(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
Security aspect of IOT.pptx
1. DEPARTMENT OF MECHANICAL ENGINEERING
BUDGE BUDGE INSTITUTE OF TECHNOLGY
NISCHINTAPUR, BUDGE BUDGE – 700137, W.B
January 2023
Topic for CA 1: “Security espects of IOT ”
Student Name Prince Gupta
University Roll No : 27600720034
Department : Mechanical Engineering
Year of Study : 4th Year 8 Semester
Subject Name : Analysis and performance
of Fluid Machines – ()
DEPARTMENT OF MECHANICAL ENGINEERING
BUDGE BUDGE INSTITUTE OF TECHNOLGY
NISCHINTAPUR, BUDGE BUDGE – 700137, W.B
January 2023
Topic for CA 1: “Security aspects in IoT”
Student Name Prince Gupta
University Roll No : 27600720034
Department : Mechanical Engineering
Year of Study : 4th Year 8 Semester
Subject Name :– Internet of things (OE-ME802H)
2. Table of Contents :
Security aspects
Security issues in the IoT
Security issues in the IoT
IOT vulnerabilities and security issues
Internet of Things security management
Source Reference
3. Security aspects
Security aspects are highly critical in designing and developing web
services. It is possible to distinguish at least two kinds of strategies for
addressing protective measures of the communication among web
services: security at the transport level and security at the message level.
Enforcing the security at the transport level means that the authenticity,
integrity, and confidentiality of the message (e.g., the SOAP message) are
completely delegated to the lower-level protocols that transport the
message itself from the sender to the receiver. Such protocols use public
key techniques to authenticate both the end points and agree to a
symmetric key, which is then used to encrypt packets over the (transport)
connection.
4. Security issues in the IoT
• Threats and risks
•Emerging issues
•The possible consequences of IoT attacks
5. Security aspects in IoT
1. Access Control
2. Privacy
3. Policy Inforcement
4. Secure middleware
5. Trust
6. Confidentiality
6. IOT vulnerabilities and security issues
C&C centers and APIs effectively manage day-to-day IoT operations. That said,
their centralized nature creates a number of exploitable weak spots, including:
Unpatched vulnerabilities – Connectivity issues or the need for end-
users to manually download updates directly from a C&C center often result in
devices running on outdated software, leaving them open to newly discovered
security vulnerabilities.
Weak authentication – Manufacturers often release IoT devices (e.g.,
home routers) containing easily decipherable passwords, which might be left in
place by vendors and end-users. When left open to remote access, these devices
become easy prey for attackers running automated scripts for bulk exploitation.
Vulnerable APIs – As a gateway to a C&C center, APIs are commonly
targeted by a variety of threats, including Man in the Middle (MITM), code
injections (e.g., SQLI), and distributed denial of service (DDoS) assaults. More
information about the implications of API-targeting attacks can be found here.
The dangers posed by exploitable devices can be broken into two categories:
threats that they pose to their users and threats that they pose to others.
7. Internet of Things security management
The sheer volume of Internet of Things devices makes their security a high
priority and is crucial for the future wellbeing of the internet ecosystem.
For device users, this means abiding by basic security best practices, such as
changing default security passwords and blocking unnecessary remote
access (e.g., when not required for a device’s functionality).
Vendors and device manufacturers, on the other hand, should take a
broader approach and invest heavily in securing IoT management tools.
Steps that should be taken include:
1.Proactively notifying users about devices running outdated software/OS
versions.
2.Enforcing smart password management (e.g., mandatory default password
changes).
3.Disabling remote access to a device, unless it’s necessary for core
functions.
4.Introducing a strict access control policy for APIs.
5.Protecting C&C centers from compromise attempts and DDoS attacks.
8. Getting from books and some of my own knowledge .
From Slideshare . (https://slideshare.net/)
https://www.imperva.com/learn/application-security/iot-
internet-of-things-security/