Internet of Things Forensics
3 likes1,665 views
This document discusses Internet of Things (IoT) forensics. It begins with an overview of IoT, including its key characteristics and architecture. It then discusses digital forensics and how IoT forensics deals with cybercrimes across the three layers of an IoT system. It identifies categories of evidence for IoT crime scenes, including smart devices, hardware/software, and external resources. It outlines security challenges for IoT like authentication, updates, and privacy. Finally, it discusses the scope of IoT forensics work, including evidence identification, analysis, and attack attribution.
![Digital Forensics
Digital forensics (sometimes known as digital forensic science) is a
branch of forensic science encompassing the recovery and
investigation of material found in digital devices, often in relation
to computer crime.
A digital forensic investigation commonly consists of 3 stages:
acquisition or imaging of exhibits, analysis, and reporting.
Evidences used in digital forensics are : hard drive of the criminals’ computer, laptop, external hard drives,
USB devices, mobile devices, etc. [2].](https://image.slidesharecdn.com/iotforensics-190710042439/85/Internet-of-Things-Forensics-7-320.jpg)
![Three Possible Roles of A Computer Digital Forensics [4]
1. Computer can be the aim of the crime.
2. It can be responsible/ source of the crime.
3. It can act as an evidence/ proof of information that contains criminal acts.](https://image.slidesharecdn.com/iotforensics-190710042439/85/Internet-of-Things-Forensics-8-320.jpg)
![Timeline of Evolution of IoT Forensics from Computer Forensic [3]
Reference :- Ana Nieto, Ruben Rios, Javier Lopez, IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations, MDPI, February 2018](https://image.slidesharecdn.com/iotforensics-190710042439/85/Internet-of-Things-Forensics-11-320.jpg)
![Security Challenges in IoT[1]
Secure constrained devices Limited amounts of storage, memory, and processing capability and they
often need to be able to operate on lower power, so many encryption
algorithms can’t be used and so can’t transmit data securely in real-time.
Authorize and authenticate
devices
Many IoT device fails to establish their identity before accessing gateways,
upstream services and apps as they fail in device authentication.
Applying Device Updates 1. There is a need to keep track of which updates are available and apply
those updates consistently across distributed environments with
heterogeneous devices that communicate through a range of different
networking protocols.
2. Only Some devices support over-the-air updates, or updates without
downtime, but the other devices might need to be physically accessed
or temporarily pulled from production to apply updates.
Secure Communication Many IoT device do not encrypt message before transmitting.
https://developer.ibm.com/articles/iot-top-10-iot-security-challenges/Reference [1]](https://image.slidesharecdn.com/iotforensics-190710042439/85/Internet-of-Things-Forensics-12-320.jpg)
![Security Challenges in IoT (contd.)
Ensure Data Privacy and
Integrity
The application of data privacy includes anonimizing sensitive data before
it is stored or using data separation to separate personally identifiable
information from IoT data payloads. Unrequired data must be securely
disposed of, and if data is stored, compliance should be maintained with
legal and regulatory frameworks is also an important challenge.
Secure web, mobile, and
cloud applications
As a part of multi-layered approach of IoT security, WEB MOBILE and
CLOUD APPS and SERVICES that are used to manage, access and process
IoT devices and data must be secured
Detect vulnerabilities and
incidents
When there is large scale implementation of IoT systems, then the
complexity of the system from the perspective of the variety of devices
connected, apps and services, and communication protocols involved, can
make it difficult to identify when an incident has occurred.
Predict and preempt security
issues
IoT security challenge in long term is to apply security intelligence for
detecting and mitigating issues, predicting and proactively protecting
against potential security threats.
Threat modelling[7] is one approach to predict security issues.](https://image.slidesharecdn.com/iotforensics-190710042439/85/Internet-of-Things-Forensics-13-320.jpg)
![[1] https://developer.ibm.com/articles/iot-top-10-iot-security-challenges/
[2] Áine MacDermott, Thar Baker, Qi Shi, IoT Forensics: Challenges For The IoA Era, IEEE Xplore 2nd April 2018.
[3] Ana Nieto, Ruben Rios, Javier Lopez, IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations, MDPI, DOI:
https://doi.org/10.3390/s18020492. Received: 28 December 2017 / Revised: 25 January 2018 / Accepted: 4 February 2018 /
Published: 7 February 2018
[4] Gianni Fenu and Fabrizio Solinas , COMPUTER FORENSICS INVESTIGATION AN APPROACH TO EVIDENCE IN CYBERSPACE,
Conference: The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013)
[5] https://hub.packtpub.com/iot-forensics-security-connected-world/
[6] https://www.owasp.org/index.php/Application_Threat_Modeling
References](https://image.slidesharecdn.com/iotforensics-190710042439/85/Internet-of-Things-Forensics-15-320.jpg)
Internet of Things Forensics
- 1. Maulana Abul Kalam Azad University of Technology, W.B. IoT Forensics Submitted By Aakashjit Bhattacharya Roll Number:- 30011218021 Registration Number:- 183000410054 of 2018-2019 Guided By Professor Debashish De & Dr. Koushik Majumder Computer Science & Engineering Department M.A.K.A.U.T., W.B.
