SlideShare a Scribd company logo

Security in IoT

Download as PPTX, PDF
G
gr9293

It will cover basics of IoT, its architecture , security issues ,and its possible solutions with examples. Hope you will find it helpful.

Engineering
1 of 27
SECURITY IN IoT (Internet of Things) PRESENTED BY:- RAMNEEK KAUR ME(CSE),Regular 152417 1
CONTENTS • Internet of Things(IoT) • IoT Devices • IoT Technology • OWASP Top 10 Security issues in IoT • Security concerns • Wireless Sensor Network(WSN) • Attacks on WSN • Devices under Attack • Countermeasures • Future Scope • References 2
IoT diffusion-Forecast • Welcome to the era of the Internet of Things (IoT), where digitally connected devices are encroaching on every aspect of our lives, including our homes, offices, cars and even our bodies. • With the advent of IPv6 and Wi-Fi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 50 billion. 3
IoT(Internet of Things)- Definition  IoT refers to the network of physical, Identifiable, objects connected via the internet, which can sense and communicate.  It is Ubiquitous-means anywhere, anytime, anyway, anything and anyhow (5 A’s).  IoT includes concepts such as Wireless Sensor Networks(WSN) , Machine-to-machine(M2M) communication and Low power Wireless Personal Area Networks (LoWPAN) ,or technologies such as Radio- Frequency Identification(RFID). 4
IoT devices • Thermostat • smoke detector • Lockitron • Smart baby monitor • Philips Hue light bulb • Air Quality egg • Smart Body Analyzer • In Home Health Care 5
IoT Technology • Now that we all understand the IoT concept, it would be worthwhile to deep dive in order to get familiar with the building blocks of IoT: 6
CONTINUE… 1) Sensors & Sensor technology – They will sniff a wide variety of information ranging from Location, Weather/Environment conditions, data to Health essentials of a patient. 2) IoT Gateways – IoT Gateways , as the name rightly suggests, are the gateways to internet for all the things/devices that we want to interact with. Gateways help to bridge the internal network of sensor nodes with the external Internet or World Wide Web. 3) Cloud/server infrastructure & Big Data – The data transmitted through gateway is stored & processed securely within the cloud infrastructure using Big Data analytics engine. This processed data is then used to perform intelligent actions that make all our devices ‘Smart Devices’! 7
CONTINUE… 4) End-user Mobile apps – The mobile apps will help end users to control & monitor their devices from remote locations. 5) IPv6 – IP addresses are the backbone to the entire IoT ecosystem. Internet. • With IPv4 we were running out of IP addresses, but with IPv6 (launched in 2012) we now have 3.4*10^38 IP addresses! 8
Key Challenges of IoT • Availability • Architecture • Reliability • Mobility • Performance • Management • Scalability • Security & Privacy -Security and Privacy is a significant challenge due to lack of common standards and architecture for IoT security. 9
OWASP Top 10 1. Insecure Web Interface 2. Insufficient Authentication/Authorization 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configurability 9. Insecure Software/Firmware 10. Poor Physical Security 10
IoT security concerns 1. Privacy Concerns: 90 percent of devices collected at least one piece of personal information via the device, the cloud or the device’s mobile application. • information like name, address, date of birth or even health and credit card information. 2. Insufficient Authentication/Authorization: 80 percent users and devices rely on weak and simple passwords and authorizations. 3. Transport Encryption: 70 percent of devices used unencrypted network services. Transport encryption will be crucial as most of the devices are transmitting data that most people would consider crucial. 11
IoT security concerns 4. Web Interface: 60 percent raised security concerns with their user interfaces. These issues included: • persistent cross-site scripting, poor session management and weak default credentials. • From this, hackers were able to identify valid user accounts and take them over using things like password reset features. 5. Insecure Software: 60 percent did not use encryption when downloading software updates. 12
Wireless Sensor Network(WSN)- • Wireless sensor networks (WSN), sometimes called wireless sensor and actuator networks (WSAN) • The topology of the WSNs can vary from a simple star network to an advanced multi-hop wireless mesh network. • The propagation technique between the hops of the network can be routing or flooding. • Wireless Sensor Networks (WSNs) are playing more and more a key role in several application scenarios such as healthcare, agriculture, environment monitoring, and smart metering. 13
