SlideShare ist ein Scribd-Unternehmen logo

SAM-IoT: Securing low power device communication in critical infrastructure management

Brain IoT Project
Brain IoT Project

This document discusses security challenges for low power IoT devices in critical infrastructure. It outlines threats like botnet attacks on IoT devices and impacts of cyber incidents including production downtime and physical/reputational damages. The complexity of securing heterogeneous IoT systems with diverse protocols and constraints is also examined. The document advocates an end-to-end security paradigm to ensure privacy across all components and presents a water management use case that achieves this using authentication over low power networks and fully encrypted payloads. It concludes that artificial intelligence can help enable reliable cyber monitoring for large-scale IoT systems.

Technologie
1 von 13
Downloaden Sie, um offline zu lesen
SECURING LOW POWER DEVICE COMMUNICATION IN CRITICAL INFRASTRUCTURE MANAGEMENT Paul-Emmanuel BRUN, Airbus CyberSecurity SAS
June 3, 20203rd Workshop on IoT Security and Privacy 2 OVERVIEW OF THREATS IN IOT VectorTarget Weapon 2017 Casino fish tank temperature sensor cyberattack 2017 Dallas Emergency Sirens cyberattack 2016 - 2019 Mirai Botnet
June 3, 20203rd Workshop on IoT Security and Privacy 3 INDUSTRIAL IOT CONSIDERATIONS Potential effects of cyber-incidents involving Industrial IoT: Business impacts: • Production / service downtime, resulting in overcosts, delays and reputation • Quality deficiencies, resulting financial / reputational damages • Reputational damages, subsequent loss of opportunities Physical damages: • Equipment damages, recovery costs, impact on production • Human safety, operator / user / society endangered Damages to intangible assets: • Intellectual Property (IP) theft and loss of competitive advantages • Private data leakage resulting in legal and reputational damages
4 IOT SYSTEM ARCHITECTURE & THREATS Device operating system Connectivity Application Gateway operating system Connectivity Network infrastructure Cloud Application Devices Edge Network / Gateway Network provider Application & services IoT platform concentrator HUB IoT Platform Iot Platform Edge application Hardware side channel & dumping Device spoofing on untrusted protocols Network provider backend spying & spoofing Platform database corruption Fake data spoofing
Example from SHODAN with a widely used IoT protocol, MQTT: à 74 000 fully open backend Many types of data, such as GPS position, temperatures, actuators, … THREATS - EXAMPLE Network / IoT service provider backend spying & spoofing
Location, DD/MM/YYYYPresentation Title 6 INDUSTRIAL IOT COMPLEXITY Heterogeneous protocols Protocols and hardware come from mass market Heterogenous constraints and massive deployments The high level of heterogeneity of protocols (network & applicative), make it difficult to validate the overall system and ensure end-to-end security Hardware and protocols are facing new challenges to reduce costs and increase autonomy. Those challenges are not compatible with state of the art security mechanisms From industry 4.0 to connected transportation and smart city, IoT use cases are broad, and hardware heterogeneity leads to complex validation processes for embedded softwares
June 3, 20203rd Workshop on IoT Security and Privacy 7 THE END-TO-END SECURITY PARADIGM Device operating system Connectivity Application Gateway operating system Connectivity Network infrastructure Cloud Application Devices Edge Network / Gateway Network provider Application & services IoT platform concentrator HUB IoT Platform Iot Platform Edge application Ensure privacy and security of data through all third parties
8 END-TO-END SECURITY – STATE OF THE ART Encryption supporting Low Power IoT constraint Authentication supporting Low Power IoT constraint End-to-end secure over heterogeneous dataflow TLS No No No EDHOC + TLS Yes Yes No SCHC + TLS Yes Yes Partial (no applicative disruption possible / data overhead) OSCORE Yes Yes Partial (limited to CoAP - no applicative disruption possible) As no security layers supports security over multi-applicative protocols (e.g: LoRaWAN -> MQTT -> HTTP), state of the art solution relies on hop-to-hop security, leading to potential leaks in third party components
9 END-TO-END SECURITY – A WATER MANAGEMENT USE CASE (FROM BRAIN-IOT H2020 PROJECT) IoT network IoT network Brain-IoT Fabric Security management End-to-end authentication over LPWAN networks (Sigfox & LoRaWAN) Hardened security: Protection against attacks on third parties (network provider) Low impact on energy consumption: Impact on device lifetime: 0,25% (30 messages / hour) Low impact on device bandwidth : 5 bytes for security metadata MQTTHTTP Fully encrypted & authenticated payloads BRAIN-IoT node
Public LoRaWAN Network June 3, 20203rd Workshop on IoT Security and Privacy 10 END-TO-END SECURITY – A WATER MANAGEMENT USE CASE (FROM BRAIN-IOT H2020 PROJECT) « on the field » Cloud On premiseHTTP Security Manager BRAIN-IoT Node Cloud GW Security Module TLS
June 3, 20203rd Workshop on IoT Security and Privacy 11 • 2 pillars of cyber secured systems : – Cyber protection – Cyber detection • IoT brings news challenges for cyber monitoring because of : – Big amount of data – Decentralized architecture Artificial intelligence is a key technology to enable reliable cyber monitoring in IoT contexts TO CONCLUDE
CONTACTS This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 780089. IoT System Security Expert Airbus CyberSecurity SAS +33 1 61 38 68 02 paul-emmanuel.brun@airbus.com / https://airbus-cyber-security.com CONTACTS PAUL-EMMANUEL BRUN
Public LoRaWAN Network June 3, 20203rd Workshop on IoT Security and Privacy 13 END-TO-END SECURITY – A WATER MANAGEMENT USE CASE (FROM BRAIN-IOT H2020 PROJECT) « on the field » Cloud On premiseHTTP Security Manager BRAIN-IoT Node Cloud GW Security Module TLS 1. Send join requet 3. Receive Join Accept 4. Send runtime key request (encrypted and authenticated using Device Management Key) 5. If runtime key request is valid, add to Manager and send back the runtime key (encrypted and authenticated using Device Management Key) 6. Receive runtime key store it securely using device fingerprint 2. Add automatically device (using APPEUI and APPKey)

