today. Meta Networks was recently acquired by Proofpoint for USD 120M.
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
This document discusses security and privacy challenges with Internet of Things (IoT) systems. It notes that IoT provides broad functionality but also raises important challenges regarding privacy and security. Some key issues discussed include insufficient authentication, lack of transport encryption, insecure interfaces, default credentials, lack of secure coding practices, and privacy concerns regarding personal data collection. The document recommends approaches to address these challenges, such as base device analysis, network traffic verification, secure code reviews, and end-to-end penetration testing.
With the majority of everyday work handled over the internet, it no longer makes sense to backhaul traffic to centralized data centers—the MPLS costs are too high and the bandwidth too scarce. You need a new approach to networking and security.
The document describes a course on cybersecurity analytics offered by Object Automation Software Solutions Pvt Ltd. The course aims to cover fundamentals of cybersecurity concepts and applications of data science and machine learning in cybersecurity. It is divided into 8 modules over 8 weeks that will teach topics ranging from introductions to cybersecurity, data science, machine learning, and Python libraries, to applications of these areas like fraud detection, intrusion detection, spam detection, and detecting malicious URLs. The objectives and outcomes of each module are provided.
Advance security in cloud computing for military weaponsIRJET Journal
This document proposes a system to securely transmit military weapon launch codes through cloud storage using multiple security techniques. The system uses steganography to hide launch codes in image captchas. Visual cryptography is then used to split the captcha images into shares distributed to authorized users. Each share undergoes image encryption and watermarking before being sent via email. To obtain the launch code, users decrypt their shares, verify the watermarks through de-watermarking, and use visual cryptography to reconstruct the original captcha and extract the hidden launch code text. The proposed multi-layered approach aims to securely transmit sensitive military information through cloud storage.
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
IRJET- Enhanced SIT Algorithm for Embedded SystemsIRJET Journal
This document summarizes a research paper that proposes an enhanced encryption algorithm called Enhanced SIT for securing data in embedded systems and IoT devices. The algorithm is designed to be lightweight and suitable for resource-constrained devices. It operates on 64-bit blocks using a 128-bit key and incorporates a Feistel network structure. Simulation results showed the algorithm provided security within 10 encryption rounds. When implemented on a microcontroller, it had low code size and memory usage. The paper compares the performance of the proposed algorithm to other common algorithms like AES. In conclusion, Enhanced SIT is presented as an efficient and secure encryption method suitable for embedded applications and IoT security.
Introduction to IoT, Current trends and challenges. It also describes some of the industry standard platforms such as Microsoft Azure IoT Edge and AWS IoT. Trends described includes Edge computing, Security, Cognitive Computing, Analytics, Containers and Microservices
Xprize Think Tank Phoenix IoT Presentation 4/18/16Mark Goldstein
Mark Goldstein, President of International Research Center explored the next Internet wave, the Internet of Things (IoT), expected to connect tens of billions of new sensors and devices in the coming years with the Xprize Think Tank Phoenix Chapter (http://www.meetup.com/xprize-think-tank-phoenix/) on 4/18/16. Waves of change will roll through home, business, government, industrial, medical, transportation, and other complex ecosystems. This deck examines how IoT will be implemented and monetized creating new business models from pervasive sensor deployments and data gathering, accompanied by new privacy and security risks. Explore IoT’s roadblocks and operational challenges, emerging standards and protocols, gateway and wireless integration, and big data strategies and opportunities.
Note that this presentation is fresher though briefer than the one to the IEEE Computer Society Phoenix from 12/15 to be found at http://www.slideshare.net/markgirc/ieee-cs-phoenix-internet-of-things-innovations-megatrends-12215. This one stays at a somewhat higher level and includes newer material, but the other dives deeper into available devices and standards. Check them both out.
Certified Internet of Things Specialist ( CIoTS ) GICTTraining
GICT Certified Internet of Things Specialist (CIoTS) course focuses on the core technologies behind Internet of Things (IoT).
