MM
Uploaded byMAITREYA MISRA
PPTX, PDF1,041 views

Iot Security

The document discusses Internet of Things (IoT) security challenges and countermeasures. It begins with basics of IoT and sensors, then discusses how IoT connects to the internet. It outlines several approaches to securing IoT, including restricted access, encryption of network and data, managing default APIs, addressing human elements of security, and learning from past exploits. Specific threats like denial of service attacks, man-in-the-middle attacks, and brute force/dictionary attacks are examined. The document concludes that IoT security design must enable open yet secure infrastructure while respecting user privacy through individual policies.

Downloaded 56 times
DEPT. OF ELECTRONICS AND INSTRUMENTATION TECHNOLOGY 2016-17 TECHNICAL SEMINAR GUIDE : SMT. S S VIDYA HOD : DR. M B MEENAVATHI PRESENTED BY : MAITREYA
IOT SECURITY CHALLENGES IN IOT SECURITY AND ITS COUNTER MEASURES.
INDEX • Basics of IOT and Sensors. • Internet and IOT. • Securing the IOT. • Exploiting the IOT(Challenges). • Practical Exploit (example) – Optional. • Conclusion. • References.
IOT (INTERNET OF THINGS) IOT: The term was first coined in 1999 by Kevin Ashton .The Internet of things is the inter - networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices“), buildings and other items - with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data .
IOT AND SENSORS The communication part can be handled by the API of connected device and the predefined RFC protocols (Internet), but the sensing needs to be still done and from Instrumentation Point of view we need sensors and actuators to get “smart” results. Different types of sensors are available in the market for different purposes in an unbelievable range . Basic sensing and actuation logic is shown in the side diagram. Some famous sensors are : Proximity sensors , Ultrasonic sensors , Accelerometer and Webcam etc.
HOME SECURITY (WITH OBJECT SENSOR) Object Object Sensor(IR, Ultrasonic & Webcam) Node McU (SMTP server) with PI Internet Root(mail) Exploring the many ways of Object Detection: The basic diagram aside explains how to detect the object in an Iot connected room . The Basic IR and ultrasonic sensors can be used in conjunction with the NodeMcu (esp826) to construct an Iot home security system to send message via
IOT SECURITY The IOT Security can be divided into following propaganda: 1. Restricted Access 2. Encryption (network and data) 3. Default API 4. Human Element (as usual) 5. Defensive Dark Arts (DEFCON 22)
RESTRICTED ACCESS ! This is probably what will be the most basic and first step in securing your IOT device. (KEEP IT IN A ISOLATED NETWORK) If you can ,you should always keep your IOT devices in a restricted isolated network away from the devices that you keep normally connected to the internet. What this will achieve will be a way of isolation for your Iot devices which
ENCRYPTION Encryption: The Iot Security relies upon the encryption of two basic separate aspects i.e. first the encryption of network access (especially IOT network and the other the encryption of data send via the internet). Some Basic encryption for IOT involves SSL , Public Key Cryptography, Hash Functions (SHA -3), Block Ciphers and Stream Ciphers. The network encryption involves AES, WPA/WPA-2 and WEP etc. Some of the basic communication encryption methods are discussed further.
BLOCK CIPHERS A block cipher is a deterministic and computable function of k-bit keys and n-bit (plaintext) blocks to n-bit (cipher text) blocks. (More generally, the blocks don't have to be bit-sized, n-character-blocks would fit here, too). This means, when you encrypt the same plaintext block with the same key, you'll get the same result. (We normally also want that the function is invertible, i.e. that given the key and the cipher text block we can compute the plaintext.) To actually encrypt or decrypt a message (of any size), you don't use the block cipher directly, but put it into a mode of operation. The simplest such mode would be electronic code book mode (ECB), which simply cuts the message in blocks, applies the cipher to each block and outputs the resulting blocks. (This is generally not a secure mode, though.)
STREAM CIPHERS A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cipher text stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining
PUBLIC KEY CRYPTOGRAPHY In a public key encryption system, any person can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver's private key. For this to work it must be computationally easy for a user to generate a public and private key-pair to be used for encryption and decryption. The strength of a public key cryptography system relies on the degree of difficulty (computational impracticality) for a properly generated private key to be determined from its corresponding public key. Security then depends only on
SSL (SECURE SOCKETS LAYER) SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and
