Security Requirements in IoT Architecture
3,417 views
58 slides
Apr 03, 2020
Slide 1 of 58
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
About This Presentation
Security Requirements in IoT Architecture - Security in Enabling Technologies - Security Concerns in IoT Applications. Security Architecture in the Internet of Things - Security Requirements in IoT - Insufficient Authentication/Authorization - Insecure Access Control - Threats to Access C...
Slide Content
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 1
Security Requirements in IoT
Dr. Vrince Vimal
Computer Science and Engineering
Security Requirements in IoT
Dr. Vrince Vimal
Computer Science and Engineering
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 2
UnitI 9Hours
SecurityRequirementsin IoT Architecture-SecurityinEnablingTechnologies-SecurityConcernsinIoTApplications.Security
ArchitectureintheInternetofThings-SecurityRequirementsinIoT-InsufficientAuthentication/Authorization-InsecureAccess
Control-ThreatstoAccessControl,Privacy,andAvailability-AttacksSpecifictoIoT.Vulnerabilities–SecrecyandSecret-KeyCapacity-
Authentication/AuthorizationforSmartDevices-TransportEncryption–Attack&Faulttrees.
UnitII 9Hours
CryptographicprimitivesanditsroleinIoT–EncryptionandDecryption–Hashes–DigitalSignatures–Randomnumbergeneration–
Ciphersuites–keymanagementfundamentals–cryptographiccontrolsbuiltintoIoTmessagingandcommunicationprotocols–IoTNode
Authentication
UnitIII 8Hours
Identitylifecycle–authenticationcredentials–IoTIAMinfrastructure–AuthorizationwithPublish/Subscribeschemes–accesscontrol
UnitIV 6Hours
Concernsindatadissemination–LightweightandrobustschemesforPrivacyprotection–TrustandTrustmodelsforIoT–self-organizing
Things-Preventingunauthorizedaccess
UnitV 8Hours
CloudservicesandIoT–offeringsrelatedtoIoTfromcloudserviceproviders–CloudIoTsecuritycontrols–enterpriseIoTcloudsecurity
architecture–NewdirectionsincloudenabledIoTcomputing.
UnitI 9Hours
SecurityRequirementsin IoT Architecture-SecurityinEnablingTechnologies-SecurityConcernsinIoTApplications.Security
ArchitectureintheInternetofThings-SecurityRequirementsinIoT-InsufficientAuthentication/Authorization-InsecureAccess
Control-ThreatstoAccessControl,Privacy,andAvailability-AttacksSpecifictoIoT.Vulnerabilities–SecrecyandSecret-KeyCapacity-
Authentication/AuthorizationforSmartDevices-TransportEncryption–Attack&Faulttrees.
UnitII 9Hours
CryptographicprimitivesanditsroleinIoT–EncryptionandDecryption–Hashes–DigitalSignatures–Randomnumbergeneration–
Ciphersuites–keymanagementfundamentals–cryptographiccontrolsbuiltintoIoTmessagingandcommunicationprotocols–IoTNode
Authentication
UnitIII 8Hours
Identitylifecycle–authenticationcredentials–IoTIAMinfrastructure–AuthorizationwithPublish/Subscribeschemes–accesscontrol
UnitIV 6Hours
Concernsindatadissemination–LightweightandrobustschemesforPrivacyprotection–TrustandTrustmodelsforIoT–self-organizing
Things-Preventingunauthorizedaccess
UnitV 8Hours
CloudservicesandIoT–offeringsrelatedtoIoTfromcloudserviceproviders–CloudIoTsecuritycontrols–enterpriseIoTcloudsecurity
architecture–NewdirectionsincloudenabledIoTcomputing.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 3
•The emerging Internet of Things (IoT) is believed to be the next
generation of the Internet.
•Easy target for Hackers as billion of devices Communicating
without human intervention.
•Intelligent sensors, wireless communication, networks, data
analysis technologies, cloud computing have been developed
•The development is in initial stages.
Introduction
•The emerging Internet of Things (IoT) is believed to be the next
generation of the Internet.
•Easy target for Hackers as billion of devices Communicating
without human intervention.
•Intelligent sensors, wireless communication, networks, data
analysis technologies, cloud computing have been developed
•The development is in initial stages.
Introduction
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 4
•Security is significant obstacles in IoT
•It which involves the sensing of :
Infrastructure security,
Communication network security
Application security
General system security.
