SlideShare a Scribd company logo

Securing the Internet of Things

Syam Madanapalli
Syam Madanapalli

Securing the IoT is complex given that the the devices are constrained and applications are deployed to work with the physical world. In this, presentation, I have proposed a set of design guidelines for securing the IoT Applications

Internet
1 of 25
Download to read offline
SECURING THE INTERNET OF THINGS SYAM MADANAPALLI | CHAIR, IEEE P1931.1
THE INTERNET OF THINGS The Context Data & Analytics Information & ActionsThe State BLE,ZigBee,WiFi TheEnvironment Insights&Workflow Ethernet/LTE/FTH RESTAPI The Roof The CloudThe Things The Apps & Services 2
IOT SECURITY IS COMPLEX 3 Constrained Devices Big Scale Tech Illiterates Lack of UI & challenging to configure, prone to errors and easy to attack Applications & devices are personal, and involves humans & physical world Variety of devices, protocols, & applications Big Impact Safety & economic risks, loss of privacy and business interruptions
THE CONSTRAINED DEVICES Provide an indirection for computing resources. 4 Limited Power Limited Bandwidth Limited Computing Cannot protect themselves. Vulnerable to DoS attacks
THE END USERS ARE TECH ILLITERATES Reduce the technology complexity and ease their role. Lack of knowledge, transparency and impact Loss of privacy, and safety & economic risks Secure Provisioning Privacy Management 5
Make them autonomous, decentralized & resilient. THE SCALE 6 Bigger Attack Space Big Data Day-to-Day Usage Diversity Lack of Experience Variety of protocols, devices, applications, environments users, vendors. More personal Realtime information Poor design
THE BIG IMPACT Business interruption, Damage to reputation & economic risks Theft of Personal Data Safety Risks Hijacking Physical Assets Allow communication to IoT applications only from trusted sources! 7
WHO IS RESPONSIBLE FOR THE SECURITY? Standards will bring the ecosystem together to build the secure systems. 8 Device Manufacturers Software Vendors Network Builders Service Providers Policy Makers
THE NEED FOR AN IOT SECURITY STANDARD 9 Need to be a standard Differentiator Applications/Services IoT Services Devices IoT Security Scalable and trustworthy IoT applications require a security standard with a minimal set of protocols & Businesses should compete on application/Service level innovation!
IOT SECURITY != CYBER SECURITY 10 Secure Provisioning + Secure Key Management + Authentication & Authorization + Secure Communication Network Security = IoT Security Root of Trust Network Security Secure Software Updates Privacy
A NEW THINKING FOR IOT SECURITY Indirection Computing assistance Resilient Ability to isolate & recover Accountability Ability to prosecute Autonomy Function independently Decentralized Dispersed functions 11
A FEDERATED ARCHITECTURE A learning from human evolution for distributed security architecture. 12 Homes Cities States The World Self protection, best practices Enforcement by the state law Cooperation & coalition Global cooperation & programs
SECURING THE INTERNET OF THINGS Uninternetting Don’t expose things over the Internet Indirection Move security computing one level up Security Gate Allow only trusted sources Security Fusion Contextual analysis Multi Factor Authentication Extra layers of security A combination of these would help in building robust protection against the threats. 13
UN-INTERNETTING The Roof The Local ServerThe Things The Passive Cloud Intermittent Connectivity Always-on Connectivity 14
IOT SECURITY BY INDIRECTION Communication Security Negotiation Resource Owner Security Manager Resource ServerClient Security Provisioning Security Provisioning Security Provisioning Security Provisioning Cloud Roof Things 15
SECURITY GATE - SECURITY SERVICES 16 Trusted Environment Security Service Provider IPSec Tunnels The Internet Cloud Apps Roof Trusted Party (PKI) Untrusted Party
PKI FOR IDENTITY PKI binds public keys with respective identities of entities/actors. Security Service Provider IPSec Tunnels Validation Authority Roof Trusted Party Certification Authority Requesting Authority Blockchain Secure Communication 17
SECURITY FUSION Security Fusion Security by design Contextual analysis Multi factor authentication Prevent DoS attack on devices Minimize device computing 18 Authorization Authentication Channel Security Security Fusion Security Management Root of Trust
SECURING THE NETWORK SEGMENTS CloudPAN WANLAN Internet IPSec Tunnel CoAP/UDP/DTLS/IPv6 IPSec Tunnel WiFi/ Ethernet BB/LTE/MPLS OTAE BLE,802.15.4,WiFi SSPEdge Router Apps 19
ROOT OF TRUST & AUTOCONFIGURATION HW Root of Trust* Device ID Ownership Owner ID Device Configuration & Service Identification Service Enablement Blockchain/ Trusted Database PKI 20
CLASSES OF IOT DEVICES 21 Class 0 Class 1 Class 2 RAM, ROM, IP < 10KB, 100KB, No IP ~ 10KB, 100KB, CoAP ~ 50KB, 250KB, IPv6, HIP Cryptography Over the air Symmetric cryptography PKI based Protection One level up Assisted at one level up Self and services at one level up Interface IoT Services Security Provisioning and Services Security Services Applications Only for trusted environments Battery powered under the Roof Mains powered & standalone devices
FUNCTIONAL ASPECTS OF IOT SECURITY 22 Channel Security - Protect the communication path Cooperation - share information and learn best practices Security Fusion - Detect, block and report unauthorized access attempts Root of Trust - Secure boot capabilities Security Management - key management, policies, security updates Security Services - protect the resources and manage vulnerabilities Data Protection - Protect the data at rest in the servers and equipment Identify, Authentication and Authorization - Allow access only to authorized entities & accountability Security Bootstrapping - Initial security configuration and procedures These need to be supported for constrained devices in constrained environments. Secure Software Updates - Secure updates for bugs, vulnerabilities and feature additions
PRIVACY MANAGEMENT Informed Decision Making End-to-End Transparency Weighing Privacy vs. Benefits Contextual Awareness Privacy by Design Government Regulations 23
STRATEGIC PRINCIPLES FOR IOT SECURITY * United States Department of Homeland Security, November 2016 Incorporate security at the design phase Promote security updates and vulnerability management Build on proven security practices Prioritize security measures according to potential impact Promote transparency across IoT Connect carefully and deliberately 1 2 3 4 5 6 24
THANK YOU! SMADANAPALLI@GMAIL.COM | @SMPALLI

