"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
Download as PPTX, PDF1 like676 views
The document discusses the security challenges and threats associated with the Internet of Things (IoT), highlighting various attack examples and vulnerabilities across numerous devices. It emphasizes the importance of secure device management, software updates, and threat monitoring to maintain customer confidence and regulatory compliance. Additionally, it raises questions about trust in managing IoT security effectively over the lifespan of connected applications.
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
- 1. IoT Security Make vs Buy? Feb 2016
- 2. They Tell Us IoT Will be BIG! Copyright © 2016 Verimatrix, Inc.2
- 3. Opportunity vs Threat Technical exposure Business risk Customer confidence Regulatory compliance Copyright © 2016 Verimatrix, Inc.3
- 4. More Connectivity >>> More Threat Surfaces Device control Reprogramming Man in middle • Intercepting communication • Alter communication • Pretend to be a different player Jamming / Blocking Replay Cloning Monitoring Data theft Copyright © 2016 Verimatrix, Inc.4
- 5. Attacker Incentive Research Hacktivist Economic – Exploits or Crime Terrorism Cyber warfare Copyright © 2016 Verimatrix, Inc.5
- 6. Attacks: SOHO examples Copyright © 2016 Verimatrix, Inc. FAIL: Management backdoors FAIL: Password vulnerabilities FAIL: Update verification https://www.sohopelesslybroken.com/news.html 6
- 7. Attacks: Samsung Fridge Copyright © 2016 Verimatrix, Inc. FAIL: test validity of SSL certificate Threat: Neighbor stealing gmail credentials http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/ 7
- 8. Attacks: Vizio TV Copyright © 2016 Verimatrix, Inc. FAIL: test validity of SSL certificate Threat: Impact on privacy Awareness: 6th link http://arstechnica.com/security/2015/11/man-in-the-middle-attack-on-vizio-tvs-coughs-up-owners-viewing-habits/ 8
- 9. Attacks: Baby Monitor Copyright © 2016 Verimatrix, Inc. Baby monitor weaknesses overview: http://fusion.net/story/192189/internet-connected-baby-monitors-trivial-to-hack/ Threat: someone close by listening to you baby. 9
- 10. Attacks: Hue Light Bulb Copyright © 2016 Verimatrix, Inc. Fail: Securing Token Threat Control light – remotely http://www.dhanjani.com/blog/2013/08/hacking-lightbulbs.html 10
- 11. Attacks: Smart Meter Copyright © 2016 Verimatrix, Inc. Open protocol / credentials Threat: Smart meter data provides info on • Appliance: HDR TV • Occupancy and schedule From: Smart Meter Data: Privacy and Cybersecurity Congressional Research Service R42338 11
- 12. Attacks: Jeep Copyright © 2016 Verimatrix, Inc. FAIL: No segmentation FAIL: No OTA update http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Threat: Loosing control in a driving car 12
- 13. Copyright © 2016 Verimatrix, Inc. Attacks: Cloud 13 …and many others such as Sony
- 14. IoT Security Snapshot Copyright © 2016 Verimatrix, Inc.14 Device Hardware Security Secure Device Update Secure IP Communications Data Management and Integrity Threat monitoring & response TPM (Trusted Platform Module) and SE (Secure Element)Used to harden software based security solutions in a layered security approach secure storage secure boot Leverages security credentials and signature process to enable a trusted services for full or modular software update Leverages security credentials to provide authenticated client comms end point and connection oriented or connectionless secure communications framework Activity tracking, Signature analysis, flagging threats and orchestrating response Data aggregation, access control and auditing Policy compliance, regulatory compliance
- 15. IoT Vertical Markets – Generic Challenges Copyright © 2016 Verimatrix, Inc. Cloud data integrity and compliance Threat monitoring And response Secure device communications Secure device update Device integrity Credential mgmnt Smart Home Automotive mHealth Smart Cities Industrial 15
- 16. Copyright © 2016 Verimatrix, Inc. Who Would You Trust? Not just for Christmas - typical lifetime tasks • Device credential management • Secure software update • Trusted secure IP communications – TCP, UDP, unicast, multicast • Device threat monitoring • Threat reporting/aggregation/alerting • Data curation - secure repository with regulatory and policy compliance Few in the industry with a broad, long term track record 16
- 17. Copyright © 2016 Verimatrix, Inc. Summary 17 Threat surface of connected systems is extensive The security challenge exists over the lifetime of the application How do you combine innovation and system integrity
- 18. Discussion info@verimatrix.com Copyright © 2016 Verimatrix, Inc.