•Security is significant obstacles in IoT
•It which involves the sensing of :
Infrastructure security,
Communication network security
Application security
General system security.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 5
•Securitymeanscryptography,securecommunication,and
privacyassurances.
•ButforIoTSecurityhasdiversemeaningi.e.
•Dataconfidentiality,
•Servicesavailability,
•Integrity,
•Antimalware,
•Informationintegrity,
•Privacyprotection,
•Accesscontrol,
•Securitymeanscryptography,securecommunication,and
privacyassurances.
•ButforIoTSecurityhasdiversemeaningi.e.
•Dataconfidentiality,
•Servicesavailability,
•Integrity,
•Antimalware,
•Informationintegrity,
•Privacyprotection,
•Accesscontrol,
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 6
•At the lower layer of IoT (sensing layer)
Limited computation capacity
Limited energy supply
•At the Middle layer of IoT (network layer)
Eavesdropping or Interception,
Denial of service (DoS) attack.
•At the upper layer of IoT (application layer)
Data aggregation and encryption compensates for
issues of all layers.
•At the lower layer of IoT (sensing layer)
Limited computation capacity
Limited energy supply
•At the Middle layer of IoT (network layer)
Eavesdropping or Interception,
Denial of service (DoS) attack.
•At the upper layer of IoT (application layer)
Data aggregation and encryption compensates for
issues of all layers.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 7
Security Requirements
•InIoT,eachconnecteddevicecouldbeapotentialdoorway
intotheIoTinfrastructureorpersonaldata.
•SecurityConcernwouldelevateonceIoTreachesnextlevel
ofinteroperabilityandautonomousdecisionmakingand
higherordersecurityloopholes.
Security Requirements
•InIoT,eachconnecteddevicecouldbeapotentialdoorway
intotheIoTinfrastructureorpersonaldata.
•SecurityConcernwouldelevateonceIoTreachesnextlevel
ofinteroperabilityandautonomousdecisionmakingand
higherordersecurityloopholes.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 8
Security Concerns in IoT
Security Concerns in IoT
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 9
SECURITY REQUIREMENTS IN IoT
ARCHITECTURE
•AcriticalrequirementofIoTisthatthedevicesmustbe
interconnected.
•N/Whastoacquire,processandcommunicatedatafrom
realtovirtualworld.
•provideapplicationswithstrongsecurityprotection
SECURITY REQUIREMENTS IN IoT
ARCHITECTURE
•AcriticalrequirementofIoTisthatthedevicesmustbe
interconnected.
•N/Whastoacquire,processandcommunicatedatafrom
realtovirtualworld.
•provideapplicationswithstrongsecurityprotection
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 10
•N/W must provide operational guarantees for the
IoT, which bridges the gap between the physical
devices and the virtual worlds.
•Framework should consider:
Technical factors,
Sensing techniques,
Communication methods
Network technologies
Security protection,
Information confidentiality,
Transmission security,
Privacy protection,
•N/W must provide operational guarantees for the
IoT, which bridges the gap between the physical
devices and the virtual worlds.
•Framework should consider:
Technical factors,
Sensing techniques,
Communication methods
Network technologies
Security protection,
Information confidentiality,
Transmission security,
Privacy protection,
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 11
Business issues,
Business models,
Business processes
•SoAhas been successfully applied to IoT design
•The services-based application will heavily depend
on the architecture of IoT.
Business issues,
Business models,
Business processes
•SoAhas been successfully applied to IoT design
•The services-based application will heavily depend
on the architecture of IoT.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 12
SoA for IoT
SoA for IoT
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 13
Sensing Layer and IoT End-Nodes
For designing sensing layer of an IoT, the
main concerns are:
•Cost, size, resource, and energy
consumption
•Deployment.
•Heterogeneity.
•Communication.
•Networks.
Sensing Layer and IoT End-Nodes
For designing sensing layer of an IoT, the
main concerns are:
•Cost, size, resource, and energy
consumption
•Deployment.
•Heterogeneity.
•Communication.
•Networks.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 14
The endless variety of IoT applications poses
an equally wide variety of security challenges.
Devices authentication
Trusted devices
Leveraging the security controls and
availability of infrastructures in sensing layer.
In terms of software update
The endless variety of IoT applications poses
an equally wide variety of security challenges.
Devices authentication
Trusted devices
Leveraging the security controls and
availability of infrastructures in sensing layer.
In terms of software update
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 15
Inthislayer,thesecurityconcernscanbeclassifiedintotwo
maincategories:
•ThesecurityrequirementsatIoTend-node:physically
;accesscontrol;authentication;nonrepudiation;
confidentiality;integrity;availability;andprivacy.