Empfohlen

SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...Brain IoT Project
 
SAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots System
SAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots SystemSAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots System
SAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots SystemBrain IoT Project
 
Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadBrain IoT Project
 
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...Brain IoT Project
 
IoT
IoTIoT
IoTMphasis
 
IOT Based Data Monitoring System
IOT Based Data Monitoring SystemIOT Based Data Monitoring System
IOT Based Data Monitoring SystemAshok Fair
 
M2M Communication
M2M CommunicationM2M Communication
M2M CommunicationFabMinds
 
IoT Levels and Deployment Templates
IoT Levels and Deployment TemplatesIoT Levels and Deployment Templates
IoT Levels and Deployment TemplatesPrakash Honnur
 

Empfohlen

SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...Brain IoT Project
 
SAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots System
SAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots SystemSAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots System
SAM-IoT: Risk Assessment in IoT Case Study: Collaborative Robots SystemBrain IoT Project
 
Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadBrain IoT Project
 
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...Brain IoT Project
 
IoT
IoTIoT
IoTMphasis
 
IOT Based Data Monitoring System
IOT Based Data Monitoring SystemIOT Based Data Monitoring System
IOT Based Data Monitoring SystemAshok Fair
 
M2M Communication
M2M CommunicationM2M Communication
M2M CommunicationFabMinds
 
IoT Levels and Deployment Templates
IoT Levels and Deployment TemplatesIoT Levels and Deployment Templates
IoT Levels and Deployment TemplatesPrakash Honnur
 
Chapter 5 IoT Design methodologies
Chapter 5 IoT Design methodologiesChapter 5 IoT Design methodologies
Chapter 5 IoT Design methodologiespavan penugonda
 
Cottage village
Cottage villageCottage village
Cottage villageHadif Hassan
 
Lecture 5
Lecture 5Lecture 5
Lecture 5vishal choudhary
 
Sources of IoT (JNTUK - UNIT 1)
Sources of IoT (JNTUK - UNIT 1)Sources of IoT (JNTUK - UNIT 1)
Sources of IoT (JNTUK - UNIT 1)FabMinds
 
