The document discusses security challenges for the Internet of Things (IoT). It begins with an introduction to IoT and then discusses some of the enabling technologies like RFID, sensors, and nanotechnology. It also covers various applications of IoT such as smart cities, smart homes, smart farms, and e-healthcare. The document then outlines why IoT security is difficult due to issues like wireless communication, physical insecurity of devices, lack of standards, and classic internet threats. It also discusses some threats to IoT systems and potential security approaches like designing for security and implementing identity management. In the end, it provides some basic security precautions and thoughts on ongoing development of technologies and protocols for IoT security.

1. Security challenges for
Internet of things
A Place Where Machines talk to Machines

2. Welcome!
 Monika Keerthi
 III B.Tech , InformationTechnology
 Sree Vidyanikethan Engineering College
 Email: monikakeerthi95@gmail.com

3. What I’m
going to say
1. Internet ofThings
2. State of the Art of IOT
3. Applications of IOT
4. Internet of Things security is Hard!
5. There are some challenges.
6. There are new threats.
7. There are some new technologies to play with.
8. Future of IOT

4. What is Internet of
Things?
IOT means…A PlaceWhere Machines talk to Machines

5. Internet of
Things
 A network of Physical Objects that can interact with
each other to share information and take Action.
 The term was first proposed by Kevin Ashton in 1999.
 The concept of IOT first became popular at the Auto-
ID center, MIT.
 IOT can also be pronounced as Machine to Machine
(M2M) Technology.

6. The state of the art
Some of it, enabling technologies.

7. Enabling
Technologies
RFID Sensor SmartTech NanoTech
To identify
and track
the data of
things
To collect
and process
the data to
detect the
changes in
the physical
status of
things
To enhance the
power of the
network by
evolving
processing
capabilities to
different part
of the network.
To make the
smaller and
smaller things
have the
ability to
connect and
interact.

8. Applications of IOT
Some of them are…

9. Application
Areas
SmartCities
Smart
Environment
Smart
Energy
Smart
Agriculture
E-Health Retail Logistics
Industrial
Control

10. Smart Home

11. Smart Cars

12. E-Healthcare

13. Smart Farms

14. Why is IOT security
difficult?
And is there anything we can do about it?

15. Because…
1. Wireless communication
2. Physical insecurity
3. Constrained devices
4. Potentially sensitive data
5. Lack of standards
6. Heterogeneity: weakest link problem
7. A systems, not software problem
8. Classic web / internet threats
9. Identity management & dynamism
10. Inconvenience and cost

16. But really…
It’s because we don’t know how to do it.
Yet.

17. Threats to IOT systems
Adapted from "Security Considerations in the IP-based Internet of
Things“ - Garcia-Morchon et al.
http://tools.ietf.org/html/draft-garcia-core-security-05

18. Threats • Can be modified (firmware / OS / middleware)
• Can be decompiled to extract credentials
• Can be exhausted (denial of service)
• Eavesdropping
• Man-in-the-middle attacks
• Rerouting traffic
• Theft of bandwidth
• Can be stolen
• Can be modified
• Can be replaced
• Can be cloned
The physical devices
The software
The network

19. The Insecurity
ofThings
Easy way to crack into IOT networks
• Hackers can find the system they want to attack via Shodan,
a search engine for scada systems and connected devices
• Then they can target the laptop of staff, via phishing emails to inject
malware and take control of the machine that talks to the scada system.
• Use XSS-cross site scripting-infecting a legitimate web page with
malicious client-side Script.
• Go to portforward.com and look up the default username and passwords.
• Possible points of entry for a hacker are through bluetooth, a cellular
network, the monitor and even music files

22. Google
Hacking

23. http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/

24. Securing the
whole
lifecycle
 Design
 Production
 Bootstrapping
 Monitoring
 Reconfiguration
and recovery
 Decommission

25. TheWebinos approach
An open source, cross device, browser based
web platform for running applications on and across
multiple devices

26. What does it
give you
 Open Web Application Platform
 Cross Device Communication Protocols
 A privacy framework

27. 27
Internet
PZH
(Personal Zone Hub)
Security Policy
PZH
(Personal Zone Hub)
Security Policy
Hub: Zone
gateway,
24x7 avail.
Inter-zone comm
peer to peer
Getting the most out of personal devices
Multi-screen/multi-device apps
“Getting gadgets talking”
PZP
PZP
PZP
PZP
PZP
PZP
PZP
PZP
PZP
PZP
PZP
Personal Zone
Proxy:
simultaneously
client and server
How it works
Personal zones - Interconnecting devices, apps and resources
• TLS and a device PKI
• Attribute-based access control
• Web identity and authentication
• “Personal zone” model