LIGHTWEIGHT CRYPTOGRAPHY & HASH (FUTURE RESEARCH) Basically the ciphers having smaller digital print and most apt for the IOT devices . It`s a good trade-off for security , cost and performance. Ex- DES (X/L) based on AES (Advanced Encryption Standard) being used in RFID and other IOT lightweight applications since it processes 4bit/6 bit words rather than 32/48 bits. Ciphers discussed earlier are used in development of lightweight cryptography. HASH - MD5 hash functions / SHA-3 are a topic of research . Since the memory footprints are quite larger to be implemented for IOT
API MANAGEMENT (DEVELOPER`S SIDE) Application Programming Interface is responsible for everything in your IOT device– gateways, security and access management as well as the API key control. On the IoT, data is everywhere — flowing from devices to the cloud, from the cloud to your back-end systems, from users back to their devices — all enabled by APIs. API Management enables you to govern this flow of data with the security you need to protect sensitive information, and the performance required to support connected cars,
HUMAN ELEMENT This vulnerability has been since the beginning of the technology and same holds true for IOT devices. The fundamentals here are the same everywhere ,some of which can be listed as: 1. Change default passwords. !!!! 2. Don`t share your PGP private keys. 3. Restricted access for your LAN. 4. Regular updated patches.
IOT EXPLOITATION (CHALLENGES) The some of the most basic limitations of IOT devices and attacks can be comprised as: 1. Device Limitations. 2. MITM . 3. DOS/DDOS (most common) 4. Botnet 5. Data and Identity theft 6. Brute force/Dictionary (authentication attacks)
DEVICE LIMITATIONS The first and foremost challenge we face in securing the IOT devices is the devices limitations itself. The typical IOT device with 8-bit processor and 2-4 MB flash memory is not able to process the different HASH functions and encryption algorithms and being a relatively new concept , the methods are still under research (ex-DESL) to use the functions on typical IOT devices. But nonetheless lightweight cryptography is still an option here.
BOTNET A botnet is a network of systems combined together with the purpose of remotely taking control and distributing malware. Controlled by botnet operators via Command-and-Control- Servers (C&C Server), they are used by criminals on a grand scale for many things: stealing private information, exploiting online-banking data, DDos-attacks or for spam and phishing emails. With the rise of the IoT, many objects and devices are in danger of, or are already being part of, so called thingbots – a botnet that incorporates independent connected objects. Ex- It is easy for a smtp filter to stop malicious request from one client but not from a dozens or hundreds of client sending the malicious
DOS/DDOS(DENIAL OF SERVICE) A denial of service (DoS) attack happens when a service that would usually work is unavailable. There can be many reasons for unavailability, but it usually refers to infrastructure that cannot cope due to capacity overload. In a Distributed Denial of Service (DDoS) attack, a large number of systems maliciously attack one target. This is often done through a botnet, where many devices are programmed (often unbeknownst to the owner) to request a service at the same time. (Often a DoS attack lends itself to hacktivists
(MITM) ATTACK/ DATA AND IDENTITY THEFT The man-in-the-middle concept is where an attacker or hacker is looking to interrupt and breach communications between two separate systems. It can be a dangerous attack because it is one where the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other. As the attacker has the original communication, they can trick the recipient into thinking they are still getting a legitimate message. These attacks can be extremely dangerous in the IoT, because of the nature of the “things” being hacked. Ex- Many cases have already been reported
BRUTE FORCE/DICTIONARY ATTACK (CLASSICS) These are probably the oldest type of automated attacks still used widely. Brute-force - Basically, the attempt to uncover the password is done by trying a wide variety of letter/number combinations to figure out what a password is so that an account can be taken over. Dictionary -On the flipside of things, dictionary attacks involve the hacker trying to determine your password by trying hundreds or sometimes
CONCLUSION To conclude I would say that we still have a far way to go in securing the IOT infrastructure but some of the key things can be generalized for securing the IOT devices are: 1. IOT security design should enable an open, pervasive and interoperable yet secure infrastructure . 2. For the sake of privacy and security, IOT or smart devices must be capable of implementing indivual user set policies. 3. Infrastructural security services should be accessible transparently and regardless of the connection uses by nomadic smart IOT objects. “SECURITY IS A MYTH” – DEFCON 22
REFERENCES: • DEFCON 22 : https://www.defcon.org/html/defcon-22/dc-22- index.html • LIGHTWEIGHT CRYPTOGRAPHY white paper : https://www.iab.org/wp-content/IAB- uploads/2011/03/Kaftan.pdf • IOT SECURITY : https://www.forbes.com/sites/gilpress/2017/03/20/6-hot- internet-of-things-iot-security-technologies/#7e7ad1c51b49 • HASH and ENCRYPTION white paper : http://repository.root- me.org/RFC/EN%20-%20rfc1321.txt (rfc1321) • SHA -1/2/3 white paper : http://repository.root- me.org/RFC/EN%20-%20rfc5754.txt (rfc5754)