Recommended

IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
noornabi16
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
Anastasios Economides
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 

Recommended

IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
noornabi16
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
Anastasios Economides
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
University of Ontario Institute of Technology (UOIT)
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
SKS
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Internet of Things- Applications
Internet of Things- ApplicationsInternet of Things- Applications
Internet of Things- Applications
Ravindra Dastikop
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Introduction to IoT (Internet of Things)
Introduction to IoT (Internet of Things)Introduction to IoT (Internet of Things)
Introduction to IoT (Internet of Things)
Octal Info Solution Pte Ltd
 
CEH-brochure.pdf
CEH-brochure.pdfCEH-brochure.pdf
CEH-brochure.pdf
kaouthermejri
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
The future of IOT
The future of IOTThe future of IOT
The future of IOT
Arti Parab Academics
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
IoT, Careers, and Skills
IoT, Careers, and SkillsIoT, Careers, and Skills
IoT, Careers, and Skills
Syam Madanapalli
 
IoT Standards: The Next Generation
IoT Standards: The Next GenerationIoT Standards: The Next Generation
IoT Standards: The Next Generation
ReadWrite
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
The Avi Sharma
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
abdullah roomi
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET Journal
 

More Related Content

What's hot

Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 

What's hot (20)

A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Internet of Things- Applications
Internet of Things- ApplicationsInternet of Things- Applications
Internet of Things- Applications
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Introduction to IoT (Internet of Things)
Introduction to IoT (Internet of Things)Introduction to IoT (Internet of Things)
Introduction to IoT (Internet of Things)
 
CEH-brochure.pdf
CEH-brochure.pdfCEH-brochure.pdf
CEH-brochure.pdf
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
The future of IOT
The future of IOTThe future of IOT
The future of IOT
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
IoT, Careers, and Skills
IoT, Careers, and SkillsIoT, Careers, and Skills
IoT, Careers, and Skills
 
IoT Standards: The Next Generation
IoT Standards: The Next GenerationIoT Standards: The Next Generation
IoT Standards: The Next Generation
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
 

Similar to Securing the Internet of Things

Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
SubmissionResearchpa
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
IJCSIS Research Publications
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
Hans Klos
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
Onkar Sule
 

Similar to Securing the Internet of Things (20)

Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Introduction to roof computing by Nishant Krishna
Introduction to roof computing by Nishant KrishnaIntroduction to roof computing by Nishant Krishna
Introduction to roof computing by Nishant Krishna
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Information Security
Information SecurityInformation Security
Information Security
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
Internet of Things, OWASP & WAF
Internet of Things, OWASP & WAF Internet of Things, OWASP & WAF
Internet of Things, OWASP & WAF
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Challenges of the io t v1
Challenges of the io t v1Challenges of the io t v1
Challenges of the io t v1
 

More from Syam Madanapalli

IoT for a Better World by Syam Madanapalli
IoT for a Better World by Syam MadanapalliIoT for a Better World by Syam Madanapalli
IoT for a Better World by Syam Madanapalli
Syam Madanapalli
 

More from Syam Madanapalli (20)

IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
The role of edge computing
The role of edge computingThe role of edge computing
The role of edge computing
 
IEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof ComputingIEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof Computing
 
