SlideShare a Scribd company logo

Understanding and Mitigating IoT Security Hazards

Mark Benson
Mark Benson

Mark Benson discusses understanding and mitigating security hazards in the IoT. He outlines that IoT poses both great threats and opportunities over the next 10 years. There are three main challenges to IoT security: resource constraints of devices, novel deployment topologies across networks, and new usage modes as devices are deployed, updated and retired. Security must be designed into products from the beginning and continuously improved over time as the landscape changes. Benson advocates for establishing secure processes throughout the product lifecycle to develop secure products and maintain brand integrity.

Technology
1 of 11
Download to read offline
Understanding and Mitigating IoT Security Hazards Mark Benson, CTO @markbenson IoT Developers Conference, 7 May 2015
The IoT threat and opportunity Recent Economist survey: Expect their company to be using IoT within 3 years “IoT is our single biggest threat AND biggest opportunity over the next 10 years” – Brand-name fortune 500 board of directors *Source:  ABI  Research,  Cisco,  Craig  Hallum  Es9mates   0   2   4   6   8   10   12   14   16   18   20   $0     $50     $100     $150     $200     $250     Devices  Billions   Market  Size  Billions   Big  Data  Analy4cs  (53%   CAGR)   Connected  Device  PlaCorms   (33%  CAGR)   PlaCorms  (33%  CAGR)   Applica4on  Enablement   PlaCorms  (32%  CAGR)   Value  Added  Services  (26%   CAGR)   System  Integra4on  Services   (24%  CAGR)   Hardware  (23%  CAGR)   Connec4vity  (12%  CAGR)   Internet-­‐connected  devices   (Cisco  Es4mate)   95%
The Internet of Things? More like the Internet of Attack Vectors •  Attack surfaces are expanding rapidly •  Physical access to systems is becoming easier •  Consumer privacy concerns are rising •  Consequences of a breach are becoming more severe (critical infrastructure, brand deterioration, data privacy issues, etc.) •  Product companies are being forced outside of their comfort zones •  Three dimensions that make IoT security challenging…
1. Resource constraints MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP DTLS/UDP CoAP Binary Data MAC/PHY IP DTLS/UDP CoAP Binary Data SensorMAC/PHY Binary DataRest Use Motion Motion Motion Use Use Use Rest Rest Enterprise Web Services IoT Data Platform Gateway or Aggregator Sensing Node Has moderate resource constraints Has severe resource constraintsDeals with resource constraintsHas virtually no resource constraints Network MAC/PHY Binary Data Network
2. Deployment topologies Gateway IoT Cloud Gateway On-prem Gateway IoT CloudOn-prem Gateway IoT CloudOn-prem Analytics Analytics Sensors Short RF Gateways On-prem SW Long-haul Cloud Platform Analytics platform A. No cloud D. Closed network C. Multi-site E. Comprehensive B. Standard Local Display
3. Usage modes • Device cloud registration * Secure authentication * Secure API transports * Secure storage Initialization Operation Modification Retirement1 2 3 4 • Secure flash * OTP parts * Secure boot * Secure provisioning • Secure firmware updates * Disable test/debug interfaces * Factory defaults fallback * Disable test interfaces • Secure change of ownership • Device de-registration process • Optionally reenable retired devices • Secure encryption key deletion Things  to  note  about  IoT  usage  modes  that  affect  security:   1.  Some  modes  are  normal  and  standard  solu5ons  exist   2.  Some  modes  are  new  and  standards  are  s5ll  emerging   3.  Some  modes  are  becoming  more  vulnerable  due  to  resource  constraints  
Usage Modes Sim ple NovelStandard D eploym entTopologies C om plex Resource Constraints High Low The  IoT  security  problem  area   A.  High  resource  constraints   B.  Complex  deployment  topologies   C.  Novel  usage  modes   Mo’ IoT, mo’ problems
The 4th dimension: time Now we have a Tesseract The  difficulty  with  IoT  security  is  that   the  landscape  is  constantly  changing,   even  aYer  products  are  deployed     Security  should  be  designed  for  from   the  beginning  and  embraced  as  a   journey  throughout     It  starts  with  a  process…   Modes Topologies Constraints Time
The web you should be weaving Secure processes => secure products => secure brand integrity Security Requirements Planning Design Implementation Verification Validation Deployment Operations Risk Analysis Threat Modeling Secure Design Practices Security-Focused Design Reviews Secure Coding Practices Third Party Security Audit Security-Focused Testing User Testing to Expose Weakpoints Penetration Testing Secure Deployment Practices Operational Risk Assessment Incident Response Preparedness Vulnerability Management Training and awareness Information Security Management System (ISMS) policies, procedures, and compliance audits Corporate strategy, governance, metrics, and optimization
Conclusion Takeaways: 1.  Security processes. Have a security architecture from the beginning and evolve throughout (constraints, topologies, modes) 2.  Technology selection. Make informed technology selections from the beginning that are aligned with security goals for the company and product 3.  Operations planning. Plan and prepare for how you will respond if and when a security incident occurs in the field Checklists •  http://owasp.org/ •  http://builditsecure.ly/ Embrace the journey
Thank you Mark Benson @markbenson