Iot m2m
Iot m2mIot m2m
Iot m2msundarag1
 
IoT Home monitoring system
IoT Home monitoring system IoT Home monitoring system
IoT Home monitoring system Puneet Mishra
 
Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Ecwaytech
 
Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Ecway Technologies
 
Ima an integrated monitoring architecture with sensor networks
Ima an integrated monitoring architecture with sensor networksIma an integrated monitoring architecture with sensor networks
Ima an integrated monitoring architecture with sensor networkssudhakar5472
 
352 356
352 356352 356
352 356Editor IJARCET
 
Modeling self-adaptative IoT architectures
Modeling self-adaptative IoT architecturesModeling self-adaptative IoT architectures
Modeling self-adaptative IoT architecturesIván Alfonso
 
Case studies in io t smart-home
Case studies in io t smart-homeCase studies in io t smart-home
Case studies in io t smart-homevishal choudhary
 
Lecture 11
Lecture 11Lecture 11
Lecture 11vishal choudhary
 
Bio stamp
Bio stampBio stamp
Bio stampAdit Group
 
IoT Application Testing - Complexities & Challenges
IoT Application Testing - Complexities & ChallengesIoT Application Testing - Complexities & Challenges
IoT Application Testing - Complexities & ChallengesSatyaKVivek
 
IoT Testing Services- Uncover All Critical Issues
IoT Testing Services- Uncover All Critical IssuesIoT Testing Services- Uncover All Critical Issues
IoT Testing Services- Uncover All Critical IssuesBugRaptors
 
Location Based System For Mobile Devices Using Rfid
Location Based System For Mobile Devices Using RfidLocation Based System For Mobile Devices Using Rfid
Location Based System For Mobile Devices Using Rfidvein
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationHans Klos
 
IoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesShashi Kiran
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptxPrinceGupta789219
 
Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...journalBEEI
 
Lightweight Cryptography Algorithms for Security of IoT Devices: A Survey
Lightweight Cryptography Algorithms for Security of IoT Devices: A SurveyLightweight Cryptography Algorithms for Security of IoT Devices: A Survey
Lightweight Cryptography Algorithms for Security of IoT Devices: A SurveyIRJET Journal
 

Weitere ähnliche Inhalte

Was ist angesagt?

Chapter 5 IoT Design methodologies
Chapter 5 IoT Design methodologiesChapter 5 IoT Design methodologies
Chapter 5 IoT Design methodologiespavan penugonda
 
Sources of IoT (JNTUK - UNIT 1)
Sources of IoT (JNTUK - UNIT 1)Sources of IoT (JNTUK - UNIT 1)
Sources of IoT (JNTUK - UNIT 1)FabMinds
 
IoT Home monitoring system
IoT Home monitoring system IoT Home monitoring system
IoT Home monitoring system Puneet Mishra
 
Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Ecwaytech
 
Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Ecway Technologies
 
Ima an integrated monitoring architecture with sensor networks
Ima an integrated monitoring architecture with sensor networksIma an integrated monitoring architecture with sensor networks
Ima an integrated monitoring architecture with sensor networkssudhakar5472
 
Modeling self-adaptative IoT architectures
Modeling self-adaptative IoT architecturesModeling self-adaptative IoT architectures
Modeling self-adaptative IoT architecturesIván Alfonso
 
Case studies in io t smart-home
Case studies in io t smart-homeCase studies in io t smart-home
Case studies in io t smart-homevishal choudhary
 
IoT Application Testing - Complexities & Challenges
IoT Application Testing - Complexities & ChallengesIoT Application Testing - Complexities & Challenges
IoT Application Testing - Complexities & ChallengesSatyaKVivek
 
IoT Testing Services- Uncover All Critical Issues
IoT Testing Services- Uncover All Critical IssuesIoT Testing Services- Uncover All Critical Issues
IoT Testing Services- Uncover All Critical IssuesBugRaptors
 
