SlideShare a Scribd company logo

IoT_Security and impelementation in school

T
teguhwibowo67

IoT_Security and impelementation in school

Technology
1 of 71
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
European Union Agency for Network and Information Security Introduction to IoT security Christina Skouloudi, Apostolos Malatras | ENISA IoT Security team ENISA-FORTH NIS Summer School| 26.09.2018
Structure of Day 1
3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components) • IoT platforms • IoT protocols • IoT Security • Challenges • Threats • Attack scenarios • Case-study: BLE Security • LAB Day 1
4 Positioning ENISA activities POLICY  Support MS & COM in Policy implementation  Harmonisation across EU CAPACITY  Hands on activities EXPERTISE  Recommendations  Independent Advice
5 Horizontal and vertical Studies Expert Groups Validation Workshops Conferences Summer School ENISA’s efforts on IoT Security
6 ENISA’s efforts on IoT Security Industry 4.0 Baseline IoT Security
7 IoT security in sectors • Understand threats & assets • Consider context of use • Highlight security good practices in specific sectors • Provide recommendations to enhance cyber security • Expert groups
8 • Baseline Security Recommendations for IoT • Map existing IoT security initiatives • Address the problem holistically engaging with wider community • Utilize sectorial knowhow • Provide horizontal cybersecurity recommendations and security measures • One stop shop for IoT cybersecurity in Europe ENISA and IoT cybersecurity https://enisa.europa.eu/iot
IoT 101
10 10 What is IoT to you?
11 “ ”11 IoT ENISA defines IoT as a cyber-physical ecosystem of interconnected sensors and actuators which enable intelligent decision making.
12 Sensor
13 Sensor element that allows to monitor the environment and the context on which IoT systems operate • accelerometers • temperature sensors • pressure sensors • light sensors • acoustic sensors sensors can measure defined physical, chemical or biological indicators, and on the digital level, they collect information about the network and applications
14 Actuator
15 Actuator the entity responsible for moving or controlling a system or mechanism. an actuator operates in the reverse direction of a sensor; it takes an electrical input and turns it into physical action.
16 Sensor + Actuator + .. Structure of an IoT embedded system • medical implants • wearables (smart watches) • connected lights • smart thermostats
17 Intelligent Decision Making
18 Everything becomes connected Business side • “Everything connected” hype - Competitors do IoT, hence we must do IoT - Competitors don’t do IoT, let’s be the first one! • Financial gains • New business models and opportunities • Advanced data collection and processing
19
20 20 Components of IoT?
21 IoT Ecosystem GATEWAYS ENDPOINT DEVICES (SENSORS, ACTUATORS, EMBEDDED DEVICES etc.) CLOUD PLATFORM, BACKEND AND SERVICES
22 • Smart appliances • Smartphones • Smart ‘things’ IoT Components – Endpoint Devices
23 • WiFi • Zigbee • Z-Wave • NFC • RFID • BLE • LoRAWAN • MQTT/SIP/CoAP IoT Components - Communications SESSION AMQP, CoAP, DDS, MQTT, XMPP NETWORK ENCAPSULATION 6LowPAN, Thread ROUTING CARP, RPL DATALINK Bluetooth / BLE, Wi-Fi / Wi-Fi HaLow, LoRaWAN, Neul, SigFox, Z-Wave, ZigBee, USB
24
25
26 • Data and storage • Web-based services • Device management (config, etc) IoT Components - Cloud
27 IoT Cloud platform
28 • Consumer Electronics • Automotive • Healthcare • Industrial IoT • Wearables • Logistics • Sport & Fitness IoT Components - Use case / context
29 29 What are the assets of IoT? Group of 4 – 5’
30 IoT Assets
31 31 Development for IoT
32 • ThingBox • Node-RED • M2MLabs Mainspring • Kinoma • Eclipse IoT Project • Arduino IoT development platforms
33 • Apio • Arduino Nano • Arduino Pro Mini • Arduino Uno • Arduino Yún • Arietta G25 • BeagleBoard • Flutter • Flutter • IMUduino BTLE • Intel Edison • Intel Galileo • Libelium Waspmote • LightBlue Bean • Local Motors Connected Car • Microduino • Nanode • OpenKontrol Gateway • OpenPicus • panStamps • PicAxe • Pinoccio • Raspberry Pi 2 • RasWIK • SAM R21 Xplained Pro • SmartEverything • SODAQ • SparkFun RedBoard • Tessel • Tessel 2 • The AirBoard • The Rascal • TinyDuino • UDOO • WIOT • XinoRF IoT hardware platforms
