![Page 1: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/1.jpg)
IoT and HEART: Security aspects
Jago Cocco
Eurac ResearchInstitute for Renewable Energy
![Page 2: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/2.jpg)
Summary
IoT: past, present and future
IoT security issues
Some actual smart home devices
Addressing IoT Sec in HEART
![Page 3: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/3.jpg)
Internet of Things: past
Just an historical remark...É 1975, X-10 protocol: first protocol to be used for
communication among electronic devices in homeautomation (domotics)É 1989: Tim Berners-Lee proposes the World Wide
WebÉ 1989, the first IoT device: John Romkey’s Internet
ToasterÉ 1999, official birth of IoT: the Internet of Things
term is coined by Kevin Ashton executive director ofthe Auto-ID Center
... Basics of IoT technology are not fresh ideas!
![Page 4: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/4.jpg)
Internet of Things: present
An actual definition from the European Parliament:
The Internet of Things (IoT) refers to a dis-tributed network connecting physical objectsthat are capable of sensing or acting on their en-vironment and able to communicate with eachother, other machines or computers. The datathese devices report can be collected and an-alyzed in order to reveal insights and suggestactions that will produce cost savings, increaseefficiency or improve products and services.
![Page 5: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/5.jpg)
Internet of Things: future
The Internet of Things is converging to a new paradigmcalled Internet of Everything (IoE), which contains itselfIoT definition. From Cisco (2013):
IoE is bringing together people, process, data,and things to make networked connectionsmore relevant and valuable than ever beforeturning information into actions that create newcapabilities, richer experiences, and unprece-dented economic opportunity for businesses, in-dividuals, and countries.
In few words: ubiquitous computing and massive bigdata analysis, with human being a part of it.
![Page 6: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/6.jpg)
IoT: what about SECURITY?
Discarding fancy definitions, what is really IoT? IoT isessentially cheap, easy hackable constrained devicesin your homes and workplaces (and even worse SCADAunprotected devices in your cities criticalinfrastructures) with access to the Web: ChristmasDay for the bad guys.
![Page 7: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/7.jpg)
From weird IoT enabled teddies...
![Page 8: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/8.jpg)
... to Mirai botnet and massive DDOS
![Page 9: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/9.jpg)
Passing through IoT APT...
![Page 10: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/10.jpg)
... used for Cyberwarfare
![Page 11: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/11.jpg)
Four points on "smart housing" IoT Sec
1. To make secure constrained devices: with lowcomputational power and low memory capacity theimplementation of classic mitigation techniquescan be from hard to impossible;
2. To make secure constrained devices work with lowpower consumption;
3. To make constrained devices secure withoutmaking it economically disadvantageous;
4. To make possible the isolation of a compromisednetwork: an attack on your local network cannot bean issue for all the Internet.
![Page 12: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/12.jpg)
Still in doubt about IoT Sec?
Shodan, a cybersecurity tool for professionals whichbasically is a search engine for connected objects,makes easy to find things like private IP cameras oreven weird and creepy stuff like crematoriums, all ofthat in most cases is accessible from your office desksdue to lack of security: just judge for yourself what theyfind in 2015 in the next slide...
![Page 13: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/13.jpg)
Yup, Internet of BIG Things!
In case you are wondering, this is an interface to thecyclotron at the Lawrence Berkeley NationalLaboratory!
![Page 14: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/14.jpg)
Creepy but real IoT Smart Home devices
The real weird thing in that: if you check the websitesof this products... There is from little to no attention forsecurity!É Prophix smart toothbrush with 10 MP CAMERA (!)
inside;É Kinsa smart stick thermometer, just: WHY? This
device is connected to a mobile app... And mobileapp in this case probably means software with nosecurity at all;É GenieCan smart can... With WiFi connection,
obiviously.
![Page 15: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/15.jpg)
Useful IoT Smart Home devices but...
... are costly or just vulnerable, an average user simplybuy cheaper and less secure devices!É Netgear Arlo IP Cameras have a decent security
maintenance but at the price of 200 $ each for thecheaper models (and are not immune to humanfails);É Belkin Wemo smart light switches costs about 50 $
each and have a recently discovered bufferoverflow vulnerability;É Amazon Echo is a notorious smart home assistant
witch was recently hacked to become an eavesdropmachine, although in not-so-easy manner.
![Page 16: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/16.jpg)
HEART Network
HEART network has to be easy deployable withminimum aesthetic impact on tenant building; thenetwork have to be also maintained with minimumin-building human intervention: that makesimplementation of the network and technical choicesalready challenging even ignoring security aspects.
![Page 17: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/17.jpg)
HEART Network and IoT Sec
The network proposed for the project fits perfectly allthe four points of security presented:1. Sensors deployed are low power devices with no
original security;2. More hardware for security means higher power
consumption in devices;3. Add security layers means more hardware and
more implementation costs, also due to morehuman intervention for maintenance;
4. Connection to the Internet makes clear that thenetwork not only have to be safe against functionalfailure but also against improper usage.
![Page 18: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/18.jpg)
Conclusions
ICT experts in HEART project have to work on a easydeployable network with minimum aesthetic impact intenant building, making it secure to system failure andimproper usage, all of this with minimum maintenanceintervention on site and also minimum overall costs:not an easy to do task!
![Page 19: IoT and HEART: Security aspects · É 1975, X-10 protocol: first protocol to be used for communication among electronic devices in home automation (domotics) É 1989: Tim Berners-Lee](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed7ad14f0b5d51dff7a3cf9/html5/thumbnails/19.jpg)
Thanks for the attention!
... and here, our first nineties Internet Toaster!