Find Out More : https://globalicttraining.com
The document presents an overview of Internet of Things (IoT) concepts and proposes a reference architecture for IoT. It discusses core IoT concerns like connectivity, device management, data handling and security. It describes common IoT device types like Arduino, Raspberry Pi and communication protocols like HTTP, MQTT, CoAP. The proposed reference architecture aims to provide a scalable and secure way to interact with billions of connected devices by addressing issues like management, data processing and disaster recovery. An example implementation of the architecture for an RFID attendance tracking system is also presented.
The document summarizes key aspects of cloud security based on a lecture given by Dr. Rajesh P Barnwal. It discusses the evolution of cloud models from bare metal to serverless computing. It highlights some major security challenges in cloud computing like multi-tenancy, loss of control, and third party handling of data. The document then covers modern cloud security measures like identity and access management, secure access service edge, firewall as a service, cloud access security brokers, and zero trust network access. It also discusses new paradigms like serverless computing and their advantages for security.
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...IRJET Journal
This document discusses security techniques for data transmission in ad-hoc networks, specifically encrypted data transmission and steganography. It proposes a system that enables encrypted data transmission between nodes and uses steganography to hide encrypted data in cover files like images, audio, and video during transmission for additional security. The system architecture includes modules for user interface, embedding secret data in cover files, extracting secret data, sending files between nodes, and receiving files. It aims to securely transmit data in ad-hoc networks using both encryption and steganography to protect confidentiality and integrity of transmitted data.
IEEE Radio & Wireless Week IoT Powered by Wireless PresentationMark Goldstein
Mark Goldstein, President of International Research Center (http://www.researchedge.com/) presented on the next Internet wave, how the Internet of Things (IoT), will connect tens of billions of new sensors and devices in the coming years driving sustainability while transforming home, business, government, industrial, medical, transportation, and other complex ecosystems. The presentation examined how IoT will be implemented and monetized across a various application spaces, creating new business models from pervasive sensor deployments and data gathering, accompanied by new privacy and security risks. Explore IoT’s evolving wireless protocols, their pro and cons, and deployment prospects including the impact of 5G, as well as roadblocks and operational challenges, emerging standards and protocols, gateways and ecosystem integration, big data strategies, and analytic opportunities.
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET Journal
This document discusses various cryptographic techniques for securing data shared over cloud computing. It begins with an introduction to cloud computing and the types of cloud services. It then discusses some critical threats to cloud security like unauthorized access, lack of integrity checks, and denial of service attacks. The document analyzes popular encryption algorithms like RSA, AES, DES, Blowfish and IDEA that can be applied for cloud data security. It provides details on how each algorithm works and compares their characteristics. The document concludes that a multilevel security architecture applying multiple encryption algorithms is needed to securely transmit data over the cloud.
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...IRJET Journal
This document proposes a multi-factor authentication security framework using blockchain for cloud computing. It discusses using one-time passwords and unique codes for login along with blockchain technology to securely store data in the cloud. The framework aims to improve security, securely share data online, and secure cloud data storage. It presents a system architecture with three modules - data owner, user, and authority - to allow data owners to securely upload files via blockchain that users can view and download with authentication.
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
The document discusses securing the Internet of Things. It begins by describing common constraints of IoT devices like limited RAM, flash, and CPU capabilities. It then summarizes lessons learned from real-world attacks on IoT systems, including limited software update mechanisms, missing key management, inappropriate access control, lack of communication security, and vulnerability to physical attacks. The document advocates following security best practices like integrating software updates, using modern OS concepts, automated key management, and considering physical attacks in threat analyses. It also describes ARM's contributions to improving IoT security through its mbed platform, libraries, and involvement in standards organizations.
