SlideShare a Scribd company logo

IoT security

A
Abhishek Dwivedi

The document discusses the importance of prioritizing security from the beginning of the design process for IoT devices. It notes that many startups overlook security and focus only on features, and that security issues ignored early on are often forgotten later. It provides recommendations in several areas, including using secure memory and chips, enabling secure boot, implementing certificate-based authentication and encryption for networking, sandboxing apps, keeping systems patched, and monitoring devices for suspicious activity. The document aims to raise awareness of how security breaches can occur when it is not properly integrated from the start.

Engineering
Related topics:
Internet of Things Information Security Smart Home
1 of 8
Download to read offline
1
2
3
4
5
6
7
8
Abhishek Dwivedi
Security from Begining of design ●Security at design phase not at the end phase ● Many of of the security issues overlooked at beginning are forgotten at the end ● Many of the startups doesn’t give priority to security but just feature complete. Even product owner are unaware about the depth of security to be implemented. ● Though we can count security implementation in IoT in 1-2-3 but having it in place is not so simple if not well thought at the beginning. Even lot of investment may to on toss. ● There are many ways to bring it in based on budget, volume, and product life. Abhishek Dwivedi
Hardware Security ●Make use of secured memory for sensitive data, such as ARM trustZone ●Make use of security chip for holding TSL private keys ●Use only secure boot enabled embedded processors for having a tamper proof SBC. ● Remove debug port/interfaces in production devices Abhishek Dwivedi
Network Security ●Keep communication secured by cryptography. TLS is a common for this purpose. ●Know the identity of the end node and edge. ●Where ever more threats are possible, keep the identity trusted. Instead of having only TLS, have certificates as well in place. X.509 is being adopted widely. ●Don’t connect to unsecure or loosely secured WiFi. High risk of man in middle attack. Such as over WPA2. Abhishek Dwivedi
Security at software ●Sandbox apps running on OS. Such as flatpack, snappy. ●Keep kernel level security enabled and enforced on Linux based OS. MAC and DAC enabled. Limit the access by right policy, don’t overlook while writing the access policy configuration. ●Regular patch, specially security patches. ●Wherever possible have OTA in place for immediately resolve found issues. Abhishek Dwivedi
Identity and Role based administration ●Have bookkeeping of identity of edge/node type and specific role. ●Implement device activity analytics service at device and cloud. ●Blacklisting of suspicious activity on immediate and analyze after from secure admin tunnel at the highest priority. Abhishek Dwivedi
Proven examples of security breaches ●Remote code execution and having root level privilege in device. ●DirtyCOW, a very much famous bug in kernel got fixed in recent in Kernel. ●In SSH, race condition letting root access. Abhishek Dwivedi
Thank you!! This is just brief. Each topic has options and details. Abhishek Dwivedi

More Related Content

PPTX
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
PDF
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
PDF
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
PPTX
Io t slides_iotvillage
agmoneyy
 
PDF
Web Application Detection with SNORT
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
PDF
Embedded government espionage
Muts Byte
 
PDF
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
PDF
Symantec Freak Vulnerability Infographic
Symantec
 
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Io t slides_iotvillage
agmoneyy
 
Web Application Detection with SNORT
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Embedded government espionage
Muts Byte
 
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Symantec Freak Vulnerability Infographic
Symantec
 

What's hot (20)

PDF
Loc jack presentation
QuestTechnologyIntl
 
PPTX
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
PPT
Ict encryption agt_fabio_pietrosanti
PrivateWave Italia SpA
 
PPT
Module5 desktop-laptop-security-b
BbAOC
 
PDF
How to be come a hacker slide for 2600 laos
Outhai SAIOUDOM
 
PPTX
The Next Generation of Phishing
Giuseppe Trotta
 
PPTX
Attack presentation
Frikha Nour
 
PDF
Blackhat USA Mobile Security Panel 2011
Tyler Shields
 
PPTX
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
PPTX
Frida - Objection Tool Usage
n|u - The Open Security Community
 
PDF
Owasp top 10
veerababu penugonda(Mr-IoT)
 
PDF
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
PDF
Digital self defense
Henrik Jacobsen
 
PDF
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
PDF
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
PPT
Linux security-fosster-09
Dr. Jayaraj Poroor
 
PDF
Internet of secure things
Joon Young Park
 
PDF
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
DOCX
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
PPTX
Essential security for linux servers
Juan Carlos Pérez Pardo
 
Loc jack presentation
QuestTechnologyIntl
 
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
Ict encryption agt_fabio_pietrosanti
PrivateWave Italia SpA
 
Module5 desktop-laptop-security-b
BbAOC
 
How to be come a hacker slide for 2600 laos
Outhai SAIOUDOM
 
The Next Generation of Phishing
Giuseppe Trotta
 
Attack presentation
Frikha Nour
 
Blackhat USA Mobile Security Panel 2011
Tyler Shields
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Frida - Objection Tool Usage
n|u - The Open Security Community
 
Owasp top 10
veerababu penugonda(Mr-IoT)
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Digital self defense
Henrik Jacobsen
 
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
Linux security-fosster-09
Dr. Jayaraj Poroor
 