34 Home Automation • Eclipse SmartHome • Home Gateway Initiative (HGI) • Ninja Blocks • openHAB • PrivateEyePi • RaZberry • The Thing System Middleware • IoTSyS • Kaa • OpenIoT • OpenRemote Operating Systems • AllJoyn • Contiki • Raspbian • RIOT • Spark IoT software platforms
35 • Canopy • Chimera IoT • DeviceHive(IoT Integration Tools and Horizontal Platforms ) • net • Distributed Services Architecture (DSA) • IoT Toolkit • M2MLabs Mainspring • Mango • Nimbits • Open Source Internet of Things (OSIOT) • OpenRemote • Pico Labs (Kynetx open source assigned to Pico Labs) • prpl Foundation • RabbitMQ • SiteWhere • ThingSpeak • webinos • Yaler IoT Iintegration platforms
36 https://nodered.org/ Presentation Title | Speaker Name ( To edit click Insert/ Header & footer) Node-Red
IoT Security
38 38 What could possibly go wrong?
39 What could possibly go wrong?
40 • IoT botnet • IoT devices used for DDoS attacks Based on a real life example
41 No device is fully secured • Reliance on third-party components, hardware and software • Dependency on networks and external services • Design of IoT/connected devices • Vulnerabilities in protocols • Security by design NOT the norm. IoT security is currently limited • Investments on security are limited • Functionalities before security • Real physical threats with risks on health and safety • No legal framework for liabilities Why IoT security matters? Cyber System Physical System
42 • Very large attack surface and widespread deployment • Limited device resources • Lack of standards and regulations • Safety and security process integration • Security by design not a top priority • Lack of expertise • Applying security updates • Insecure development • Unclear liabilities IoT Security – Main challenges
43
44 44 What are the threats to IoT? Group of 4 – 5’
45 IoT Threat Landscape
46 46 Which way would you attack IoT? Attack scenarios
47 • Attacks over the entire IoT ecosystem • Sensors/actuators - E.g. draining the battery of pacemakers • Communications - E.g. intercepting Bluetooth LE communication • Decision making (data integrity, etc.) - E.g. modification of messages to modify smart car behavior • Information privacy - E.g. smart toys exploited to eavesdrop on children Many ways to attack IoT
48 IoT Attack Scenarios IoT administration system compromised
49 IoT Attack Scenarios Botnet / Commands injection
Class Exercise Botnet (Mirai)
51
52 Shodan IP Angry Shodan
53 • What we are exposing on the internet • Online scanners • The use of shodan, and the many grey areas. • Who is a potential target of these kind of scanners? • Are shodan results an indicator of potential attacks and more sophisticated version of current attacks? (eg. Mirai evolved to target specific ports – why?) What to understand
54 IP Angry
55 Study Mirai code on github: https://github.com/jgamblin/Mirai-Source-Code Code of a Botnet
56 • AIOTI High Level Architecture functional model • FP7-ICT – IoT-A Architectural reference model • NIST Network of Things (NoT) • ITU-T IoT reference model39 • ISO/IEC CD 30141 Internet of Things Reference Architecture • ISACA Conceptual IoT Architecture • oneM2M Architecture Model • IEEE P2413 - Standard for an Architectural Framework IoT Security Architectures
57 High-level IoT reference model
Case-study Demo on Smart Health Security
59 Sensor Sensor (RGB sensor) High Med Low 1 = red 0 = green -1 = blue 1 0 -1 Display?/LED
60 Interconnectivity Sensor (RGB sensor) 1 = red 0 = green -1 = blue reading
61 Decision Making If(red) add blue If(green) do nothing If(blue) add red High Med Low 1 0 -1 Based on reading, we want to increase or decrease value to get optimal state
62 Actuator If(red) add blue
63 Scenario 1: Sensor tampering modifying the values read by sensors or their threshold values and settings
64 Real life practice – Electronic thermometer
65 Scenario 2: Man-In-the-Middle modifying the values intercepted from the man in the middle
66 Real life practice – Pacemaker
67 Scenario 3: Unauthorised access modifying or sabotaging normal settings of the device
68 Real life practice – Unauthorised syringe injections
69 • IoT 101 • IoT Security • Challenges • Threats • Attack scenarios • Case-study Summary
70 70 What follows.. Lab exercises on BLE attacks Time to set up the VMachines!
1 Vasilissis Sofias Str, Maroussi 151 24, Attiki, Greece Tel: +30 28 14 40 9711 info@enisa.europa.eu www.enisa.europa.eu Thank you

