SlideShare ist ein Scribd-Unternehmen logo

IoT security fresh thinking 2017 sep 9

Arvind Tiwary
Arvind Tiwary

A fresh new way to secure IoTnetworks. Current approaches and NIST Standards may not be sufficient

Internet
1 von 13
Downloaden Sie, um offline zu lesen
1 IoTSecurityTaskForce Fresh Thinking. CISO Platform and IoTForum Intiative Arvind Tiwary Chair IoTForum
2 IOT Security  Over 13 Standards bodies have a advisory  http://www.cisoplatform.com/profiles/blogs/survey-of-iot-security- standards  FTC, NIST  IoT Security Foundation, Broadband Internet Technical Advisory Group (BITAG)  OWASP  IETF  DICE MUD, OtrF, ACE  IIC Industrial Internet Consortium, Cybersecurity = risk is Money and reputation IoT = risk is accident and human lives
3 Task Force on IoT Security IoT Forum & CISO platform join hands to create IoT Security Task force Readying up the Nation for #IoTSecurity The task force is chartered to develop threat models, controls and assist players in new techno-legal- commercial arrangements to improve IoT Security Fresh thinking around Security for IOT
4 Fresh Thinking: Is the Emperor Naked? You don’t change all the locks of each house in a city merrily because criminals can break 7 lever locks in less time
5 IOTSecurity  Program COMPLEXITY= Algorithm + Data Structure  CyberSecurity Difficulty= Legal + Technical  Internet was designed to withstand disruptive nuclear attack  IP and MAC spoofing make it fundamentally unsecure  Legal Basis  Product Quality and Liability regime – USA  DDOS by House Owners is like Rioters are House owner responsibility?  Petty Wannacry type ransom ware is like carjacking in Joburg  Armoured car ?  Criminal Law  Territorial  Individual, layers of Government  Precinct, City, State, Nation  Right of Self defence Do IoT Networks need to be anyone, anywhere, anytime? We need attribution which can hold in a court of law and can be easily and routinely derived. not require weeks of research?
6 Plan  Initial discussions IoTNext 2016 (4Q 2016)  Public Airing 9 Sep 2017  CISO Platform 14 Sep  IET Socialization 15 Sep  1W OCT  TSDSI, DOT,TRAI,CDAC,  BSNL. Airtel, Jio, Vodafone, Ericson, Telco Stack  SoC, Chip mfgs  Lawyers, Free Internet  Others (IEEE,iSPIRT)  2W Revisions based on feedback  Final Draft Nov9/10
7 Urban City: Does every house need to be a Fort Knox? ▪ The Wild West ▪ The Frontier Town ▪ The City Private Semi Private Semi Public Public Visitor ID, verification Inspection of car, High Security Area Checks on types of transport and speed etc IEEE P1931.1 WG Roof Computing Context based
8 Fresh Thinking: Enterprise security at scale  A level between end devices, users/enterprise and Cloud  Shared skills, services, more economical and scalable  Range of service levels provided by Managed Security Network Providers (MSNP)  SAFE  HARDENED  BALLISTIC  Collaboration Necessary  WireX Botnet --- Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru collaborated in near time to pin point Android Apps Tanium
9 Segmenting the Internet: Regulatory SANDBOX for pioneering a effective technical solution  A IPv4 network  A net part  126 for Class A  2 Million + for Class C  A host part  254 for Class C  16 Mill for Class A  Specials  127.0.0.1 local loopback within a host  192 .168.1.1 default gateway  255.255.255.255 mask for multicast  IoT SECURENET  Class E network
10 SECURENET for IoT  1 Users subscribe to a protocol that allows managed safe network provider (MSNP) to inform them of suspicions activity by any end point at their end and they take action within minutes. MSNP has authority to throttle or block such devices till a discussion with user and resolution is put in place. This messaging is “out of band” and not to the device initiating communication  2 For safe networks anonymous, anywhere access is explicitly not a feature. Much like 2 factor tokens used by many banks or SMS based OTP; safe networks have technical steps in place to assure devices are identified and authenticated.  3 Users agree to MSNP blocking all traffic from ISP that do not subscribe to some minimum protocols like Source Address verification for Secure and higher guarantees on identity end users/devices that Safe hardened and ballistic networks require.  4 HARDENED networks may route packets thru specific routers/ISP and border gateways which are “trusted” even if this may cause delay or increase costs. They may use deception based protection like honeypot and tarpit as a standard.
11 IoT SECURENET  5 MSNP may block some protocols permanently ( video) and some unless pre registered ( telenet , rlogin and SSH ). If users have devices where a service provider needs access thru telenet or SSH this needs to be registered and pre agreed. MSNP may require a high level of security from the source of service provider access.  6 Limited encryptions. MSNP needs to be able to determine ultimate source and destination and other meta data to cross correlate with others and make assessments of safety and compromised devices. Deep packet Inspection may be allowed if required for HARDENED networks and agreed by subscribers. In this scenario sender of packets are denied anonymous passage.  7 Cyber CCTV and patrolling. MSNP will be logging almost all traffic and sharing in near real time suspicious activity and making threat assessments with other participating ISP and CERT-IN. To make this evidence sufficient for a court of law ISP may mandate physical verification and logging as well hardware root of trust based secure boot at all routers, gateways, bridges in the network technical steps to defeat IP and MAC spoofing should be in place and audited regularly  8 The Cyber CCTV logs should follow an agreed protocol for sharing with a central clearing house and post event analysis.
12 CROSS BORDER  PROTOCOL for Countries allowed to connect on SECURENET  FAST , MINIMUM ACTION on suspect SITES automatically  MARTIME LAW is basis In the days of fighting sail, a letter of marque and reprisal was a government license authorizing a person (known as a privateer) to attack and capture enemy vessels and bring them before admiralty courts for condemnation and sale. A "letter of marque and reprisal" would include permission to cross an international border to effect a reprisal (take some action against an attack or injury) authorized by an issuing jurisdiction to conduct reprisal operations outside its borders. Wikipedia The United States Constitution grants to the Congress the power, among others, to issue “Letters of Marque and Reprisal.
13 Critique, Alternative, Improvements  Volunteer Please…HARD PROBLEM  Technical Tools and approaches  Enterprise security at scale  Phishing and Super user hijack in IoT  Trigger words for Alexa, Google Home, Siri  MUD, DICE etc  Legal Tools and Approaches  Semi private and Semi Public in Cyberspace  Right to self defence  Delegated policing powers