•Thesecurityrequirementsinsensinglayer:confidentiality;
datasourceauthentication;deviceauthentication;integrity;
availability,andtimeless.
Inthislayer,thesecurityconcernscanbeclassifiedintotwo
maincategories:
•ThesecurityrequirementsatIoTend-node:physically
;accesscontrol;authentication;nonrepudiation;
confidentiality;integrity;availability;andprivacy.
•Thesecurityrequirementsinsensinglayer:confidentiality;
datasourceauthentication;deviceauthentication;integrity;
availability,andtimeless.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 16
Security Threats Description
Unauthorized accessDue to physically capture or logic
attacked, the sensitive information at the end-nodes is captured
by the attacker.
AvailabilityThe end-node stops to work since physically
captured or attacked logically
Spoofing attack With malware node, the attacker
successfully masquerades as IoTend-device, end-node, or
end-gateway by falsifying data
Selfish threat Some IoT end-nodes stop working to save
resources or andwidth to cause the failure of network
Malicious code Virus, Trojan, and junk message that can
cause software failure
DoS An attempt to make a IoT end-node resource unavailable
to its users
Transmission threats Threats in transmission, such as
interrupting, blocking, data manipulation, forgery, etc.
Routing attack Attacks on a routing path
Security Threats Description
Unauthorized accessDue to physically capture or logic
attacked, the sensitive information at the end-nodes is captured
by the attacker.
AvailabilityThe end-node stops to work since physically
captured or attacked logically
Spoofing attack With malware node, the attacker
successfully masquerades as IoTend-device, end-node, or
end-gateway by falsifying data
Selfish threat Some IoT end-nodes stop working to save
resources or andwidth to cause the failure of network
Malicious code Virus, Trojan, and junk message that can
cause software failure
DoS An attempt to make a IoT end-node resource unavailable
to its users
Transmission threats Threats in transmission, such as
interrupting, blocking, data manipulation, forgery, etc.
Routing attack Attacks on a routing path
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 17
following actions should be taken:
(1) Implement security standards for IoT and ensure all
devices are produced by meeting specific security standards.
(2) Build trustworthy data sensing system and review the
security of all devices/ components.
(3) Forensically identify and trace the source of users.
(4) Software or firmware at IoT end-node should be securely
designed.
following actions should be taken:
(1) Implement security standards for IoT and ensure all
devices are produced by meeting specific security standards.
(2) Build trustworthy data sensing system and review the
security of all devices/ components.
(3) Forensically identify and trace the source of users.
(4) Software or firmware at IoT end-node should be securely
designed.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 18
Inthenetworkinglayer,thefollowingissues
shouldbeaddressed:
•Networkmanagementtechnologies
includingthemanagementfor
fixed,wireless,mobilenetworks,
•Networkenergyefficiency,
•RequirementsofQoS,
•Technologiesforminingandsearching,
•Informationconfidentiality,
•Securityandprivacy.
Network Layer
Inthenetworkinglayer,thefollowingissues
shouldbeaddressed:
•Networkmanagementtechnologies
includingthemanagementfor
fixed,wireless,mobilenetworks,
•Networkenergyefficiency,
•RequirementsofQoS,
•Technologiesforminingandsearching,
•Informationconfidentiality,
•Securityandprivacy.
Network Layer
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 19
The security requirements in network layer involve:
•Overall security requirements,
•Privacy leakage:
•Communication security:
•Overconnected:
•MITM attack:
•Fake network message:
The security requirements in network layer involve:
•Overall security requirements,
•Privacy leakage:
•Communication security:
•Overconnected:
•MITM attack:
•Fake network message:
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 20
The activities in service layer, conducted by following
components:
•Service discovery.
•Service composition.
•Trustworthiness management.
•Service APIs.
Service Layer
The activities in service layer, conducted by following
components:
•Service discovery.
•Service composition.
•Trustworthiness management.
•Service APIs.
Service Layer
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 21
Thesecurityrequirementsintheservicelayerinclude:
Authorization,serviceauthentication,groupauthentication,
privacyprotection,integrity,securityofkeys,nonrepudiation,
antireplay,availability,etc.
•Privacyleakage.Themainconcerninthislayerinvolves
privacyleakageandmaliciouslocationtracking.
•Serviceabuses.InIoTtheserviceabuseattackinvolves:
i)illegalabuseofservices;
ii)abuseofunsubscribedservices.
