SlideShare a Scribd company logo

Omitola mapping-the-security-challenges of IoT

T
Tope Omitola

Security Challenges of the Internet of Things IoT

Education
1 of 12
Download to read offline
Mapping the Security Challenges of the Internet of Things (IoT) Supply Chain Tope Omitola and Gary Wills 1
Motivation • Supply Chain: A sequence of processes making up a system, and their integration, spanning many organisations • IoT Supply Chain is huge with a large attack surface • Large Attack Surface - Security Vulnerabilities & Security Threats – Huge • Provide a Map of a specific IoT device supply chain • Help to show likely Vulnerabilities and Attacks
Characterisation of IoT Endpoint Types • IoT: Interconnected objects + people + systems + resources + services • IoT Endpoint: a device that is part of the IoT infrastructure • Simple Endpoint, serves a singular purpose e.g. light switch • Medium-sized Endpoint, e.g. IoT- enabled washing machines • Gateway Endpoint, e.g. internet connected smart TV acting as a Gateway Endpoint between light bulbs, fridges, etc., to the control infrastructure 3
IoT Lifecycles & Lifecycle Stages – Keys to understand the challenges of securing an IoT supply chain 4 Different IoT Lifecycles: 1. IoT device/product/service lifecycle 2. Stakeholders’ lifecycle 3. Contextual life cycle 4. Data lifecycle 4. Trust relationship lifecycle IoT Lifecycle Stages: • Concept • Development • Production • Deployment • Utilisation • Support • Retirement, Sunsetting or Decommissioning • Re-commissioning Many security threats & vulnerabilities in these lifecycles and stages
Map of an IoT Supply Chain
IoT Supply Chain – Sources of Vulnerabilities & Attacks Vulnerabilities 1.People, Policy and Procedure Vulnerabilities 2.Platform Software/Firmware Vulnerabilities 3.Network Vulnerabilities 4.Gateway Vulnerabilities Attacks • Malicious insertion of defect • Exploitation of latent vulnerabilities • Non-cyber attacks e.g. reducing the accuracy of physical sensors and actuators
The iPhone Supply Chain – An IoT Supply Chain Exemplar Country Num. of Apple Suppliers in Country CHINA 349 JAPAN 139 USA 60 TAIWAN 42 SOUTH KOREA 32 MALAYSIA 21 PHILIPPINES 24 THAILAND 21 SINGAPORE 17 GERMANY 13 VIETNAM 11 …. …. COMPONENT MANUFACTURER’S NAME System-on-Chip TSMC Baseband Intel RF Front End TDK Corp. GNSS Broadcom Ltd. …. ….
Supply Chain Attacker Strategy • Intelligence and Planning • Design and Create defect • Insert defect
Mitigating Potential Vulnerabilities in the Supply Chain • Protect critical information and systems • Detect and Respond to Attacks on Supply Chains • Recover from Attacks
Conclusion and Next steps • Paper made visible and concrete the supply chain of a typical IoT device, the iPhone • Plan to STAMP and STPA for security and hazard analyses. • Developed at MIT, both have good track records in inter-component safety and hazard analyses • In STPA, failure events, and Accidents, are caused by safety constraints not successfully enforced
STAMP’s four components of Controller, the Controlled entity, Actuators and Sensors 11 Conclusion and Next steps Apply STAMP & STPA for Hazard Analyses of IoT Supply Chain. Exciting New Territory for Research
QUESTIONS • t.omitola@ecs.soton.ac.uk 12

Recommended

"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
 
SmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTSmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTShiven Chawla
 
Ijisa
IjisaIjisa
IjisaMiajackB
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
Information security presentation
Information security presentationInformation security presentation
Information security presentationHK IT solutions... unlimited...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 

Recommended

"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
 
SmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTSmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTShiven Chawla
 
Ijisa
IjisaIjisa
IjisaMiajackB
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
Information security presentation
Information security presentationInformation security presentation
Information security presentationHK IT solutions... unlimited...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyPrateekChaudhary44
 
Persentation
PersentationPersentation
PersentationMehar Tayyab
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project TopicsMatlab Simulation
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1Kabul Education University
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )TechnoHacks_Infosystem
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityAnkit Ranjan
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects HelpNetwork Simulation Tools
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceCigdem Sengul
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesEuropean Union Agency for Network and Information Security (ENISA)
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017Sustainable Resources Management
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Cyber security
Cyber security Cyber security
Cyber security Shivam Yadav
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Online security
Online securityOnline security
Online securityDanish Javed
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
CHA_001_IOT.pptx
CHA_001_IOT.pptxCHA_001_IOT.pptx
CHA_001_IOT.pptxvidhanPoddar1
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 

More Related Content

What's hot

Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project TopicsMatlab Simulation
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )TechnoHacks_Infosystem
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceCigdem Sengul
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 

What's hot (20)

Cyber safety
Cyber safetyCyber safety
Cyber safety
 
Persentation
PersentationPersentation
Persentation
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project Topics
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
 
Cyber security
Cyber securityCyber security
Cyber security
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Mobile security
Mobile securityMobile security
Mobile security
 
Online security
Online securityOnline security
Online security
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 