Recommended

IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
Exosite
 
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT WorldOWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
Seungjoo Kim
 
Vulnerabilities in Android
Vulnerabilities in AndroidVulnerabilities in Android
Vulnerabilities in Android
Birju Tank
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
SyedImranAliKazmi1
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
 

Recommended

IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
Exosite
 
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT WorldOWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
Seungjoo Kim
 
Vulnerabilities in Android
Vulnerabilities in AndroidVulnerabilities in Android
Vulnerabilities in Android
Birju Tank
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
SyedImranAliKazmi1
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
Evento 15 aprile
Evento 15 aprileEvento 15 aprile
Evento 15 aprile
Lan & Wan Solutions
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
Charles Li
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
CableLabs
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 BudgetBroke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Paul Melson
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
 
Mcq arya. s 24 cyber privacy
Mcq arya. s 24 cyber privacyMcq arya. s 24 cyber privacy
Mcq arya. s 24 cyber privacy
ARYAS87
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
Take a Holistic Approach to Securing Connected Manufacturing
Take a Holistic Approach to Securing Connected ManufacturingTake a Holistic Approach to Securing Connected Manufacturing
Take a Holistic Approach to Securing Connected Manufacturing
Insight
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
Dell EMC World
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
HildebrandTech
 

More Related Content

What's hot

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
Evento 15 aprile
Evento 15 aprileEvento 15 aprile
Evento 15 aprile
Lan & Wan Solutions
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
Charles Li
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
CableLabs
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 BudgetBroke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Paul Melson
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
 
Mcq arya. s 24 cyber privacy
Mcq arya. s 24 cyber privacyMcq arya. s 24 cyber privacy
Mcq arya. s 24 cyber privacy
ARYAS87
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
Take a Holistic Approach to Securing Connected Manufacturing
Take a Holistic Approach to Securing Connected ManufacturingTake a Holistic Approach to Securing Connected Manufacturing
Take a Holistic Approach to Securing Connected Manufacturing
Insight
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 

What's hot (20)

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
 
Evento 15 aprile
Evento 15 aprileEvento 15 aprile
Evento 15 aprile
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 BudgetBroke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 Budget
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
Mcq arya. s 24 cyber privacy
Mcq arya. s 24 cyber privacyMcq arya. s 24 cyber privacy
Mcq arya. s 24 cyber privacy
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
Take a Holistic Approach to Securing Connected Manufacturing
Take a Holistic Approach to Securing Connected ManufacturingTake a Holistic Approach to Securing Connected Manufacturing
Take a Holistic Approach to Securing Connected Manufacturing
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 

Viewers also liked

MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
Dell EMC World
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
HildebrandTech
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
Ericsson
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
gr9293
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
OWASP Delhi
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architecture
MachinePulse
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
Nuestra institución
Nuestra instituciónNuestra institución
Nuestra institución
pedrodavidsuarez
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
Sumit Sharma
 

Viewers also liked (13)

MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from Patents
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architecture
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Nuestra institución
Nuestra instituciónNuestra institución
Nuestra institución
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 

Similar to Understanding and Mitigating IoT Security Hazards

5 phases of IoT
5 phases of IoT5 phases of IoT
5 phases of IoT
Exosite
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
Vrince Vimal
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
Future of IoT: Key Challenges to Face
Future of IoT: Key Challenges to FaceFuture of IoT: Key Challenges to Face
Future of IoT: Key Challenges to Face
Altoros
 