Location Based System For Mobile Devices Using Rfid
Location Based System For Mobile Devices Using RfidLocation Based System For Mobile Devices Using Rfid
Location Based System For Mobile Devices Using Rfidvein
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationHans Klos
 

Was ist angesagt? (18)

Chapter 5 IoT Design methodologies
Chapter 5 IoT Design methodologiesChapter 5 IoT Design methodologies
Chapter 5 IoT Design methodologies
 
Cottage village
Cottage villageCottage village
Cottage village
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Sources of IoT (JNTUK - UNIT 1)
Sources of IoT (JNTUK - UNIT 1)Sources of IoT (JNTUK - UNIT 1)
Sources of IoT (JNTUK - UNIT 1)
 
Iot m2m
Iot m2mIot m2m
Iot m2m
 
IoT Home monitoring system
IoT Home monitoring system IoT Home monitoring system
IoT Home monitoring system
 
Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4
 
Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4Wireless access control system based on ieee 802.15.4
Wireless access control system based on ieee 802.15.4
 
Ima an integrated monitoring architecture with sensor networks
Ima an integrated monitoring architecture with sensor networksIma an integrated monitoring architecture with sensor networks
Ima an integrated monitoring architecture with sensor networks
 
352 356
352 356352 356
352 356
 
Modeling self-adaptative IoT architectures
Modeling self-adaptative IoT architecturesModeling self-adaptative IoT architectures
Modeling self-adaptative IoT architectures
 
Case studies in io t smart-home
Case studies in io t smart-homeCase studies in io t smart-home
Case studies in io t smart-home
 
Lecture 11
Lecture 11Lecture 11
Lecture 11
 
Bio stamp
Bio stampBio stamp
Bio stamp
 
IoT Application Testing - Complexities & Challenges
IoT Application Testing - Complexities & ChallengesIoT Application Testing - Complexities & Challenges
IoT Application Testing - Complexities & Challenges
 
IoT Testing Services- Uncover All Critical Issues
IoT Testing Services- Uncover All Critical IssuesIoT Testing Services- Uncover All Critical Issues
IoT Testing Services- Uncover All Critical Issues
 
Location Based System For Mobile Devices Using Rfid
Location Based System For Mobile Devices Using RfidLocation Based System For Mobile Devices Using Rfid
Location Based System For Mobile Devices Using Rfid
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
 

Ähnlich wie SAM-IoT: Securing low power device communication in critical infrastructure management

IoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesShashi Kiran
 
Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...journalBEEI
 
Lightweight Cryptography Algorithms for Security of IoT Devices: A Survey
Lightweight Cryptography Algorithms for Security of IoT Devices: A SurveyLightweight Cryptography Algorithms for Security of IoT Devices: A Survey
Lightweight Cryptography Algorithms for Security of IoT Devices: A SurveyIRJET Journal
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with FogAchu Anna
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Brain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overviewBrain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overviewBrain IoT Project
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET Journal
 
A Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingA Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingIRJET Journal
 
Internet of Things IoT Security Perspective
Internet of Things IoT Security PerspectiveInternet of Things IoT Security Perspective
Internet of Things IoT Security Perspectiveijtsrd
 
IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018Peter Defreyne
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...IJCSIS Research Publications
 
IRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET Journal
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) GICTTraining
 
Internet of Things- Remote Desktop & Wireless Hibernation
Internet of Things- Remote Desktop & Wireless HibernationInternet of Things- Remote Desktop & Wireless Hibernation
Internet of Things- Remote Desktop & Wireless HibernationIRJET Journal
 
IoT challenges for Smart Manufacturing
IoT challenges for Smart ManufacturingIoT challenges for Smart Manufacturing
IoT challenges for Smart ManufacturingHeiko Koziolek
 
1. How will the IoT help your business - cisco
1. How will the IoT help your business - cisco1. How will the IoT help your business - cisco
1. How will the IoT help your business - ciscoMITEF México
 
Research Topics in Network Security for PhD
Research Topics in Network Security for PhDResearch Topics in Network Security for PhD
Research Topics in Network Security for PhDPhdtopiccom
 

Ähnlich wie SAM-IoT: Securing low power device communication in critical infrastructure management (20)

IoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative Approaches
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 
Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...
 
