Dr. Maurice Dawson discusses security solutions for hyperconnectivity and the Internet of Things, highlighting the risks of interconnectivity that make devices susceptible to cyber-attacks. He explains key vulnerabilities associated with mobile devices and the implications of mass surveillance on privacy, particularly in the context of tools like the Tor network. The presentation emphasizes the need for effective countermeasures against cyber threats while addressing the ethical concerns surrounding anonymity and government surveillance.

1. Speaker: Dr. Maurice Dawson, SMIEEE, CSSLP, CGEIT, CCISO
Title: Security Solutions for Hyperconnectivity and the Internet of
Things
---
xxxSWE2016xxx

2. Speaker's Bio

3. Topics Covered
• SECURITY SOLUTIONS FOR
HYPERCONNECTIVITY AND
THE INTERNET OF THINGS
• NATION STATE : WHY
HYPERCONNECTIVITY IS AN
ISSUE
• ANONYMITY - SECRECY

4. SECURITY SOLUTIONS FOR
HYPERCONNECTIVITY AND
THE INTERNET OF THINGS

5. Security Solutions for Hyperconnectivity and the
Internet of Things
The Internet of Things describes a world in which
smart technologies enable objects with a network to
communicate with each other and interface with
humans effortlessly. This connected world of convenience
and technology does not come without its drawbacks, as
interconnectivity implies hackability. Security Solutions for
Hyperconnectivity and the Internet of Things offers insights
from cutting-edge research about the strategies and
techniques that can be implemented to protect against
cyber-attacks.

6. NATO Systems of Systems Example

7. Internet of Things

8. IoT Example

9. Internet of Everything
• Researchers at Cisco Systems
estimate that over 99 percent
of physical devices are still
unconnected and that there is
a market of $14.4 trillion.
• IoE is comprised of four key
things which are people, data,
and things built on the process.
• The model IoE is made up of
three types of connections:
People to Machine (P2M),
Machine to Machine (M2), and
People to People (P2P).

10. Military vs Commerical Hyperconnectivity
Standards - Directives: DoD 8500, DoD
8570, DoD 8140, RMF, DIACAP, ISO
15408, NIST Special Publications
Agencies: DoD, NIST, DISA, NSA, DIA,
STRATCOM, MDA, SMDC, AMCOM

11. Mobile Devices
Vulnerabilities - Threats
• Mobile phishing and
ransomware
• Using an infected mobile
device to infiltrate nearby
devices
• Cross-platform banking
attacks & convert
channels
• Social media
– "Gen Y is very social and
sharing culture"
Collett, S. (2014). Five new threats to your mobile
device security. Retrieved September 22, 2016, from
http://www.csoonline.com/article/2157785/data-
protection/five-new-threats-to-your-mobile-device-
security.html

12. Kali Linux - Bluetooth Applications
• Bluelog: A bluetooth site survey tool. It
scans the area to find as many discoverable
devices in the area and then logs them to a
file.
• Bluemaho: A GUI-based suite of tools for
testing the security of Bluetooth devices.
• Blueranger: A simple Python script that
uses i2cap pings to locate Bluetooth devices
and determine their approximate distances.
• Btscanner: This GUI-based tool scans for
discoverable devices within range.
• Redfang: This tool enables us to find
hidden Bluetooth device.
• Spooftooph: This is a Bluetooth spoofing
tool.

13. Kali Linux - Bluetooth Attacks
• Blueprinting: The process of footprinting.
• Bluesnarfing: This attack takes data from
the Bluetooth-enabled device. This can
include SMS messages, calendar info,
images, the phone book, and chats.
• Bluebugging: The attacker is able to take
control of the target's phone. Bloover was
developed as a POC tool for this purpose.
• Bluejacking: The attacker sends a
"business card" (text message) that, if the
user allows to be added to their contact list,
enables the attacker to continue to send
additional messages.
• Bluesmack: A DoS attack against Bluetooth
devices.

14. Social Media

15. Social Media
Vulnerabilities - Threats
• Text mining
• Behavior analysis
• Location analysis
• Pattern analysis
• Exploitation of
connections
OSS Tools
• R, Rapid Miner
• Open Web Analytics
(OWA)
• JasperReport
• BRIT
• Pentaho
• SpagoBI
• KNIME

16. Research - Social Media

17. Terrorist - Link Analysis

18. OSINT
Personal Twitter accounts provide
the ability to associate a specific
location. This location over time can
provide trends of locations visited
with time/date stamps. This can be
used to start developing a full
analysis on Tweeting trends from
particular locations, frequency of
location visits, and content analysis
through text mining.

19. OSINT - Extracting
EXIF

20. OSINT - Extracting
EXIF

21. OSINT - Extracting
EXIF

22. NATION STATE : WHY
HYPERCONNECTIVITY IS AN
ISSUE

23. ANONYMITY - SECRECY

24. TAILS OS
After the information released by
Edward Snowden, the world
realized about the security risks of
high surveillance from governments
to citizens or among governments,
and how it can affect the freedom,
democracy and/or peace. Research
has been carried out for the
creation of the necessary tools for
the countermeasures to all this
surveillance. One of the more
powerful tools is the Tails
system as a complement of The
Onion Router (TOR). Even though
there are limitations and flaws, the
progress has been significant and
we are moving in the right direction.

25. The Onion Router
(TOR)
• TOR project was set by the
government and developed by the
Defense Advanced Research Projects
Agency (DARPA) as a security measure
to avoid national and international
surveillance of the classified government
operations (Fagoyinbo & Babatunde,
2013).
• The National Security Agency (NSA)
has said that TOR is “the King of high
secure, low latency Internet
anonymity” (The Guardian, 2013). The
TOR project received an award for
projects of social benefit from the FSF
(Free Software Foundation) in 2010,
acknowledging it not only for the privacy
and anonymity that it provides, but also
for the freedom of access and
expression on the Internet granted to
millions of people, which has proved to
be pivotal in dissident movements
around the world (FSF, 2010).
• The Business Week magazine has
described it as one of the most effective
means to defeat surveillance around
the world (Lawrence, 2014).

26. Cyber Defense -
Cyber Intelligence

27. Cyber Security Workforce

28. IASE DISA STIGs
Operating Systems
Network Appliances
Mobile Devices

30. Unmanned Systems
Inceptance of surveilance
Change of flight plans
Correupt VMs for GCS
Jam comms

31. Justin Kolker
INFSYS 6858

32. Justin Kolker
INFSYS 6858

33. Justin Kolker
INFSYS 6858

34. Justin Kolker
INFSYS 6858

35. Justin Kolker
INFSYS 6858

36. Alexandra Loehr
INFSYS 6858

37. Alexandra Loehr
INFSYS 6858

38. Alexandra Loehr
INFSYS 6858

39. Alexandra Loehr
INFSYS 6858

40. Alexandra Loehr
INFSYS 6858

41. Dr. Maurice Dawson
University of Missouri - St. Louis
228 Express Scripts Hall,
One University Blvd
St. Louis, MO 63121-4400
Email: dawsonmau@umsl.edu