More Related Content

PDF
Fundamentals of IoT Security
bySHAAMILIVARSAGV
 
PDF
Overview of IoT and Security issues
byAnastasios Economides
 
PDF
Security in IoT
bySKS
 
PPTX
IOT privacy and Security
bynoornabi16
 
PDF
Security challenges in IoT
byVishnupriya T H
 
PDF
IoT Security: Problems, Challenges and Solutions
byLiwei Ren任力偉
 
PDF
IoT Security Challenges and Solutions
byIntel® Software
 
PPTX
IoT security
byYashKesharwani2
 
Fundamentals of IoT Security
bySHAAMILIVARSAGV
 
Overview of IoT and Security issues
byAnastasios Economides
 
Security in IoT
bySKS
 
IOT privacy and Security
bynoornabi16
 
Security challenges in IoT
byVishnupriya T H
 
IoT Security: Problems, Challenges and Solutions
byLiwei Ren任力偉
 
IoT Security Challenges and Solutions
byIntel® Software
 
IoT security
byYashKesharwani2
 

What's hot

PPT
IoT security (Internet of Things)
bySanjay Kumar (Seeking options outside India)
 
PDF
IOT Security
bySylvain Martinez
 
PPTX
Security in IoT
bygr9293
 
PDF
IoT Security
byNarudom Roongsiriwong, CISSP
 
PPTX
Introduction to IoT Security
byCAS
 
PPTX
Iot(security)
byShreya Pohekar
 
PPTX
Network Security Issues
byAfreenYousaf
 
PPTX
IoT - Attacks and Solutions
byUlf Mattsson
 
PPTX
Iot architecture
byAnam Iqbal
 
PPTX
What is zero trust model (ztm)
byAhmed Banafa
 
PPTX
Presentation on IOT SECURITY
byThe Avi Sharma
 
PPTX
Introduction To LoRaWan
byAhmet Ensar Köprülü
 
PPTX
IOT gateways.pptx
byPratik Gohel
 
PPTX
Data security in cloud computing
byPrince Chandu
 
PPTX
security and privacy-Internet of things
bysreelekha appakondappagari
 
PPT
THE INTERNET OF THINGS
byRamana Reddy
 
PPTX
Firewalls and packet filters
byMOHIT AGARWAL
 
PPTX
Mobile cloud Computing
byPooja Sharma
 
PDF
Fog computing in IoT
bysreelesh balan
 
PPTX
Introduction to Internet of Things (IoT)
byAmarjeetsingh Thakur
 
IoT security (Internet of Things)
bySanjay Kumar (Seeking options outside India)
 
