internet of secure things

What is Really Needed to Secure the Internet of Things?

Contents• Introduction

• OWASP Internet of Things Top Ten Project

• Security Challenges for IoT

• Cyber Warfare

• Security Requirements of IoST(Internet of Secure Things)

• Conclusion

• Question & Answer

Introduction

• IoT includes everything in our life.

• But many devices are vulnerable from attack.

• It is necessary to secure the Things themselves.

• Insecure Web Interface (XSS/SQLi/CSRF)

• Insufficient Authentication / Authorization

• Insecure Network Services (BOF / Fuzzing)

• Lack of Transport Encryption (Lack of SSL / TLS)

• Privacy Concerns (Data Encryption)

• Insecure Cloud Interface

• Insecure Mobile Interface

• Insufficient Security Configurability

• Insecure Software / Firmware (need Encrypted Update)

• Poor Physical Security (External Ports, Storage Eject)

Vulnerabilities of IoT Device

Security Challenges for IoT• Critical Functionality

• Replication

• Security Assumptions

• Not easily Patched

• Long Life Cycle

• Proprietary / Industry specific Protocols

• Deployed outside of Enterprise Security Perimeter

Critical Functionality

Replication

Replication

Security Assumption

Not Easily Patched

Long Life Cycle

15~20Years

Specific Protocols

Deployed Outside of Enterprise Security Perimeter

Cyber Warfare, StuxNet

Secure Boot Secure code Updates

Data Security

AuthenticationSecure

CommunicationProtection

Against AttacksMonitoring

Embedded Security Management

Device Tampering Detection

Requirements IoST

Conclusion

Security must be consideredearly in the design process.