Embracing the VUCA
Embracing the VUCAEmbracing the VUCA
Embracing the VUCA
 
Water Distribution Management - A Design by High School Kids
Water Distribution Management - A Design by High School KidsWater Distribution Management - A Design by High School Kids
Water Distribution Management - A Design by High School Kids
 
Child Safety - A Design by Kids using IoT
Child Safety - A Design by Kids using IoTChild Safety - A Design by Kids using IoT
Child Safety - A Design by Kids using IoT
 
Realizing the Potential of Connected World
Realizing the Potential of Connected WorldRealizing the Potential of Connected World
Realizing the Potential of Connected World
 
The Impact of IoT on Cloud Computing, Big Data & Analytics
The Impact of IoT on Cloud Computing, Big Data & AnalyticsThe Impact of IoT on Cloud Computing, Big Data & Analytics
The Impact of IoT on Cloud Computing, Big Data & Analytics
 
Building Smart Cities with Everything as a Service
Building Smart Cities with Everything as a ServiceBuilding Smart Cities with Everything as a Service
Building Smart Cities with Everything as a Service
 
Innovating the Smart Cities
Innovating the Smart CitiesInnovating the Smart Cities
Innovating the Smart Cities
 
IoT Primer for High School Students
IoT Primer for High School StudentsIoT Primer for High School Students
IoT Primer for High School Students
 
IoT for a Better World by Syam Madanapalli
IoT for a Better World by Syam MadanapalliIoT for a Better World by Syam Madanapalli
IoT for a Better World by Syam Madanapalli
 
Internet of Things, Innovation and India by Syam Madanapalli
Internet of Things, Innovation and India by Syam MadanapalliInternet of Things, Innovation and India by Syam Madanapalli
Internet of Things, Innovation and India by Syam Madanapalli
 
How to Build an IoT Startup - Syam @IEEE TENSYMP 2015
How to Build an IoT Startup - Syam @IEEE TENSYMP 2015How to Build an IoT Startup - Syam @IEEE TENSYMP 2015
How to Build an IoT Startup - Syam @IEEE TENSYMP 2015
 
IoT - Make in India: Challenges and Opportunities
IoT - Make in India: Challenges and OpportunitiesIoT - Make in India: Challenges and Opportunities
IoT - Make in India: Challenges and Opportunities
 
iRam Innovation - Automate Your Home With Just a Switch
iRam Innovation - Automate Your Home With Just a SwitchiRam Innovation - Automate Your Home With Just a Switch
iRam Innovation - Automate Your Home With Just a Switch
 
India, Internet of things and the role of government
India, Internet of things and the role of governmentIndia, Internet of things and the role of government
India, Internet of things and the role of government
 
The internet of things
The internet of thingsThe internet of things
The internet of things
 
Next Generation Emergency Warning System
Next Generation Emergency Warning SystemNext Generation Emergency Warning System
Next Generation Emergency Warning System
 
Smart Grid With I Pv6 For India
Smart Grid With I Pv6 For IndiaSmart Grid With I Pv6 For India
Smart Grid With I Pv6 For India
 

Recently uploaded

一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
SS
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
c6eb683559b3
 
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
mikehavy0
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
AS
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
apekaom
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
AS
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
AS
 

Recently uploaded (20)

一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
A LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptx
A LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptxA LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptx
A LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptx
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
 

