SlideShare une entreprise Scribd logo

Iot(security)

Télécharger en tant que PPTX, PDF
S
Shreya Pohekar

the ppt describes about the basics of iot,its applications, security challenges , hacks and the solutions to the security challenges

Technologie
1  sur  28
 IoT Security And Advancement  By Shreya Pohekar
ABOUT ME Coding and a Cyber Security Enthusiast A Singer An artist
OVERVIEW  Why internet of things?  Internet of things  Applications  All is not well  Hacks on iot  Mirai botnet  Steps to security
WHY WE NEED IOT?  Comfortable life  Connected world  Computers can’t be installed everywhere that too for specific works.  Better data, automation, increased efficiency  They are much cheaper  Require less computational power  Are less complex
INTERNET OF THINGS (IOT)  The internet of things is a system of interrelated computing devices, mechanical and digital machines, objects that are provided with unique identifiers(IP Address) and have the ability to transfer data over a network without requiring human –to- human or human-to-computer interaction.
Formal definition by international telecommunication union A dynamic global network infrastructure with self configuring capabilities based on standard and interoperable communication protocols where physical and virtual things have-  Identifiers , physical attributes and virtual personalities  use intelligent interfaces  Are seamlessly integrated into information
Till 2017 we have 15.4 billion IoT devices connected over the internet. And it is forecasted to reach 20.8 billion by 2020.
CATEGORIES OF IOT  First class of iot (Public sensors and actuators)  Second class of iot
PROTOCOLS ON WHICH IOT WORK  Infrastructure (ex: 6LowPAN, IPv4/IPv6, RPL)  Identification (ex: EPC, uCode, IPv6, URIs)  Comms / Transport (ex: Wifi, Bluetooth, LPWAN)  Discovery (ex: Physical Web, mDNS, DNS-SD)  Data Protocols (ex: MQTT, CoAP, AMQP, Websocket, Node)  Device Management (ex: TR-069, OMA-DM)  Semantic (ex: JSON-LD, Web Thing Model)  Multi-layer Frameworks (ex: Alljoyn, IoTivity, Weave, Homekit)
APPLICATIONS Transport system agriculture Environmental monitoring Medical and healthcare systems Energy management Industrial applications Building and home automation Large scale deployments
BUT… ALL IS NOT WELL
THE SECURITY CHALLENGES  70% of the total iot devices being used today are vulnerable to cyber attacks  Low level of encryption  Work on different ports  No firewalls or antivirus  Firmware most of the times outdated update file not encrypted update not verified before upload  Lack of role based access control  Lack of 2 factor authentication  Insecure password recovery  Poorly implemented SSL/TLS  Account enumeration  Poor physical security
USUAL ATTACKS ON IOT DEVICES  DDoS attacks  Privilege escalation  Buffer overflow  Brute force attacks  Open ports via UPnP( universal plug and play) * UPnP : it is a set of networking protocols that permits networked devices , such as personal computers, printers, internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing.
LACK OF SECURITY CONFIGURABILITY Insufficient security configurability is present when users of the device have limited or no ability to alter its security controls. Insufficient security configurability is apparent when the web interface of the device has no option for creating granular user permission or for example , forcing the use of strong passwords Lack of transport encryption Lack of transport encryption allows data to be viewed as it travels over local networks on the internet. Lack of transport encryption is prevalent on local networks as it is easy to assume that local network traffic will not be widely visible , however in case of a local wireless network,misconfiguration of that wireless network can make traffic visible to anyone within range of that wireless network.
 KINESIS is an example of a sensor network system designed to make it possible for sensors to automatically take response actions in the event of data transmission disruptions.
.Is my cloud interface secure?? checking for a insecure cloud interface includes:  Determining if the default username and password can be changed during initial product setup.  Determining if a specific user account is locked out after 3-5 failed login attempt.  Determining if valid accounts can be identified using password recovery mechanisms or new user pages.  Reviewing the interface for issues such as cross site scripting, cross-site request forgery and sql injection.  Reviewing all cloud interfaces for vulnerabilities( API interfaces and cloud-based web interfaces)