IOT Security
bySylvain Martinez
 
Security in IoT
bygr9293
 
IoT Security
byNarudom Roongsiriwong, CISSP
 
Introduction to IoT Security
byCAS
 
Iot(security)
byShreya Pohekar
 
Network Security Issues
byAfreenYousaf
 
IoT - Attacks and Solutions
byUlf Mattsson
 
Iot architecture
byAnam Iqbal
 
What is zero trust model (ztm)
byAhmed Banafa
 
Presentation on IOT SECURITY
byThe Avi Sharma
 
Introduction To LoRaWan
byAhmet Ensar Köprülü
 
IOT gateways.pptx
byPratik Gohel
 
Data security in cloud computing
byPrince Chandu
 
security and privacy-Internet of things
bysreelekha appakondappagari
 
THE INTERNET OF THINGS
byRamana Reddy
 
Firewalls and packet filters
byMOHIT AGARWAL
 
Mobile cloud Computing
byPooja Sharma
 
Fog computing in IoT
bysreelesh balan
 
Introduction to Internet of Things (IoT)
byAmarjeetsingh Thakur
 

Similar to Iot Security

PDF
Drobics trustworthy io-t-for-industrial-applications
byMario Drobics
 
PDF
Internet of Things IoT Security Perspective
byijtsrd
 
PPTX
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
byClicTest
 
PPTX
Security challenges for internet of things
byMonika Keerthi
 
PPTX
Introduction-to-Cryptography-in-IoT.pptx
byBsavioBrosavio
 
PPTX
Security issues and solutions : IoT
byJinia Bhowmik
 
PPTX
Chapter-5.pptx
byRenu875977
 
PDF
1 importance of light weight authentication in iot
byChintan Patel
 
PDF
Bridgera enterprise IoT security
byRon Pascuzzi
 
PDF
mypresentation.pdf
byHamzaELKarmaoui
 
PPTX
Seminar V2
byMoustafa Najm
 
PPTX
Internet of Things Security
byTutun Juhana
 
PDF
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
PDF
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
PDF
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
PDF
Information Security Technology for IPv6-based IoT (Internet-of-Things)
byIJAEMSJORNAL
 
PDF
509286-Aki_Koivu-Review
byAki Koivu
 
PDF
[TestWarez 2017] Securing the Internet of Things
byStowarzyszenie Jakości Systemów Informatycznych (SJSI)
 
PDF
Securing the Internet of Things
bySyam Madanapalli
 
PDF
Trends in IIoT and OT Security
byOliver Pfaff
 
Drobics trustworthy io-t-for-industrial-applications
byMario Drobics
 
Internet of Things IoT Security Perspective
byijtsrd
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
byClicTest
 
Security challenges for internet of things
byMonika Keerthi
 
Introduction-to-Cryptography-in-IoT.pptx
byBsavioBrosavio
 
Security issues and solutions : IoT
byJinia Bhowmik
 
Chapter-5.pptx
byRenu875977
 
1 importance of light weight authentication in iot
byChintan Patel
 
Bridgera enterprise IoT security
byRon Pascuzzi
 
mypresentation.pdf
byHamzaELKarmaoui
 
Seminar V2
byMoustafa Najm
 
Internet of Things Security
byTutun Juhana
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
Information Security Technology for IPv6-based IoT (Internet-of-Things)
byIJAEMSJORNAL
 
509286-Aki_Koivu-Review
byAki Koivu
 
[TestWarez 2017] Securing the Internet of Things
byStowarzyszenie Jakości Systemów Informatycznych (SJSI)
 
Securing the Internet of Things
bySyam Madanapalli
 
Trends in IIoT and OT Security
byOliver Pfaff
 

Recently uploaded

PPTX
Intellectual Property Code of the Philippines_20251030_085011_0000.pptx
byronthefourth
 
