SlideShare a Scribd company logo

How to create a secure IoT device

Download as PPTX, PDF
Abhijeet Rane, profile picture
Abhijeet Rane

The document discusses the importance of security in Internet of Things (IoT) devices, highlighting various vulnerabilities such as malware, hacking, and data theft that can compromise smart devices. It provides guidance on how to approach IoT security by defining potential threats, designing for security throughout the device lifecycle, and selecting appropriate platforms for development. The key takeaway emphasizes that IoT devices must be secure to be considered truly 'smart.'

Devices & Hardware
Related topics:
Information Security
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
IT’S ONLY SMART….. IF IT’S SECURE AKA HOW TO CREATE A SECURE IOT DEVICE MIKE HENDRICK VP ENGG. SEQUITUR LABS INC.
2 Kudos! Copyright Sequitur Labs Inc. 2017 If you are thinking about IoT security……… …………you are way ahead of the game
3 • Smart Home • Smart Building • Smart Car • Smart Medical Devices • Smart Cities • Smart Grid • Smart Wearables Opportunity: Smart Future……. Copyright Sequitur Labs Inc. 2017
4 Problem: The “Smart” Future …… Copyright Sequitur Labs Inc. 2017 …….it has it’s own - Viruses - Malware - Hacker community This lightbulb is so “smart”……….
5 Multiple connectivity options • WiFi • Bluetooth • BLE • Whatever……… “Smart” lightbulbs Copyright Sequitur Labs Inc. 2017 Connects to your • WiFi network • Phone • Other devices What does it do? • It stores your network credentials • Knows what devices it should connect to
6 Hmmmm……So What? HACKERS CAN USE THIS INFORMATION TO GET INTO YOUR NETWORK AND STEAL • Passwords • Financial information • Attack webcams (been there, done that) • Steal health related information • Control security systems Copyright Sequitur Labs Inc. 2017
7 Say it Ain’t So!! Copyright Sequitur Labs Inc. 2017 A connected lightbulb is a “portal” into - Your home - Your life - Your family - Your friends
8 Bottom-line: IoT without Security……. Copyright Sequitur Labs Inc. 2017 ….. is like handing over the keys to your kingdom
9 • Smart Home • Smart Building • Smart Car • Smart Medical Devices • Smart Cities • Smart Grid • Smart Wearables This Could Happen to ANY Connected Device in ANY Sector Copyright Sequitur Labs Inc. 2017
10 HELP!! Copyright Sequitur Labs Inc. 2017 Where do I start? • Define the threats • Design for Security • Select the right platforms
11 Defining the Threats Copyright Sequitur Labs Inc. 2017 • Firmware Theft • Malware • DDoS Attacks • Man-in-the-middle • Physical attacks • Corrupted firmware • Compromised peripherals Devices need protection throughout their life cycle • Create • Operate • Retire
12 Security Threats Faced by A Device Copyright Sequitur Labs Inc. 2017 • IP Theft • Unauthorized manufacture • Cloning Create Operate Retire • Compromised communications • Compromised upgrades • Data theft • Firmware corruption • Malware • DDoS • Data theft • Stolen network credentials • IP Theft • Cloning Threats
13 Design For Security - Through The Lifecycle Copyright Sequitur Labs Inc. 2017 • IP Theft • Unauthorized manufacture • Cloning At Manufacture • Establish hardware root of trust • Securely inject unique keys and certs at manufacturing • Immutable device ID Threats Security Measures
14 Design For Security - Through The Lifecycle Copyright Sequitur Labs Inc. 2017 • Compromised communications • Compromised upgrades • Data theft • Firmware corruption • Malware • DDoS During Operation • Trusted boot process • Hardware based isolation of critical material • Payload authentication • Authenticated communications • Tamper resistance • Trusted remediation Threats Security Measures
15 Isolation Technology Example: ARM TrustZone Copyright Sequitur Labs Inc. 2017 • Secure /Non-Secure States • Low impact context switch • Controlled access to resources • Crypto resources • Security applications • Keys • Peripherals
16 Design For Security - Through The Lifecycle Copyright Sequitur Labs Inc. 2017 • Data theft • Stolen network credentials • IP Theft • Cloning Retiring The Device • De-authorize devices • Wipe stored data • Secure command and control Threats Security Measures
17 Security Through The Device Lifecycle - Summary Copyright Sequitur Labs Inc. 2017 • IP Theft • Unauthorized manufacture • Cloning Create Operate Retire • Compromised communications • Compromised upgrades • Data theft • Firmware corruption • Malware • DDoS • Data theft • Stolen network credentials • IP Theft • Cloning • Hardware root of trust • Inject unique keys and certs at manufacturing • Immutable device ID • Trusted boot process • Hardware based isolation of critical material • Payload authentication • Authenticated communications • Tamper resistance • Trusted remediation • De-authorize devices • Wipe stored data Threats Security Measures
18 Selecting The Right Platform – From a Security Perspective Copyright Sequitur Labs Inc. 2017 • Hardware Platform Considerations • MCU v/s MPU • Hardware isolation technologies • Hardware crypto accelerators, TRNG • Tamper detection, resistance • Secure debug capabilities • Device/Application Use Considerations • Connectivity/data transmission (example – device pairing, cloud connectivity) • Peripherals that need security (example – biometric readers) • Application data that need securing (example – patient info in medical device) • Application processes that need securing (example – financial transactions)
19 Key Takeaway Copyright Sequitur Labs Inc. 2017 It’s only Smart if it’s Secure
20 More Stuff Here…. Copyright Sequitur Labs Inc. 2017 • CoreTEE: http://www.sequiturlabs.com/coretee/coretee-demo/ • CoreLockr-TZ: http://www.sequiturlabs.com/corelockrtz/corelockr-tz-demo-for-secure-iot/ • End-to-End Security Use Case: https://youtu.be/C0fCUgBvzDc • ARM and Sequitur Labs Demonstrate Secure IoT Systems: http://www.sequiturlabs.com/media_portfolio/arm-sequitur-labs-demonstrate-secure-iot-systems/ • Sequitur Labs Shows Real-World Use of New TrustZone for v8-M Platform: http://www.sequiturlabs.com/media_portfolio/sequitur-labs-shows-real-world-use-of-new-core-m-platform/
21 Talk To Us..... Copyright Sequitur Labs Inc. 2017 • We can help. • We like helping. • Really. • Try us out! www.sequiturlabs.com info@sequiturlabs.com