MIRAI BOTNET  The terrifying power of billions of IoT devices botnets can be used to orchestrate Distributed-Denial-of-Service (DDoS) attacks. These attacks use large numbers of IoT devices to direct traffic to a website or server, overwhelming it and rendering it inaccessible to real users.  Botnets are traditionally made up of infected computers, but the widespread use of vulnerable IoT devices provides a far more enticing target for cyber criminals. A lack of investment in security and the abundance of IoT devices, a result of cheap and quick manufacturing, means these botnets are potentially far more dangerous than infected PCs.  This lack of security investment was revealed in 2016 when criminals launched the largest DDoS attack in history. The botnet malware behind the attack, Mirai, infected 100,000s of IoT devices that then pummeled DNS provider Dyn with a 1.2 Tbps DDoS attack.  The Mirai botnet knocked PayPal, Spotify, Netflix and Twitter offline, causing never-before- seen levels of disruption to some of the largest websites in the world. One month later businesses were unprepared when the Mirai botnet struck again. This time the attack affected 100,000s of Deutsche Telekom customers.  The Mirai botnet source code is now available online, so it’s likely to continue plaguing poorly secured IoT devices. And in February 2017, researchers identified a new variant of the Mirai botnet capable of targeting Windows systems, allowing the malware to spread to even more devices.  Mirai is just the tip of the iceberg and other powerful botnets continue to damage businesses globally. It’s not just businesses that should worry, one attack against a UK bank in 2016 resulted in £2.5 million stolen directly from customer accounts.
Security should be there from a point when the power is supplied
ENCRYPTION  The best option – light weight encryption tools  The RSA Algorithm( concept of factor) block ciphers, like PRESENT and CLEFIA, (lightweight versions of the Advanced Encryption Standard. )There are also hardware-oriented stream ciphers, like Enocoro, that focus on chip size and energy consumption; hash functions, such as PHOTON, which concentrate on data integrity; and message authentication codes for validating and authenticating communications between devices.  Elliptic curve based encryption
RSA ALGORITHM  The RSA Algorithm  The Rivest-Shamir-Adleman (RSA) algorithm is one of the most popular and secure public-key encryption methods. The algorithm capitalizes on the fact that there is no efficient way to factor very large (100-200 digit) numbers. Using an encryption key (e,n), the algorithm is as follows:  Represent the message as an integer between 0 and (n-1). Large messages can be broken up into a number of blocks. Each block would then be represented by an integer in the same range.  Encrypt the message by raising it to the eth power modulo n. The result is a cipher text message C.  To decrypt cipher text message C, raise it to another power d modulo n  The encryption key (e,n) is made public. The decryption key (d,n) is kept private by the user.
IOT TOO REQUIRE A FIREWALL  The embedded firewall provides a basic but critical level of security by controlling what packets or messages are processed.  The firewall enforces its policies by filtering packets as they are received, comparing each packet to the policies for that device, and blocking all packets that don’t match the communication policy criteria.  Rules-based filtering: Each packet is compared to a set of static rules determining if the packet is blocked or allowed . All decisions are made based on the information in the packet. Rules-based filtering enforces policies by blocking unused protocols, closing unused ports, and enforcing IP address white lists and blacklists.
SOFTWARE MUST BE SECURED  Many IoT devices are based on processors such as the ARM processor, which have differences in the instruction set with respect to other conventionally used processors.  Such diversity has an implication, for ex. On the techniques for protecting software from attacks, such as return –oriented programming attacks, as such must be tailored to the specific instruction set of the platform of interest  One way to provide better security is to isolate sensors and other permissive devices on a separate virtual LAN. This setup prevents a hacker from observing the totality of network traffic if one sensor is compromised, or using it to launch attacks across the entire enterprise.  Create bug bounty programs and vulnerability reporting systems
GOOD CITIZEN RULES  Don’t connect your devices unless you need to  don’t use default passwords  Keep the latest firmwares  Turn off universal plug and play (UpnP)  Do not trust any network , just because it is introduced by any trusted entity  Not all access point are trustworthy
OPEN SOURCE WOULD HAVE AN IMPACT  to support and connect billions of sensors, routers, gateways and data servers  Promotes velocity of innovation  Easy exploration and experimentation  Enables permission less innovation
REFERENCES o Data security and privacy in IoT by Elisa Bertino o OWASP IoT security https://www.owasp.org/index.php/IoT_Security_Guidance o https://www.symantec.com/solutions/internet-of-things
QUESTIONS

