will internet of things (iot) be secure enough?

Will Internet of Things be Secure Enough ? https://www.youtube.com/user/dastikop

Ravindra Dastikophttp://dastikop.blogspot.in

https://www.youtube.com/user/dastikop

http://dastikop.blogspot.in


Internet of Things A new World of CONNECTED Objects

IoT SESSIONS

Session 1 Web Architecture for an Internet of Things

Session 2Will IoT be Secure Enough?

Session 3 Applications of IoT

Session 4 Research Directions in IoT

Will IoT be secure enough?

Session 2

ISSUE

• Privacy and Security are major

challenge in building IoT ecosystem

• They are source of friction on the

path to adoption.

AGENDA

• The IoT World Described

• The Security Architecture

• layers

• challenge

• solutions

• Conclusion

IoT Described

The main concept of IoT is the ability to

connect loosely defined smart objects and

enable them to interact with

• other objects,

• the environment, or

• more complex and legacy computing

devices

IOT: Communication Infrastructure

The communication infrastructure will be

based on an extension of the Internet,

which will enable transparent use of object

resources across the globe.

An IOT enabled worldSmart objects will densely populate human life and

human environment, interacting both by providing ,

processing and delivering any sort of information or

command

objects in the environment will be able to tell us about

themselves, their state, or their surroundings and

can be used remotely

An IOT enabled worldSensors will be integrated in buildings,

vehicles, and common environments, carried

by people and attached to animals and will

communicate among them locally and

remotely in order to provide integrated

services.

IoT : Examples

• Mobile devices can adopt silent mode when entering a

meeting room if this is the request of the meeting

moderator

• Alert user and turn-off the radio before entering sensitive

medical areas or

• detect when user enters the car and connect to its sound

systems

• Wireless sensors could let people check where their pet is

real-time as well as control the temperature of each room

of their home while they are out

IoT : Examples• Emergency services could be remotely and

automatically altered if fire is detected in a

building or if a patient’s medical parameters

drop beyond a critical threshold

The Consequence With such a deep penetration of technology

which will introduce a new kind of

automation and remote interaction, it will

surely pose new security and privacy

challenges.

Security in IoT

1. In IoT security is inseparable from safety

2. Whether accidental or malicious,

interference in the controls of

1. a pacemaker, or

2. a car or nuclear reactor poses a threat

to life.

The Interaction Time

You may Pose Questions Now

The Security Architecture

Security architecture

Reference: Security in the Internet of Things: A Review

Perceptual Layer • The most basic level is the perceptual layer (also known

as recognition layer), which collects all kinds of

information through physical equipment and identifies

the physical world, the information includes object

properties, environmental condition etc; and physical

equipments include RFID reader, all kinds of sensors, GPS

and other equipments.

• The key component in this layer is sensors for capturing

and representing the physical world in the digital world.

Network Layer• The second level is network layer. Network layer is

responsible for the reliable transmission of information

from perceptual layer, initial processing of information,

classification and polymerization.

• In this layer the information transmission is relied on

several basic networks, which are the internet, mobile

communication network, satellite nets, wireless network,

network infrastructure and communication protocols are

also essential to the information exchange between devices

Support Layer• The third level is support layer. Support layer will set

up a reliable support platform for the application

layer.

• On this support platform all kind of intelligent

computing powers will be organized through network

grid and cloud computing.

• It plays the role of combining application layer upward

and network layer downward.

Application Layer• The application layer is the topmost and terminal

level.

• Application layer provides the personalized services

according to the needs of the users.

• Users can access to the internet of thing through the

application layer interface using of television, personal

computer or mobile equipment and so on.

Security architecture

Reference: Security in the Internet of Things: A Review


Challenges

Perceptual Layer

• Usually perceptual nodes are short of computer power and

storage capacity because they are simple and with less power.

• Therefore it is unable to apply frequency hopping communication

and public key encryption algorithm to security protection.

• And it is very difficult to set up security protection system.

• Meanwhile attacks from the external network such as deny of

service (DOS) also bring new security problems.

• on the other hand sensor data still need the protection for

integrity, authenticity and confidentiality.

Network Layer• The core network has relatively completely safety

protection ability,

• But Man-in-the-Middle Attack and counterfeit attack

still exist,

• meanwhile junk mail and computer virus cannot be

ignored, a large number of data sending cause

congestion.

Therefore security mechanism in this level is very

important to the IoT.

Support Layer

This layer does the mass data processing and

intelligent decision of network behavior in

this layer, intelligent processing is limited for

malicious information, so it is a challenge to

improve the ability to recognize the

malicious information.

Application Layer• In this level security needs for different

application environment are different,

• data sharing is that one of the

characteristics of application layer,

• which creating problems of data privacy,

access control and disclosure of

information.


Requirements

Security requirements in each level

Perceptual Layer-1• At first node authentication is necessary to

prevent illegal node access;

• secondly to protect the confidentiality of

information transmission between the

nodes, data encryption is absolute

necessity;

Perceptual Layer-1• The data encryption key agreement is an important

process in advance; the stronger are the safety

measures, the more is consumption of resources, to

solve this problem, lightweight encryption technology

becomes important, which includes Lightweight

cryptographic algorithm and lightweight cryptographic

protocol.

• At the same time the integrity and authenticity of

sensor data is becoming research focus.

Network Layer-1• In this layer existing communication security

mechanisms are difficult to be applied.

• Identity authentication is a kind of

mechanism to prevent the illegal nodes, and it

is the premise of the security mechanism,

confidentiality and integrality are of equal

importance, thus we also need to establish

data confidentiality and integrality

mechanism.