PPTX
Презентация Филимонов (английский).pptx
bydragonnonext
 
PDF
Comprehensive IT Infrastructure Solutions.pdf
byDurocorre
 
PPTX
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
PDF
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
PPT
C++ Chapter 6-pointers about pointers in programming
byfirehiwot8
 
PPTX
C++ chapter 1-Introduction to Computer Programming.pptx
byfirehiwot8
 
PDF
Articulo aobre los ladrillos y como se fabrican
byDiegoAlexanderGarcia12
 
PPTX
Python Oops concepts of power point presentation
bySwapnitaKendre
 
PPT
Tools in communication technologies - CT
byswisssom2025
 
PDF
Empower Your Brand with YouRefresh’s Online Hub Builder
byyourefreshdm
 
PDF
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
PDF
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
PPTX
C++ Chapter about pointers in programming
byfirehiwot8
 
Intellectual Property Code of the Philippines_20251030_085011_0000.pptx
byronthefourth
 
Презентация Филимонов (английский).pptx
bydragonnonext
 
Comprehensive IT Infrastructure Solutions.pdf
byDurocorre
 
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
C++ Chapter 6-pointers about pointers in programming
byfirehiwot8
 
C++ chapter 1-Introduction to Computer Programming.pptx
byfirehiwot8
 
Articulo aobre los ladrillos y como se fabrican
byDiegoAlexanderGarcia12
 
Python Oops concepts of power point presentation
bySwapnitaKendre
 
Tools in communication technologies - CT
byswisssom2025
 
Empower Your Brand with YouRefresh’s Online Hub Builder
byyourefreshdm
 
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
C++ Chapter about pointers in programming
byfirehiwot8
 
In this document
Powered by AI

Introduction to the seminar and the topics covered including IoT basics and security challenges.

Explains the concept of the Internet of Things and its integration with sensors for data collection.

Describes an object detection mechanism using sensors to enhance home security through IoT.

Details on IoT security measures including restricted access, encryption, and their importance.

Explains various encryption types like block ciphers, stream ciphers, and SSL for securing IoT.

Focuses on lightweight cryptography solutions suitable for IoT devices due to resource constraints.

Discusses the role of APIs in protecting data flow and managing security for IoT devices.

Highlights vulnerabilities introduced by human actions in securing IoT devices, emphasizing security practices.

Lists and discusses various challenges and attack vectors like device limitations, DDoS, and data theft.

Summarizes the current state of IoT security and the gaps that need to be addressed for improvement.

Provides sources and references for more information on topics discussed in the seminar.