More Related Content

PPTX
Introduction to IoT Security
CAS
 
DOCX
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
PDF
The bad, the ugly and the weird about IoT
Speck&Tech
 
PPTX
IOT System.pptx
Manipal University Jaipur
 
PDF
The Internet of Things – Good, Bad or Just Plain Ugly?
Yasmin AbdelAziz
 
PDF
IoT – Breaking Bad
NUS-ISS
 
PPTX
Security in IoT
gr9293
 
PPTX
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Introduction to IoT Security
CAS
 
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
The bad, the ugly and the weird about IoT
Speck&Tech
 
IOT System.pptx
Manipal University Jaipur
 
The Internet of Things – Good, Bad or Just Plain Ugly?
Yasmin AbdelAziz
 
IoT – Breaking Bad
NUS-ISS
 
Security in IoT
gr9293
 
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 

Similar to IoT_Security and impelementation in school (20)

PPTX
Introduction to IOT security
Priyab Satoshi
 
PDF
Security in IoT
SKS
 
PPTX
Not IN Cybersecurity Connectivity,Cloud Platforms,Security.pptx
PratimanChoubey
 
PPTX
The internet of things (io t)
shashankvaidyar2
 
PPTX
The internet of things (io t) : IoT academy
AnkitThakkar46
 
PPTX
IoT and the industrial Internet of Things - june 20 2019
John D. Johnson
 
PDF
internet of thingsssssssssssssssssssssss
mishrasaket1028
 
PPTX
Modulmnbjkjnbnjnbnj,kkjebnmhnvfghjhgbcvxv
sneharaju2025
 
PPTX
Chapter 6 - IT Culture and the Society - Lesson 1.pptx
DondonGoles
 
PPTX
Data Science for IoT
Olivera Kotevska, Ph.D.
 
PDF
Introduction to Internet of Things (IoT)
Francesco Felicetta
 
PPT
Chapter -4- Internet of Things (IoT).ppt
dawod yimer
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
PDF
04 GBS_c4_IoT FIXED-FCB.pdf
Nurhikmah291
 
PPTX
Internet_of_Things.pptx
zarakhalid20
 
PDF
8 iot
kesavan_87
 
PDF
8_iot.pdf
YekoyeTigabuYeko
 
PDF
Certified IoT specialist course preview
iTrainMalaysia1
 
PDF
Internet of things (io t)
Biniam Behailu
 
PDF
OCS352-IOT -UNIT-1.pdf
gopinathcreddy
 
Introduction to IOT security
Priyab Satoshi
 
Security in IoT
SKS
 
Not IN Cybersecurity Connectivity,Cloud Platforms,Security.pptx
PratimanChoubey
 
The internet of things (io t)
shashankvaidyar2
 
The internet of things (io t) : IoT academy
AnkitThakkar46
 
IoT and the industrial Internet of Things - june 20 2019
John D. Johnson
 
internet of thingsssssssssssssssssssssss
mishrasaket1028
 
Modulmnbjkjnbnjnbnj,kkjebnmhnvfghjhgbcvxv
sneharaju2025
 
Chapter 6 - IT Culture and the Society - Lesson 1.pptx
DondonGoles
 
Data Science for IoT
Olivera Kotevska, Ph.D.
 
Introduction to Internet of Things (IoT)
Francesco Felicetta
 
Chapter -4- Internet of Things (IoT).ppt
dawod yimer
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
04 GBS_c4_IoT FIXED-FCB.pdf
Nurhikmah291
 
Internet_of_Things.pptx
zarakhalid20
 
8 iot
kesavan_87
 
8_iot.pdf
YekoyeTigabuYeko
 
Certified IoT specialist course preview
iTrainMalaysia1
 
Internet of things (io t)
Biniam Behailu
 
OCS352-IOT -UNIT-1.pdf
gopinathcreddy
 
Ad

Recently uploaded (20)

PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
KodekX | Application Modernization Development
KodekX
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Cloud computing and distributed systems.
kkkkkhan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Teaching material agriculture food technology
LiaRayya
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Ad