Recommandé

IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 

Recommandé

IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)Sanjay Kumar (Seeking options outside India)
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?Sameer Ahmed
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Dissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaDissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaAvinash Sinha
 

Contenu connexe

Tendances

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?Sameer Ahmed
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 

Tendances (20)

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
cyber security
cyber securitycyber security
cyber security
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 

Similaire à Iot(security)

The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Dissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaDissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaAvinash Sinha
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdfonline Marketing
 
SmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTSmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTShiven Chawla
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationHans Klos
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmIJSRED
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxinfosec train
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET Journal
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
 
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-thingssmall-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-thingsMeshDynamics
 

Similaire à Iot(security) (20)

The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
Dissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaDissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinha
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
 
SmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoTSmartSecuritySolution_for_IoT
SmartSecuritySolution_for_IoT
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token Algorithm
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep Dive
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
 
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-thingssmall-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
 

Plus de Shreya Pohekar

Road map to getting your first cve
Road map to getting your first cveRoad map to getting your first cve
Road map to getting your first cveShreya Pohekar
 
Getting started with google kubernetes engine
Getting started with google kubernetes engineGetting started with google kubernetes engine
Getting started with google kubernetes engineShreya Pohekar
 
How to get into infosec
How to get into infosecHow to get into infosec
How to get into infosecShreya Pohekar
 
Server hardening methedologies
Server hardening methedologies Server hardening methedologies
Server hardening methedologies Shreya Pohekar
 
Router pwning using bus pirate
Router pwning using bus pirateRouter pwning using bus pirate
Router pwning using bus pirateShreya Pohekar
 
Releasemyad internship
Releasemyad internshipReleasemyad internship
Releasemyad internshipShreya Pohekar
 

Plus de Shreya Pohekar (8)

Road map to getting your first cve
Road map to getting your first cveRoad map to getting your first cve
Road map to getting your first cve
 
Getting started with google kubernetes engine
Getting started with google kubernetes engineGetting started with google kubernetes engine
Getting started with google kubernetes engine
 
How to get into infosec
How to get into infosecHow to get into infosec
How to get into infosec
 
Server hardening methedologies
Server hardening methedologies Server hardening methedologies
Server hardening methedologies
 
Router pwning using bus pirate
Router pwning using bus pirateRouter pwning using bus pirate
Router pwning using bus pirate
 
The arduino and iot
The arduino and iotThe arduino and iot
The arduino and iot
 
Releasemyad internship
Releasemyad internshipReleasemyad internship
Releasemyad internship
 
releasemyad app
releasemyad appreleasemyad app
releasemyad app
 

Dernier

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Dernier (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Iot(security)