SIMA AZ: Emerging Information Technology Innovations & Trends 11/15/17Mark Goldstein
Mark Goldstein, International Research Center presented a big overview of Emerging Information Technology Innovations & Trends to the Society for Information Management Arizona Chapter (SIM AZ) on 11/15/17 showcasing the latest and greatest emerging technologies and novel tech innovations, highlighting the market and societal transformations underway or anticipated. It covered Advances in Computer Power and Pervasiveness; Internet of Things (IoT) Overview and Ecosystem; Mobility, Augmented Reality and Virtual Reality (AR/VR); Medical Advances Through Informatics; Artificial Intelligence (AI) and Robotics; Big Data, Its Applications and Implications; and Onward into the Future…
Crypto Mechanism to Provide Secure to the IOT DataIRJET Journal
The document proposes a crypto mechanism to securely store IoT data in the cloud. It discusses challenges with securing IoT data due to resource constraints of IoT devices and limitations of traditional encryption algorithms. The proposed model includes modules for authentication, data intake/encryption, management, and decryption. It establishes secure connections between IoT devices, cloud and users. Data from IoT devices is encrypted before storing in the cloud database. Encrypted data is decrypted and displayed to users after authentication. The model aims to securely store IoT data in the cloud while addressing issues like inference attacks and efficiently utilizing resources.
This document summarizes key information from a presentation on security architecture in the IoT age. It discusses the risks of vulnerabilities being exploited in embedded devices, as seen with Stuxnet. It recommends resources for credible cybersecurity information, including the Information Assurance Support Environment site. The document also summarizes guidance on the Risk Management Framework and Security Technical Implementation Guides.
Developing Interoperable Components for an Open IoT Foundation Eurotech
In this presentation Eurotech and Red Hat present Kapua, a modular cloud platform that provides management for Internet of Things (IoT) gateways and smart edge devices. It represents a key milestone towards the development of a truly open, end-to-end foundation for IoT and its ecosystem of partners and solutions. Kapua provides a core integration framework with services for device registry, data and device management, message routing, and applications.
- Embedded systems now contain sensitive personal data and perform safety-critical functions in devices like mobile phones, cars, and medical equipment. Unless embedded system security is adequately addressed, it could impede adoption.
- There are many challenges to security in embedded systems and IoT devices, including vulnerabilities in hardware, software, and networks. Effective security requires building security in at all stages of the design process.
- Various attacks like physical intrusion, side channel attacks, software exploits, and denial of service attacks threaten embedded systems. Countering these threats requires mechanisms at different levels including prevention, detection, and recovery techniques applied in hardware, software, and networks.
This document discusses the key components needed for an Internet of Things (IoT) product, including required skill sets, areas to get started, and an example execution plan. It covers the basic building blocks of an IoT architecture, outlines skills in areas like firmware engineering, hardware, networking, security, data analysis, and software development. It also provides steps for taking an IoT idea from concept to market, including developing a proof of concept, specifications documentation, testing prototypes, and planning for marketing, finances, and mass production. Finally, it gives an example IoT product idea of a smart doorbell and highlights features addressed in its proof of concept testing.
This document discusses sandbox technology, which aims to create a secure virtualized environment for running applications in isolation. A sandbox allows untested code to be run safely without impacting the host system. Key components sandboxed include files, the registry, network interfaces, and processes. The document also describes a proposed system using isolated sandbox nodes connected through a mimetic internet to model network behavior and detect malware trying to determine if the environment is virtualized. The goal is to design a secure sandbox model for testing applications in Windows.
Similar to NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide (20)
Designing Impactful Services and User Experience - Lim Wee KheeNUS-ISS
In this engaging talk, we explore crafting impactful user-centric services, revealing the design principles that drive exceptional experiences. From empathetic customer journeys to innovative interfaces, learn how design can create meaningful connections, inspiring you to revolutionise your approach and drive lasting change in user satisfaction and brand success.
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...NUS-ISS
In today's digital age, the key to true transformation lies in our people. This talk will highlight the importance of digital fluency, emphasizing that everyone in an organization is now a digital professional. By synergizing the fundamental digital skills ranging from an agile mindset to making data-informed decisions and design thinking, we will discuss how a digitally skilled workforce can propel organizations to drive digital transformation with new heights of value creation. Though widespread workforce upskilling presents its challenges, this talk offers innovative organizational learning approaches that may pave the way to success. Join us to find out how to shape the future of your organization where success is defined not just by technology but by a workforce fully equipped with digital competencies, ready to take on whatever the future holds.