More Related Content

PDF
Security in the Internet of Things
ForgeRock
 
PDF
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
PPT
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
PPTX
Internet of Things Security
Tutun Juhana
 
PDF
IoT/M2M Security
Yu-Hsin Hung
 
PPTX
Security Testing for IoT Systems
Security Innovation
 
PPTX
Privacy and Security in the Internet of Things
Jeff Katz
 
PPTX
Iot Security, Internet of Things
Bryan Len
 
Security in the Internet of Things
ForgeRock
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Internet of Things Security
Tutun Juhana
 
IoT/M2M Security
Yu-Hsin Hung
 
Security Testing for IoT Systems
Security Innovation
 
Privacy and Security in the Internet of Things
Jeff Katz
 
Iot Security, Internet of Things
Bryan Len
 

What's hot (20)

PPTX
Internet of things security challenges
Hadi Fadlallah
 
PPTX
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
Manisha Luthra
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
PPTX
The Internet of Everything is Here
Lancope, Inc.
 
PPTX
IoT security compliance checklist
PriyaNemade
 
PPTX
IoT security
YashKesharwani2
 
PPTX
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
PPTX
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
PDF
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
PDF
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
PDF
Securing the Internet of Things
Christopher Frenz
 
PDF
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2
 
PPTX
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
PPTX
BSidesHSV 2020 - Keynote - 2030: The Next Decade
Chris Sistrunk
 
PDF
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
PPTX
Internet & iot security
Usman Anjum
 
PDF
Security challenges for IoT
WSO2
 
PDF
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
PPTX
The Insecurity of Industrial Things
Senrio
 
PPT
IoT Security by Sanjay Kumar
OWASP Delhi
 
Internet of things security challenges
Hadi Fadlallah
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
Manisha Luthra
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
The Internet of Everything is Here
Lancope, Inc.
 
