SlideShare a Scribd company logo

Why the IoT the Needs Upgradable Security

Silicon Labs, profile picture
Silicon Labs

The document emphasizes the necessity of upgradable security in the Internet of Things (IoT) due to increasing attack surfaces and evolving adversary capabilities. It discusses the balance between security, privacy, functionality, and cost, and highlights the importance of mechanisms such as secure boot and asymmetric cryptography for enabling future security updates. Ultimately, it argues that without upgradable security measures, IoT devices will remain vulnerable to novel attacks throughout their lifecycle.

Technology
Related topics:
Internet of ThingsIoT Security Focus Cyber-Security
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Why the IoT Needs Upgradable Security L A R S LY D E R S E N , S E N I O R D I R E C T O R O F P R O D U C T S E C U R I T Y
Why the IoT Needs Upgradable Security L A R S LY D E R S E N , S E N I O R D I R E C T O R O F P R O D U C T S E C U R I T Y
Meet Lars, the Quantum Hacker
IoT of Guns Smart Engineers What you see You aimed here The gun shot here 4
Don’t Break My Heart 5
Classical Cyber Security Proprietary 6
IoT Security Proprietary /  Increased attack surface  Accessibility to hardware  Limited processing power in end nodes 7
 Security/privacy  Easy of use  Functionality  Cost Security/privacy is a balancing act 8
Class Hobbyist / script-kiddie Advanced hackers Security researchers Nation state attacks Motivation Fun, curiosity, fame Fame, financial Curiosity, improve security, novel ideas and attacks Espionage, sabotage Resources Limited, commodity hacking equipment Semi-specialized equipment. Experts in single domain Ultra-specialized equipment. Experts in multiple domains Unlimited Exponentially increasing cost of security Who is the adversary? Why do they attack? 9
Commoditization of attacker tools: DPA Before ca. 1998 Nation state? No public knowledge about DPA? Ca. 1998 – ca. 2015 Cryptographic Research, now Rambus, publishes papers on DPA and starts selling DPA equipment at a prohibitive price Security researchers 2015 - now Chipwisperer on Kickstarter for $300. Analysis software on Github Hobbyists 10
DPA today 11
Commoditization of attacker tools: EMI 2017 - now? Nation state? No public knowledge about EMI? ? –2017 Risecure sells EM Probe stations at a prohibitive price Security researchers Someone made a $350 probe station from a 3D printer and will put it on github (Badfet) Hobbyists 12
EMI today 13
What is the right security level? Time Level of security Adversary strength Today End of life for device  Adversary strengthens  Always new, novel attacks  Must upgrade security during lifecycle  Not all attacks are patchable  Need strong HW security today Choice of security level 14
Who is the adversary of 2035? 15
Secure boot is needed to enable upgradability  Signatures verify authenticity  Must use asymmetric crypto  Only requires public keys in the device  May provide confidentiality  Difficult find loopholes in image  Protect IP  Must put keys in immutable memory 16
M E M O R Y R E Q U I R E M E N T S How much overhead do you need? How to manage the memory budget? H O W Directly connected? Forced updates? W H O Who is authorized to push updates? How is the authorization enforced? Deploying upgrades Memory Bootloader RTOS Com Stack App data Overhead 17
 Security is not binary  Consider the adversary of the future  Upgradable security is necessary in IoT Summary 18
Thank you!

More Related Content

PPTX
Python-Assisted Red-Teaming Operation
Satria Ady Pradana
 
PPTX
Berkarir di Cyber Security
Satria Ady Pradana
 
PDF
Security for Human Beings
zekivazquez
 
PDF
SACON - Deception Technology (Sahir Hidayatullah)
Priyanka Aash
 
PPTX
The value of Deep Instinct’s prediction model – Copy Cat Test Case
Ally Benoliel
 