How the World's Leading Independent Automotive Distributor is Reinventing Its...NUS-ISS
In this captivating session, we'll unveil the profound impact of AI, poised to revolutionise the business landscape. Prepare to shift your perspective, as we transition from the lens of a data scientist to the visionary mindset of a product manager. We're about to demystify the captivating world of Generative AI, dispelling myths and illuminating its remarkable potential. We will also delve into the pioneering applications that Inchcape is leading, pushing the boundaries of what's achievable. Join us for an exhilarating journey into the future of AI, where professionalism meets unparalleled excitement, and innovation takes center stage!
The Importance of Cybersecurity for Digital TransformationNUS-ISS
In the rapidly evolving landscape of digital transformation, the importance of cybersecurity cannot be overstated. As organizations embrace digital technologies to enhance their operations, innovate, and connect with customers in new and dynamic ways, they simultaneously become more vulnerable to cyber threats.
This talk will discuss the importance of having a well thought through approach in dealing with cybersecurity in the form of a strategy that lays out the various programmes and initiatives that will underpin a secure and resilient digital transformation journey. Not surprisingly, having a pool of well-trained cybersecurity personnel is one of the key ingredient in a cyber strategy as exemplified in Singapore's own national cybersecurity strategy.
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...NUS-ISS
Join us for a deep dive into the art of architecting Customer Experience (CX) measurement frameworks and ensuring that CX metrics are precisely tailored for their intended purpose. In this engaging session, you'll walk away with actionable insights and a tangible plan for refining your measurement strategies. Discover how to craft CX measurement frameworks that align seamlessly with your business objectives, ensuring that your metrics deliver meaningful and robust insights. Whether you're seeking to enhance customer satisfaction, optimise processes, or drive innovation, this session will provide you with potential approaches and practical steps to bolster the effectiveness and relevance of your CX metrics. It's your blueprint for creating a customer-centric roadmap to success.
Understanding GenAI/LLM and What is Google Offering - Felix GohNUS-ISS
With the recent buzz on Generative AI & Large Language Models, the question is to what extent can these technologies be applied at work or when you're studying and how easy is it to manage/develop your own models? Hear from our guest speaker from Google as he shares some insights into how industries are evolving with these trends and what are some of Google's offerings from Duet AI in Google Workspace to the GenAI App Builder on Google Cloud.
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeNUS-ISS
Enterprises striving to unlock value through digital products face a pivotal shift towards product-centric management, a transformation that carries its share of challenges. To navigate this journey successfully, close collaboration between Enterprise Architects and Digital Product Managers is essential. Together, they can craft the ideal strategy to deliver digital products on a grand scale. Join us in this session as we shed light on the critical interactions and activities that foster synergy between Enterprise Architects and Digital Product Managers. Discover how this collaboration paves the way for effective product-centric management, enabling enterprises to harness the full potential of their digital offerings.
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...NUS-ISS
We find ourselves in an era of exponential growth and transformation. The relentless pace of technological advancement is reshaping our world at a rate never seen before, making it increasingly challenging to stay abreast of these rapid developments. Join us for an insightful talk where we embark on a journey to explore the most significant technology trends set to unfold over the next decade. These trends promise to be nothing short of seismic, with the power to reshape every facet of our lives, from the way we work and learn to how we forge relationships and structure our society. Prepare to be enlightened as we delve into a future where the very fabric of our existence is on the brink of transformation. This talk is your compass to navigate the uncharted territory of tomorrow's world, and it's an opportunity you won't want to miss.
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...NUS-ISS
1. The document discusses the impacts of generative AI on the future of work.
2. While AI is not sentient and will not take over the world, many jobs are at risk of automation, especially clerical roles where around 26 million jobs could be lost.
3. At the same time, AI has the potential to make work easier by automating up to 80% of white collar tasks and allowing quick creation of documents, images, videos and apps using simple prompts.
4. The future of AI looks set to see it become the next foundational technology, with potential for uncontrolled innovation if artificial general intelligence is achieved in just 5 years and a "technology singularity" in 25 years.