Empfohlen

Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 

Empfohlen

Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
Block Armour
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Block Armour
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
Block Armour
 
IoT Armour: Securing connected devices and critical IoT infrastructure with B...
IoT Armour: Securing connected devices and critical IoT infrastructure with B...IoT Armour: Securing connected devices and critical IoT infrastructure with B...
IoT Armour: Securing connected devices and critical IoT infrastructure with B...
Block Armour
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
Block Armour
 
Block Armour Digital Vault
Block Armour Digital VaultBlock Armour Digital Vault
Block Armour Digital Vault
Block Armour
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
IoT Security
IoT SecurityIoT Security
IoT Security
Peter Waher
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
Block Armour
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Priyanka Aash
 

Weitere ähnliche Inhalte

Was ist angesagt?

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
Block Armour
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 

Was ist angesagt? (20)

Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
 
IoT Armour: Securing connected devices and critical IoT infrastructure with B...
IoT Armour: Securing connected devices and critical IoT infrastructure with B...IoT Armour: Securing connected devices and critical IoT infrastructure with B...
IoT Armour: Securing connected devices and critical IoT infrastructure with B...
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
Block Armour Digital Vault
Block Armour Digital VaultBlock Armour Digital Vault
Block Armour Digital Vault
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
 

Ähnlich wie IoT security fresh thinking 2017 sep 9

OpenCryptoTrust vision deck
OpenCryptoTrust vision deckOpenCryptoTrust vision deck
OpenCryptoTrust vision deck
Stuart G Hall (stuartgh)
 