WSN- Architecture 14
WSNs are Vulnerable to various types of Attacks 15
Attack Models • Eavesdropping: an attacker intercepts packets transmitted over the air for further cryptanalysis or traffic analysis. • Traffic analysis: allows an attacker to determine that there is activity in the network, the location of the BSs, and the type of protocols being used. • Message injection: an adversary injects bogus control information into the data stream. • Message modification: a previously captured message is modified before being retransmitted • Node capture: An embedded device is considered being compromised when an attacker, through various means, gains control to the node itself. • Denial-of-Service (DoS) attacks: can be grouped into two categories  Service degradation (e.g., collision attack), and  Service disablement through power exhaustion (e.g. jamming) 16
Layer-based attack categorization 17
Attacks in Wireless Sensor Networks • Selective forwarding • Acknowledgement spoofing • Wormhole Attack • Sinkhole Attack • Helloflood Attack • Sybil Attack 18
• Selective forwarding: A malicious node refuses to forward all or a subset of the packets it receives and simply drops them. If a malicious node drops all the packets, the attack is then called black hole. • Acknowledgement spoofing: Spoof link layer acknowledgements(ACKs) to trick other nodes to believe that a link or node is either dead or alive. Attacks in Wireless Sensor Networks 19
Wormhole and Sinkhole Attacks • In Wormhole the attacker tunnels the packets received at one location of the network and replays them in another location. • In Sinkhole node tries to attract network traffic by advertise its fake routing update. • launch other attacks like : selective forwarding attack acknowledge spoofing attack Wormhole Link 20
HELLO Flood Attack • Every new node broadcasts “Hello messages” to find its neighbors. Also, it broadcasts its route to the BS. • Attacker with a high radio transmission range and processing power sends HELLO packets to number of sensor nodes. • Sensors are thus persuaded that the attacker is their neighbor. • Victim nodes try to go through the attacker. 21
Sybil Attack • “a malicious node illegitimately claims multiple identities” • The Sybil attack can disrupt geographic and multi-path routing protocols. Adversary A at actual location (3,2) forges location advertisements for non-existent nodes A1, A2, and A3 as well as advertising her own location. After hearing these advertisements, if B wants to send a message to C: (0,2), it will attempt to do so through A3. This transmission can be overheard and handled by the adversaryA. 22
Devices under Attack • Smart Watch: Data sent between the Smart watch and an Android mobile phone could be intercepted. • Bluetooth communication between most Smart watches and Android devices relies on a six digits PIN. • Easy to crack with a brute-force attack. • Smart Homes • Smart Cars • and many more…. 23
Overview of Countermeasures • Confidentiality is provided through the use of encryption technologies. Cryptographic algorithms such as the DES, RSA are used to protect the secrecy of a message. • MAC (Message Authentication Code) or Digital Signature Algorithms(DSA) can be used to assure the recipient’s integrity of the data and authenticity of the message • Digital Signatures can be used to ensure non-repudiation. • Availability can be achieved by adding redundant nodes. Multi path and probabilistic routing can also be used to minimize the impact of unavailability. • Data freshness is ensured by adding a counter value in each message. 24
Future Scope • Identify vulnerabilities (e.g. replay attacks) in the proposed authentication method and find solutions to them before implementation. • Further research and implementation of key exchanges together with security protocols for IP-communication in constrained networks. • Lot of work can be done in this field as no efficient security architecture for IoT is given yet. 25
References • G. Padmavathi, D. Shanmugapriya,“A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks”, International Journal of Computer Science and Information Security, IJCSIS, Vol. 4, No. 1 & 2, August 2009, USA • https://en.wikipedia.org/wiki/Internet_of_Things • https://www.owasp.org/index.php/OWASP_Internet_of_Things_Pro ject • http://www.cisco.com/c/en/us/about/security-center/secure- iot-proposed-framework.html 26
27