IoT security compliance checklist
PriyaNemade
 
IoT security
YashKesharwani2
 
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Securing the Internet of Things
Christopher Frenz
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
BSidesHSV 2020 - Keynote - 2030: The Next Decade
Chris Sistrunk
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
Internet & iot security
Usman Anjum
 
Security challenges for IoT
WSO2
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
The Insecurity of Industrial Things
Senrio
 
IoT Security by Sanjay Kumar
OWASP Delhi
 
Ad

Similar to How to create a secure IoT device (20)

PDF
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
PDF
Hack one iot device, break them all!
Justin Black
 
PDF
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
HITCON GIRLS
 
PPTX
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
 
PPTX
CS5300 class presentation on managing information systems
zenhubris
 
PPTX
Why defensive research is sexy too.. … and a real sign of skill
Ollie Whitehouse
 
PDF
Creating secure apps using the salesforce mobile sdk
Martin Vigo
 
PPTX
Ten security product categories you've (probably) never heard of
Adrian Sanabria
 
PPTX
Securing Your Digital Files from Legal Threats
Abbie Hosta
 
PPTX
Understanding Zero Trust Security for IBM i
Precisely
 
PDF
Better to Ask Permission? Best Practices for Privacy and Security
Eric Kavanagh
 
PPTX
Add-Structure-and-Credibility-to-Your-Security-Portfolio-with-CIS-Controls-v8...
hoang971
 
PPTX
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
ClicTest
 
PPSX
CertainSafe MicroTokenization Technology Detailed Overview
Steven Russo
 
PDF
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Product of Things
 
PPTX
AI_Cybersecurity_Expanded_Presentation.pptx
kumarpalash7425
 
PPTX
What Does a Full Featured Security Strategy Look Like?
Precisely
 
PPTX
Fundamental Best Practices in Secure IoT Product Development
Mark Szewczul, CISSP
 
PPTX
Application Security within Agile
Netlight Consulting
 
PDF
Refugees on Rails Berlin - #2 Tech Talk on Security
Gianluca Varisco
 
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
Hack one iot device, break them all!
Justin Black
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
HITCON GIRLS
 
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
 
CS5300 class presentation on managing information systems
zenhubris
 
Why defensive research is sexy too.. … and a real sign of skill
Ollie Whitehouse
 
Creating secure apps using the salesforce mobile sdk
Martin Vigo
 
Ten security product categories you've (probably) never heard of
Adrian Sanabria
 
Securing Your Digital Files from Legal Threats
Abbie Hosta
 
Understanding Zero Trust Security for IBM i
Precisely
 
Better to Ask Permission? Best Practices for Privacy and Security
Eric Kavanagh
 
Add-Structure-and-Credibility-to-Your-Security-Portfolio-with-CIS-Controls-v8...
hoang971
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
ClicTest
 
CertainSafe MicroTokenization Technology Detailed Overview
Steven Russo
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Product of Things
 
AI_Cybersecurity_Expanded_Presentation.pptx
kumarpalash7425
 
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Fundamental Best Practices in Secure IoT Product Development
Mark Szewczul, CISSP
 
Application Security within Agile
Netlight Consulting
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Gianluca Varisco
 
Ad

Recently uploaded (20)

PPTX
KVL KCL ppt electrical electronics eee tiet
Gauri630804
 
PPTX
Embedded for Artificial Intelligence 1.pptx
ifnadeksisa
 
PPTX
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
PDF
Core Components of IoT, The elements need for IOT
jeffinmathew654
 
PPTX
udi-benefits-ggggggggfor-healthcare.pptx
diegosanojaa
 
PPTX
Operating System Processes_Scheduler OSS
UzumakiNamikaze
 
PPT
FABRICATION OF MOS FET BJT DEVICES IN NANOMETER
Nikhil Raj
 
PPTX
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
PDF
PPT Determiners.pdf.......................
kanikadhiman1001
 