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
Containers have emerged as an indispensable component of modern cloud-native applications, serving diverse roles from development environments to application distribution and deployment on platforms like Azure's App Service and Kubernetes. In this presentation, we will delve into a suite of powerful tools designed to ensure the adoption of best practices in container management. You'll gain insights into how to scan container images rigorously, identifying and mitigating vulnerabilities effectively. We'll also explore the art of generating comprehensive software bill of materials (SBOM) for your containers and the significance of signing container images for enhanced security. The ultimate goal of this presentation is to empower you with the knowledge and skills necessary to seamlessly integrate these tools and practices into your CI (Continuous Integration) pipelines. By the end of this session, you'll be well-equipped to fortify your container workflows, delivering secure and robust cloud-native applications that thrive in today's dynamic digital landscape.
The future is always uncertain. To be truly future-ready, companies need the ability to quickly learn and adapt and to foster a culture of continuous curiosity and experimentation. But how can we facilitate rapid learning throughout the organisation? What will the future of learning look like for you? How can we ensure our organisations become engines of growth through learning?
The future is always uncertain. To be truly future-ready, companies need the ability to quickly learn and adapt and to foster a culture of continuous curiosity and experimentation. But how can we facilitate rapid learning throughout the organisation? What will the future of learning look like for you? How can we ensure our organisations become engines of growth through learning?
Site Reliability Engineer (SRE), We Keep The Lights On 24/7NUS-ISS
There are many phases in the software development cycle, from requirements to development and testing, but at the tail of the process, is an often overlooked aspect: deployment and delivery. With the paradigm shift of delivering on-site software to offering software-as-a-service, Site Reliability Engineering is beginning to take a greater role in product delivery.
This session aims to give a glimpse of the work that goes into site reliability engineering (SRE) and effort that goes into keeping a service going 24/7.
Product Management in The Trenches for a Cloud ServiceNUS-ISS
More often than not, people’s perception of Product Management is usually centred around the definition, management and prioritisation of software features and functionality. While that is largely true, it is also one of many things that a Product Manager needs to focus on, given limited time and resources.
This session aims to provide an unfiltered view of how Product Management looks like in the context of Enterprise Cloud Applications development, the challenges confronting Product Managers, and the tradeoff decisions to be made in order to overcome these challenges.
All this, while shipping a working product with each release that will surprise and delight the end user.
Overview of Data and Analytics Essentials and FoundationsNUS-ISS
As companies increasingly integrate data across functions, the boundaries between marketing, sales and operations have been blurring. This allows them to find new opportunities that arise by aligning and integrating the activities of supply and demand to improve commercial effectiveness. Instead of conducting post-hoc analyses that allow them to correct future actions, companies generate and analyze data in near real-time and adjust their operations processes dynamically. Transitioning from static analytics outputs to more dynamic contextualized insights means analytics can be delivered with increased relevance closer to the point of decision.
This talk will cover the analytics journey from descriptive, predictive and prescriptive analytics to derive actionable and timely insights to improve customer experience to drive marketing, salesforce and operations excellence.
With the use of Predictive Analytics, companies are able to predict future trends based on existing available data. The actionable business predictions can help companies achieve cost savings, higher revenue, better resource allocation and efficiency. Predictive analytics has been used in various sectors such as banking & finance, sales & marketing, logistics, retail, healthcare, F&B, etc. for various purposes.
Get set to learn more about the different stages of predictive analytics modelling such as data collection & preparation, model development & evaluation metrics, and model deployment considerations will be discussed.
In this digital transformation era, we have seen the rise of digital platforms and increased usages of devices particularly in the area of wearables and the Internet of Things (IoT). Given the fast pace change to the IoT landscape and devices, data has become one of the important source of truth for analytics and continuous streaming of data from sensors have also emerged as one of the fuel that revolutionise the emergence of IoT. These includes health telematics, vehicle telematics, predictive maintenance of equipment, manufacturing quality management, consumer behaviour, and more. With this, we will give you an introduction on how to leverage the power of data science and machine learning to understand and explore feature engineering of IoT and sensor data.