IoT_Security and impelementation in school

  • 1. European Union Agency for Network and Information Security Introduction to IoT security Christina Skouloudi, Apostolos Malatras | ENISA IoT Security team ENISA-FORTH NIS Summer School| 26.09.2018
  • 3. 3 • Round table • Intro & ENISA’s efforts on IoT • IoT 101 • Intro and definition • Ecosystem (including assets and components) • IoT platforms • IoT protocols • IoT Security • Challenges • Threats • Attack scenarios • Case-study: BLE Security • LAB Day 1
  • 4. 4 Positioning ENISA activities POLICY  Support MS & COM in Policy implementation  Harmonisation across EU CAPACITY  Hands on activities EXPERTISE  Recommendations  Independent Advice
  • 5. 5 Horizontal and vertical Studies Expert Groups Validation Workshops Conferences Summer School ENISA’s efforts on IoT Security
  • 6. 6 ENISA’s efforts on IoT Security Industry 4.0 Baseline IoT Security
  • 7. 7 IoT security in sectors • Understand threats & assets • Consider context of use • Highlight security good practices in specific sectors • Provide recommendations to enhance cyber security • Expert groups
  • 8. 8 • Baseline Security Recommendations for IoT • Map existing IoT security initiatives • Address the problem holistically engaging with wider community • Utilize sectorial knowhow • Provide horizontal cybersecurity recommendations and security measures • One stop shop for IoT cybersecurity in Europe ENISA and IoT cybersecurity https://enisa.europa.eu/iot
  • 10. 10 10 What is IoT to you?
  • 11. 11 “ ”11 IoT ENISA defines IoT as a cyber-physical ecosystem of interconnected sensors and actuators which enable intelligent decision making.
  • 13. 13 Sensor element that allows to monitor the environment and the context on which IoT systems operate • accelerometers • temperature sensors • pressure sensors • light sensors • acoustic sensors sensors can measure defined physical, chemical or biological indicators, and on the digital level, they collect information about the network and applications
  • 15. 15 Actuator the entity responsible for moving or controlling a system or mechanism. an actuator operates in the reverse direction of a sensor; it takes an electrical input and turns it into physical action.
  • 16. 16 Sensor + Actuator + .. Structure of an IoT embedded system • medical implants • wearables (smart watches) • connected lights • smart thermostats
  • 18. 18 Everything becomes connected Business side • “Everything connected” hype - Competitors do IoT, hence we must do IoT - Competitors don’t do IoT, let’s be the first one! • Financial gains • New business models and opportunities • Advanced data collection and processing
  • 19. 19
  • 21. 21 IoT Ecosystem GATEWAYS ENDPOINT DEVICES (SENSORS, ACTUATORS, EMBEDDED DEVICES etc.) CLOUD PLATFORM, BACKEND AND SERVICES
  • 22. 22 • Smart appliances • Smartphones • Smart ‘things’ IoT Components – Endpoint Devices
  • 23. 23 • WiFi • Zigbee • Z-Wave • NFC • RFID • BLE • LoRAWAN • MQTT/SIP/CoAP IoT Components - Communications SESSION AMQP, CoAP, DDS, MQTT, XMPP NETWORK ENCAPSULATION 6LowPAN, Thread ROUTING CARP, RPL DATALINK Bluetooth / BLE, Wi-Fi / Wi-Fi HaLow, LoRaWAN, Neul, SigFox, Z-Wave, ZigBee, USB
  • 24. 24
  • 25. 25
  • 26. 26 • Data and storage • Web-based services • Device management (config, etc) IoT Components - Cloud
  • 28. 28 • Consumer Electronics • Automotive • Healthcare • Industrial IoT • Wearables • Logistics • Sport & Fitness IoT Components - Use case / context
  • 29. 29 29 What are the assets of IoT? Group of 4 – 5’
  • 32. 32 • ThingBox • Node-RED • M2MLabs Mainspring • Kinoma • Eclipse IoT Project • Arduino IoT development platforms
  • 33. 33 • Apio • Arduino Nano • Arduino Pro Mini • Arduino Uno • Arduino Yún • Arietta G25 • BeagleBoard • Flutter • Flutter • IMUduino BTLE • Intel Edison • Intel Galileo • Libelium Waspmote • LightBlue Bean • Local Motors Connected Car • Microduino • Nanode • OpenKontrol Gateway • OpenPicus • panStamps • PicAxe • Pinoccio • Raspberry Pi 2 • RasWIK • SAM R21 Xplained Pro • SmartEverything • SODAQ • SparkFun RedBoard • Tessel • Tessel 2 • The AirBoard • The Rascal • TinyDuino • UDOO • WIOT • XinoRF IoT hardware platforms