PPTX
Crowd-Sourced Threat Intelligence
AlienVault
 
PDF
Weaponizing OSINT – Hacker Halted 2019 – Michael James
EC-Council
 
PPTX
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
grecsl
 
Python-Assisted Red-Teaming Operation
Satria Ady Pradana
 
Berkarir di Cyber Security
Satria Ady Pradana
 
Security for Human Beings
zekivazquez
 
SACON - Deception Technology (Sahir Hidayatullah)
Priyanka Aash
 
The value of Deep Instinct’s prediction model – Copy Cat Test Case
Ally Benoliel
 
Crowd-Sourced Threat Intelligence
AlienVault
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
EC-Council
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
grecsl
 

What's hot (20)

PPTX
Hunting The Shadows: In Depth Analysis of Escalated APT Attacks
F _
 
PPTX
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
PDF
Threat Deception - Counter Techniques from the Defenders League
Avkash Kathiriya
 
PDF
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
EC-Council
 
PPTX
Ethical Hacking
Divyadharshini S U
 
PDF
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
 
PDF
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
PPTX
Android Hacking + Pentesting
Sina Manavi
 
PPTX
Extracting the Malware Signal from Internet Noise
Ashwini Almad
 
PPTX
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
Clare Nelson, CISSP, CIPP-E
 
PDF
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
PDF
PSCR 2019 - ICAM Standards
Adam Lewis
 
PPTX
Practical hardware attacks against SOHO Routers & the Internet of Things
Chase Schultz
 
PPT
Mobile phone Data Hacking
Md Abu Syeem Dipu
 
PPTX
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
 
PDF
RSA2015: Securing the Internet of Things
Daniel Miessler
 
PPTX
Information security
Varshil Patel
 
PPT
Why Risk Management is Impossible
Richard Stiennon
 
PPTX
Security and privacy for journalists
Jillian York
 
PDF
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
Felipe Prado
 
Hunting The Shadows: In Depth Analysis of Escalated APT Attacks
F _
 
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
Threat Deception - Counter Techniques from the Defenders League
Avkash Kathiriya
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
EC-Council
 
Ethical Hacking
Divyadharshini S U
 
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
 
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Android Hacking + Pentesting
Sina Manavi
 
Extracting the Malware Signal from Internet Noise
Ashwini Almad
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
Clare Nelson, CISSP, CIPP-E
 
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
PSCR 2019 - ICAM Standards
Adam Lewis
 
Practical hardware attacks against SOHO Routers & the Internet of Things
Chase Schultz
 
Mobile phone Data Hacking
Md Abu Syeem Dipu
 
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
 
RSA2015: Securing the Internet of Things
Daniel Miessler
 
Information security
Varshil Patel
 
Why Risk Management is Impossible
Richard Stiennon
 
Security and privacy for journalists
Jillian York
 
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
Felipe Prado
 
Ad

Similar to Why the IoT the Needs Upgradable Security (20)

PDF
Hack one iot device, break them all!
Justin Black
 
PPSX
Ethical Hacking, Its relevance and Its Prospects
Rwik Kumar Dutta
 
PPTX
ShadyRAT: Anatomy of targeted attack
Vladyslav Radetsky
 
PPTX
CrowdSec A-Round Fundraising Deck
CrowdSec
 
PPTX
Digital Age-Preparing Yourself
jkl0202
 
PDF
Hacking Internet of Things (IoT)
SecPod Technologies
 
PPTX
How to Build a Career in Cyber Security?
Intellipaat
 
PPTX
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Black Duck by Synopsys
 
PPTX
Cyber Security: A Common Problem 2018
joshquarrie
 
PDF
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Product of Things
 
PDF
Ethical Hacking by Krutarth Vasavada
Krutarth Vasavada
 
PPTX
Io t slides_iotvillage
agmoneyy
 
PPTX
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
RedZone Technologies
 
PDF
From Identity to Ownership Theft
University of Hertfordshire
 
PDF
Tower defense for hackers: Layered (in-)security for microcontrollers
Milosch Meriac
 