Iot Security

  • 1.
    DEPT. OF ELECTRONICSAND INSTRUMENTATION TECHNOLOGY 2016-17 TECHNICAL SEMINAR GUIDE : SMT. S S VIDYA HOD : DR. M B MEENAVATHI PRESENTED BY : MAITREYA
  • 2.
    IOT SECURITY CHALLENGES INIOT SECURITY AND ITS COUNTER MEASURES.
  • 3.
    INDEX • Basics ofIOT and Sensors. • Internet and IOT. • Securing the IOT. • Exploiting the IOT(Challenges). • Practical Exploit (example) – Optional. • Conclusion. • References.
  • 4.
    IOT (INTERNET OFTHINGS) IOT: The term was first coined in 1999 by Kevin Ashton .The Internet of things is the inter - networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices“), buildings and other items - with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data .
  • 5.
    IOT AND SENSORS Thecommunication part can be handled by the API of connected device and the predefined RFC protocols (Internet), but the sensing needs to be still done and from Instrumentation Point of view we need sensors and actuators to get “smart” results. Different types of sensors are available in the market for different purposes in an unbelievable range . Basic sensing and actuation logic is shown in the side diagram. Some famous sensors are : Proximity sensors , Ultrasonic sensors , Accelerometer and Webcam etc.
  • 6.
    HOME SECURITY (WITHOBJECT SENSOR) Object Object Sensor(IR, Ultrasonic & Webcam) Node McU (SMTP server) with PI Internet Root(mail) Exploring the many ways of Object Detection: The basic diagram aside explains how to detect the object in an Iot connected room . The Basic IR and ultrasonic sensors can be used in conjunction with the NodeMcu (esp826) to construct an Iot home security system to send message via
  • 7.
    IOT SECURITY The IOTSecurity can be divided into following propaganda: 1. Restricted Access 2. Encryption (network and data) 3. Default API 4. Human Element (as usual) 5. Defensive Dark Arts (DEFCON 22)
  • 8.
    RESTRICTED ACCESS ! Thisis probably what will be the most basic and first step in securing your IOT device. (KEEP IT IN A ISOLATED NETWORK) If you can ,you should always keep your IOT devices in a restricted isolated network away from the devices that you keep normally connected to the internet. What this will achieve will be a way of isolation for your Iot devices which
  • 9.
    ENCRYPTION Encryption: The Iot Securityrelies upon the encryption of two basic separate aspects i.e. first the encryption of network access (especially IOT network and the other the encryption of data send via the internet). Some Basic encryption for IOT involves SSL , Public Key Cryptography, Hash Functions (SHA -3), Block Ciphers and Stream Ciphers. The network encryption involves AES, WPA/WPA-2 and WEP etc. Some of the basic communication encryption methods are discussed further.
  • 10.
    BLOCK CIPHERS A blockcipher is a deterministic and computable function of k-bit keys and n-bit (plaintext) blocks to n-bit (cipher text) blocks. (More generally, the blocks don't have to be bit-sized, n-character-blocks would fit here, too). This means, when you encrypt the same plaintext block with the same key, you'll get the same result. (We normally also want that the function is invertible, i.e. that given the key and the cipher text block we can compute the plaintext.) To actually encrypt or decrypt a message (of any size), you don't use the block cipher directly, but put it into a mode of operation. The simplest such mode would be electronic code book mode (ECB), which simply cuts the message in blocks, applies the cipher to each block and outputs the resulting blocks. (This is generally not a secure mode, though.)
  • 11.
    STREAM CIPHERS A streamcipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cipher text stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining
  • 12.
    PUBLIC KEY CRYPTOGRAPHY Ina public key encryption system, any person can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver's private key. For this to work it must be computationally easy for a user to generate a public and private key-pair to be used for encryption and decryption. The strength of a public key cryptography system relies on the degree of difficulty (computational impracticality) for a properly generated private key to be determined from its corresponding public key. Security then depends only on
  • 13.
    SSL (SECURE SOCKETSLAYER) SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and
  • 14.
    LIGHTWEIGHT CRYPTOGRAPHY &HASH (FUTURE RESEARCH) Basically the ciphers having smaller digital print and most apt for the IOT devices . It`s a good trade-off for security , cost and performance. Ex- DES (X/L) based on AES (Advanced Encryption Standard) being used in RFID and other IOT lightweight applications since it processes 4bit/6 bit words rather than 32/48 bits. Ciphers discussed earlier are used in development of lightweight cryptography. HASH - MD5 hash functions / SHA-3 are a topic of research . Since the memory footprints are quite larger to be implemented for IOT
  • 15.