Master of Technology in Software EngineeringNUS-ISS
This document provides information about the Master of Technology in Software Engineering program at NUS. The program focuses on designing scalable, smart, and secure software systems and products. It offers both part-time and full-time study structures, with the part-time program taking 2 years and full-time taking 1 year. Students can choose a structured route taking set courses each semester, or a flexible route completing graduate certificates at their own pace over 5-7 years. General admission requirements include a bachelor's degree in engineering or science with a minimum GPA, 2 years of work experience, and passing an entrance test and interview. Important application dates for the 2023 start are also provided.
Master of Technology in Enterprise Business AnalyticsNUS-ISS
This document provides information about the Master of Technology in Enterprise Business Analytics program at NUS-ISS. It discusses what data science is, who should take the program, sample job profiles of graduates, the courses taught in the program, and the stackable certificate structure. The program can be completed through a structured route of taking certificates back-to-back over 2 years part-time or 1 year full-time, or a flexible route of taking courses anytime over 7 years to earn the Master of Technology degree. Admission requires a bachelor's degree, minimum GPA, English proficiency, 2 years of work experience, and passing an entrance test and interview.
Diagnosing Complex Problems Using System ArchetypesNUS-ISS
In today’s VUCA world, we are faced with problems coming in fast and furious. In order to resolve such problems quickly, we need to first understand the problems. One of the techniques to understand complex problem is through the use of system archetypes. System archetypes are patterns of behaviour of a system. Let’s us explore some of the system archetypes in this session as well as tips on how to resolve them.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
15. Things with connectivity
#ISSLearningDay
Image source:
https://www.aboutkidshealth.ca/Article?contentid=980&language=English
http://caifl.com/cardiac-devices/pacemakers/
https://www.sciencedirect.com/topics/nursing-and-health-professions/pacemaker-battery
28. What is constrained IoT device?
#ISSLearningDay
Image source: https://www.cisoplatform.com/profiles/blogs/classification-of-iot-devices
29. Classes of Constrained Devices (1)
#ISSLearningDay
Image source:
https://www.cisoplatform.com/profiles/blogs/classification-of-iot-devices
https://tools.ietf.org/html/rfc7228
IETF’s RFC 7228 classifies the constrained devices into 3 categories
Examples of constraints:-
• Processing power
• Size of memory
• Availability of power source
30. Classes of Constrained Devices (2)
#ISSLearningDay
Class 2 – not so constrained
• Less constrained and can perform at par with
mobiles phones / notebooks, supporting most
protocol stacks.
Class 1 – quite constrained
• Quite constrained in code space and processing
capabilities to employ full protocol stack such as
HTTP, TLS. Hence, use IoT stack like UDP, CoAP, DTLS
• Interact with other devices without the need of
gateway.
• Do not communicate with server.
• Battery operated.
• Take care of single sensor.
Class 0 – too small to securely run on Internet
• Constrains in memory and processing capabilities.
• Use Gateway for basic communication need.
Image source: https://www.rfwireless-world.com/Terminology/COAP-vs-MQTT.html
31. Constrained Device Class 0 – medical device
#ISSLearningDay
Image source:
https://pdfs.semanticscholar.org/6a25/e93587dde53966b
3f0830ed9b78023c2cadd.pdf
38. #ISSLearningDay
1. Identify the assets
2. Create an IoT system architecture overview
3. Decompose the IoT system
4. Identify threats
5. Document threats
6. Rate the threats
41. Root of Trust
#ISSLearningDayImage source: https://www.slideshare.net/linaroorg/sfo17-304-
demystifying-ro-tfinallc-83555369
Root of Trust (RoT) is a source that can always be trusted within a cryptographic system. It
generally includes a hardened hardware module.
42. How Raspberry Pi stores its data?
#ISSLearningDay
ARM Cortex A53 (ARMv8) inside Broadcom BCM2837 SoC
52. Who is ARM?
#ISSLearningDay
Image source:
https://www.fudzilla.com/news/processors/40000-arm-
cortex-r8-processor-design-is-out
1) ARM creates processor designs
but it does not produce any
physical products.