  • 1.  IoT Security And Advancement  By Shreya Pohekar
  • 2. ABOUT ME Coding and a Cyber Security Enthusiast A Singer An artist
  • 3. OVERVIEW  Why internet of things?  Internet of things  Applications  All is not well  Hacks on iot  Mirai botnet  Steps to security
  • 4. WHY WE NEED IOT?  Comfortable life  Connected world  Computers can’t be installed everywhere that too for specific works.  Better data, automation, increased efficiency  They are much cheaper  Require less computational power  Are less complex
  • 5. INTERNET OF THINGS (IOT)  The internet of things is a system of interrelated computing devices, mechanical and digital machines, objects that are provided with unique identifiers(IP Address) and have the ability to transfer data over a network without requiring human –to- human or human-to-computer interaction.
  • 6. Formal definition by international telecommunication union A dynamic global network infrastructure with self configuring capabilities based on standard and interoperable communication protocols where physical and virtual things have-  Identifiers , physical attributes and virtual personalities  use intelligent interfaces  Are seamlessly integrated into information
  • 7. Till 2017 we have 15.4 billion IoT devices connected over the internet. And it is forecasted to reach 20.8 billion by 2020.
  • 8. CATEGORIES OF IOT  First class of iot (Public sensors and actuators)  Second class of iot
  • 9.
  • 10. PROTOCOLS ON WHICH IOT WORK  Infrastructure (ex: 6LowPAN, IPv4/IPv6, RPL)  Identification (ex: EPC, uCode, IPv6, URIs)  Comms / Transport (ex: Wifi, Bluetooth, LPWAN)  Discovery (ex: Physical Web, mDNS, DNS-SD)  Data Protocols (ex: MQTT, CoAP, AMQP, Websocket, Node)  Device Management (ex: TR-069, OMA-DM)  Semantic (ex: JSON-LD, Web Thing Model)  Multi-layer Frameworks (ex: Alljoyn, IoTivity, Weave, Homekit)
  • 11. APPLICATIONS Transport system agriculture Environmental monitoring Medical and healthcare systems Energy management Industrial applications Building and home automation Large scale deployments
  • 13. THE SECURITY CHALLENGES  70% of the total iot devices being used today are vulnerable to cyber attacks  Low level of encryption  Work on different ports  No firewalls or antivirus  Firmware most of the times outdated update file not encrypted update not verified before upload  Lack of role based access control  Lack of 2 factor authentication  Insecure password recovery  Poorly implemented SSL/TLS  Account enumeration  Poor physical security
  • 14. USUAL ATTACKS ON IOT DEVICES  DDoS attacks  Privilege escalation  Buffer overflow  Brute force attacks  Open ports via UPnP( universal plug and play) * UPnP : it is a set of networking protocols that permits networked devices , such as personal computers, printers, internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing.
  • 15. LACK OF SECURITY CONFIGURABILITY Insufficient security configurability is present when users of the device have limited or no ability to alter its security controls. Insufficient security configurability is apparent when the web interface of the device has no option for creating granular user permission or for example , forcing the use of strong passwords Lack of transport encryption Lack of transport encryption allows data to be viewed as it travels over local networks on the internet. Lack of transport encryption is prevalent on local networks as it is easy to assume that local network traffic will not be widely visible , however in case of a local wireless network,misconfiguration of that wireless network can make traffic visible to anyone within range of that wireless network.
  • 16.  KINESIS is an example of a sensor network system designed to make it possible for sensors to automatically take response actions in the event of data transmission disruptions.
  • 17. .Is my cloud interface secure?? checking for a insecure cloud interface includes:  Determining if the default username and password can be changed during initial product setup.  Determining if a specific user account is locked out after 3-5 failed login attempt.  Determining if valid accounts can be identified using password recovery mechanisms or new user pages.  Reviewing the interface for issues such as cross site scripting, cross-site request forgery and sql injection.  Reviewing all cloud interfaces for vulnerabilities( API interfaces and cloud-based web interfaces)