Recommended

IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
SKS
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
IoT Security
IoT SecurityIoT Security
IoT Security
Peter Waher
 

Recommended

IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
SKS
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
IoT Security
IoT SecurityIoT Security
IoT Security
Peter Waher
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
The Avi Sharma
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
Anastasios Economides
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
SHAAMILIVARSAGV
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
Vishnupriya T H
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
Bob Marcus
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
Vasco Veloso
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
Jinia Bhowmik
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Internet of Things (IOT) - Technology and Applications
Internet of Things (IOT) - Technology and ApplicationsInternet of Things (IOT) - Technology and Applications
Internet of Things (IOT) - Technology and Applications
Dr. Mazlan Abbas
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
Ulf Mattsson
 
10 min IoT ppt
10 min IoT ppt10 min IoT ppt
10 min IoT ppt
Vaishnavu Pathayathodi
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
Ravindra Dastikop
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 

More Related Content

What's hot

IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 

What's hot (20)

IoT security
IoT securityIoT security
IoT security
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Internet of Things (IOT) - Technology and Applications
Internet of Things (IOT) - Technology and ApplicationsInternet of Things (IOT) - Technology and Applications
Internet of Things (IOT) - Technology and Applications
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 
10 min IoT ppt
10 min IoT ppt10 min IoT ppt
10 min IoT ppt
 

Viewers also liked

IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
Exosite
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
Sybil Attacks - MobiSys Seminar
Sybil Attacks - MobiSys SeminarSybil Attacks - MobiSys Seminar
Sybil Attacks - MobiSys Seminar
Neal Lathia
 
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
Editor IJCATR
 
Network Information And Security
Network Information And SecurityNetwork Information And Security
Network Information And Security
anandk10
 

Viewers also liked (20)

Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
WSN IN IOT
WSN IN IOTWSN IN IOT
WSN IN IOT
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Basic Architecture of Wireless Sensor Network
Basic Architecture of Wireless Sensor NetworkBasic Architecture of Wireless Sensor Network
Basic Architecture of Wireless Sensor Network
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
IOT - Presentation to PEP @ Progress
IOT - Presentation to PEP @ ProgressIOT - Presentation to PEP @ Progress
IOT - Presentation to PEP @ Progress
 
Sybil Attacks - MobiSys Seminar
Sybil Attacks - MobiSys SeminarSybil Attacks - MobiSys Seminar
Sybil Attacks - MobiSys Seminar
 
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
 
Network Information And Security
Network Information And SecurityNetwork Information And Security
Network Information And Security
 

Similar to Security in IoT

Abdullah Mukhtar ppt
Abdullah Mukhtar pptAbdullah Mukhtar ppt
Abdullah Mukhtar ppt
Abdullah Mukhtar
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
Marynol Cahinde
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
IJCSIS Research Publications
 
Security in Wireless Sensor Networks Using Broadcasting
Security in Wireless Sensor Networks Using BroadcastingSecurity in Wireless Sensor Networks Using Broadcasting
Security in Wireless Sensor Networks Using Broadcasting
IJMER
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
IJERA Editor
 

Similar to Security in IoT (20)

A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
Abdullah Mukhtar ppt
Abdullah Mukhtar pptAbdullah Mukhtar ppt
Abdullah Mukhtar ppt
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Cyber security
Cyber securityCyber security
Cyber security
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 
G011123539
G011123539G011123539
G011123539
 
security in IOT.pptx
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptx
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
Security in Wireless Sensor Networks Using Broadcasting
Security in Wireless Sensor Networks Using BroadcastingSecurity in Wireless Sensor Networks Using Broadcasting
Security in Wireless Sensor Networks Using Broadcasting
 
Copy of IoT Module 4-Security and privacy in IoT.pdf
Copy of IoT Module 4-Security and privacy in IoT.pdfCopy of IoT Module 4-Security and privacy in IoT.pdf
Copy of IoT Module 4-Security and privacy in IoT.pdf
 
JCC_2015120915212763
JCC_2015120915212763JCC_2015120915212763
JCC_2015120915212763
 
Wireless Sensor Network
Wireless Sensor NetworkWireless Sensor Network
Wireless Sensor Network
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
 
Wsn in iot updated
Wsn in iot updatedWsn in iot updated
Wsn in iot updated
 
The mfn 3
The mfn 3The mfn 3
The mfn 3
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
WIRELESS SENSOR NETWORK
WIRELESS SENSOR NETWORKWIRELESS SENSOR NETWORK
WIRELESS SENSOR NETWORK
 
Distributed Intrusion Detection System for Wireless Sensor Networks
Distributed Intrusion Detection System for Wireless Sensor NetworksDistributed Intrusion Detection System for Wireless Sensor Networks
Distributed Intrusion Detection System for Wireless Sensor Networks
 