Internet of secure things
Joon Young Park
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Essential security for linux servers
Juan Carlos Pérez Pardo
 
Ad

Similar to IoT security (20)

PPTX
Fundamental Best Practices in Secure IoT Product Development
Mark Szewczul, CISSP
 
PDF
Security for the IoT - Report Summary
Accenture Technology
 
PDF
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
PDF
Building security into the internetofthings
Prayukth K V
 
PDF
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
PDF
Navigating the Complexities of IoT Security_ Best Practices
bytesnapinfo
 
PPTX
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
PDF
Module 6.pdf
Sitamarhi Institute of Technology
 
PDF
Module 6.Security in Evolving Technology
Sitamarhi Institute of Technology
 
PPTX
Security Testing for IoT Systems
Security Innovation
 
PDF
Lecture 7 - Security
Alexandru Radovici
 
PDF
Considerations for a secure internet of things for cities and communities
Mrinal Wadhwa
 
PDF
Securing Startups
Omaid Faizyar
 
PPTX
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
PPTX
Hugo Fiennes - Security and the IoT - Electric Imp
Business of Software Conference
 
PDF
Broken by design (Danny Fullerton)
Hackfest Communication
 
PPTX
Practical approaches to IoT security
Tony Wilson
 
PDF
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Alec Sloman
 
PDF
Host-based Security
secdevmel
 
PDF
Top 10 IT Security Issues 2011
Redspin, Inc.
 
Fundamental Best Practices in Secure IoT Product Development
Mark Szewczul, CISSP
 
Security for the IoT - Report Summary
Accenture Technology
 
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
Building security into the internetofthings
Prayukth K V
 
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
Navigating the Complexities of IoT Security_ Best Practices
bytesnapinfo
 
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
Module 6.pdf
Sitamarhi Institute of Technology
 
Module 6.Security in Evolving Technology
Sitamarhi Institute of Technology
 
Security Testing for IoT Systems
Security Innovation
 
Lecture 7 - Security
Alexandru Radovici
 
Considerations for a secure internet of things for cities and communities
Mrinal Wadhwa
 
Securing Startups
Omaid Faizyar
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
Hugo Fiennes - Security and the IoT - Electric Imp
Business of Software Conference
 
Broken by design (Danny Fullerton)
Hackfest Communication
 
Practical approaches to IoT security
Tony Wilson
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Alec Sloman
 
Host-based Security
secdevmel
 
Top 10 IT Security Issues 2011
Redspin, Inc.
 
Ad

Recently uploaded (20)

PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
PDF
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
PDF
PREDICTION OF DIABETES FROM ELECTRONIC HEALTH RECORDS
ijaia
 
PPTX
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
PDF
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPT
Occupational Health and Safety Management System
Akshay Kant Mishra
 
PPT
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PPTX
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
PPTX
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
PREDICTION OF DIABETES FROM ELECTRONIC HEALTH RECORDS
ijaia
 
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Occupational Health and Safety Management System
Akshay Kant Mishra
 
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
introduction to datamining and warehousing
ssuser4ab3a2
 

IoT security

  • 2. Security from Begining of design ●Security at design phase not at the end phase ● Many of of the security issues overlooked at beginning are forgotten at the end ● Many of the startups doesn’t give priority to security but just feature complete. Even product owner are unaware about the depth of security to be implemented. ● Though we can count security implementation in IoT in 1-2-3 but having it in place is not so simple if not well thought at the beginning. Even lot of investment may to on toss. ● There are many ways to bring it in based on budget, volume, and product life. Abhishek Dwivedi
  • 3. Hardware Security ●Make use of secured memory for sensitive data, such as ARM trustZone ●Make use of security chip for holding TSL private keys ●Use only secure boot enabled embedded processors for having a tamper proof SBC. ● Remove debug port/interfaces in production devices Abhishek Dwivedi
  • 4. Network Security ●Keep communication secured by cryptography. TLS is a common for this purpose. ●Know the identity of the end node and edge. ●Where ever more threats are possible, keep the identity trusted. Instead of having only TLS, have certificates as well in place. X.509 is being adopted widely. ●Don’t connect to unsecure or loosely secured WiFi. High risk of man in middle attack. Such as over WPA2. Abhishek Dwivedi
  • 5. Security at software ●Sandbox apps running on OS. Such as flatpack, snappy. ●Keep kernel level security enabled and enforced on Linux based OS. MAC and DAC enabled. Limit the access by right policy, don’t overlook while writing the access policy configuration. ●Regular patch, specially security patches. ●Wherever possible have OTA in place for immediately resolve found issues. Abhishek Dwivedi
  • 6. Identity and Role based administration ●Have bookkeeping of identity of edge/node type and specific role. ●Implement device activity analytics service at device and cloud. ●Blacklisting of suspicious activity on immediate and analyze after from secure admin tunnel at the highest priority. Abhishek Dwivedi
  • 7. Proven examples of security breaches ●Remote code execution and having root level privilege in device. ●DirtyCOW, a very much famous bug in kernel got fixed in recent in Kernel. ●In SSH, race condition letting root access. Abhishek Dwivedi
  • 8. Thank you!! This is just brief. Each topic has options and details. Abhishek Dwivedi