•Nodeidentifymasquerade.
Thesecurityrequirementsintheservicelayerinclude:
Authorization,serviceauthentication,groupauthentication,
privacyprotection,integrity,securityofkeys,nonrepudiation,
antireplay,availability,etc.
•Privacyleakage.Themainconcerninthislayerinvolves
privacyleakageandmaliciouslocationtracking.
•Serviceabuses.InIoTtheserviceabuseattackinvolves:
i)illegalabuseofservices;
ii)abuseofunsubscribedservices.
•Nodeidentifymasquerade.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 22
•DoSattack.
•Replayattack,theattackerresendsthedata.
•Serviceinformationsnifferandmanipulation.
•Repudiationinservicelayer,itincludesthecommunication
repudiationandservicesrepudiation.
•DoSattack.
•Replayattack,theattackerresendsthedata.
•Serviceinformationsnifferandmanipulation.
•Repudiationinservicelayer,itincludesthecommunication
repudiationandservicesrepudiation.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 23
Fortheapplicationmaintenance,followingsecurity
requirementswillbeinvolved:
•Remotesafeconfiguration.
•Softwaredownloadingandupdating.
•Securitypatches.
•Administratorauthentication.
•Unifiedsecurityplatform,etc.
Application Layer
Fortheapplicationmaintenance,followingsecurity
requirementswillbeinvolved:
•Remotesafeconfiguration.
•Softwaredownloadingandupdating.
•Securitypatches.
•Administratorauthentication.
•Unifiedsecurityplatform,etc.
Application Layer
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 24
InIoTindesigningthesecuritysolutions,followingrules
shouldbehelpful:
a.SincemostconstrainedIoTend-nodesworkinan
unattendedmanner,thedesignershouldpaymoreattention
tothesafetyofthesenodes;
b.AsIoTinvolvesbillionsofclusteringnodes,thesecurity
solutionsshouldbedesignedbasedonenergyefficiency
schemes;
c.ThelightsecurityschemeatIoTend-nodesmightbe
differentwithexistingnetworksecuritysolutions;however,we
shoulddesignsecuritysolutionsinabigenoughrangeforall
partsinIoT.
InIoTindesigningthesecuritysolutions,followingrules
shouldbehelpful:
a.SincemostconstrainedIoTend-nodesworkinan
unattendedmanner,thedesignershouldpaymoreattention
tothesafetyofthesenodes;
b.AsIoTinvolvesbillionsofclusteringnodes,thesecurity
solutionsshouldbedesignedbasedonenergyefficiency
schemes;
c.ThelightsecurityschemeatIoTend-nodesmightbe
differentwithexistingnetworksecuritysolutions;however,we
shoulddesignsecuritysolutionsinabigenoughrangeforall
partsinIoT.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 25
Security in Identification and Tracking Technologies
•Due to its capability for identifying, tracing, and tracking,
the RFID system has been wide applications
SECURITY IN ENABLING
TECHNOLOGIES
Security in Identification and Tracking Technologies
•Due to its capability for identifying, tracing, and tracking,
the RFID system has been wide applications
SECURITY IN ENABLING
TECHNOLOGIES
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 26
In general the security features of RFID include:
•Tags/Readers collision problem Data confidentiality
•Tag-to-reader authentication
•High-assurance readers
In general the security features of RFID include:
•Tags/Readers collision problem Data confidentiality
•Tag-to-reader authentication
•High-assurance readers
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 27
Security in Integration of WSN and RFID
•IoT with the integration of RIFD and WSNs makes it
possible to develop IoT applications for healthcare,
decision-making of complex systems.
•The security issue in integration of RFID and WSNs
involves following challenges:
•Privacy,
•Identification and authentication,
•Communication security,
Security in Integration of WSN and RFID
•IoT with the integration of RIFD and WSNs makes it
possible to develop IoT applications for healthcare,
decision-making of complex systems.
•The security issue in integration of RFID and WSNs
involves following challenges:
•Privacy,
•Identification and authentication,
•Communication security,
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 28
•Trust and ownership,
•
•Integration;
•User authentication.
•Trust and ownership,
•
•Integration;
•User authentication.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 29
SECURITY CONCERNS IN IoT
APPLICATIONS
•The IoT enables information gathering, transmitting, and
storing to be available for devices in many scenarios, which
creates or accelerates many applications such as :
•Industrial control systems,
•Retailing industry,
•Smart shelf operations,
•Healthcare,
•Food and restaurant industry,
•Logistic industry, travel
•Tourism industry, etc.