PPTX
SAMBA - Luka Pavol - 12.3.2014
Anton Bittner
 
PPTX
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Alistair Gillespie
 
PDF
Best Endpoint Security Course with AI in Delhi.pdf
daksh908982
 
PDF
Network security
LukeDaniel12
 
PDF
Blue team reboot - HackFest
Haydn Johnson
 
Hack one iot device, break them all!
Justin Black
 
Ethical Hacking, Its relevance and Its Prospects
Rwik Kumar Dutta
 
ShadyRAT: Anatomy of targeted attack
Vladyslav Radetsky
 
CrowdSec A-Round Fundraising Deck
CrowdSec
 
Digital Age-Preparing Yourself
jkl0202
 
Hacking Internet of Things (IoT)
SecPod Technologies
 
How to Build a Career in Cyber Security?
Intellipaat
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Black Duck by Synopsys
 
Cyber Security: A Common Problem 2018
joshquarrie
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Product of Things
 
Ethical Hacking by Krutarth Vasavada
Krutarth Vasavada
 
Io t slides_iotvillage
agmoneyy
 
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
RedZone Technologies
 
From Identity to Ownership Theft
University of Hertfordshire
 
Tower defense for hackers: Layered (in-)security for microcontrollers
Milosch Meriac
 
SAMBA - Luka Pavol - 12.3.2014
Anton Bittner
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Alistair Gillespie
 
Best Endpoint Security Course with AI in Delhi.pdf
daksh908982
 
Network security
LukeDaniel12
 
Blue team reboot - HackFest
Haydn Johnson
 
Ad

More from Silicon Labs (20)

PDF
Develop Secure, Interoperable Smart Home Products with Z-Wave
Silicon Labs
 
PDF
Benchmarking Bluetooth Mesh, Thread, and Zigbee Network Performance
Silicon Labs
 
PDF
Enhance Home and Building Automation with Multiprotocol Wireless Connectivity
Silicon Labs
 
PDF
5 Clock Tree Design Techniques to Optimize SerDes Performance for Networking ...
Silicon Labs
 
PDF
Extending Bluetooth with Mesh Networking
Silicon Labs
 
PDF
Selecting the Right Mesh Technology for Your Application
Silicon Labs
 
PDF
Getting the Most Out of Bluetooth 5
Silicon Labs
 
PDF
Developing Accessories for the Apple HomeKit Ecosystem
Silicon Labs
 
PDF
Developing Biomedical Devices with Bluetooth
Silicon Labs
 
PDF
Integrating Speed and Flexibility Isolating Industrial Control
Silicon Labs
 
PDF
Clock Tree Timing 101
Silicon Labs
 
PDF
Building a More Connected World
Silicon Labs
 
PDF
Applications and Industries Being Powered by Bluetooth Low Energy
Silicon Labs
 
PDF
Choosing Between a Wireless Module and a Wireless SoC
Silicon Labs
 
PDF
Multiprotocol Wireless Gecko SoCs
Silicon Labs
 
PPTX
Multi-mode Wireless SoCs
Silicon Labs
 
PPTX
Router CPU Load in Home Networks
Silicon Labs
 
PDF
Aiming Low: Low-Power MCUs for the IoT
Silicon Labs
 
PDF
Step Right Up: Design the Next Winning Wearable
Silicon Labs
 
PPTX
Top Lessons Learned: Industrial Automation Webinar Series
Silicon Labs
 
Develop Secure, Interoperable Smart Home Products with Z-Wave
Silicon Labs
 
Benchmarking Bluetooth Mesh, Thread, and Zigbee Network Performance
Silicon Labs
 
Enhance Home and Building Automation with Multiprotocol Wireless Connectivity
Silicon Labs
 
