SlideShare a Scribd company logo
Practical Exploitation of IoT
Networks and Ecosystems
Sanjay V & Nitin Lakshmanan
DEEP
ARMOR
www.deeparmor.com

@deep_armor
SACON 2020
Instructors
Nitin Lakshmanan
Senior Security Analyst
Deep Armor
Aujas Networks, Aricent/
Intel
Sanjay V
Security Analyst
Deep Armor
Deloitte
SACON 2020
Agenda
• IoT Architecture & Intro to IoT Security
• Security Paradigms for the Building Blocks
• Wireless Protocols
• Hands-on Exercises
• Security Development Life Cycle (SDLC) for
IoT
• Fun Hacking Activities
• Summary
Hacking Zigbee-style
Wireless Sensor Networks
Breaking Bluetooth
Security
Attacking Consumer IoT
Ecosystems
AWS IoT Core & Cloud
Services
Hands-on Exercises
SACON 2020
Internet Of Things
• Network of devices connected 

to Internet
• Connect, Collect and Exchange
• Part of the fast growing electronic culture
• Revolution in all the fields
Connected People
Connected Fleets
Connected Infra
Connected Markets
Connected Assets
Connected Products
Network Data
SACON 2020
Messy World of IoT Security
• “Let me get the product out first”
• “I’m paying a supplier for hardware/software. Security is their
responsibility”
• “We don’t store any confidential information”
• “Let me worry about it if/when we get hacked”
• “We are 100% secure (!)”
• …
SACON 2020
Attacks on IoT products
SACON 2020
IoT Security & Businesses
• Security is often seen as zero ROI
• Impedes rapid prototyping and delivery (doesn’t have to)
• Consumers will buy anyway
• Poor awareness; Sometimes, lack of options
• Liability laws are almost non-existent
• Few that exist don’t hold water
SACON 2020
Range / Power of protocols for IoT
Protocol Power Range
WiFi High Long
Zigbee / Z-Wave Low Short to Mid
BT / BLE Low Short
LPWAN Low Long
SACON 2020
Zigbee
• Low data rate wireless applications
• Smart energy, medical, home automation, IIoT
• Two bands of operation: 868/915MHz and 2450MHz
• Simpler & less expensive than Bluetooth
• 10-100m range
• Zigbee Alliance
SACON 2020
Zigbee Security Model
• Open Trust model (Device Trust Boundary)
• Crypto protection only between devices
• All services employ the same security suite
SACON 2020
Practical Exploitation of IoT

Wireless Sensor Networks (WSN)
SACON 2020
Agenda
• IEEE 802.15.4 (Layer 1 & 2 definitions for Zigbee)
• Tools
• Setup
• Attack and Defense
• Packet Generation
• Sniffing and Injection
• Packet Manipulation
• Security Hardening
SACON 2020
802.15.4
• IEEE standard for low-rate wireless personal
area networks (LR-WPANs)
• 6LoWPAN for IPv6 over WPANs
• Zigbee extends 802.15.4 

(wrapper services)
Application
Presentation
Session
Transport
Network
Data Link
Physical
Logical Link Control
Media Access Control
ZigbeeSpec
SACON 2020
Attacking WSN
• IoT product simulator
• 802.15.4-based network
• Packet sniffing, manipulation and injection
• Goals:
• Understanding basic packet header formats
• Security models for protecting communication
• Hardware and software tools for packet sniffing & injection
SACON 2020
Challenges
• Insufficient security research and documentation
• Few testing/debugging platforms
• Reliable ones are very expensive or obsoleted
• Beta quality hardware at best
• Took us weeks, studying blogs, asking questions, trial-
and-error, …
• Lots of future work possible. Wanna collaborate?
SACON 2020
Generating & Analyzing IEEE 802.15.4 WSN
packets (MAC Layer)
SACON 2020
WSN Internals
Payload DASRC
SEQ
NUM
PAN
ID
DST
Payload
D
A
SRC
SEQN
U
M
PA
NID
D
ST
Attacker
Gateway
SACON 2020
Impact
• Compromise integrity of sensor data
• Spoof all legit devices in the network
• Logistics & Asset Management - think Vaccine Transportation!
• Medical Use Cases - Hospital monitoring
• Security and Surveillance
• Rapid emergency response for Industries
• CVSSv3 Score: 9.3
SACON 2020
Hardening the WSN
SACON 2020
Approach
• We care about:
• Integrity of data transmitted (bi-directional)
• Confidentiality (sometimes)
• Device attestation in the WSN
• Crypto
• IoT Platform Constraints
• RAM and flash memory are often in KBs
• Traditional crypto is way too intensive
• Libraries — Few and proprietary
SACON 2020
• Protecting data integrity is (should be) a key security objective
• Use Crypto
• Challenges
• Need for HW Acceleration
• Key provisioning and exchange
• Traditional Public Key Crypto is often unacceptable
• Nonce-based approaches are easy but insecure
• We did not discuss:
• Device Security Measures (Secure Boot, Secure FOTA, etc.)
• Out of the box provisioning, device mapping and reuse
• Key Management
Summary
SACON 2020
Consumer IoT Security