Lightweight Cryptography Algorithms for Security of IoT Devices: A Survey
Lightweight Cryptography Algorithms for Security of IoT Devices: A SurveyLightweight Cryptography Algorithms for Security of IoT Devices: A Survey
Lightweight Cryptography Algorithms for Security of IoT Devices: A Survey
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with Fog
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
Brain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overviewBrain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overview
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
A Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingA Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog Computing
 
Internet of Things IoT Security Perspective
Internet of Things IoT Security PerspectiveInternet of Things IoT Security Perspective
Internet of Things IoT Security Perspective
 
IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
 
IRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT Devices
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS )
 
Internet of Things- Remote Desktop & Wireless Hibernation
Internet of Things- Remote Desktop & Wireless HibernationInternet of Things- Remote Desktop & Wireless Hibernation
Internet of Things- Remote Desktop & Wireless Hibernation
 
IoT challenges for Smart Manufacturing
IoT challenges for Smart ManufacturingIoT challenges for Smart Manufacturing
IoT challenges for Smart Manufacturing
 
1. How will the IoT help your business - cisco
1. How will the IoT help your business - cisco1. How will the IoT help your business - cisco
1. How will the IoT help your business - cisco
 
Research Topics in Network Security for PhD
Research Topics in Network Security for PhDResearch Topics in Network Security for PhD
Research Topics in Network Security for PhD
 

Mehr von Brain IoT Project

Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadBrain IoT Project
 
Statistical model checking bip tool
Statistical model checking bip toolStatistical model checking bip tool
Statistical model checking bip toolBrain IoT Project
 
Rigorous system design the bip framework
Rigorous system design the bip frameworkRigorous system design the bip framework
Rigorous system design the bip frameworkBrain IoT Project
 
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoTIMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoTBrain IoT Project
 
ROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case StudyROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case StudyBrain IoT Project
 
Overview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoTOverview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoTBrain IoT Project
 
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...Brain IoT Project
 

Mehr von Brain IoT Project (7)

Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges Ahead
 
Statistical model checking bip tool
Statistical model checking bip toolStatistical model checking bip tool
Statistical model checking bip tool
 
Rigorous system design the bip framework
Rigorous system design the bip frameworkRigorous system design the bip framework
Rigorous system design the bip framework
 
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoTIMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
 
ROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case StudyROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case Study
 
Overview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoTOverview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoT
 
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
 

Kürzlich hochgeladen

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Kürzlich hochgeladen (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

SAM-IoT: Securing low power device communication in critical infrastructure management