  • 18. MIRAI BOTNET  The terrifying power of billions of IoT devices botnets can be used to orchestrate Distributed-Denial-of-Service (DDoS) attacks. These attacks use large numbers of IoT devices to direct traffic to a website or server, overwhelming it and rendering it inaccessible to real users.  Botnets are traditionally made up of infected computers, but the widespread use of vulnerable IoT devices provides a far more enticing target for cyber criminals. A lack of investment in security and the abundance of IoT devices, a result of cheap and quick manufacturing, means these botnets are potentially far more dangerous than infected PCs.  This lack of security investment was revealed in 2016 when criminals launched the largest DDoS attack in history. The botnet malware behind the attack, Mirai, infected 100,000s of IoT devices that then pummeled DNS provider Dyn with a 1.2 Tbps DDoS attack.  The Mirai botnet knocked PayPal, Spotify, Netflix and Twitter offline, causing never-before- seen levels of disruption to some of the largest websites in the world. One month later businesses were unprepared when the Mirai botnet struck again. This time the attack affected 100,000s of Deutsche Telekom customers.  The Mirai botnet source code is now available online, so it’s likely to continue plaguing poorly secured IoT devices. And in February 2017, researchers identified a new variant of the Mirai botnet capable of targeting Windows systems, allowing the malware to spread to even more devices.  Mirai is just the tip of the iceberg and other powerful botnets continue to damage businesses globally. It’s not just businesses that should worry, one attack against a UK bank in 2016 resulted in £2.5 million stolen directly from customer accounts.
  • 19.
  • 20. Security should be there from a point when the power is supplied
  • 21. ENCRYPTION  The best option – light weight encryption tools  The RSA Algorithm( concept of factor) block ciphers, like PRESENT and CLEFIA, (lightweight versions of the Advanced Encryption Standard. )There are also hardware-oriented stream ciphers, like Enocoro, that focus on chip size and energy consumption; hash functions, such as PHOTON, which concentrate on data integrity; and message authentication codes for validating and authenticating communications between devices.  Elliptic curve based encryption
  • 22. RSA ALGORITHM  The RSA Algorithm  The Rivest-Shamir-Adleman (RSA) algorithm is one of the most popular and secure public-key encryption methods. The algorithm capitalizes on the fact that there is no efficient way to factor very large (100-200 digit) numbers. Using an encryption key (e,n), the algorithm is as follows:  Represent the message as an integer between 0 and (n-1). Large messages can be broken up into a number of blocks. Each block would then be represented by an integer in the same range.  Encrypt the message by raising it to the eth power modulo n. The result is a cipher text message C.  To decrypt cipher text message C, raise it to another power d modulo n  The encryption key (e,n) is made public. The decryption key (d,n) is kept private by the user.
  • 23. IOT TOO REQUIRE A FIREWALL  The embedded firewall provides a basic but critical level of security by controlling what packets or messages are processed.  The firewall enforces its policies by filtering packets as they are received, comparing each packet to the policies for that device, and blocking all packets that don’t match the communication policy criteria.  Rules-based filtering: Each packet is compared to a set of static rules determining if the packet is blocked or allowed . All decisions are made based on the information in the packet. Rules-based filtering enforces policies by blocking unused protocols, closing unused ports, and enforcing IP address white lists and blacklists.
  • 24. SOFTWARE MUST BE SECURED  Many IoT devices are based on processors such as the ARM processor, which have differences in the instruction set with respect to other conventionally used processors.  Such diversity has an implication, for ex. On the techniques for protecting software from attacks, such as return –oriented programming attacks, as such must be tailored to the specific instruction set of the platform of interest  One way to provide better security is to isolate sensors and other permissive devices on a separate virtual LAN. This setup prevents a hacker from observing the totality of network traffic if one sensor is compromised, or using it to launch attacks across the entire enterprise.  Create bug bounty programs and vulnerability reporting systems
  • 25. GOOD CITIZEN RULES  Don’t connect your devices unless you need to  don’t use default passwords  Keep the latest firmwares  Turn off universal plug and play (UpnP)  Do not trust any network , just because it is introduced by any trusted entity  Not all access point are trustworthy
  • 26. OPEN SOURCE WOULD HAVE AN IMPACT  to support and connect billions of sensors, routers, gateways and data servers  Promotes velocity of innovation  Easy exploration and experimentation  Enables permission less innovation
  • 27. REFERENCES o Data security and privacy in IoT by Elisa Bertino o OWASP IoT security https://www.owasp.org/index.php/IoT_Security_Guidance o https://www.symantec.com/solutions/internet-of-things