Recently uploaded

Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 

Security in IoT

  • 1. SECURITY IN IoT (Internet of Things) PRESENTED BY:- RAMNEEK KAUR ME(CSE),Regular 152417 1
  • 2. CONTENTS • Internet of Things(IoT) • IoT Devices • IoT Technology • OWASP Top 10 Security issues in IoT • Security concerns • Wireless Sensor Network(WSN) • Attacks on WSN • Devices under Attack • Countermeasures • Future Scope • References 2
  • 3. IoT diffusion-Forecast • Welcome to the era of the Internet of Things (IoT), where digitally connected devices are encroaching on every aspect of our lives, including our homes, offices, cars and even our bodies. • With the advent of IPv6 and Wi-Fi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 50 billion. 3
  • 4. IoT(Internet of Things)- Definition  IoT refers to the network of physical, Identifiable, objects connected via the internet, which can sense and communicate.  It is Ubiquitous-means anywhere, anytime, anyway, anything and anyhow (5 A’s).  IoT includes concepts such as Wireless Sensor Networks(WSN) , Machine-to-machine(M2M) communication and Low power Wireless Personal Area Networks (LoWPAN) ,or technologies such as Radio- Frequency Identification(RFID). 4
  • 5. IoT devices • Thermostat • smoke detector • Lockitron • Smart baby monitor • Philips Hue light bulb • Air Quality egg • Smart Body Analyzer • In Home Health Care 5
  • 6. IoT Technology • Now that we all understand the IoT concept, it would be worthwhile to deep dive in order to get familiar with the building blocks of IoT: 6
  • 7. CONTINUE… 1) Sensors & Sensor technology – They will sniff a wide variety of information ranging from Location, Weather/Environment conditions, data to Health essentials of a patient. 2) IoT Gateways – IoT Gateways , as the name rightly suggests, are the gateways to internet for all the things/devices that we want to interact with. Gateways help to bridge the internal network of sensor nodes with the external Internet or World Wide Web. 3) Cloud/server infrastructure & Big Data – The data transmitted through gateway is stored & processed securely within the cloud infrastructure using Big Data analytics engine. This processed data is then used to perform intelligent actions that make all our devices ‘Smart Devices’! 7
  • 8. CONTINUE… 4) End-user Mobile apps – The mobile apps will help end users to control & monitor their devices from remote locations. 5) IPv6 – IP addresses are the backbone to the entire IoT ecosystem. Internet. • With IPv4 we were running out of IP addresses, but with IPv6 (launched in 2012) we now have 3.4*10^38 IP addresses! 8
  • 9. Key Challenges of IoT • Availability • Architecture • Reliability • Mobility • Performance • Management • Scalability • Security & Privacy -Security and Privacy is a significant challenge due to lack of common standards and architecture for IoT security. 9
  • 10. OWASP Top 10 1. Insecure Web Interface 2. Insufficient Authentication/Authorization 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configurability 9. Insecure Software/Firmware 10. Poor Physical Security 10
  • 11. IoT security concerns 1. Privacy Concerns: 90 percent of devices collected at least one piece of personal information via the device, the cloud or the device’s mobile application. • information like name, address, date of birth or even health and credit card information. 2. Insufficient Authentication/Authorization: 80 percent users and devices rely on weak and simple passwords and authorizations. 3. Transport Encryption: 70 percent of devices used unencrypted network services. Transport encryption will be crucial as most of the devices are transmitting data that most people would consider crucial. 11
  • 12. IoT security concerns 4. Web Interface: 60 percent raised security concerns with their user interfaces. These issues included: • persistent cross-site scripting, poor session management and weak default credentials. • From this, hackers were able to identify valid user accounts and take them over using things like password reset features. 5. Insecure Software: 60 percent did not use encryption when downloading software updates. 12
  • 13. Wireless Sensor Network(WSN)- • Wireless sensor networks (WSN), sometimes called wireless sensor and actuator networks (WSAN) • The topology of the WSNs can vary from a simple star network to an advanced multi-hop wireless mesh network. • The propagation technique between the hops of the network can be routing or flooding. • Wireless Sensor Networks (WSNs) are playing more and more a key role in several application scenarios such as healthcare, agriculture, environment monitoring, and smart metering. 13
  • 15. WSNs are Vulnerable to various types of Attacks 15