&

AWS-IoT Topics
SACON 2020
Agenda
• Consumer IoT
• Case Study: “X” Fitness Band & “X” Wearable Technology device
• Weaknesses in Smartphone Platforms <—> Wearables channels
• Hands-on hacking of Bluetooth and BLE protocols
• Hardening BLE
• AWS IoT Core
• Secure by Design and SDLC for IoT Platforms
SACON 2020
Wearables Security
SACON 2020
Introduction
• Wireless protocol for short range data exchange
• BT: 1-100m
• BLE: 10-600m
• BLE is Light-weight subset of classic Bluetooth with low power
consumption
• RF range: 2.4 - 2.485 GHz
• Maintained & Governed by the Bluetooth Special Interest Group (SIG)
• Popular use cases: wearable devices, smart pay systems, healthcare,
smart security systems etc
SACON 2020
Bluetooth 5
Feature Bluetooth 5 Bluetooth 4.2
Speed Supports 2 Mbps Supports 1 Mbps
Range 40m indoor 10m indoor
Power Requirement Low High
Message capacity 255 bytes 31 bytes
• Latest version of BT and BLE Spec
• Improvements to BLE
• Aimed at IoT (especially consumer)
SACON 2020
Bluetooth LE security
Secure Simple Pairing (SSP)
• Just Works: very limited/no user interface
• Numeric Comparison: devices with display or yes/no button
• Passkey Entry: 6 digit pin as the pass key
• Out Of Band: Out of the band channel for key exchange to
thwart MITM attacks
• Network traffic is encrypted with AES-128
SACON 2020
Practical Exploitation of BLE Systems
SACON 2020
Attacking Wearable - Mobile Ecosystems
Section A
SACON 2020
Section B
BLE Packet Analysis using Wireshark
(“X” Popular fitness tracker)
SACON 2020
Section B: Sniffing with Ubertooth
SACON 2020
Summary
• BT/BLE network packet analysis is easy
• Market-available HW and SW
• Many products do not enable the existing
encryption mechanisms offered by the BT spec
• At the very least, enable LTK-encryption
SACON 2020
Section C
Attacking BLE LTK Encryption
SACON 2020
Section D
Hardening BLE
SACON 2020
IoT Cloud Security
SACON 2020
Agenda
• IoT Services from Modern Cloud Vendors
• AWS IoT Core
• Setting up IoT Core with device simulators
• Secure configuration
• AWS Cloud Security Checks
SACON 2020
• Managed cloud service for connected devices to interact with
cloud applications
• Amazon FreeRTOS — open-source OS for MCUs (low power
& memory)
• Connect and manage devices
• Secure the communication
• Process and Act
• Monitor
What is it?
SACON 2020
Unshackling from Traditional SDLC
SACON 2020
Security Development Life Cycle
Security
Architecture,
Privacy
Requirements
Threat Modeling,
Attack Trees &
Data Access
Reviews
Focused Security
Code Reviews &
Privacy Planning
Fuzzing,
Penetration
Testing, Privacy
Sign-off
Fix verification,
Incident
Response
Planning
Delta Security
Assessment,
Security for
Continuous
Integration/
Delivery
Program Conception Design Implementation Pre-Launch Deployment Maintenance
Reviews
Reviews &
Reports
Reports
Resolution &
Sign-off
Reports
Device
Mobile
Cloud
SACON 2020
Privacy
• Why worry?
• Global Markets
• Country-specific guidelines
• Ecosystems and overlapping policies
GDPR!
SACON 2020
Summary
• Plethora of protocols & standards make IoT security
messy
• Make hardware & software for IoT comms undergo
penetration testing
• RZUSBStick works great. Also, ApiMote
• Not much else
• BT/BLE sniffing is very sketchy
• Cloud Services giants & increasing number of IoT
services
• SDLC and Shift-left
Ecosystem
Protocols
Integration
Interoperability
SACON 2020
www.deeparmor.com | @deep_armor | services@deeparmor.com
SDLC
Vulnerability
Assessments
Security Consulting Trainings