Similar to Omitola mapping-the-security-challenges of IoT

Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Internet of Things.pdf
Internet of Things.pdfInternet of Things.pdf
Internet of Things.pdfOlanrewajuJoe
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT ssk
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
IoT_IO1_1 Introduction to the IoT-1.pdf
IoT_IO1_1 Introduction to the IoT-1.pdfIoT_IO1_1 Introduction to the IoT-1.pdf
IoT_IO1_1 Introduction to the IoT-1.pdfDanishMahmood23
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesThe IOT Academy
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
IOT presentation.pptx
IOT presentation.pptxIOT presentation.pptx
IOT presentation.pptxchWaqasZahid
 
Presentation about IoT in media and communication.pdf
Presentation about IoT in media and communication.pdfPresentation about IoT in media and communication.pdf
Presentation about IoT in media and communication.pdfezzAyman1
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
IOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSIOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSDineshV95
 

Similar to Omitola mapping-the-security-challenges of IoT (20)

CHA_001_IOT.pptx
CHA_001_IOT.pptxCHA_001_IOT.pptx
CHA_001_IOT.pptx
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
 
Internet of Things.pdf
Internet of Things.pdfInternet of Things.pdf
Internet of Things.pdf
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT security
 
IOT.pptx
IOT.pptxIOT.pptx
IOT.pptx
 
IoT_IO1_1 Introduction to the IoT-1.pdf
IoT_IO1_1 Introduction to the IoT-1.pdfIoT_IO1_1 Introduction to the IoT-1.pdf
IoT_IO1_1 Introduction to the IoT-1.pdf
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 
Iot presentation1
Iot presentation1Iot presentation1
Iot presentation1
 
Chapter~4.pptx
Chapter~4.pptxChapter~4.pptx
Chapter~4.pptx
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
IOT presentation.pptx
IOT presentation.pptxIOT presentation.pptx
IOT presentation.pptx
 
ITET-4.pptx
ITET-4.pptxITET-4.pptx
ITET-4.pptx
 
Presentation about IoT in media and communication.pdf
Presentation about IoT in media and communication.pdfPresentation about IoT in media and communication.pdf
Presentation about IoT in media and communication.pdf
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
IOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSIOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITS
 

Recently uploaded

CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

Omitola mapping-the-security-challenges of IoT

  • 1. Mapping the Security Challenges of the Internet of Things (IoT) Supply Chain Tope Omitola and Gary Wills 1
  • 2. Motivation • Supply Chain: A sequence of processes making up a system, and their integration, spanning many organisations • IoT Supply Chain is huge with a large attack surface • Large Attack Surface - Security Vulnerabilities & Security Threats – Huge • Provide a Map of a specific IoT device supply chain • Help to show likely Vulnerabilities and Attacks
  • 3. Characterisation of IoT Endpoint Types • IoT: Interconnected objects + people + systems + resources + services • IoT Endpoint: a device that is part of the IoT infrastructure • Simple Endpoint, serves a singular purpose e.g. light switch • Medium-sized Endpoint, e.g. IoT- enabled washing machines • Gateway Endpoint, e.g. internet connected smart TV acting as a Gateway Endpoint between light bulbs, fridges, etc., to the control infrastructure 3
  • 4. IoT Lifecycles & Lifecycle Stages – Keys to understand the challenges of securing an IoT supply chain 4 Different IoT Lifecycles: 1. IoT device/product/service lifecycle 2. Stakeholders’ lifecycle 3. Contextual life cycle 4. Data lifecycle 4. Trust relationship lifecycle IoT Lifecycle Stages: • Concept • Development • Production • Deployment • Utilisation • Support • Retirement, Sunsetting or Decommissioning • Re-commissioning Many security threats & vulnerabilities in these lifecycles and stages
  • 5. Map of an IoT Supply Chain
  • 6. IoT Supply Chain – Sources of Vulnerabilities & Attacks Vulnerabilities 1.People, Policy and Procedure Vulnerabilities 2.Platform Software/Firmware Vulnerabilities 3.Network Vulnerabilities 4.Gateway Vulnerabilities Attacks • Malicious insertion of defect • Exploitation of latent vulnerabilities • Non-cyber attacks e.g. reducing the accuracy of physical sensors and actuators
  • 7. The iPhone Supply Chain – An IoT Supply Chain Exemplar Country Num. of Apple Suppliers in Country CHINA 349 JAPAN 139 USA 60 TAIWAN 42 SOUTH KOREA 32 MALAYSIA 21 PHILIPPINES 24 THAILAND 21 SINGAPORE 17 GERMANY 13 VIETNAM 11 …. …. COMPONENT MANUFACTURER’S NAME System-on-Chip TSMC Baseband Intel RF Front End TDK Corp. GNSS Broadcom Ltd. …. ….
  • 8. Supply Chain Attacker Strategy • Intelligence and Planning • Design and Create defect • Insert defect
  • 9. Mitigating Potential Vulnerabilities in the Supply Chain • Protect critical information and systems • Detect and Respond to Attacks on Supply Chains • Recover from Attacks
  • 10. Conclusion and Next steps • Paper made visible and concrete the supply chain of a typical IoT device, the iPhone • Plan to STAMP and STPA for security and hazard analyses. • Developed at MIT, both have good track records in inter-component safety and hazard analyses • In STPA, failure events, and Accidents, are caused by safety constraints not successfully enforced
  • 11. STAMP’s four components of Controller, the Controlled entity, Actuators and Sensors 11 Conclusion and Next steps Apply STAMP & STPA for Hazard Analyses of IoT Supply Chain. Exciting New Territory for Research