Securing the Internet of Things

  • 1. SECURING THE INTERNET OF THINGS SYAM MADANAPALLI | CHAIR, IEEE P1931.1
  • 2. THE INTERNET OF THINGS The Context Data & Analytics Information & ActionsThe State BLE,ZigBee,WiFi TheEnvironment Insights&Workflow Ethernet/LTE/FTH RESTAPI The Roof The CloudThe Things The Apps & Services 2
  • 3. IOT SECURITY IS COMPLEX 3 Constrained Devices Big Scale Tech Illiterates Lack of UI & challenging to configure, prone to errors and easy to attack Applications & devices are personal, and involves humans & physical world Variety of devices, protocols, & applications Big Impact Safety & economic risks, loss of privacy and business interruptions
  • 4. THE CONSTRAINED DEVICES Provide an indirection for computing resources. 4 Limited Power Limited Bandwidth Limited Computing Cannot protect themselves. Vulnerable to DoS attacks
  • 5. THE END USERS ARE TECH ILLITERATES Reduce the technology complexity and ease their role. Lack of knowledge, transparency and impact Loss of privacy, and safety & economic risks Secure Provisioning Privacy Management 5
  • 6. Make them autonomous, decentralized & resilient. THE SCALE 6 Bigger Attack Space Big Data Day-to-Day Usage Diversity Lack of Experience Variety of protocols, devices, applications, environments users, vendors. More personal Realtime information Poor design
  • 7. THE BIG IMPACT Business interruption, Damage to reputation & economic risks Theft of Personal Data Safety Risks Hijacking Physical Assets Allow communication to IoT applications only from trusted sources! 7
  • 8. WHO IS RESPONSIBLE FOR THE SECURITY? Standards will bring the ecosystem together to build the secure systems. 8 Device Manufacturers Software Vendors Network Builders Service Providers Policy Makers
  • 9. THE NEED FOR AN IOT SECURITY STANDARD 9 Need to be a standard Differentiator Applications/Services IoT Services Devices IoT Security Scalable and trustworthy IoT applications require a security standard with a minimal set of protocols & Businesses should compete on application/Service level innovation!
  • 10. IOT SECURITY != CYBER SECURITY 10 Secure Provisioning + Secure Key Management + Authentication & Authorization + Secure Communication Network Security = IoT Security Root of Trust Network Security Secure Software Updates Privacy
  • 11. A NEW THINKING FOR IOT SECURITY Indirection Computing assistance Resilient Ability to isolate & recover Accountability Ability to prosecute Autonomy Function independently Decentralized Dispersed functions 11
  • 12. A FEDERATED ARCHITECTURE A learning from human evolution for distributed security architecture. 12 Homes Cities States The World Self protection, best practices Enforcement by the state law Cooperation & coalition Global cooperation & programs
  • 13. SECURING THE INTERNET OF THINGS Uninternetting Don’t expose things over the Internet Indirection Move security computing one level up Security Gate Allow only trusted sources Security Fusion Contextual analysis Multi Factor Authentication Extra layers of security A combination of these would help in building robust protection against the threats. 13
  • 14. UN-INTERNETTING The Roof The Local ServerThe Things The Passive Cloud Intermittent Connectivity Always-on Connectivity 14
  • 15. IOT SECURITY BY INDIRECTION Communication Security Negotiation Resource Owner Security Manager Resource ServerClient Security Provisioning Security Provisioning Security Provisioning Security Provisioning Cloud Roof Things 15
  • 16. SECURITY GATE - SECURITY SERVICES 16 Trusted Environment Security Service Provider IPSec Tunnels The Internet Cloud Apps Roof Trusted Party (PKI) Untrusted Party
  • 17. PKI FOR IDENTITY PKI binds public keys with respective identities of entities/actors. Security Service Provider IPSec Tunnels Validation Authority Roof Trusted Party Certification Authority Requesting Authority Blockchain Secure Communication 17
  • 18. SECURITY FUSION Security Fusion Security by design Contextual analysis Multi factor authentication Prevent DoS attack on devices Minimize device computing 18 Authorization Authentication Channel Security Security Fusion Security Management Root of Trust
  • 19. SECURING THE NETWORK SEGMENTS CloudPAN WANLAN Internet IPSec Tunnel CoAP/UDP/DTLS/IPv6 IPSec Tunnel WiFi/ Ethernet BB/LTE/MPLS OTAE BLE,802.15.4,WiFi SSPEdge Router Apps 19
  • 20. ROOT OF TRUST & AUTOCONFIGURATION HW Root of Trust* Device ID Ownership Owner ID Device Configuration & Service Identification Service Enablement Blockchain/ Trusted Database PKI 20
  • 21. CLASSES OF IOT DEVICES 21 Class 0 Class 1 Class 2 RAM, ROM, IP < 10KB, 100KB, No IP ~ 10KB, 100KB, CoAP ~ 50KB, 250KB, IPv6, HIP Cryptography Over the air Symmetric cryptography PKI based Protection One level up Assisted at one level up Self and services at one level up Interface IoT Services Security Provisioning and Services Security Services Applications Only for trusted environments Battery powered under the Roof Mains powered & standalone devices
  • 22. FUNCTIONAL ASPECTS OF IOT SECURITY 22 Channel Security - Protect the communication path Cooperation - share information and learn best practices Security Fusion - Detect, block and report unauthorized access attempts Root of Trust - Secure boot capabilities Security Management - key management, policies, security updates Security Services - protect the resources and manage vulnerabilities Data Protection - Protect the data at rest in the servers and equipment Identify, Authentication and Authorization - Allow access only to authorized entities & accountability Security Bootstrapping - Initial security configuration and procedures These need to be supported for constrained devices in constrained environments. Secure Software Updates - Secure updates for bugs, vulnerabilities and feature additions
  • 23. PRIVACY MANAGEMENT Informed Decision Making End-to-End Transparency Weighing Privacy vs. Benefits Contextual Awareness Privacy by Design Government Regulations 23
  • 24. STRATEGIC PRINCIPLES FOR IOT SECURITY * United States Department of Homeland Security, November 2016 Incorporate security at the design phase Promote security updates and vulnerability management Build on proven security practices Prioritize security measures according to potential impact Promote transparency across IoT Connect carefully and deliberately 1 2 3 4 5 6 24