SECURITY CONCERNS IN IoT
APPLICATIONS
•The IoT enables information gathering, transmitting, and
storing to be available for devices in many scenarios, which
creates or accelerates many applications such as :
•Industrial control systems,
•Retailing industry,
•Smart shelf operations,
•Healthcare,
•Food and restaurant industry,
•Logistic industry, travel
•Tourism industry, etc.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 30
To integrate the devices of sensing layer as intrinsic parts of the IoT,
effective security technology is essential to ensure security and privacy
protection in
various activities such as :
•Personal activities,
•Business processes,
•Transportations,
•Information protection.
To integrate the devices of sensing layer as intrinsic parts of the IoT,
effective security technology is essential to ensure security and privacy
protection in
various activities such as :
•Personal activities,
•Business processes,
•Transportations,
•Information protection.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 31
Security Concerns in SCADA Systems
•SCADA systems are generally designed as more technical-
oriented solutions often in the industrial environment.
•Following security concerns are to be concerned while
integrating SCADA with IoT:
Authentication and access control
Identification of SCADA vulnerabilities
Physical security
System recovery and backups
Security Concerns in SCADA Systems
•SCADA systems are generally designed as more technical-
oriented solutions often in the industrial environment.
•Following security concerns are to be concerned while
integrating SCADA with IoT:
Authentication and access control
Identification of SCADA vulnerabilities
Physical security
System recovery and backups
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 32
Security Concerns in EIS
•Enterprise information systems have played the pivotal
role in modern organizations existing as Enterprise
Resource Planning (ERP) systems which integrated
•Intraorganizational business processes and
Supply chain management systems to link
Interorganizational business processes, and Customer
Relationship Management (CRM) systems that maintain
relationships with customers
Security Concerns in EIS
•Enterprise information systems have played the pivotal
role in modern organizations existing as Enterprise
Resource Planning (ERP) systems which integrated
•Intraorganizational business processes and
Supply chain management systems to link
Interorganizational business processes, and Customer
Relationship Management (CRM) systems that maintain
relationships with customers
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 33
Security Architecture in the Internet of Things
Security Architecture in the Internet of Things
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 34
•TheInternetofThings(IoT)isanextensionofthe
Internet
•TheIoTisabletoconnectthedigitalcyberspaceandreal
physicalspace.
•IoTisabletointroduceallthevulnerabilitiesofthedigital
worldintoourrealworld.
•ThesuccessofIoTapplicationsandIoTinfrastructure
significantlydependsontheguaranteeofthesecurityand
vulnerabilityintheIoT.
•Itisimportanttosetupandtakecyberdefenseseriously.
•TheInternetofThings(IoT)isanextensionofthe
Internet
•TheIoTisabletoconnectthedigitalcyberspaceandreal
physicalspace.
•IoTisabletointroduceallthevulnerabilitiesofthedigital
worldintoourrealworld.
•ThesuccessofIoTapplicationsandIoTinfrastructure
significantlydependsontheguaranteeofthesecurityand
vulnerabilityintheIoT.
•Itisimportanttosetupandtakecyberdefenseseriously.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 35
SECURITY REQUIREMENTS IN IoT
•TheIoTintroduceslargequantitiesofnewdevicesthatwill
bedeployedorembeddedthroughoutanorganizationor
evenwithinasystem.
•Eachconnecteddevicecouldbeapotentialdoorwayinto
theIoTinfrastructureorpersonaldata.
•Datacapturedfromthesedevicescanbeanalyzedand
actedupon.
SECURITY REQUIREMENTS IN IoT
•TheIoTintroduceslargequantitiesofnewdevicesthatwill
bedeployedorembeddedthroughoutanorganizationor
evenwithinasystem.
•Eachconnecteddevicecouldbeapotentialdoorwayinto
theIoTinfrastructureorpersonaldata.
•Datacapturedfromthesedevicescanbeanalyzedand
actedupon.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 36
•SecurityThreatsinIoTwillreachnewlevelsas
interoperability,mashups,andautonomousdecision-
makingbegintoembedcomplexity,securityloopholes.
•ThesanctityofsecurityandprivacyconcernsoftheIoT
arenotclearlydefinedyet.
•loopholesmightcausepotential“blackswan”events.
•SecurityThreatsinIoTwillreachnewlevelsas
interoperability,mashups,andautonomousdecision-
makingbegintoembedcomplexity,securityloopholes.