2) The technology (IP) is licensed to
other companies who design and
build their own processors based
on ARM’s design, e.g. Texas
Instruments, Samsung.
59. Illustration of Isolation:
trusted zone vs non-trusted zone
#ISSLearningDay
Image source: https://www.kwtrain.com/blog/network-security-zones
Trusted zone Non-trusted zone
60. HSM – one secure zone
#ISSLearningDay
• HSM
• Hardware Security Module
• Tamper resistance
• One secure zone in physical hardware -
the HSM
• The non-secure zone (application in
another system) accesses its services by
application interface.
https://aws.amazon.com/cloudhsm/
61. Smart Card – one secure zone
#ISSLearningDay
• One secure zone – the smart card chip
• Tamper resistance
• The external host/application accesses it’s services by application
Interface
62. ARM launches anti-tampering processor, M35P
#ISSLearningDay
Image source: https://venturebeat.com/2018/05/02/arm-designs-anti-tampering-
and-software-isolation-into-its-processors/
Since M35p design was announced a year ago, no chip developer has announced any product yet.
64. TLS (or SSL, which is still commonly known as)
#ISSLearningDay
Image source:
https://www.cloudflare.com/learning/ssl/what-is-ssl/
https://yourshop.com/security-b19.html
TLS: Transport Layer Security
SSL: Secure Sockets Layer
65. TLS utilized by IoT
#ISSLearningDay
Image source: https://www.digi.com/videos/connecting-digi-xbee3-cellular-to-aws-with-mqtt
66. MQTT: Message Queueing Telemetry Transport
#ISSLearningDay
Image source: https://aws.amazon.com/iot-core/
MQTT protocol recommends use of TLS for more sensitive MQTT implementations
67. MQTT: a publish / subscribe protocol
#ISSLearningDay
Image source: https://www.hivemq.com/blog/how-to-get-started-with-mqtt
MQTT protocol was invented by IBM back in 1999 for satellite communications with oil-field equipment.
68. #ISSLearningDay
Problem: TLS is not lightweight
• TLS adds additional two round trips to the start of every session
• TLS certificates are large files, and device memory is limited in IoT
69. TLS v1.3 – improved version
#ISSLearningDay
Image source: https://blog.cloudflare.com/why-iot-is-insecure/
TLS 1.3 eliminates a complete round trip in the TLS handshake, which makes TLS
much lighter and faster
If the same IoT device talks to the same server again, there is no round trip at all, as
the parameters chosen in the initial handshake are sent alongside application data.
70. CoAP: Constrained Application Protocol
#ISSLearningDay
Image source: https://www.rfwireless-world.com/Terminology/COAP-vs-MQTT.html
CoAP was created by IETF.
It was designed for use by constrained devices on constrained network (low-power, lossy networks).
72. UDP is more lightweight than TCP
#ISSLearningDayImage source: https://www.pubnub.com/blog/why-you-should-run-your-
game-servers-separate-from-your-chat/
No ordering of messages
No tracking connections
73. DTLS: session initialization not any lighter
#ISSLearningDay
Image source: https://blog.cloudflare.com/why-iot-is-insecure/
75. Object Security for Constrained RESTful Environments
(OSCORE)
#ISSLearningDay
• A method for application-layer protection of the
Constrained Application Protocol, using object signing
and encryption. (under Internet draft)
• OSCORE provides end-to-end protection between
endpoints communicating using CoAP.
• Designed for constrained nodes.
Image source: https://tools.ietf.org/id/draft-ietf-core-object-security-15.html
83. Over the Air Update
#ISSLearningDay
Image source: https://blog.particle.io/2019/05/09/ota-firmware-updates/
84. Over the Air Update
#ISSLearningDay
Image source:
http://www.iphonehacks.com/install-ios-7-0-4-update-iphone-ipad
https://searchmobilecomputing.techtarget.com/definition/OTA-update-over-the-air-update
Previously, user needed to connect iphone to computer using
USB cable to update OS through iTunes.
With OTA, Apple can deliver updates remotely