More Related Content

What's hot

Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018
Yusuf Hadiwinata Sutandar
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
Robb Boyd
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018   Anatomy of attackCisco Connect Halifax 2018   Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
Robb Boyd
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
Adrian Sanabria
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
Zscaler
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018   stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018   stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco Canada
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
Alberto Rivai
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
Perimeter 81
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
Harry McLaren
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
Moti Sagey מוטי שגיא
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 

What's hot (20)

Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018   Anatomy of attackCisco Connect Halifax 2018   Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018   stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018   stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
 

Similar to (SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop

Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptxConnecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
ssuser52b751
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS  IoT Core and MQTTGustavo Zastrow - Introduction to AWS  IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
GustavoRuizZastrow
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth  - IoT network & ecosystem security attacks & secur...(Sacon) Sumanth Naropanth  - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
Priyanka Aash
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
Jiunn-Jer Sun
 
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Techsylvania
 
IoTSummit: Create iot devices connected or on the edge using ai and ml
IoTSummit: Create iot devices connected or on the edge using ai and mlIoTSummit: Create iot devices connected or on the edge using ai and ml
IoTSummit: Create iot devices connected or on the edge using ai and ml
Marco Dal Pino
 
Overblik over trådløs teknologi og designovervejelser
Overblik over trådløs teknologi og designovervejelserOverblik over trådløs teknologi og designovervejelser
Overblik over trådløs teknologi og designovervejelser
InfinIT - Innovationsnetværket for it
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
Prithwis Mukerjee
 
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk  Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk  Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Conclusion Connect enabling industry 4.0 with IoT
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
Amazon Web Services
 
Enterprise-Grade IoT Infrastructure and Connectivity on AWS
Enterprise-Grade IoT Infrastructure and Connectivity on AWSEnterprise-Grade IoT Infrastructure and Connectivity on AWS
Enterprise-Grade IoT Infrastructure and Connectivity on AWS
Amazon Web Services
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
ssuser8b324e
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
Eurotech
 
INTERNET OF THINGS.pptx
INTERNET OF THINGS.pptxINTERNET OF THINGS.pptx
INTERNET OF THINGS.pptx
Manikandan Kandasamy
 
Internet of things chapter2.pdf
Internet of things chapter2.pdfInternet of things chapter2.pdf
Internet of things chapter2.pdf
Rupesh930637
 
Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16
Mark Goldstein
 
the connection of iot with lora pan which enable
the connection of iot with lora pan which enablethe connection of iot with lora pan which enable
the connection of iot with lora pan which enable
neelamsanjeevkumar
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
The IOT Academy
 

Similar to (SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop (20)

Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptxConnecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
 
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS  IoT Core and MQTTGustavo Zastrow - Introduction to AWS  IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth  - IoT network & ecosystem security attacks & secur...(Sacon) Sumanth Naropanth  - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
 
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
 
IoTSummit: Create iot devices connected or on the edge using ai and ml
IoTSummit: Create iot devices connected or on the edge using ai and mlIoTSummit: Create iot devices connected or on the edge using ai and ml
IoTSummit: Create iot devices connected or on the edge using ai and ml
 
Overblik over trådløs teknologi og designovervejelser
Overblik over trådløs teknologi og designovervejelserOverblik over trådløs teknologi og designovervejelser
Overblik over trådløs teknologi og designovervejelser
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk  Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk  Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
Enterprise-Grade IoT Infrastructure and Connectivity on AWS
Enterprise-Grade IoT Infrastructure and Connectivity on AWSEnterprise-Grade IoT Infrastructure and Connectivity on AWS
Enterprise-Grade IoT Infrastructure and Connectivity on AWS
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
 
INTERNET OF THINGS.pptx
INTERNET OF THINGS.pptxINTERNET OF THINGS.pptx
INTERNET OF THINGS.pptx
 
Internet of things chapter2.pdf
Internet of things chapter2.pdfInternet of things chapter2.pdf
Internet of things chapter2.pdf
 
Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16
 
the connection of iot with lora pan which enable
the connection of iot with lora pan which enablethe connection of iot with lora pan which enable
the connection of iot with lora pan which enable
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 

