Downloaded 270 times
Uploaded byWSO2
Security challenges for IoT
The document discusses security challenges for internet of things (IoT) devices. It outlines three rules for IoT security: don't be dumb, think about what's different from traditional internet security, and be smart. What's different about IoT includes the long lifespan of devices which makes updates difficult, limited capabilities of small devices, and highly personal user data. The document recommends not relying on security through obscurity and considering cryptography options that can work on small devices like ECC. It also discusses secure protocols and identity management through federated identity as an option for authentication and authorization with IoT devices.
More Related Content
!["The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security](https://cdn.slidesharecdn.com/ss_thumbnails/01-shawnhenry-visionofiotsecurity20170412-170509161242-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Security challenges for IoT
![[TestWarez 2017] Securing the Internet of Things](https://cdn.slidesharecdn.com/ss_thumbnails/qfit2017nazimeksecuring-the-iot-180103212455-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service](https://cdn.slidesharecdn.com/ss_thumbnails/choreo-deck-250328074645-511dded7-thumbnail.jpg?width=640&height=640&fit=bounds)
Security challenges for IoT
- 1. Your Thing ispwnd Security Challenges for the Internet of Things Paul Fremantle CTO and Co-‐Founder, WSO2 @pzfreo #wso2 #wso2con
- 2. Firstly, does it even maAer?
- 4.
- 6. My three rules for IoT security • 1. Don’t be dumb • 2. Think about what’s different • 3. Do be smart
- 7. My three rules for IoT security • 1. Don’t be dumb – The basics of Internet security haven’t gone away • 2. Think about what’s different – What are the unique challenges of your device? • 3. Do be smart – Use the best pracQce from the Internet
- 9.
- 11.
- 12. So what is different about IoT? • The fact there is a device – Yes – its hardware! – Ease of use is almost always at odds with security • The longevity of the device – Updates are harder (or impossible) • The size of the device – CapabiliQes are limited – especially around crypto • The data – OXen highly personal • The mindset – Appliance manufacturers don’t always think like security experts – Embedded systems are oXen developed by grabbing exisQng chips, designs, etc
- 13. Physical Hacks APractical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
- 15. Or try this at home? hAp://freo.me/1g15BiG
- 16.
- 17. Hardware recommendaQons • Don’t rely on obscurity
- 18. Hardware recommendaQons • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity
- 19. Hardware RecommendaQon #2 • Unlocking a single device should risk only that device’s data
- 20.
- 21.
- 22. Crypto on small devices • PracQcal ConsideraQons and ImplementaQon Experiences in Securing Smart Object Networks – hAp://tools.ied.org/html/draX-‐aks-‐crypto-‐sensors-‐02
- 23.
- 24. ECC is possible (and about fast enough)
- 25. Crypto Borrowed fromChris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
- 26. Won’t ARM just solve this problem?
- 27. Cost maAers 8bits $5 retail $1 or less to embed 32 bits $25 retail $?? to embed
- 28.
- 29. SIMON and SPECK https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
- 30. Datagram Transport Layer Security (DTLS) • UDP based equivalent to TLS • hAps://tools.ied.org/html/rfc4347
- 31.
- 32. Passwords • Passwords suck for humans • They suck even more for devices
- 36. Why Federated IdenQty for Things? • Enable a meaningful consent mechanism for sharing of device data • Giving a device a token to use on API calls beAer than giving it a password – Revokable – Granular • May be relevant for both – Device to cloud – Cloud to app • “IdenQty is the new perimeter”
- 37.
- 38.
- 39. An Open Source IdenQty and EnQtlement Management Server Apache Licensed LDAP, JDBC, AcQve Directory, SCIM, SPML SAML2, OpenID Connect, WS-‐Trust, Kerberos OAuth 1.0/2.0, XACML 2.0, XACML 3.0 XDAS, Web Console, SOAP Admin MulQ-‐tenant, Clusterable, HA, 24x7 support 39 What is WSO2 IdenQty Server?
- 40. Other WSO2 technology to help you • WSO2 BAM – monitoring • WSO2 CEP – realQme fraud detecQon • WSO2 API Manager – securing API endpoints
- 41. Real Qme event processing
- 42. Are you settingup for the next privacy or security breach?
- 44. Exemplars • Shields • Libraries • Server Frameworks • Standards and Profiles
- 45. Summary • 1. Don’t be dumb • 2. Think about the differences • 3. Be smart • 4. Create and publish exemplars
- 46. WSO2 Reference Architecturefor the Internet of Things http://freo.me/iot-ra
- 47.