SlideShare une entreprise Scribd logo

IoT Security Risks and Mitigation Strategies

Télécharger en tant que PPTX, PDF
APNIC
APNIC

The document discusses security concerns regarding the Internet of Things (IoT). It outlines several threats including worms and viruses infecting IoT devices, organized crime accessing devices for espionage or sabotage, and cyberterrorists targeting infrastructure devices. Specific issues mentioned include medical devices being hacked, smart meters revealing private information, and the need to address security challenges like access control and provisioning at scale for billions of IoT devices. The document advocates taking a pragmatic approach by analyzing IoT security risks by class of device properties and developing mitigation techniques.

Internet
1  sur  19
Internet of Things... Let's Not Forget Security Please! Distinguished Engineer Cisco @evyncke Eric Vyncke © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
• Plain worms escaping the plain IT world into the IoT? Limited to ‘things’ running a consumer OS: Windows, Linux, iOS, Android, ... • Script kiddies or other targeting at random residential IoT Unprotected webcams Stealing content Having ‘fun’ with heating system • Organized crime Access to intellectual property Sabotage and espionage See also further • Cyber-terrorism Against nuclear plants, traffic monitoring, railways, ... (critical infrastructure) © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• http://www.shodanhq.com/ a IPv4 scan of the Internet • Do not believe that IPv6 will help.... © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Worms and viruses Sabotage Unauthorized Unintended access employee actions Application of Security patches Theft Safety Denial of Service Unauthorized actions by employees Natural or Man-made disasters Unauthorized remote access Unaddressed risks increase potential for disruption to control system’s uptime and safe operation © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
• Implantable Medical Device (such as pacemakers) • former Vice President Dick Cheney revealed that his doctor ordered the wireless functionality of his heart implant disabled due to fears it might be hacked in an assassination attempt. • The late Barnaby Jack demonstrated how a certain model of implanted insulin pump could be lethally hacked to administer incorrect dosages from up to 300 feet way. http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/21/yes-terrorists-could-have-hacked-dick-cheneys-heart/ © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
• Example: smart metering Using this example simply because it is easy to understand, deployed and could be fixed (if not yet done) • In case of unauthorized access: Less consumption as usual => nobody at home, let’s break into it! 5-min interval consumption meter => can guess the TV channel! http://events.ccc.de/congress/2011/Fahrplan/events /4754.en.html Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
• Too many IoT to do security analysis for all use cases • Let’s cut the big cakes in smaller edible pieces • Let’s focus on generic properties of IoT Property can be: mobile vs. fixe, tamper-proof And derives threats on each properties Then, design mitigation techniques or risk managements (work in progress...) Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
• Example: smart metering? How old it your house? How old is your electricity meter? • Compare with lifetime of DES 1977: published by US FIPS 1999: EFF breaks it in 22 hours 2005: removed by US FIPS Guess: crypto has a limited lifetime of 20-30 years... Compare with above... Source: wikimedia.org • Even public key cryptography could be defeated with quantum computer... OK, not within 10 years probably Search also for ‘post quantum cryptography’ © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
• Any can handle access control • Device identity/authentication Smart meter to get your own bill Actuators (and even) Smart vehicles But, scalability issue... • Group membership Array of sensors for physical environment, what is important is location not individual identity Actuators: all bulbs in the same room Easier to scale © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
• Sometimes, no need for real identity of peers • Heart-to-Heart protocol to give programmatic access to Implantable Medical Device • Sharing a common physical measurement with enough entropy is enough • Can also be done with radio wave parameters http://www.arijuels.com/wp-content/uploads/2013/09/RJK131.pdf (Ari Juels & Rice University) © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
• Use case: smart metering, home surveillance, ... Where the residential network (operated by SP/subscriber) is shared • Availability? Quality of Service is an obvious must VLAN separation can also help (or SDN even?) But shared/unmanaged CPE??? • Threat: Man-in-the middle attack to be assumed Impact on confidentiality & integrity => crypto could help • Provisioning? Vendor? Service Provider? Owner? • Liability? © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
• If a ‘thing’ is mobile, then it can be moved maliciously, i.e. stolen, but can still know its new position • If a ‘thing’ is fixed, then a move could still be physically possible but undetectable • Pick your devil! Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
• Always on: Removal/loss detection is immediate High rate of poll makes man-in-the-middle more complex • Periodic poll: Wait until next poll before detecting removal/loss Balance between cost/energy and security • On-event push: Removal/loss detection is impossible Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
• Assuming cheap ‘things’, then one lost thing is not a major issue Loss in the sense of physically destroyed (availability) or owned (integrity) Averaging the surrounding sensor measurements (temperature, ...) Could also be applicable to actuators such as parallel electrical switch Proven technique: using 3 ‘things’ and using a majority vote on the outcome. The voting system could be sheer dumb electronics © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
• IoT is a broad term covering Different vulnerabilities: software, crypto, can be stolen, ... Different risks: national critical infrastructure vs. home heating system • Let’s be pragmatic and cut the problem is smaller pieces • Example: IoT Grand Security Challenge http://blogs.cisco.com/security/join-the-challenge-secure-the-internet-of-things/ • Work in progress , not all solutions are available yet This is normal Let’s focus on the problem statement first • What can we trust in Internet of Thing? The network that we know or things to be built? © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Thank you. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Recommandé

Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
The IoT Attack Surface
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack SurfaceDaniel Miessler
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsDaniel Miessler
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTNUS-ISS
 

Recommandé

Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
The IoT Attack Surface
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack SurfaceDaniel Miessler
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsDaniel Miessler
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTNUS-ISS
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of ThingsAlexandru Radovici
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Security analytics
Security analyticsSecurity analytics
Security analyticsSimon Bennett
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risksGavan Howe
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Reverehhanebeck
 
Báo cáo cuối kì (nguyễn phượng nhung)
Báo cáo cuối kì (nguyễn phượng nhung)Báo cáo cuối kì (nguyễn phượng nhung)
Báo cáo cuối kì (nguyễn phượng nhung)Nhung Nguyễn
 
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIALapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIANursyifa Fauziah
 

Contenu connexe

Tendances

Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of ThingsAlexandru Radovici
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risksGavan Howe
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Reverehhanebeck
 

Tendances (20)

Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
Security analytics
Security analyticsSecurity analytics
Security analytics
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risks
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Revere
 

En vedette

Báo cáo cuối kì (nguyễn phượng nhung)
Báo cáo cuối kì (nguyễn phượng nhung)Báo cáo cuối kì (nguyễn phượng nhung)
Báo cáo cuối kì (nguyễn phượng nhung)Nhung Nguyễn
 
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIALapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIANursyifa Fauziah
 
El ensayo
El ensayoEl ensayo
El ensayojotate5
 
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...Byeongseok Yu
 
Sierras Chicas - Córdoba (vuelta)
Sierras Chicas - Córdoba (vuelta)Sierras Chicas - Córdoba (vuelta)
Sierras Chicas - Córdoba (vuelta)Cba24n
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay KumarOWASP Delhi
 
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...Byeongseok Yu
 
The State of Digital Video in 2015 - DPRS Nashville, 11/17/15
The State of Digital Video in 2015 - DPRS Nashville, 11/17/15The State of Digital Video in 2015 - DPRS Nashville, 11/17/15
The State of Digital Video in 2015 - DPRS Nashville, 11/17/15Digiday
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
WeGreek Pitch Deck
WeGreek Pitch DeckWeGreek Pitch Deck
WeGreek Pitch DeckLukas Deem
 
My Body Shots PR Deck
My Body Shots PR DeckMy Body Shots PR Deck
My Body Shots PR DeckCaitlin Mann
 
Pitch Deck for Rockhealth
Pitch Deck for RockhealthPitch Deck for Rockhealth
Pitch Deck for Rockhealthnolanperk
 

En vedette (15)

Báo cáo cuối kì (nguyễn phượng nhung)
Báo cáo cuối kì (nguyễn phượng nhung)Báo cáo cuối kì (nguyễn phượng nhung)
Báo cáo cuối kì (nguyễn phượng nhung)
 
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIALapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
Lapoan GNOTA Sept 2014 Dharma Wanita Persatuan Bina Gizi dan KIA
 
Ppt gnota
Ppt gnotaPpt gnota
Ppt gnota
 
El ensayo
El ensayoEl ensayo
El ensayo
 
pengembangan silabus
pengembangan silabuspengembangan silabus
pengembangan silabus
 
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
 
Sierras Chicas - Córdoba (vuelta)
Sierras Chicas - Córdoba (vuelta)Sierras Chicas - Córdoba (vuelta)
Sierras Chicas - Córdoba (vuelta)
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
 
The State of Digital Video in 2015 - DPRS Nashville, 11/17/15
The State of Digital Video in 2015 - DPRS Nashville, 11/17/15The State of Digital Video in 2015 - DPRS Nashville, 11/17/15
The State of Digital Video in 2015 - DPRS Nashville, 11/17/15
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
WeGreek Pitch Deck
WeGreek Pitch DeckWeGreek Pitch Deck
WeGreek Pitch Deck
 
My Body Shots PR Deck
My Body Shots PR DeckMy Body Shots PR Deck
My Body Shots PR Deck
 
Pitch Deck for Rockhealth
Pitch Deck for RockhealthPitch Deck for Rockhealth
Pitch Deck for Rockhealth
 

Similaire à IoT Security Risks and Mitigation Strategies

Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceChristopher Gerritz
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemCA Technologies
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 

Similaire à IoT Security Risks and Mitigation Strategies (20)

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
IoT security
IoT securityIoT security
IoT security
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 

Plus de APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 

Plus de APNIC (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 

Dernier

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 

Dernier (20)