Network Layer-2Besides distributed denial of service attack

(DDoS) is a common attack method in the

network and is particularly severe in the

internet of thing, so to prevent the DDOS

attack for the vulnerable node is another

problem to be solved in this layer.

Support Layer• Support layer needs a lot of the application

security architecture such as cloud

computing and

• secure multiparty computation, almost

all of the strong encryption algorithm and

encryption protocol, stronger system

security technology and anti-virus.

Application LayerTo solve the security problem of application layer, we need

two aspects.

• One is the authentication and key agreement across

the heterogeneous network,

• the other is user’s privacy protection.

• In addition, education and management are very

important to information security, especially password

management

The Importance of IoT Security

• In summary security technology in the IoT is

very important and full of challenges.

• On the other hand laws and regulations

issues are also significant.

IOT Security Scenarios- 11. In a factory floor automation, deeply embedded

programmable logic controllers (PLCs) that

operate robotic systems are typically integrated

with the enterprise IT infrastructure

2. How can those PLCs be shielded from human

interferences while at the same time

protecting the investments in the IT

infrastructure and leveraging the security

controls available

IOT Security Scenario-2 1. Control systems for nuclear reactors are

attached to infrastructure.

2. How can they receive software updates or

security patches in a timely manner

without impairing functional safety or

incurring significant recertification costs

every time a patch is rolled out

IOT Security Scenarios- 3 1. A smart meter – one which is able to send energy

usage data to the utility operator for dynamic billing

or real-time power grid optimization-

2. This must be able to protect that information from

unauthorized usage or disclosure.

3. Information that power usage has dipped could

indicate that home is empty, making it an ideal

target for a burglary or worse.


Features

Security and privacy issues

● Resilience to attacks

● Data Authentication

● Access Control

● Client privacy


● Resilience to attacks

○ the system has to avoid single

points of failure and adjust itself

to node failures


● Data Authentication

○ As a rule, retrieved address and

object information must be

authenticated


● Access Control

○ Information providers must be

able to implement access control

on the data provided

Security and privacy issues ● Client privacy

○ measures need to be taken that only the

information provider is able to infer

from observing the use of the lookup

system related to a specific customer; at

least inference should be very hard to

conduct


Solutions

Building Security for IoT1. No one single control is going to adequately protect

a device in an IoT environment.

2. Hence, a multi-layered approach to security that

starts at the beginning when the

1. power is applied,

2. establishes a trusted computing baseline and

3. anchors that trust in something that can not be

tampered with.

Building Security for IoTSecurity must be addressed throughout the device

lifecycle, from initial design to the operational

environment

1. Secure booting

2. Access control

3. Device authentication

4. Firewalling and IPS

5. Updates and patches

Secure Booting•When power is first introduced to the device, the

authenticity and integrity of the software on the device is

verified using cryptographically generated digital

signature.

•A digital signature attached to the software image and

verified by the device ensures that only the software that has

been authorized to run on that device, and signed by the

entity that authorized it , will be loaded

•The foundation of trust has been established , but the

device still needs protection from various run-time threats

and malicious intentions

Access Control• Different forms of resource and access

control are applied.

•Mandatory or role-based access controls

built into the operating system limit the

privileges' of device component and

applications so they access only the

resources they need to do their jobs.

Device authentication• When a device is plugged into network, it

should authenticate itself prior receiving

or transmitting data.

• Machine authentication is similar to user

authentication

Firewalling and IPS

The device needs a firewall or deep packet

inspection capability to control traffic that

is destined to terminate at the devices.

Example: smart energy grid

Updates and patches Once the device is in operation, it will start

receiving hot patches and software

updates. software updates security patches

must be delivered in such a way that

conserves the limited bandwidth and

internet connectivity of an embedded device.

Security requirements in each level

Conclusions

• Privacy and security are essential features

of modern networks.

• Internet of Things is no exception

• Industry has built different security

approaches to ensure security and privacy


Additional Dimensions

Secure Multi-party computations( SMC)-1• Internet of Things will create tremendous

opportunities to improve people’s lives. The core

property of most ubiquitous applications is the ability

to perform joint cooperative tasks involving

computations with inputs supplied by separate parts or

things.

• These computations are performed by mutually

untrusting parties on inputs containing private

information containing user’s daily activities.

•

Secure Multi-party computations( SMC)-2• Secure Multi-party computations may become a

relevant and practial approach that should be

considered as a technological enforcement to protect

user’s privacy

• Secure multi-party computation (also known as

secure computation or multi-party computation

(MPC)) is a subfield of cryptography with the goal to

create methods for parties to jointly compute a

function over their inputs, and keeping these inputs

private.

http://en.wikipedia.org/wiki/Cryptography

Privacy enhancing Technologies ( PET)

• Virtual Private network(VPN)

• Transport layer Security ( TLS)

• DNS Security Extensions

• Onion Routing

• Private Information Retrieval (PIR)

IoT in Action

The Conclusion

Conclusions• IoT security design should enable an open, pervasive

and interoperable yet secure infrastructure

• For the sake of privacy and flexibility, IoT or smart

objects must be capable of implementing individual,

user set policies

• Infrastructural security services should be accessible

transparently and regardless of the connection uses by

nomadic smart IoT objects

References

• An Overview of Privacy and security Issues in the

Internet of Things- Carlo Maria Medaglia and

Alexandru Serbanati

• Internet of Things and Privacy Preserving

Technologies- Vladimir Oleshchuk

• Internet of Things- New Security and Privacy

Challenges- Rolf H. Weber

End of Session 2Questions

Upcoming SESSIONS

Session 3

Applications of IoT

Contact Information

Visithttp://dastikop.blogspot.in

email: [email protected]

http://youtube.com/user/dastikop



mailto:[email protected]



will internet of things (iot) be secure enough?

Education