The shift from social network security to the social iot security
1. SRGE 2018 Internet of Things workshop – Cairo University, 12 July 2018
1
The Shift from Social Network Security to
the Social IOT Security
Presented By
Dr. Mohamed Torky
PHD in Computer Science (2018), Faculty of Science, Menoufyia University, Egypt.
Member in Scientific Research Group in Egypt (SRGE)
2. Agenda
2
1
• Introduction.
2
• Privacy Protection of Internet of People (IOP).
3
• Social Internet of Things (SIOT) is the Next Technology
4
• Open Security Challenges in SIOT
5
• Evolution of SIOT: Today, Tomorrow
3. Agenda
3
1
• Introduction.
2
• Privacy Protection in Internet of People (IOP).
3
• Social Internet of Things (SIOT) is the Next Technology
4
• Open Security Challenges in SIOT
5
• Evolution of SIOT: Today, Tomorrow
6. Agenda
6
1
• Introduction.
2
• Privacy Protection of Internet of People (IOP).
3
• Social Internet of Things (SIOT) is the Next Technology
4
• Open Security Challenges in SIOT
5
• Evolution of SIOT: Today, Tomorrow
25. Agenda
25
1
• Introduction.
2
• Privacy Protection of Internet of People (IOP).
3
• Social Internet of Things (SIOT) is the Next Technology
4
• Open Security Challenges in SIOT
5
• Evolution of SIOT: Today, Tomorrow
26. 26
According to The Social Internet of Things (SIOT)–
when social networks meet the IOT: Concept,
architecture and network characterization, the term
SIOT (Social internet of Things) has a different
definition from what you might expect. In short, it
doesn’t refer to smart objects that are connected to
social networks,, but rather to intelligent devices that
are able to create social relationships among them,
fact that leads to social networks of their own.
3. Social Internet of Things (SIOT) is the Next Technology.
27. 27
(1) Parental Object Relationship (POR):
is typically established among homogenous
objects - same generation devices made by
the same manufacturer.
3.1 Types of SIOT Relationships
28. 28
(2) Co-location Object Relationship (C-LOR)
Established among heterogeneous or homogenous
objects that share the same environment or goal.
3.1 Types of SIOT Relationships
29. 29
(3) Co-work Object Relationship (C-WOR):
Established between two or more devices whose
functionalities are combined to accomplish a
common goal. This type of relationship occurs
between objects that either need to touch each other
to achieve that goal, or need to be in close proximity
of one another
3.1 Types of SIOT Relationships
30. 30
(4) Ownership Object Relationship (OOR):
Occur between the smart devices of the same user
(smartphones, portable media players, video game
consoles, etc.)
3.1 Types of SIOT Relationships
31. 31
(4) Social Object Relationship (SOR):
Occur when the devices come in touch whenever
their owners meet. Smart objects belonging to
friends, classmates, coworkers and companions
could establish this type of relationship.
3.1 Types of SIOT Relationships
32. 32
IOT is Dramatically Enlarging
the Attack Surface, So, How to
Secure SIOT Platforms, is an
Open Challenge !!
33. Agenda
33
1
• Introduction.
2
• Privacy Protection of Internet of People (IOP).
3
• Social Internet of Things (SIOT) is the Next Technology
4
• Open Security Challenges in SIOT
5
• Evolution of SIOT: Today, Tomorrow
34. 34
4 .1. SIOT Attacks Surface
Insecure Mobile Interface
Insecure Web Interface
Lack of Encryption Protocol
Insecure Cloud Interface
Insecure Network services
Insecure Software/ Firmware
Poor Physical Security
35. 35
4 .2. SIOT is a Popular Platforms for Attackers
Computational capabilities, Increasing capabilities
of microcomputers and Internet Connection make
IOT devices a popular attack tool to Hackers:
IOT Device can be used to:
• Send Same Messages
• Coordinate an attack against a critical
Infrastructure
• Serve a Malware
• Work as a entry point within a corporate network
36. 36
4 .3. SIOT Attack Patterns
Botnets are already a major Threats…..
• IOT device can send a ThingBot within the
Social Internet of Things.
• Infected device can harm all connected
devices in SIOT network.
• Number of ThingBot software against smart
routers, TVs, network attached storage
devices, gaming devices are increasingly
growing.
Oops….. My refrigerator is sending Spam
Messages
37. 37
4 .3. SIOT Attack Patterns
A Linux worm (Linux.Darlloz) and Spike Botnets is
designed to target IOT Devices through DDoS…..
• Generate random IP Addresses and attempt to
use commonly used credentials to log into the
target device in SIOT .
• It send HTTP posts requests specially crafted ,
once compromised the target device , it
downloads the worm from a remote server and
start searching other target devices in SIOT
network.
• Once the worm has compromised a device, it kills
off access to any telnet service running .
Symantec detected Linux.Darlloz attack as
the first IOT malware
38. 38
4 .3. SIOT Attack Patterns
Hacking Smart watches…..
• Data sent between the Smart watches and an
android mobile phone can be intercepted.
• Easy to crack the authentication of smart watches
by brute force attacks as it use six digit PIN
Hacking Wearable Devices
39. 39
4 .3. SIOT Attack Patterns
Hacking Smart Meters…..
• In Spain, millions of smart meters are susceptible to
cyber attacks due to lack of proper security controls.
• Attacker can exploit the lack of security controls to
perform fraudulent activities with smart meters in
SIOT network
• Smart meters is designed with poor protected
Credentials.
• Attackers can modify device ID to impersonate other
customer or use the smart meter to launch attacks
against power network or harm other devices in the
SIOT of the houses or firms.
Smart meters can be hacked to hit the
National power network
40. Agenda
40
1
• Introduction.
2
• Privacy Protection of Internet of People (IOP).
3
• Social Internet of Things (SIOT) is the Next Technology
4
• Open Security Challenges in SIOT
5
• Evolution of SIOT: Today, Tomorrow
41. 41
More Than 50 billion Devices by 2020.
More Than 6 connected devices per
person.
By 2020 IOT will be more than the size
of smart phones , PC, Tablets,
Connected Cars and wearable devices.
We are rapidly evolving toward a world
where every thing will be connected
Number of security attacks will increase.
Privacy and security must be addressed
with untraditional mechanisms to secure
large SIOT networks.
PKI-based solution can be used to
improve IOT and SIOT security.
5. Evolution of SIOT: Today, Tomorrow