- 3. • Internet Of Things • Characteristics of IoT • Digital Forensics • IoT Forensics • Categories of Evidences With Respect To a Crime Scene • Cyber Security challenges in IoT • Open Issues and Scope of work • Conclusion • Reference Content
- 5. Internet of Things • Building block for Smart homes and Smart Cities. • 3 layers:- Sensing layer, Communication layer, Transmission layer. • Lot of things work parallel, to complete the entire architecture of an IoT System, which includes low-power embedded system, big-data, Machine Learning and networking. • Provides M2M connectivity across all the connected devices.
- 6. Characteristics of IoT • Scalable • Low power consumption • Efficient • Low computational power
- 7. Digital Forensics Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A digital forensic investigation commonly consists of 3 stages: acquisition or imaging of exhibits, analysis, and reporting. Evidences used in digital forensics are : hard drive of the criminals’ computer, laptop, external hard drives, USB devices, mobile devices, etc. [2].
- 8. Three Possible Roles of A Computer Digital Forensics [4] 1. Computer can be the aim of the crime. 2. It can be responsible/ source of the crime. 3. It can act as an evidence/ proof of information that contains criminal acts.
- 9. IoT Forensics Deals with IoT-related cybercrimes that includes investigation of connected devices, sensors and the data stored on all possible platforms. As security breach can take place in any of the three layers of this IoT Architecture, so IoT forensics need to inspect all the three layers well in order to detect the crime.
- 10. Categories of Evidences With Respect To A Crime Scene 1. Smart devices and sensors : It includes sensors, smart devices, automation tools those are powered by IoT Architecture, in other words, the gadgets those are present in the Crime Scene. 2. Hardware and Software : Communication link between smart devices and the external world which includes IPS, Firewalls, Computers. 3. External resources : Areas outside networks under investigation, that includes Cloud, Social Media, ISPs, Network Providers. Reference:- https://hub.packtpub.com/iot-forensics-security-connected-world/
- 11. Timeline of Evolution of IoT Forensics from Computer Forensic [3] Reference :- Ana Nieto, Ruben Rios, Javier Lopez, IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations, MDPI, February 2018
- 12. Security Challenges in IoT[1] Secure constrained devices Limited amounts of storage, memory, and processing capability and they often need to be able to operate on lower power, so many encryption algorithms can’t be used and so can’t transmit data securely in real-time. Authorize and authenticate devices Many IoT device fails to establish their identity before accessing gateways, upstream services and apps as they fail in device authentication. Applying Device Updates 1. There is a need to keep track of which updates are available and apply those updates consistently across distributed environments with heterogeneous devices that communicate through a range of different networking protocols. 2. Only Some devices support over-the-air updates, or updates without downtime, but the other devices might need to be physically accessed or temporarily pulled from production to apply updates. Secure Communication Many IoT device do not encrypt message before transmitting. https://developer.ibm.com/articles/iot-top-10-iot-security-challenges/Reference [1]
- 13. Security Challenges in IoT (contd.) Ensure Data Privacy and Integrity The application of data privacy includes anonimizing sensitive data before it is stored or using data separation to separate personally identifiable information from IoT data payloads. Unrequired data must be securely disposed of, and if data is stored, compliance should be maintained with legal and regulatory frameworks is also an important challenge. Secure web, mobile, and cloud applications As a part of multi-layered approach of IoT security, WEB MOBILE and CLOUD APPS and SERVICES that are used to manage, access and process IoT devices and data must be secured Detect vulnerabilities and incidents When there is large scale implementation of IoT systems, then the complexity of the system from the perspective of the variety of devices connected, apps and services, and communication protocols involved, can make it difficult to identify when an incident has occurred. Predict and preempt security issues IoT security challenge in long term is to apply security intelligence for detecting and mitigating issues, predicting and proactively protecting against potential security threats. Threat modelling[7] is one approach to predict security issues.
- 14. 1. Identification, collection and preservation of Evidence 2. Co-relation and analysis of evidence. 3. Attack or deficit attribution. & Scope of work
- 15. [1] https://developer.ibm.com/articles/iot-top-10-iot-security-challenges/ [2] Áine MacDermott, Thar Baker, Qi Shi, IoT Forensics: Challenges For The IoA Era, IEEE Xplore 2nd April 2018. [3] Ana Nieto, Ruben Rios, Javier Lopez, IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations, MDPI, DOI: https://doi.org/10.3390/s18020492. Received: 28 December 2017 / Revised: 25 January 2018 / Accepted: 4 February 2018 / Published: 7 February 2018 [4] Gianni Fenu and Fabrizio Solinas , COMPUTER FORENSICS INVESTIGATION AN APPROACH TO EVIDENCE IN CYBERSPACE, Conference: The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013) [5] https://hub.packtpub.com/iot-forensics-security-connected-world/ [6] https://www.owasp.org/index.php/Application_Threat_Modeling References
- 16. Aakashjit Bhattacharya Roll:- 30011218021 Reg. No:- 183000410054 of 2018-2019