•ThesanctityofsecurityandprivacyconcernsoftheIoT
arenotclearlydefinedyet.
•loopholesmightcausepotential“blackswan”events.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 37
•Inageneralframeworkmainsecurityrequirements
areaddressedfromsixaspects:.
IoT Data Security Challenges
•Inageneralframeworkmainsecurityrequirements
areaddressedfromsixaspects:.
IoT Data Security Challenges
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 38
•Privacy risks will arise as objects within the IoT collect and
aggregate fragments of data that relate to their service
Data Confidentiality
•Insufficient authentication/authentication
•Insecure interfaces (web, mobile, cloud, etc.)
•Lack of transport encryption
•Confidentiality preserving & Access control
Privacy
•Privacy, data protection, & information security risk
management
•Privacy by design and default
•Data protection legislation
•Traceability/profiling/unlawful processing
•Privacy risks will arise as objects within the IoT collect and
aggregate fragments of data that relate to their service
Data Confidentiality
•Insufficient authentication/authentication
•Insecure interfaces (web, mobile, cloud, etc.)
•Lack of transport encryption
•Confidentiality preserving & Access control
Privacy
•Privacy, data protection, & information security risk
management
•Privacy by design and default
•Data protection legislation
•Traceability/profiling/unlawful processing
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 39
Trust
•Identity management system
•Insecure software/firmware
•Ensuring continuity and availability of services
•Realization of malicious attacks against IoT devices and
system
•Loss of user control/difficult in making decision
•If we model IoT as 4 Layer architecture each layer should be
able to provide access control, device authentication, data
integrity, and confidentiality in transmission, availability, and
the ability to defend IoT devices against virus and attacks.
Trust
•Identity management system
•Insecure software/firmware
•Ensuring continuity and availability of services
•Realization of malicious attacks against IoT devices and
system
•Loss of user control/difficult in making decision
•If we model IoT as 4 Layer architecture each layer should be
able to provide access control, device authentication, data
integrity, and confidentiality in transmission, availability, and
the ability to defend IoT devices against virus and attacks.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 40
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 41
Authentication in IoT
•ThesoulofIoTframeworkistheauthenticationlayer.
(verifyidentity)
•WhenM2MdevicesneedaccesstotheIoTinfrastructure,
thetrustrelationshipisinitiatedbasedontheidentityof
thedevice.
•Inhumanandmachineinteractionsnames,patterns
fingerprints,retinascanpasswordscanauthenticate.
•InM2Mendpointsmustbefingerprintedbymeansthat
donotrequirehumaninteraction.
Authentication in IoT
•ThesoulofIoTframeworkistheauthenticationlayer.
(verifyidentity)
•WhenM2MdevicesneedaccesstotheIoTinfrastructure,
thetrustrelationshipisinitiatedbasedontheidentityof
thedevice.
•Inhumanandmachineinteractionsnames,patterns
fingerprints,retinascanpasswordscanauthenticate.
•InM2Mendpointsmustbefingerprintedbymeansthat
donotrequirehumaninteraction.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 42
•SSL/TLSX.509certificateisadigitalfilethat'susablefor
SecureSocketsLayer(SSL)orTransportLayerSecurity
(TLS).Thecertificatefulfillstwofunctions.First,the
certificatecanassistwithauthenticatingandverifyingthe
identityofahostorsite.Second,itenablestheencryption
ofinformationexchangedviaawebsite.
•However,intheIoTdomain,manydevicesmaynothave
enoughmemorytostoreacertificate.
•IEEE-802.1Xauthenticationinvolvesthreeparties:a
supplicant,anauthenticator,andanauthenticationserver.
•TLS/DTLS,SSH, IPSec/IKE
•SSL/TLSX.509certificateisadigitalfilethat'susablefor
SecureSocketsLayer(SSL)orTransportLayerSecurity
(TLS).Thecertificatefulfillstwofunctions.First,the
certificatecanassistwithauthenticatingandverifyingthe
identityofahostorsite.Second,itenablestheencryption
ofinformationexchangedviaawebsite.
•However,intheIoTdomain,manydevicesmaynothave
enoughmemorytostoreacertificate.
•IEEE-802.1Xauthenticationinvolvesthreeparties:a
supplicant,anauthenticator,andanauthenticationserver.
•TLS/DTLS,SSH, IPSec/IKE
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 43
Authorization
•Thesecondlayerofthisframeworkisauthorizationthat
controlsadevice’saccessthroughoutthenetworkfabric.This
layerbuildsuponthecoreauthenticationlayerbyleveraging
theidentityinformationofanentity.