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 

IoT Security Risks and Mitigation Strategies

  • 1. Internet of Things... Let's Not Forget Security Please! Distinguished Engineer Cisco @evyncke Eric Vyncke © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  • 2. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • 3. • Plain worms escaping the plain IT world into the IoT? Limited to ‘things’ running a consumer OS: Windows, Linux, iOS, Android, ... • Script kiddies or other targeting at random residential IoT Unprotected webcams Stealing content Having ‘fun’ with heating system • Organized crime Access to intellectual property Sabotage and espionage See also further • Cyber-terrorism Against nuclear plants, traffic monitoring, railways, ... (critical infrastructure) © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  • 4. • http://www.shodanhq.com/ a IPv4 scan of the Internet • Do not believe that IPv6 will help.... © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. Worms and viruses Sabotage Unauthorized Unintended access employee actions Application of Security patches Theft Safety Denial of Service Unauthorized actions by employees Natural or Man-made disasters Unauthorized remote access Unaddressed risks increase potential for disruption to control system’s uptime and safe operation © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  • 6. • Implantable Medical Device (such as pacemakers) • former Vice President Dick Cheney revealed that his doctor ordered the wireless functionality of his heart implant disabled due to fears it might be hacked in an assassination attempt. • The late Barnaby Jack demonstrated how a certain model of implanted insulin pump could be lethally hacked to administer incorrect dosages from up to 300 feet way. http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/21/yes-terrorists-could-have-hacked-dick-cheneys-heart/ © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. • Example: smart metering Using this example simply because it is easy to understand, deployed and could be fixed (if not yet done) • In case of unauthorized access: Less consumption as usual => nobody at home, let’s break into it! 5-min interval consumption meter => can guess the TV channel! http://events.ccc.de/congress/2011/Fahrplan/events /4754.en.html Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 8. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  • 9. • Too many IoT to do security analysis for all use cases • Let’s cut the big cakes in smaller edible pieces • Let’s focus on generic properties of IoT Property can be: mobile vs. fixe, tamper-proof And derives threats on each properties Then, design mitigation techniques or risk managements (work in progress...) Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • 10. • Example: smart metering? How old it your house? How old is your electricity meter? • Compare with lifetime of DES 1977: published by US FIPS 1999: EFF breaks it in 22 hours 2005: removed by US FIPS Guess: crypto has a limited lifetime of 20-30 years... Compare with above... Source: wikimedia.org • Even public key cryptography could be defeated with quantum computer... OK, not within 10 years probably Search also for ‘post quantum cryptography’ © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. • Any can handle access control • Device identity/authentication Smart meter to get your own bill Actuators (and even) Smart vehicles But, scalability issue... • Group membership Array of sensors for physical environment, what is important is location not individual identity Actuators: all bulbs in the same room Easier to scale © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • 12. • Sometimes, no need for real identity of peers • Heart-to-Heart protocol to give programmatic access to Implantable Medical Device • Sharing a common physical measurement with enough entropy is enough • Can also be done with radio wave parameters http://www.arijuels.com/wp-content/uploads/2013/09/RJK131.pdf (Ari Juels & Rice University) © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • 13. • Use case: smart metering, home surveillance, ... Where the residential network (operated by SP/subscriber) is shared • Availability? Quality of Service is an obvious must VLAN separation can also help (or SDN even?) But shared/unmanaged CPE??? • Threat: Man-in-the middle attack to be assumed Impact on confidentiality & integrity => crypto could help • Provisioning? Vendor? Service Provider? Owner? • Liability? © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  • 14. • If a ‘thing’ is mobile, then it can be moved maliciously, i.e. stolen, but can still know its new position • If a ‘thing’ is fixed, then a move could still be physically possible but undetectable • Pick your devil! Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • 15. • Always on: Removal/loss detection is immediate High rate of poll makes man-in-the-middle more complex • Periodic poll: Wait until next poll before detecting removal/loss Balance between cost/energy and security • On-event push: Removal/loss detection is impossible Source: wikimedia.org © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. • Assuming cheap ‘things’, then one lost thing is not a major issue Loss in the sense of physically destroyed (availability) or owned (integrity) Averaging the surrounding sensor measurements (temperature, ...) Could also be applicable to actuators such as parallel electrical switch Proven technique: using 3 ‘things’ and using a majority vote on the outcome. The voting system could be sheer dumb electronics © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. • IoT is a broad term covering Different vulnerabilities: software, crypto, can be stolen, ... Different risks: national critical infrastructure vs. home heating system • Let’s be pragmatic and cut the problem is smaller pieces • Example: IoT Grand Security Challenge http://blogs.cisco.com/security/join-the-challenge-secure-the-internet-of-things/ • Work in progress , not all solutions are available yet This is normal Let’s focus on the problem statement first • What can we trust in Internet of Thing? The network that we know or things to be built? © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. Thank you. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 19