5 Clock Tree Design Techniques to Optimize SerDes Performance for Networking ...
Silicon Labs
 
Extending Bluetooth with Mesh Networking
Silicon Labs
 
Selecting the Right Mesh Technology for Your Application
Silicon Labs
 
Getting the Most Out of Bluetooth 5
Silicon Labs
 
Developing Accessories for the Apple HomeKit Ecosystem
Silicon Labs
 
Developing Biomedical Devices with Bluetooth
Silicon Labs
 
Integrating Speed and Flexibility Isolating Industrial Control
Silicon Labs
 
Clock Tree Timing 101
Silicon Labs
 
Building a More Connected World
Silicon Labs
 
Applications and Industries Being Powered by Bluetooth Low Energy
Silicon Labs
 
Choosing Between a Wireless Module and a Wireless SoC
Silicon Labs
 
Multiprotocol Wireless Gecko SoCs
Silicon Labs
 
Multi-mode Wireless SoCs
Silicon Labs
 
Router CPU Load in Home Networks
Silicon Labs
 
Aiming Low: Low-Power MCUs for the IoT
Silicon Labs
 
Step Right Up: Design the Next Winning Wearable
Silicon Labs
 
Top Lessons Learned: Industrial Automation Webinar Series
Silicon Labs
 

Recently uploaded (20)

PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Approach and Philosophy of On baking technology
30anthuong17
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 

Why the IoT the Needs Upgradable Security

  • 1. Why the IoT Needs Upgradable Security L A R S LY D E R S E N , S E N I O R D I R E C T O R O F P R O D U C T S E C U R I T Y
  • 2. Why the IoT Needs Upgradable Security L A R S LY D E R S E N , S E N I O R D I R E C T O R O F P R O D U C T S E C U R I T Y
  • 3. Meet Lars, the Quantum Hacker
  • 4. IoT of Guns Smart Engineers What you see You aimed here The gun shot here 4
  • 7. IoT Security Proprietary /  Increased attack surface  Accessibility to hardware  Limited processing power in end nodes 7
  • 8.  Security/privacy  Easy of use  Functionality  Cost Security/privacy is a balancing act 8
  • 9. Class Hobbyist / script-kiddie Advanced hackers Security researchers Nation state attacks Motivation Fun, curiosity, fame Fame, financial Curiosity, improve security, novel ideas and attacks Espionage, sabotage Resources Limited, commodity hacking equipment Semi-specialized equipment. Experts in single domain Ultra-specialized equipment. Experts in multiple domains Unlimited Exponentially increasing cost of security Who is the adversary? Why do they attack? 9
  • 10. Commoditization of attacker tools: DPA Before ca. 1998 Nation state? No public knowledge about DPA? Ca. 1998 – ca. 2015 Cryptographic Research, now Rambus, publishes papers on DPA and starts selling DPA equipment at a prohibitive price Security researchers 2015 - now Chipwisperer on Kickstarter for $300. Analysis software on Github Hobbyists 10
  • 12. Commoditization of attacker tools: EMI 2017 - now? Nation state? No public knowledge about EMI? ? –2017 Risecure sells EM Probe stations at a prohibitive price Security researchers Someone made a $350 probe station from a 3D printer and will put it on github (Badfet) Hobbyists 12
  • 14. What is the right security level? Time Level of security Adversary strength Today End of life for device  Adversary strengthens  Always new, novel attacks  Must upgrade security during lifecycle  Not all attacks are patchable  Need strong HW security today Choice of security level 14
  • 15. Who is the adversary of 2035? 15
  • 16. Secure boot is needed to enable upgradability  Signatures verify authenticity  Must use asymmetric crypto  Only requires public keys in the device  May provide confidentiality  Difficult find loopholes in image  Protect IP  Must put keys in immutable memory 16
  • 17. M E M O R Y R E Q U I R E M E N T S How much overhead do you need? How to manage the memory budget? H O W Directly connected? Forced updates? W H O Who is authorized to push updates? How is the authorization enforced? Deploying upgrades Memory Bootloader RTOS Com Stack App data Overhead 17
  • 18.  Security is not binary  Consider the adversary of the future  Upgradable security is necessary in IoT Summary 18