More from Priyanka Aash

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 

More from Priyanka Aash (20)

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 

Recently uploaded

High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 

Recently uploaded (20)

High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 

(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop

  • 1. Practical Exploitation of IoT Networks and Ecosystems Sanjay V & Nitin Lakshmanan DEEP ARMOR www.deeparmor.com
 @deep_armor
  • 2. SACON 2020 Instructors Nitin Lakshmanan Senior Security Analyst Deep Armor Aujas Networks, Aricent/ Intel Sanjay V Security Analyst Deep Armor Deloitte
  • 3. SACON 2020 Agenda • IoT Architecture & Intro to IoT Security • Security Paradigms for the Building Blocks • Wireless Protocols • Hands-on Exercises • Security Development Life Cycle (SDLC) for IoT • Fun Hacking Activities • Summary Hacking Zigbee-style Wireless Sensor Networks Breaking Bluetooth Security Attacking Consumer IoT Ecosystems AWS IoT Core & Cloud Services Hands-on Exercises
  • 4. SACON 2020 Internet Of Things • Network of devices connected 
 to Internet • Connect, Collect and Exchange • Part of the fast growing electronic culture • Revolution in all the fields Connected People Connected Fleets Connected Infra Connected Markets Connected Assets Connected Products Network Data
  • 5. SACON 2020 Messy World of IoT Security • “Let me get the product out first” • “I’m paying a supplier for hardware/software. Security is their responsibility” • “We don’t store any confidential information” • “Let me worry about it if/when we get hacked” • “We are 100% secure (!)” • …
  • 6. SACON 2020 Attacks on IoT products
  • 7. SACON 2020 IoT Security & Businesses • Security is often seen as zero ROI • Impedes rapid prototyping and delivery (doesn’t have to) • Consumers will buy anyway • Poor awareness; Sometimes, lack of options • Liability laws are almost non-existent • Few that exist don’t hold water
  • 8. SACON 2020 Range / Power of protocols for IoT Protocol Power Range WiFi High Long Zigbee / Z-Wave Low Short to Mid BT / BLE Low Short LPWAN Low Long
  • 9. SACON 2020 Zigbee • Low data rate wireless applications • Smart energy, medical, home automation, IIoT • Two bands of operation: 868/915MHz and 2450MHz • Simpler & less expensive than Bluetooth • 10-100m range • Zigbee Alliance
  • 10. SACON 2020 Zigbee Security Model • Open Trust model (Device Trust Boundary) • Crypto protection only between devices • All services employ the same security suite
  • 11. SACON 2020 Practical Exploitation of IoT
 Wireless Sensor Networks (WSN)
  • 12. SACON 2020 Agenda • IEEE 802.15.4 (Layer 1 & 2 definitions for Zigbee) • Tools • Setup • Attack and Defense • Packet Generation • Sniffing and Injection • Packet Manipulation • Security Hardening
  • 13. SACON 2020 802.15.4 • IEEE standard for low-rate wireless personal area networks (LR-WPANs) • 6LoWPAN for IPv6 over WPANs • Zigbee extends 802.15.4 
 (wrapper services) Application Presentation Session Transport Network Data Link Physical Logical Link Control Media Access Control ZigbeeSpec
  • 14. SACON 2020 Attacking WSN • IoT product simulator • 802.15.4-based network • Packet sniffing, manipulation and injection • Goals: • Understanding basic packet header formats • Security models for protecting communication • Hardware and software tools for packet sniffing & injection
  • 15. SACON 2020 Challenges • Insufficient security research and documentation • Few testing/debugging platforms • Reliable ones are very expensive or obsoleted • Beta quality hardware at best • Took us weeks, studying blogs, asking questions, trial- and-error, … • Lots of future work possible. Wanna collaborate?
  • 16. SACON 2020 Generating & Analyzing IEEE 802.15.4 WSN packets (MAC Layer)
  • 17. SACON 2020 WSN Internals Payload DASRC SEQ NUM PAN ID DST Payload D A SRC SEQN U M PA NID D ST Attacker Gateway
  • 18. SACON 2020 Impact • Compromise integrity of sensor data • Spoof all legit devices in the network • Logistics & Asset Management - think Vaccine Transportation! • Medical Use Cases - Hospital monitoring • Security and Surveillance • Rapid emergency response for Industries • CVSSv3 Score: 9.3