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-thingssmall-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
MeshDynamics
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
Impact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docxImpact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docx
sheronlewthwaite
 

Ähnlich wie IoT security fresh thinking 2017 sep 9 (20)

The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
 
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINAN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
 
OpenCryptoTrust vision deck
OpenCryptoTrust vision deckOpenCryptoTrust vision deck
OpenCryptoTrust vision deck
 
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderUsing a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
 
Blockchain & Telecommunication Services Provider
Blockchain & Telecommunication Services ProviderBlockchain & Telecommunication Services Provider
Blockchain & Telecommunication Services Provider
 
COMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THING
COMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THINGCOMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THING
COMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THING
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
Navigating Crypto: Industry Map
Navigating Crypto: Industry MapNavigating Crypto: Industry Map
Navigating Crypto: Industry Map
 
Blockchain-based Applications
Blockchain-based ApplicationsBlockchain-based Applications
Blockchain-based Applications
 
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-thingssmall-dumb-cheap-and-copious-the-future-of-the-internet-of-things
small-dumb-cheap-and-copious-the-future-of-the-internet-of-things
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets Security
 
Impact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docxImpact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docx
 
IRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using BlockchainIRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using Blockchain
 
Cyber security
Cyber securityCyber security
Cyber security
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 

Kürzlich hochgeladen

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 

Kürzlich hochgeladen (20)

Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 

IoT security fresh thinking 2017 sep 9

  • 1. 1 IoTSecurityTaskForce Fresh Thinking. CISO Platform and IoTForum Intiative Arvind Tiwary Chair IoTForum
  • 2. 2 IOT Security  Over 13 Standards bodies have a advisory  http://www.cisoplatform.com/profiles/blogs/survey-of-iot-security- standards  FTC, NIST  IoT Security Foundation, Broadband Internet Technical Advisory Group (BITAG)  OWASP  IETF  DICE MUD, OtrF, ACE  IIC Industrial Internet Consortium, Cybersecurity = risk is Money and reputation IoT = risk is accident and human lives
  • 3. 3 Task Force on IoT Security IoT Forum & CISO platform join hands to create IoT Security Task force Readying up the Nation for #IoTSecurity The task force is chartered to develop threat models, controls and assist players in new techno-legal- commercial arrangements to improve IoT Security Fresh thinking around Security for IOT
  • 4. 4 Fresh Thinking: Is the Emperor Naked? You don’t change all the locks of each house in a city merrily because criminals can break 7 lever locks in less time
  • 5. 5 IOTSecurity  Program COMPLEXITY= Algorithm + Data Structure  CyberSecurity Difficulty= Legal + Technical  Internet was designed to withstand disruptive nuclear attack  IP and MAC spoofing make it fundamentally unsecure  Legal Basis  Product Quality and Liability regime – USA  DDOS by House Owners is like Rioters are House owner responsibility?  Petty Wannacry type ransom ware is like carjacking in Joburg  Armoured car ?  Criminal Law  Territorial  Individual, layers of Government  Precinct, City, State, Nation  Right of Self defence Do IoT Networks need to be anyone, anywhere, anytime? We need attribution which can hold in a court of law and can be easily and routinely derived. not require weeks of research?
  • 6. 6 Plan  Initial discussions IoTNext 2016 (4Q 2016)  Public Airing 9 Sep 2017  CISO Platform 14 Sep  IET Socialization 15 Sep  1W OCT  TSDSI, DOT,TRAI,CDAC,  BSNL. Airtel, Jio, Vodafone, Ericson, Telco Stack  SoC, Chip mfgs  Lawyers, Free Internet  Others (IEEE,iSPIRT)  2W Revisions based on feedback  Final Draft Nov9/10
  • 7. 7 Urban City: Does every house need to be a Fort Knox? ▪ The Wild West ▪ The Frontier Town ▪ The City Private Semi Private Semi Public Public Visitor ID, verification Inspection of car, High Security Area Checks on types of transport and speed etc IEEE P1931.1 WG Roof Computing Context based
  • 8. 8 Fresh Thinking: Enterprise security at scale  A level between end devices, users/enterprise and Cloud  Shared skills, services, more economical and scalable  Range of service levels provided by Managed Security Network Providers (MSNP)  SAFE  HARDENED  BALLISTIC  Collaboration Necessary  WireX Botnet --- Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru collaborated in near time to pin point Android Apps Tanium
  • 9. 9 Segmenting the Internet: Regulatory SANDBOX for pioneering a effective technical solution  A IPv4 network  A net part  126 for Class A  2 Million + for Class C  A host part  254 for Class C  16 Mill for Class A  Specials  127.0.0.1 local loopback within a host  192 .168.1.1 default gateway  255.255.255.255 mask for multicast  IoT SECURENET  Class E network
  • 10. 10 SECURENET for IoT  1 Users subscribe to a protocol that allows managed safe network provider (MSNP) to inform them of suspicions activity by any end point at their end and they take action within minutes. MSNP has authority to throttle or block such devices till a discussion with user and resolution is put in place. This messaging is “out of band” and not to the device initiating communication  2 For safe networks anonymous, anywhere access is explicitly not a feature. Much like 2 factor tokens used by many banks or SMS based OTP; safe networks have technical steps in place to assure devices are identified and authenticated.  3 Users agree to MSNP blocking all traffic from ISP that do not subscribe to some minimum protocols like Source Address verification for Secure and higher guarantees on identity end users/devices that Safe hardened and ballistic networks require.  4 HARDENED networks may route packets thru specific routers/ISP and border gateways which are “trusted” even if this may cause delay or increase costs. They may use deception based protection like honeypot and tarpit as a standard.
  • 11. 11 IoT SECURENET  5 MSNP may block some protocols permanently ( video) and some unless pre registered ( telenet , rlogin and SSH ). If users have devices where a service provider needs access thru telenet or SSH this needs to be registered and pre agreed. MSNP may require a high level of security from the source of service provider access.  6 Limited encryptions. MSNP needs to be able to determine ultimate source and destination and other meta data to cross correlate with others and make assessments of safety and compromised devices. Deep packet Inspection may be allowed if required for HARDENED networks and agreed by subscribers. In this scenario sender of packets are denied anonymous passage.  7 Cyber CCTV and patrolling. MSNP will be logging almost all traffic and sharing in near real time suspicious activity and making threat assessments with other participating ISP and CERT-IN. To make this evidence sufficient for a court of law ISP may mandate physical verification and logging as well hardware root of trust based secure boot at all routers, gateways, bridges in the network technical steps to defeat IP and MAC spoofing should be in place and audited regularly  8 The Cyber CCTV logs should follow an agreed protocol for sharing with a central clearing house and post event analysis.
  • 12. 12 CROSS BORDER  PROTOCOL for Countries allowed to connect on SECURENET  FAST , MINIMUM ACTION on suspect SITES automatically  MARTIME LAW is basis In the days of fighting sail, a letter of marque and reprisal was a government license authorizing a person (known as a privateer) to attack and capture enemy vessels and bring them before admiralty courts for condemnation and sale. A "letter of marque and reprisal" would include permission to cross an international border to effect a reprisal (take some action against an attack or injury) authorized by an issuing jurisdiction to conduct reprisal operations outside its borders. Wikipedia The United States Constitution grants to the Congress the power, among others, to issue “Letters of Marque and Reprisal.
  • 13. 13 Critique, Alternative, Improvements  Volunteer Please…HARD PROBLEM  Technical Tools and approaches  Enterprise security at scale  Phishing and Super user hijack in IoT  Trigger words for Alexa, Google Home, Siri  MUD, DICE etc  Legal Tools and Approaches  Semi private and Semi Public in Cyberspace  Right to self defence  Delegated policing powers