tsensors - munich sept. 15-17, 2014 - bhide-samani

8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani

1/25

.

Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014

.

Raj Samani, EMEA CTO McAfeeSandhiprakash Bhide, Director of Innovation, Future IOT Solutions,Application Ready Platform Division, IOT Group

Building a secure futureCybersecurity and the Internet of Things


2/25

.


The Connected Home – The Last Decade

2


3/25


4/25

.


Typical Connected Home, Year 2000

4


5/25

.



5


6/25

.



6


7/25


8/25

.



8


9/25

.



9


10/25

.



10


11/25

.


50B Devices will connect to Internet by the end of the decade.

They are unprotected and can be hacked loss of economic value & loss ofinnocence (opt-in w/o knowing consequences)


12/25

.


New Security Threats to Personal IOT Devices

12

Baby Monitor: Hacker takes over baby monitor and shouts obscenities

at sleeping child. ABC. 13 Aug 2013)

Fridge sending out spam after web attack compromised gadgets. One

of > than 100K devices used in spam campaign. (BBC News. Jan 2014)

“Wearable Computing Equals New Security Risks”, (InformationWeek.13 Jan 2013)

Medical Devices: We’re starting to attach medical devices to electronic

health records, and they’re not secure.' (Healthcare IT News. May 2013)

Credit Card Information System: “Target Confirms Point-of-Sale

Malware Was Used in Attack” (Security Week. 13 Jan 2014)


13/25

.


What is security and implications of not havingsecurity?

13


14/25

.


Anonymized data may not be as anonymous as isbelieved. Or it may be now, but not in the future

14

How To Track Vehicles

Using Speed Data Alone

Carmakers keep data ondrivers' locations

FTC Hearing IoT PrivacyConcerns

Connected Home

Invasion: The Methods

Car insurance companies reduce the cost of insurance

by gathering data about a customer's driving practices.

Report finds automakers keeping info about driver’slocation. Owners can’t demand that info is destroyed

Anyone concerned about privacy would be well advisedto weigh in on this before the issue is taken over.

No incentive to secure products. With resources better

off spending on the features that consumers want


15/25

.


Data Storage requirements

May 16, 201615


16/25

.


Security Connected

May 16, 201616


17/25

.


User’s Perspective of SecurityDepends end user and the app

17

Person remainsanonymous unless

opted-in

Privacy

Release ofsensitive/ personal

info withoutconsent

SafetyData Protection

Does not cause anyharm to people

Data safe from

theft or alteration

Identity

US


18/25

.


Security necessarily segments the IOT market

• Different usages require different security mechanisms

• Cost sensitivity implies different security controls for different IOT

segments, i.e., smart meters

Three types of security technical issues for IOT devices

• How to secure communications?

• How to detect and recover from malware?

• How to defend the physical security of low cost devices?

IOT Security


19/25

.


Sensor Security Challenge #1Software-based sensor attack rates rising

• Sensor data left unprotected:

1. By APIs;

2. In system memory (buffers)

• Once access to sensor data is obtained, information can be

directly or indirectly inferred

Source: TapLogger: Inferring User Inputs on Smartphone Touchscreens Using On-boardMotion Sensors, WiSec’12, April, 2012.

http://www.cse.psu.edu/~szhu/papers/taplogger.pdf

Source: PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,Sept 27, 2012. http://arxiv.org/pdf/1209.5982v1.pdf


20/25

.


Sensor Security Challenge #2• Users can’t tell if sensors are on/off and cannot control use

• Sensor data can be faked -- not certified as authentic --allowing

attacks on sensor-data-based uses


21/25


22/25

.


1. Sensor data is protected at the source and remainssecure during processing.

2. Provide user an easy to use environment with policies to

control sensor data processing and use.3. Address problem in a way that is scalable (platform &

sensor types)

Protected Sensor Data Goals


23/25

.


What about today?

May 16,23

Security. Unlike PC-based SCADA systems that are vulnerable to

virus and malware attacks, our system is housed on cloud based

servers. These servers are overseen by highly skilled techniciansnegating the need for anti-virus updates and continuous security

vulnerability patches required by PC-based solutions


24/25

.


For more information

• White Paper: http://www.mcafee.com/hk/resources/white-papers/wp-smart-grid-cyber-security.pdf

@Raj_Samani & @CyberGridBook


25/25

.


Q&A

tsensors - munich sept. 15-17, 2014 - bhide-samani

Documents