  • 20. SACON 2020 Approach • We care about: • Integrity of data transmitted (bi-directional) • Confidentiality (sometimes) • Device attestation in the WSN • Crypto • IoT Platform Constraints • RAM and flash memory are often in KBs • Traditional crypto is way too intensive • Libraries — Few and proprietary
  • 21. SACON 2020 • Protecting data integrity is (should be) a key security objective • Use Crypto • Challenges • Need for HW Acceleration • Key provisioning and exchange • Traditional Public Key Crypto is often unacceptable • Nonce-based approaches are easy but insecure • We did not discuss: • Device Security Measures (Secure Boot, Secure FOTA, etc.) • Out of the box provisioning, device mapping and reuse • Key Management Summary
  • 22. SACON 2020 Consumer IoT Security
 &
 AWS-IoT Topics
  • 23. SACON 2020 Agenda • Consumer IoT • Case Study: “X” Fitness Band & “X” Wearable Technology device • Weaknesses in Smartphone Platforms <—> Wearables channels • Hands-on hacking of Bluetooth and BLE protocols • Hardening BLE • AWS IoT Core • Secure by Design and SDLC for IoT Platforms
  • 25. SACON 2020 Introduction • Wireless protocol for short range data exchange • BT: 1-100m • BLE: 10-600m • BLE is Light-weight subset of classic Bluetooth with low power consumption • RF range: 2.4 - 2.485 GHz • Maintained & Governed by the Bluetooth Special Interest Group (SIG) • Popular use cases: wearable devices, smart pay systems, healthcare, smart security systems etc
  • 26. SACON 2020 Bluetooth 5 Feature Bluetooth 5 Bluetooth 4.2 Speed Supports 2 Mbps Supports 1 Mbps Range 40m indoor 10m indoor Power Requirement Low High Message capacity 255 bytes 31 bytes • Latest version of BT and BLE Spec • Improvements to BLE • Aimed at IoT (especially consumer)
  • 27. SACON 2020 Bluetooth LE security Secure Simple Pairing (SSP) • Just Works: very limited/no user interface • Numeric Comparison: devices with display or yes/no button • Passkey Entry: 6 digit pin as the pass key • Out Of Band: Out of the band channel for key exchange to thwart MITM attacks • Network traffic is encrypted with AES-128
  • 29. SACON 2020 Attacking Wearable - Mobile Ecosystems Section A
  • 30. SACON 2020 Section B BLE Packet Analysis using Wireshark (“X” Popular fitness tracker)
  • 31. SACON 2020 Section B: Sniffing with Ubertooth
  • 32. SACON 2020 Summary • BT/BLE network packet analysis is easy • Market-available HW and SW • Many products do not enable the existing encryption mechanisms offered by the BT spec • At the very least, enable LTK-encryption
  • 33. SACON 2020 Section C Attacking BLE LTK Encryption
  • 36. SACON 2020 Agenda • IoT Services from Modern Cloud Vendors • AWS IoT Core • Setting up IoT Core with device simulators • Secure configuration • AWS Cloud Security Checks
  • 37. SACON 2020 • Managed cloud service for connected devices to interact with cloud applications • Amazon FreeRTOS — open-source OS for MCUs (low power & memory) • Connect and manage devices • Secure the communication • Process and Act • Monitor What is it?
  • 38. SACON 2020 Unshackling from Traditional SDLC
  • 39. SACON 2020 Security Development Life Cycle Security Architecture, Privacy Requirements Threat Modeling, Attack Trees & Data Access Reviews Focused Security Code Reviews & Privacy Planning Fuzzing, Penetration Testing, Privacy Sign-off Fix verification, Incident Response Planning Delta Security Assessment, Security for Continuous Integration/ Delivery Program Conception Design Implementation Pre-Launch Deployment Maintenance Reviews Reviews & Reports Reports Resolution & Sign-off Reports Device Mobile Cloud
  • 40. SACON 2020 Privacy • Why worry? • Global Markets • Country-specific guidelines • Ecosystems and overlapping policies GDPR!
  • 41. SACON 2020 Summary • Plethora of protocols & standards make IoT security messy • Make hardware & software for IoT comms undergo penetration testing • RZUSBStick works great. Also, ApiMote • Not much else • BT/BLE sniffing is very sketchy • Cloud Services giants & increasing number of IoT services • SDLC and Shift-left Ecosystem Protocols Integration Interoperability
  • 42. SACON 2020 www.deeparmor.com | @deep_armor | services@deeparmor.com SDLC Vulnerability Assessments Security Consulting Trainings