  • 34. 34 Home Automation • Eclipse SmartHome • Home Gateway Initiative (HGI) • Ninja Blocks • openHAB • PrivateEyePi • RaZberry • The Thing System Middleware • IoTSyS • Kaa • OpenIoT • OpenRemote Operating Systems • AllJoyn • Contiki • Raspbian • RIOT • Spark IoT software platforms
  • 35. 35 • Canopy • Chimera IoT • DeviceHive(IoT Integration Tools and Horizontal Platforms ) • net • Distributed Services Architecture (DSA) • IoT Toolkit • M2MLabs Mainspring • Mango • Nimbits • Open Source Internet of Things (OSIOT) • OpenRemote • Pico Labs (Kynetx open source assigned to Pico Labs) • prpl Foundation • RabbitMQ • SiteWhere • ThingSpeak • webinos • Yaler IoT Iintegration platforms
  • 36. 36 https://nodered.org/ Presentation Title | Speaker Name ( To edit click Insert/ Header & footer) Node-Red
  • 40. 40 • IoT botnet • IoT devices used for DDoS attacks Based on a real life example
  • 41. 41 No device is fully secured • Reliance on third-party components, hardware and software • Dependency on networks and external services • Design of IoT/connected devices • Vulnerabilities in protocols • Security by design NOT the norm. IoT security is currently limited • Investments on security are limited • Functionalities before security • Real physical threats with risks on health and safety • No legal framework for liabilities Why IoT security matters? Cyber System Physical System
  • 42. 42 • Very large attack surface and widespread deployment • Limited device resources • Lack of standards and regulations • Safety and security process integration • Security by design not a top priority • Lack of expertise • Applying security updates • Insecure development • Unclear liabilities IoT Security – Main challenges
  • 43. 43
  • 44. 44 44 What are the threats to IoT? Group of 4 – 5’
  • 46. 46 46 Which way would you attack IoT? Attack scenarios
  • 47. 47 • Attacks over the entire IoT ecosystem • Sensors/actuators - E.g. draining the battery of pacemakers • Communications - E.g. intercepting Bluetooth LE communication • Decision making (data integrity, etc.) - E.g. modification of messages to modify smart car behavior • Information privacy - E.g. smart toys exploited to eavesdrop on children Many ways to attack IoT
  • 48. 48 IoT Attack Scenarios IoT administration system compromised
  • 49. 49 IoT Attack Scenarios Botnet / Commands injection
  • 51. 51
  • 53. 53 • What we are exposing on the internet • Online scanners • The use of shodan, and the many grey areas. • Who is a potential target of these kind of scanners? • Are shodan results an indicator of potential attacks and more sophisticated version of current attacks? (eg. Mirai evolved to target specific ports – why?) What to understand
  • 55. 55 Study Mirai code on github: https://github.com/jgamblin/Mirai-Source-Code Code of a Botnet
  • 56. 56 • AIOTI High Level Architecture functional model • FP7-ICT – IoT-A Architectural reference model • NIST Network of Things (NoT) • ITU-T IoT reference model39 • ISO/IEC CD 30141 Internet of Things Reference Architecture • ISACA Conceptual IoT Architecture • oneM2M Architecture Model • IEEE P2413 - Standard for an Architectural Framework IoT Security Architectures
  • 58. Case-study Demo on Smart Health Security
  • 59. 59 Sensor Sensor (RGB sensor) High Med Low 1 = red 0 = green -1 = blue 1 0 -1 Display?/LED
  • 60. 60 Interconnectivity Sensor (RGB sensor) 1 = red 0 = green -1 = blue reading
  • 61. 61 Decision Making If(red) add blue If(green) do nothing If(blue) add red High Med Low 1 0 -1 Based on reading, we want to increase or decrease value to get optimal state
  • 63. 63 Scenario 1: Sensor tampering modifying the values read by sensors or their threshold values and settings
  • 64. 64 Real life practice – Electronic thermometer
  • 65. 65 Scenario 2: Man-In-the-Middle modifying the values intercepted from the man in the middle
  • 66. 66 Real life practice – Pacemaker
  • 67. 67 Scenario 3: Unauthorised access modifying or sabotaging normal settings of the device
  • 68. 68 Real life practice – Unauthorised syringe injections
  • 69. 69 • IoT 101 • IoT Security • Challenges • Threats • Attack scenarios • Case-study Summary
  • 70. 70 70 What follows.. Lab exercises on BLE attacks Time to set up the VMachines!
  • 71. 1 Vasilissis Sofias Str, Maroussi 151 24, Attiki, Greece Tel: +30 28 14 40 9711 info@enisa.europa.eu www.enisa.europa.eu Thank you