PPTX
1.pptxsadafqefeqfeqfeffeqfqeqfeqefqfeqfqeffqe
EarlVonneRoque
 
PPTX
ATL_Arduino_Complete_Presentation_AI_Visuals.pptx
dushyantsharma1221
 
PDF
How NGOs Save Costs with Affordable IT Rentals
C Prompt Solutions Pvt Ltd
 
PPTX
了解新西兰毕业证(Wintec毕业证书)怀卡托理工学院毕业证存档可查的
unweq
 
PPTX
quadraticequations-111211090004-phpapp02.pptx
marcusaviso1101
 
PPTX
kvjhvhjvhjhjhjghjghjgjhgjhgjhgjhgjhgjhgjhgjh
RAVISHANKARMEHTA2
 
PPTX
code of ethics.pptxdvhwbssssSAssscasascc
denielnaceno76
 
PPTX
"Fundamentals of Digital Image Processing: A Visual Approach"
anandy7345
 
PDF
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
PPTX
sdn_based_controller_for_mobile_network_traffic_management1.pptx
beatereichrath9
 
PPTX
executive branch_no record.pptxsvvsgsggs
alvendiajhorace
 
KVL KCL ppt electrical electronics eee tiet
Gauri630804
 
Embedded for Artificial Intelligence 1.pptx
ifnadeksisa
 
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
Core Components of IoT, The elements need for IOT
jeffinmathew654
 
udi-benefits-ggggggggfor-healthcare.pptx
diegosanojaa
 
Operating System Processes_Scheduler OSS
UzumakiNamikaze
 
FABRICATION OF MOS FET BJT DEVICES IN NANOMETER
Nikhil Raj
 
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
PPT Determiners.pdf.......................
kanikadhiman1001
 
1.pptxsadafqefeqfeqfeffeqfqeqfeqefqfeqfqeffqe
EarlVonneRoque
 
ATL_Arduino_Complete_Presentation_AI_Visuals.pptx
dushyantsharma1221
 
How NGOs Save Costs with Affordable IT Rentals
C Prompt Solutions Pvt Ltd
 
了解新西兰毕业证(Wintec毕业证书)怀卡托理工学院毕业证存档可查的
unweq
 
quadraticequations-111211090004-phpapp02.pptx
marcusaviso1101
 
kvjhvhjvhjhjhjghjghjgjhgjhgjhgjhgjhgjhgjhgjh
RAVISHANKARMEHTA2
 
code of ethics.pptxdvhwbssssSAssscasascc
denielnaceno76
 
"Fundamentals of Digital Image Processing: A Visual Approach"
anandy7345
 
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
sdn_based_controller_for_mobile_network_traffic_management1.pptx
beatereichrath9
 