Key challenges facing the future of IoT
Key challenges facing the future of IoTKey challenges facing the future of IoT
Key challenges facing the future of IoT
Ahmed Banafa
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
PrinceGupta789219
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
ssusera76ea9
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
North Texas Chapter of the ISSA
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
IRJET Journal
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
The IOT Academy
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security
SBWebinars
 
What I learned from RSAC 2019
What I learned from RSAC 2019What I learned from RSAC 2019
What I learned from RSAC 2019
Ulf Mattsson
 

Similar to Understanding and Mitigating IoT Security Hazards (20)

5 phases of IoT
5 phases of IoT5 phases of IoT
5 phases of IoT
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Future of IoT: Key Challenges to Face
Future of IoT: Key Challenges to FaceFuture of IoT: Key Challenges to Face
Future of IoT: Key Challenges to Face
 
Key challenges facing the future of IoT
Key challenges facing the future of IoTKey challenges facing the future of IoT
Key challenges facing the future of IoT
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security
 
What I learned from RSAC 2019
What I learned from RSAC 2019What I learned from RSAC 2019
What I learned from RSAC 2019
 

More from Mark Benson

The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...
Mark Benson
 
Building an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent DisasterBuilding an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent Disaster
Mark Benson
 
IoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common PitfallsIoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common Pitfalls
Mark Benson
 
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT RetrofitsImproving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Mark Benson
 
Enabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing TechnologyEnabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing Technology
Mark Benson
 
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Mark Benson
 
Future on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management SolutionsFuture on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management Solutions
Mark Benson
 
The Rise of Platforms in the IoT
The Rise of Platforms in the IoTThe Rise of Platforms in the IoT
The Rise of Platforms in the IoT
Mark Benson
 
A Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected ProductsA Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected Products
Mark Benson
 
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and DataDeveloping a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
Mark Benson
 
Business Analytics and the Internet of Things
Business Analytics and the Internet of ThingsBusiness Analytics and the Internet of Things
Business Analytics and the Internet of Things
Mark Benson
 
Industrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected ProductsIndustrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected Products
Mark Benson
 
Building Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product StrategyBuilding Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product Strategy
Mark Benson
 
Disruptive Innovation Through IoT
Disruptive Innovation Through IoTDisruptive Innovation Through IoT
Disruptive Innovation Through IoT
Mark Benson
 
Cloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersCloud 101 for Embedded Designers
Cloud 101 for Embedded Designers
Mark Benson
 
Introduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging TrendsIntroduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging Trends
Mark Benson
 
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Mark Benson
 
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Mark Benson
 
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Mark Benson
 
Android Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software StrategyAndroid Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software Strategy
Mark Benson
 

More from Mark Benson (20)

The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...
 
Building an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent DisasterBuilding an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent Disaster
 
IoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common PitfallsIoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common Pitfalls
 
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT RetrofitsImproving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
 
Enabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing TechnologyEnabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing Technology
 
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
 
Future on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management SolutionsFuture on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management Solutions
 
The Rise of Platforms in the IoT
The Rise of Platforms in the IoTThe Rise of Platforms in the IoT
The Rise of Platforms in the IoT
 
A Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected ProductsA Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected Products
 
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and DataDeveloping a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
 
Business Analytics and the Internet of Things
Business Analytics and the Internet of ThingsBusiness Analytics and the Internet of Things
Business Analytics and the Internet of Things
 
Industrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected ProductsIndustrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected Products
 
Building Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product StrategyBuilding Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product Strategy
 
Disruptive Innovation Through IoT
Disruptive Innovation Through IoTDisruptive Innovation Through IoT
Disruptive Innovation Through IoT
 
Cloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersCloud 101 for Embedded Designers
Cloud 101 for Embedded Designers
 
Introduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging TrendsIntroduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging Trends
 
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
 
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
 
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
 
Android Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software StrategyAndroid Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software Strategy
 

Recently uploaded

Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 

Recently uploaded (20)

Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 

Understanding and Mitigating IoT Security Hazards

  • 1. Understanding and Mitigating IoT Security Hazards Mark Benson, CTO @markbenson IoT Developers Conference, 7 May 2015
  • 2. The IoT threat and opportunity Recent Economist survey: Expect their company to be using IoT within 3 years “IoT is our single biggest threat AND biggest opportunity over the next 10 years” – Brand-name fortune 500 board of directors *Source:  ABI  Research,  Cisco,  Craig  Hallum  Es9mates   0   2   4   6   8   10   12   14   16   18   20   $0     $50     $100     $150     $200     $250     Devices  Billions   Market  Size  Billions   Big  Data  Analy4cs  (53%   CAGR)   Connected  Device  PlaCorms   (33%  CAGR)   PlaCorms  (33%  CAGR)   Applica4on  Enablement   PlaCorms  (32%  CAGR)   Value  Added  Services  (26%   CAGR)   System  Integra4on  Services   (24%  CAGR)   Hardware  (23%  CAGR)   Connec4vity  (12%  CAGR)   Internet-­‐connected  devices   (Cisco  Es4mate)   95%
  • 3. The Internet of Things? More like the Internet of Attack Vectors •  Attack surfaces are expanding rapidly •  Physical access to systems is becoming easier •  Consumer privacy concerns are rising •  Consequences of a breach are becoming more severe (critical infrastructure, brand deterioration, data privacy issues, etc.) •  Product companies are being forced outside of their comfort zones •  Three dimensions that make IoT security challenging…
  • 4. 1. Resource constraints MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP DTLS/UDP CoAP Binary Data MAC/PHY IP DTLS/UDP CoAP Binary Data SensorMAC/PHY Binary DataRest Use Motion Motion Motion Use Use Use Rest Rest Enterprise Web Services IoT Data Platform Gateway or Aggregator Sensing Node Has moderate resource constraints Has severe resource constraintsDeals with resource constraintsHas virtually no resource constraints Network MAC/PHY Binary Data Network
  • 5. 2. Deployment topologies Gateway IoT Cloud Gateway On-prem Gateway IoT CloudOn-prem Gateway IoT CloudOn-prem Analytics Analytics Sensors Short RF Gateways On-prem SW Long-haul Cloud Platform Analytics platform A. No cloud D. Closed network C. Multi-site E. Comprehensive B. Standard Local Display
  • 6. 3. Usage modes • Device cloud registration * Secure authentication * Secure API transports * Secure storage Initialization Operation Modification Retirement1 2 3 4 • Secure flash * OTP parts * Secure boot * Secure provisioning • Secure firmware updates * Disable test/debug interfaces * Factory defaults fallback * Disable test interfaces • Secure change of ownership • Device de-registration process • Optionally reenable retired devices • Secure encryption key deletion Things  to  note  about  IoT  usage  modes  that  affect  security:   1.  Some  modes  are  normal  and  standard  solu5ons  exist   2.  Some  modes  are  new  and  standards  are  s5ll  emerging   3.  Some  modes  are  becoming  more  vulnerable  due  to  resource  constraints  
  • 7. Usage Modes Sim ple NovelStandard D eploym entTopologies C om plex Resource Constraints High Low The  IoT  security  problem  area   A.  High  resource  constraints   B.  Complex  deployment  topologies   C.  Novel  usage  modes   Mo’ IoT, mo’ problems
  • 8. The 4th dimension: time Now we have a Tesseract The  difficulty  with  IoT  security  is  that   the  landscape  is  constantly  changing,   even  aYer  products  are  deployed     Security  should  be  designed  for  from   the  beginning  and  embraced  as  a   journey  throughout     It  starts  with  a  process…   Modes Topologies Constraints Time
  • 9. The web you should be weaving Secure processes => secure products => secure brand integrity Security Requirements Planning Design Implementation Verification Validation Deployment Operations Risk Analysis Threat Modeling Secure Design Practices Security-Focused Design Reviews Secure Coding Practices Third Party Security Audit Security-Focused Testing User Testing to Expose Weakpoints Penetration Testing Secure Deployment Practices Operational Risk Assessment Incident Response Preparedness Vulnerability Management Training and awareness Information Security Management System (ISMS) policies, procedures, and compliance audits Corporate strategy, governance, metrics, and optimization
  • 10. Conclusion Takeaways: 1.  Security processes. Have a security architecture from the beginning and evolve throughout (constraints, topologies, modes) 2.  Technology selection. Make informed technology selections from the beginning that are aligned with security goals for the company and product 3.  Operations planning. Plan and prepare for how you will respond if and when a security incident occurs in the field Checklists •  http://owasp.org/ •  http://builditsecure.ly/ Embrace the journey