    API MANAGEMENT (DEVELOPER`SSIDE) Application Programming Interface is responsible for everything in your IOT device– gateways, security and access management as well as the API key control. On the IoT, data is everywhere — flowing from devices to the cloud, from the cloud to your back-end systems, from users back to their devices — all enabled by APIs. API Management enables you to govern this flow of data with the security you need to protect sensitive information, and the performance required to support connected cars,
  • 16.
    HUMAN ELEMENT This vulnerabilityhas been since the beginning of the technology and same holds true for IOT devices. The fundamentals here are the same everywhere ,some of which can be listed as: 1. Change default passwords. !!!! 2. Don`t share your PGP private keys. 3. Restricted access for your LAN. 4. Regular updated patches.
  • 17.
    IOT EXPLOITATION (CHALLENGES) Thesome of the most basic limitations of IOT devices and attacks can be comprised as: 1. Device Limitations. 2. MITM . 3. DOS/DDOS (most common) 4. Botnet 5. Data and Identity theft 6. Brute force/Dictionary (authentication attacks)
  • 18.
    DEVICE LIMITATIONS The firstand foremost challenge we face in securing the IOT devices is the devices limitations itself. The typical IOT device with 8-bit processor and 2-4 MB flash memory is not able to process the different HASH functions and encryption algorithms and being a relatively new concept , the methods are still under research (ex-DESL) to use the functions on typical IOT devices. But nonetheless lightweight cryptography is still an option here.
  • 19.
    BOTNET A botnet isa network of systems combined together with the purpose of remotely taking control and distributing malware. Controlled by botnet operators via Command-and-Control- Servers (C&C Server), they are used by criminals on a grand scale for many things: stealing private information, exploiting online-banking data, DDos-attacks or for spam and phishing emails. With the rise of the IoT, many objects and devices are in danger of, or are already being part of, so called thingbots – a botnet that incorporates independent connected objects. Ex- It is easy for a smtp filter to stop malicious request from one client but not from a dozens or hundreds of client sending the malicious
  • 20.
    DOS/DDOS(DENIAL OF SERVICE) Adenial of service (DoS) attack happens when a service that would usually work is unavailable. There can be many reasons for unavailability, but it usually refers to infrastructure that cannot cope due to capacity overload. In a Distributed Denial of Service (DDoS) attack, a large number of systems maliciously attack one target. This is often done through a botnet, where many devices are programmed (often unbeknownst to the owner) to request a service at the same time. (Often a DoS attack lends itself to hacktivists
  • 21.
    (MITM) ATTACK/ DATAAND IDENTITY THEFT The man-in-the-middle concept is where an attacker or hacker is looking to interrupt and breach communications between two separate systems. It can be a dangerous attack because it is one where the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other. As the attacker has the original communication, they can trick the recipient into thinking they are still getting a legitimate message. These attacks can be extremely dangerous in the IoT, because of the nature of the “things” being hacked. Ex- Many cases have already been reported
  • 22.
    BRUTE FORCE/DICTIONARY ATTACK (CLASSICS) Theseare probably the oldest type of automated attacks still used widely. Brute-force - Basically, the attempt to uncover the password is done by trying a wide variety of letter/number combinations to figure out what a password is so that an account can be taken over. Dictionary -On the flipside of things, dictionary attacks involve the hacker trying to determine your password by trying hundreds or sometimes
  • 23.
    CONCLUSION To conclude Iwould say that we still have a far way to go in securing the IOT infrastructure but some of the key things can be generalized for securing the IOT devices are: 1. IOT security design should enable an open, pervasive and interoperable yet secure infrastructure . 2. For the sake of privacy and security, IOT or smart devices must be capable of implementing indivual user set policies. 3. Infrastructural security services should be accessible transparently and regardless of the connection uses by nomadic smart IOT objects. “SECURITY IS A MYTH” – DEFCON 22
  • 24.
    REFERENCES: • DEFCON 22: https://www.defcon.org/html/defcon-22/dc-22- index.html • LIGHTWEIGHT CRYPTOGRAPHY white paper : https://www.iab.org/wp-content/IAB- uploads/2011/03/Kaftan.pdf • IOT SECURITY : https://www.forbes.com/sites/gilpress/2017/03/20/6-hot- internet-of-things-iot-security-technologies/#7e7ad1c51b49 • HASH and ENCRYPTION white paper : http://repository.root- me.org/RFC/EN%20-%20rfc1321.txt (rfc1321) • SHA -1/2/3 white paper : http://repository.root- me.org/RFC/EN%20-%20rfc5754.txt (rfc5754)