Authorization
•Thesecondlayerofthisframeworkisauthorizationthat
controlsadevice’saccessthroughoutthenetworkfabric.This
layerbuildsuponthecoreauthenticationlayerbyleveraging
theidentityinformationofanentity.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 44
Insufficient Authentication/Authorization
•OntheInternet,theusersarealwaysauthenticatedby
requiringapasswordandbrowsersauthenticatewebsites
throughtheSSL(securesocketslayerprotocol).
•IntheIoT,newdevicesthatconnectedintoanIoTsystem
shouldbeabletoauthenticateitselfpriortoreceivingor
transmittingdata.
•Deeplyembeddeddevicesoftendonothaveuserssitting
behindkeyboards.
•Secure storage area plays important role.
Insufficient Authentication/Authorization
•OntheInternet,theusersarealwaysauthenticatedby
requiringapasswordandbrowsersauthenticatewebsites
throughtheSSL(securesocketslayerprotocol).
•IntheIoT,newdevicesthatconnectedintoanIoTsystem
shouldbeabletoauthenticateitselfpriortoreceivingor
transmittingdata.
•Deeplyembeddeddevicesoftendonothaveuserssitting
behindkeyboards.
•Secure storage area plays important role.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 45
•Somenewthreatsandattackvectorsthatmaliciousactors
couldtakeadvantageofareasfollows:
InIoT-basedindustrialcontrolsystem,suchasSCADAetc.,:
•Controlsystems,vehicles,andeventhehumanbody
(WBAN)canbeaccessedandmanipulatedcausinginjuryor
worse.
•Healthcareproviderscanimproperlydiagnoseandtreat
patientsbasedonmodifiedhealthinformationor
manipulatedsensordata.
•Intruderscangainphysicalaccesstohomesorcommercial
businessesthroughattacksagainstelectronic,remote
controlleddoorlockmechanisms.
•Somenewthreatsandattackvectorsthatmaliciousactors
couldtakeadvantageofareasfollows:
InIoT-basedindustrialcontrolsystem,suchasSCADAetc.,:
•Controlsystems,vehicles,andeventhehumanbody
(WBAN)canbeaccessedandmanipulatedcausinginjuryor
worse.
•Healthcareproviderscanimproperlydiagnoseandtreat
patientsbasedonmodifiedhealthinformationor
manipulatedsensordata.
•Intruderscangainphysicalaccesstohomesorcommercial
businessesthroughattacksagainstelectronic,remote
controlleddoorlockmechanisms.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 46
Individual
•Unauthorizedtrackingofpeople’slocationscanoccur
throughusagepatterntrackingbasedonassetusagetime
andduration.
•Unlawfulsurveillancethroughpersistentremotemonitoring
capabilitiesofferedbysmall-scaleIoTdevices.
•Inappropriateprofilesandcategorizationsofindividuals
canbecreatedthroughexaminationofnetworkand
geographictrackingandIoTmetadata.
Individual
•Unauthorizedtrackingofpeople’slocationscanoccur
throughusagepatterntrackingbasedonassetusagetime
andduration.
•Unlawfulsurveillancethroughpersistentremotemonitoring
capabilitiesofferedbysmall-scaleIoTdevices.
•Inappropriateprofilesandcategorizationsofindividuals
canbecreatedthroughexaminationofnetworkand
geographictrackingandIoTmetadata.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 47
Business Area
•Inappropriateprofilesandcategorizationsofindividuals
canbecreatedthroughexaminationofnetworkand
geographictrackingandIoTmetadata.
•Manipulationoffinancialtransactionsthrough
unauthorizedPOSandPOSaccess.
•Monetarylossarisingfromtheinabilitytoprovideservice.
•Vandalism,theft,ordestructionofIoTassetsthatare
deployedinremotelocationsandlackphysicalsecurity
controls.
Business Area
•Inappropriateprofilesandcategorizationsofindividuals
canbecreatedthroughexaminationofnetworkand
geographictrackingandIoTmetadata.
•Manipulationoffinancialtransactionsthrough
unauthorizedPOSandPOSaccess.
•Monetarylossarisingfromtheinabilitytoprovideservice.
•Vandalism,theft,ordestructionofIoTassetsthatare
deployedinremotelocationsandlackphysicalsecurity
controls.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 48
Ability to Access the IoT
•Ability to gain unauthorized access to IoT edge devices to
manipulate data by taking advantage of the challenges related
to updating software and firmware of embedded devices.