28. How it is useful

29. Webinos
Security
 Central administration and recovery
 Device authentication
 Identity management
 OpenID and web login mechanisms used
for identity
 Secure communication
 Mutually authentication & encrypted
communication
 Privacy policies to specify data usage
controls

30. Future of IOT

31. Some Important Links
 IEEE World Forum
http://sites.ieee.org/wf-iot/
 Cisco World Forum
http://blogs.cisco.com/ioe/
 http://internetofthings.electronicsforu.com
Google’s IoT Projects
 Google Glass : Wearable computer
 Waze : An intelligent GPS navigation
and traffic management tool
 Nest : Smart Thermostat and Smoke
alarm
 Open Automotive Alliance(OAA) :
An android operating system for
automobiles

32. Case study-
VeraLite
• VeraLite is an embedded device that sits on a home network and can
be used to control other systems connected to it.
• It doesn’t require a username and password. Any one on the local
network can access it.
• Even if the device owner does create a username and password, the
device can still be controlled using the Universal Plug and Play(UPnP)
protocol,which doesn’t have built-in support for authentication.
• If someone has a VeraLite on their home network and they are at
home , they can be tricked into visiting a web page that instructs their
browser to set up a backdoor on theirVeraLite device using UPnP.
• VeraLite’s UPnP functionality allows one to execute arbitrary code on
the device as root,the highest-privileged account type,giving them
complete control over the system

33. Case study-
Stuxnet-worm
 An infected USB stick is plugged into a system.
 It then infects all the windows machines. A fake digital certificate
is used to avoid detection.
 A check is made to see if a machine is part of the targeted
industrial control system made by siemens.(High speed
centriguges in iran)
 The worm compromises the target systems logic controllers,
exploiting zero day vulnerabilities.
 The worm collects data on the operations of the targeted system.
 This data is used to then take over control of the centrifuges
making them spin endlessly and fail.
 At the same time it provides false information to the monitoring
systems ,so on one suspects something.

34. My three rules
for IoT security
 1. Don’t be dumb
 The basics of Internet security haven’t gone away
 2.Think about what’s different
 What are the unique challenges of your device?
 3. Do be smart
 Use the best practice from the Internet

35. Basic
precautions
• Change the default password of the router .Select a password which is
not easy to guess.
• Install trusted and well known anti-virus and spyware’.
• Check your router if any unknown services are running.
• Avoid downloading strange or suspicious files.
• Update your OS and anti-virus regularly.
• Install all patches as provided by the manufacturer.
• Check security certificates in case of doubt

36. Thoughts to
leave you with.
 Many new technologies and protocols are being developed
 IOT requires systems security

37. References
1. Rodrigo Roman, Jianying Zhou, Javier Lopez:”On the features and challenges of
security and privacy in distributed internet of things”.Institute for Infocomm
Research,in Elsevier journal,singapore 2013
2. Chakib Bekera:’Security and challenges for IOT”,center for development and
technologies,in Elsevier journal,Baba Hassen,Alger,Algeria,2014.
3. Antonio Marcos Alberti, Dhananjaysingh: “Internetofthings: perspectives.
challenges and opportunities” Instituto nacional de
telecommunicacoes,MinasGerais,Brazil, Department of Electronics
engineering,south korea
4. Hui Suo,Jiafu Wan,Caifeng Zou,Jianqi Liu:”Security in the Internet of things”
Guangzhou,china
5. Kevin Ashton:That ‘‘Internet of Things’’ Thing. In: RFID Journal, 22. Juli 2009.
Abgerufen am 8. April 2011.
6. Tobias Heer,Oscar Garcia-Morchon,Rene Hummen,Sye Loong Keoh,Sandeep
S.Kumar and Klaus Wehrle:”Security challenges in the IP based Internet of
things”, In sringer journal,Netherlands.
7. Cisco: Over 50 billions of devices connected to Internet
http://blogs.cisco.com/news/the-internet-of-things-infographic/

38. monikakeerthi95@gmail.com