  • 16. Attack Models • Eavesdropping: an attacker intercepts packets transmitted over the air for further cryptanalysis or traffic analysis. • Traffic analysis: allows an attacker to determine that there is activity in the network, the location of the BSs, and the type of protocols being used. • Message injection: an adversary injects bogus control information into the data stream. • Message modification: a previously captured message is modified before being retransmitted • Node capture: An embedded device is considered being compromised when an attacker, through various means, gains control to the node itself. • Denial-of-Service (DoS) attacks: can be grouped into two categories  Service degradation (e.g., collision attack), and  Service disablement through power exhaustion (e.g. jamming) 16
  • 18. Attacks in Wireless Sensor Networks • Selective forwarding • Acknowledgement spoofing • Wormhole Attack • Sinkhole Attack • Helloflood Attack • Sybil Attack 18
  • 19. • Selective forwarding: A malicious node refuses to forward all or a subset of the packets it receives and simply drops them. If a malicious node drops all the packets, the attack is then called black hole. • Acknowledgement spoofing: Spoof link layer acknowledgements(ACKs) to trick other nodes to believe that a link or node is either dead or alive. Attacks in Wireless Sensor Networks 19
  • 20. Wormhole and Sinkhole Attacks • In Wormhole the attacker tunnels the packets received at one location of the network and replays them in another location. • In Sinkhole node tries to attract network traffic by advertise its fake routing update. • launch other attacks like : selective forwarding attack acknowledge spoofing attack Wormhole Link 20
  • 21. HELLO Flood Attack • Every new node broadcasts “Hello messages” to find its neighbors. Also, it broadcasts its route to the BS. • Attacker with a high radio transmission range and processing power sends HELLO packets to number of sensor nodes. • Sensors are thus persuaded that the attacker is their neighbor. • Victim nodes try to go through the attacker. 21
  • 22. Sybil Attack • “a malicious node illegitimately claims multiple identities” • The Sybil attack can disrupt geographic and multi-path routing protocols. Adversary A at actual location (3,2) forges location advertisements for non-existent nodes A1, A2, and A3 as well as advertising her own location. After hearing these advertisements, if B wants to send a message to C: (0,2), it will attempt to do so through A3. This transmission can be overheard and handled by the adversaryA. 22
  • 23. Devices under Attack • Smart Watch: Data sent between the Smart watch and an Android mobile phone could be intercepted. • Bluetooth communication between most Smart watches and Android devices relies on a six digits PIN. • Easy to crack with a brute-force attack. • Smart Homes • Smart Cars • and many more…. 23
  • 24. Overview of Countermeasures • Confidentiality is provided through the use of encryption technologies. Cryptographic algorithms such as the DES, RSA are used to protect the secrecy of a message. • MAC (Message Authentication Code) or Digital Signature Algorithms(DSA) can be used to assure the recipient’s integrity of the data and authenticity of the message • Digital Signatures can be used to ensure non-repudiation. • Availability can be achieved by adding redundant nodes. Multi path and probabilistic routing can also be used to minimize the impact of unavailability. • Data freshness is ensured by adding a counter value in each message. 24
  • 25. Future Scope • Identify vulnerabilities (e.g. replay attacks) in the proposed authentication method and find solutions to them before implementation. • Further research and implementation of key exchanges together with security protocols for IP-communication in constrained networks. • Lot of work can be done in this field as no efficient security architecture for IoT is given yet. 25
  • 26. References • G. Padmavathi, D. Shanmugapriya,“A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks”, International Journal of Computer Science and Information Security, IJCSIS, Vol. 4, No. 1 & 2, August 2009, USA • https://en.wikipedia.org/wiki/Internet_of_Things • https://www.owasp.org/index.php/OWASP_Internet_of_Things_Pro ject • http://www.cisco.com/c/en/us/about/security-center/secure- iot-proposed-framework.html 26
  • 27. 27

Editor's Notes

  1. ,are spatially distributed autonomous sensors to monitor physical or environmental conditions, such as: temperature, sound, pressure, etc. and to cooperatively pass their data through the network to a main location. The current trend, however, is to move away from proprietary and closed standards, to embrace IP-based sensor networks using the emerging standard 6LoWPAN/IPv6. This allows native connectivity between WSN and Internet, enabling smart objects to participate to the Internet of Things (IoT).
  2. Eavesdropping is secretly listening to the private conversation of others without their consent