executive branch_no record.pptxsvvsgsggs
alvendiajhorace
 

How to create a secure IoT device

  • 1. IT’S ONLY SMART….. IF IT’S SECURE AKA HOW TO CREATE A SECURE IOT DEVICE MIKE HENDRICK VP ENGG. SEQUITUR LABS INC.
  • 2. 2 Kudos! Copyright Sequitur Labs Inc. 2017 If you are thinking about IoT security……… …………you are way ahead of the game
  • 3. 3 • Smart Home • Smart Building • Smart Car • Smart Medical Devices • Smart Cities • Smart Grid • Smart Wearables Opportunity: Smart Future……. Copyright Sequitur Labs Inc. 2017
  • 4. 4 Problem: The “Smart” Future …… Copyright Sequitur Labs Inc. 2017 …….it has it’s own - Viruses - Malware - Hacker community This lightbulb is so “smart”……….
  • 5. 5 Multiple connectivity options • WiFi • Bluetooth • BLE • Whatever……… “Smart” lightbulbs Copyright Sequitur Labs Inc. 2017 Connects to your • WiFi network • Phone • Other devices What does it do? • It stores your network credentials • Knows what devices it should connect to
  • 6. 6 Hmmmm……So What? HACKERS CAN USE THIS INFORMATION TO GET INTO YOUR NETWORK AND STEAL • Passwords • Financial information • Attack webcams (been there, done that) • Steal health related information • Control security systems Copyright Sequitur Labs Inc. 2017
  • 7. 7 Say it Ain’t So!! Copyright Sequitur Labs Inc. 2017 A connected lightbulb is a “portal” into - Your home - Your life - Your family - Your friends
  • 8. 8 Bottom-line: IoT without Security……. Copyright Sequitur Labs Inc. 2017 ….. is like handing over the keys to your kingdom
  • 9. 9 • Smart Home • Smart Building • Smart Car • Smart Medical Devices • Smart Cities • Smart Grid • Smart Wearables This Could Happen to ANY Connected Device in ANY Sector Copyright Sequitur Labs Inc. 2017
  • 10. 10 HELP!! Copyright Sequitur Labs Inc. 2017 Where do I start? • Define the threats • Design for Security • Select the right platforms
  • 11. 11 Defining the Threats Copyright Sequitur Labs Inc. 2017 • Firmware Theft • Malware • DDoS Attacks • Man-in-the-middle • Physical attacks • Corrupted firmware • Compromised peripherals Devices need protection throughout their life cycle • Create • Operate • Retire
  • 12. 12 Security Threats Faced by A Device Copyright Sequitur Labs Inc. 2017 • IP Theft • Unauthorized manufacture • Cloning Create Operate Retire • Compromised communications • Compromised upgrades • Data theft • Firmware corruption • Malware • DDoS • Data theft • Stolen network credentials • IP Theft • Cloning Threats
  • 13. 13 Design For Security - Through The Lifecycle Copyright Sequitur Labs Inc. 2017 • IP Theft • Unauthorized manufacture • Cloning At Manufacture • Establish hardware root of trust • Securely inject unique keys and certs at manufacturing • Immutable device ID Threats Security Measures
  • 14. 14 Design For Security - Through The Lifecycle Copyright Sequitur Labs Inc. 2017 • Compromised communications • Compromised upgrades • Data theft • Firmware corruption • Malware • DDoS During Operation • Trusted boot process • Hardware based isolation of critical material • Payload authentication • Authenticated communications • Tamper resistance • Trusted remediation Threats Security Measures
  • 15. 15 Isolation Technology Example: ARM TrustZone Copyright Sequitur Labs Inc. 2017 • Secure /Non-Secure States • Low impact context switch • Controlled access to resources • Crypto resources • Security applications • Keys • Peripherals
  • 16. 16 Design For Security - Through The Lifecycle Copyright Sequitur Labs Inc. 2017 • Data theft • Stolen network credentials • IP Theft • Cloning Retiring The Device • De-authorize devices • Wipe stored data • Secure command and control Threats Security Measures
  • 17. 17 Security Through The Device Lifecycle - Summary Copyright Sequitur Labs Inc. 2017 • IP Theft • Unauthorized manufacture • Cloning Create Operate Retire • Compromised communications • Compromised upgrades • Data theft • Firmware corruption • Malware • DDoS • Data theft • Stolen network credentials • IP Theft • Cloning • Hardware root of trust • Inject unique keys and certs at manufacturing • Immutable device ID • Trusted boot process • Hardware based isolation of critical material • Payload authentication • Authenticated communications • Tamper resistance • Trusted remediation • De-authorize devices • Wipe stored data Threats Security Measures
  • 18. 18 Selecting The Right Platform – From a Security Perspective Copyright Sequitur Labs Inc. 2017 • Hardware Platform Considerations • MCU v/s MPU • Hardware isolation technologies • Hardware crypto accelerators, TRNG • Tamper detection, resistance • Secure debug capabilities • Device/Application Use Considerations • Connectivity/data transmission (example – device pairing, cloud connectivity) • Peripherals that need security (example – biometric readers) • Application data that need securing (example – patient info in medical device) • Application processes that need securing (example – financial transactions)
  • 19. 19 Key Takeaway Copyright Sequitur Labs Inc. 2017 It’s only Smart if it’s Secure
  • 20. 20 More Stuff Here…. Copyright Sequitur Labs Inc. 2017 • CoreTEE: http://www.sequiturlabs.com/coretee/coretee-demo/ • CoreLockr-TZ: http://www.sequiturlabs.com/corelockrtz/corelockr-tz-demo-for-secure-iot/ • End-to-End Security Use Case: https://youtu.be/C0fCUgBvzDc • ARM and Sequitur Labs Demonstrate Secure IoT Systems: http://www.sequiturlabs.com/media_portfolio/arm-sequitur-labs-demonstrate-secure-iot-systems/ • Sequitur Labs Shows Real-World Use of New TrustZone for v8-M Platform: http://www.sequiturlabs.com/media_portfolio/sequitur-labs-shows-real-world-use-of-new-core-m-platform/
  • 21. 21 Talk To Us..... Copyright Sequitur Labs Inc. 2017 • We can help. • We like helping. • Really. • Try us out! www.sequiturlabs.com info@sequiturlabs.com