  • 1. SECURING LOW POWER DEVICE COMMUNICATION IN CRITICAL INFRASTRUCTURE MANAGEMENT Paul-Emmanuel BRUN, Airbus CyberSecurity SAS
  • 2. June 3, 20203rd Workshop on IoT Security and Privacy 2 OVERVIEW OF THREATS IN IOT VectorTarget Weapon 2017 Casino fish tank temperature sensor cyberattack 2017 Dallas Emergency Sirens cyberattack 2016 - 2019 Mirai Botnet
  • 3. June 3, 20203rd Workshop on IoT Security and Privacy 3 INDUSTRIAL IOT CONSIDERATIONS Potential effects of cyber-incidents involving Industrial IoT: Business impacts: • Production / service downtime, resulting in overcosts, delays and reputation • Quality deficiencies, resulting financial / reputational damages • Reputational damages, subsequent loss of opportunities Physical damages: • Equipment damages, recovery costs, impact on production • Human safety, operator / user / society endangered Damages to intangible assets: • Intellectual Property (IP) theft and loss of competitive advantages • Private data leakage resulting in legal and reputational damages
  • 4. 4 IOT SYSTEM ARCHITECTURE & THREATS Device operating system Connectivity Application Gateway operating system Connectivity Network infrastructure Cloud Application Devices Edge Network / Gateway Network provider Application & services IoT platform concentrator HUB IoT Platform Iot Platform Edge application Hardware side channel & dumping Device spoofing on untrusted protocols Network provider backend spying & spoofing Platform database corruption Fake data spoofing
  • 5. Example from SHODAN with a widely used IoT protocol, MQTT: à 74 000 fully open backend Many types of data, such as GPS position, temperatures, actuators, … THREATS - EXAMPLE Network / IoT service provider backend spying & spoofing
  • 6. Location, DD/MM/YYYYPresentation Title 6 INDUSTRIAL IOT COMPLEXITY Heterogeneous protocols Protocols and hardware come from mass market Heterogenous constraints and massive deployments The high level of heterogeneity of protocols (network & applicative), make it difficult to validate the overall system and ensure end-to-end security Hardware and protocols are facing new challenges to reduce costs and increase autonomy. Those challenges are not compatible with state of the art security mechanisms From industry 4.0 to connected transportation and smart city, IoT use cases are broad, and hardware heterogeneity leads to complex validation processes for embedded softwares
  • 7. June 3, 20203rd Workshop on IoT Security and Privacy 7 THE END-TO-END SECURITY PARADIGM Device operating system Connectivity Application Gateway operating system Connectivity Network infrastructure Cloud Application Devices Edge Network / Gateway Network provider Application & services IoT platform concentrator HUB IoT Platform Iot Platform Edge application Ensure privacy and security of data through all third parties
  • 8. 8 END-TO-END SECURITY – STATE OF THE ART Encryption supporting Low Power IoT constraint Authentication supporting Low Power IoT constraint End-to-end secure over heterogeneous dataflow TLS No No No EDHOC + TLS Yes Yes No SCHC + TLS Yes Yes Partial (no applicative disruption possible / data overhead) OSCORE Yes Yes Partial (limited to CoAP - no applicative disruption possible) As no security layers supports security over multi-applicative protocols (e.g: LoRaWAN -> MQTT -> HTTP), state of the art solution relies on hop-to-hop security, leading to potential leaks in third party components
  • 9. 9 END-TO-END SECURITY – A WATER MANAGEMENT USE CASE (FROM BRAIN-IOT H2020 PROJECT) IoT network IoT network Brain-IoT Fabric Security management End-to-end authentication over LPWAN networks (Sigfox & LoRaWAN) Hardened security: Protection against attacks on third parties (network provider) Low impact on energy consumption: Impact on device lifetime: 0,25% (30 messages / hour) Low impact on device bandwidth : 5 bytes for security metadata MQTTHTTP Fully encrypted & authenticated payloads BRAIN-IoT node
  • 10. Public LoRaWAN Network June 3, 20203rd Workshop on IoT Security and Privacy 10 END-TO-END SECURITY – A WATER MANAGEMENT USE CASE (FROM BRAIN-IOT H2020 PROJECT) « on the field » Cloud On premiseHTTP Security Manager BRAIN-IoT Node Cloud GW Security Module TLS
  • 11. June 3, 20203rd Workshop on IoT Security and Privacy 11 • 2 pillars of cyber secured systems : – Cyber protection – Cyber detection • IoT brings news challenges for cyber monitoring because of : – Big amount of data – Decentralized architecture Artificial intelligence is a key technology to enable reliable cyber monitoring in IoT contexts TO CONCLUDE
  • 12. CONTACTS This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 780089. IoT System Security Expert Airbus CyberSecurity SAS +33 1 61 38 68 02 paul-emmanuel.brun@airbus.com / https://airbus-cyber-security.com CONTACTS PAUL-EMMANUEL BRUN
  • 13. Public LoRaWAN Network June 3, 20203rd Workshop on IoT Security and Privacy 13 END-TO-END SECURITY – A WATER MANAGEMENT USE CASE (FROM BRAIN-IOT H2020 PROJECT) « on the field » Cloud On premiseHTTP Security Manager BRAIN-IoT Node Cloud GW Security Module TLS 1. Send join requet 3. Receive Join Accept 4. Send runtime key request (encrypted and authenticated using Device Management Key) 5. If runtime key request is valid, add to Manager and send back the runtime key (encrypted and authenticated using Device Management Key) 6. Receive runtime key store it securely using device fingerprint 2. Add automatically device (using APPEUI and APPKey)