•Ability to gain unauthorized access to the Enterprise network
by compromising IoT edge devices and taking advantage of
trust relationships.
•Ability to create botnets by compromising large quantities of
IoT edge devices.
•Ability to impersonate IoT devices by gaining access to
keying material held in devices that rely up on software-based
trust stores.
Ability to Access the IoT
•Ability to gain unauthorized access to IoT edge devices to
manipulate data by taking advantage of the challenges related
to updating software and firmware of embedded devices.
•Ability to gain unauthorized access to the Enterprise network
by compromising IoT edge devices and taking advantage of
trust relationships.
•Ability to create botnets by compromising large quantities of
IoT edge devices.
•Ability to impersonate IoT devices by gaining access to
keying material held in devices that rely up on software-based
trust stores.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 49
INSECURE ACCESS CONTROL
•Authorizationframeworksforcomputernetworksand
onlineservicesarerolebased.First,theidentityoftheuser
isestablishedandthenhisorheraccessprivilegesare
determinedfromtheuser’srolewithinanorganization.
•E.g.,RADIUS-Remote-AuthenticationDial-InUserService.
•LDAP(LightweightDirectoryAccessProtocol)
•Role-BasedAccessControlSystems
•AccessControlList-BasedSystems
•Capability-BasedAccess
INSECURE ACCESS CONTROL
•Authorizationframeworksforcomputernetworksand
onlineservicesarerolebased.First,theidentityoftheuser
isestablishedandthenhisorheraccessprivilegesare
determinedfromtheuser’srolewithinanorganization.
•E.g.,RADIUS-Remote-AuthenticationDial-InUserService.
•LDAP(LightweightDirectoryAccessProtocol)
•Role-BasedAccessControlSystems
•AccessControlList-BasedSystems
•Capability-BasedAccess
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 50
THREATS TO ACCESS CONTROL, PRIVACY,
AND AVAILABILITY
To secure devices access layer before users are at risk, following
actions should be taken:
(1)Implement security standards for IoT and ensure all devices
are produced by meeting specific security standards;
(2)Build trustworthy data sensing system and review the security
of all devices/components;
(3) Forensically identify and trace the source of users;
(4) Software or firmware at IoT end-node should be securely
designed.
THREATS TO ACCESS CONTROL, PRIVACY,
AND AVAILABILITY
To secure devices access layer before users are at risk, following
actions should be taken:
(1)Implement security standards for IoT and ensure all devices
are produced by meeting specific security standards;
(2)Build trustworthy data sensing system and review the security
of all devices/components;
(3) Forensically identify and trace the source of users;
(4) Software or firmware at IoT end-node should be securely
designed.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 51
Security Threats and Vulnerabilities at IoT End-Node
Security Threats and Vulnerabilities at IoT End-Node
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 52
ATTACKS SPECIFIC TO IoT
IoT applications might be subjected to most types of network
attacks, including :
Actually, more specific attacks to IoT have been emerged in
recently. Attackers can intercept or change the behavior of
smart home devices in many ways.
•Either by physical access
•Remote location
•Eavesdropping,
•Data modification
•Identity spoofing,
•Password-based attacks,
•DOS attack,
•Man-in-the-middle,
•Compromised-key attack,
•Sniffer attack
•Application layer attack
ATTACKS SPECIFIC TO IoT
IoT applications might be subjected to most types of network
attacks, including :
Actually, more specific attacks to IoT have been emerged in
recently. Attackers can intercept or change the behavior of
smart home devices in many ways.
•Either by physical access
•Remote location
•Eavesdropping,
•Data modification
•Identity spoofing,
•Password-based attacks,
•DOS attack,
•Man-in-the-middle,
•Compromised-key attack,
•Sniffer attack
•Application layer attack
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 53
SECRECY AND SECRET -KEY CAPACITY
•The standardization of IoT is still an open issue.
•Available cryptography is designed at the application layer
without regard to the imperfections of the lower layer.
SECRECY AND SECRET -KEY CAPACITY
•The standardization of IoT is still an open issue.
•Available cryptography is designed at the application layer
without regard to the imperfections of the lower layer.
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 54
IoT in Health care
IoT in Health care
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 55
One way Authentication
One way Authentication
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 56
Mutual Authentication
Mutual Authentication
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 57
4/3/2020Privacy and Security in IoT; VI Sem; CSE; Dr. Vrince Vimal 58
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 3,417
- Slides 58
- Age 2068 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views