SlideShare ist ein Scribd-Unternehmen logo

IoT Security Imperative: Stop your Fridge from Sending you Spam

Als PPTX, PDF herunterladen
Amit Rohatgi
Amit Rohatgi

The document discusses the security challenges posed by the growing Internet of Things (IoT). It notes that consumer devices like refrigerators and TVs have already been hacked and used to send spam. The speaker discusses how incorrect perceptions of security and privacy risks could undermine planning for the IoT. Examples are given showing how compromised devices were used in the Target data breach to steal credit card numbers. The need for standardized security practices across the diverse array of IoT devices and systems is discussed.

Internet
1 von 44
Getting Hacked Via Your Fridge or, the IoT Security Imperative Amit Rohatgi, president prpl Foundation CIE-SF / CINA September Seminar 9/4/2014
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 2
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 3
More connected homes, more problems • “Smart refrigerators and TVs hacked to send out spam …” – NBC news • If hackers can exploit a weakness in a single type of Internet-connected home appliance or system—such as an Internet-connected door lock—they may be able to harm thousands of people at once. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 4
Incorrect Perception  Bad Planning • Integration • Device cost • Data mining • Footprint Lower TCO Added revenue • Security & privacy • Integrity • Reliability Higher cost?? Waste of time?? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 5
Target Breach: an anatomy $200M cost, CEO ousted 1 HVAC systems Compromised credentials from HVAC vendor monitor temp. changes for see how long customers stay 2 Malware programs installed on HVAC systems 3 Unified backend systems at store (and most retailers) 4 PoS system breached 5 Millions of credit card numbers start flowing out 6 Breach detected! Manual intervention was needed 7 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 6
How Big Is this Problem? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 7
Problem – Enterprise and Corporate Risk • According to the MPAA and RIAA – studios and artists lost over $10B due to piracy in 2010 • Technology companies, such as Qualcomm and Cisco, lose hundreds of millions in revenue, due to cloning • Corporate Cloud usage is on the rise with Mobile access – A breach at the corporate level would be very expensive IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 8
Problem – Personal Risk • Mobile devices are “valuable” – due to their transaction and content capabilities – Privacy loss more than hardware loss – Attackers want data, not devices • Mobile cloud storage is UP ! – Need to “bind” device to cloud • Devices are easily “rooted” – Secure sandboxes for data and code execution are required IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 9
IoT Market Challenges • Scale – Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real time data mgmt.) • Multiple technologies and standards – Creation of technology silos – Established / emerging / competing – Standardization is a key enabler • Solutions are highly fragmented – Need for common/flexible platforms – Applications environments with multiple PKIs or Roots of Trust • Low power requirements – Operate for 2 years on a coin battery • Cost limitation • Long life cycles Security IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 10
IoT Security Chain (device-to-datacenter) Sensors Nodes Aggregation Points Routers /Gateways STBs Cloud HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates Secure sensor data for sensitive applications (e.g. medical, industrial, enterprise) Enable in field device personalization (add/remove features) Future proof designs with flexible programmable architecture Private Data Disposal Secure Server + Secure Network => Secure Services Secure Remote Monitoring Protect Intellectual Property against SW cloning (e.g. proprietary algorithms) Intellectual Property Tampering Detection Intrusion Detection and Secure Remote Monitoring IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 11
IoT Security Aspects • System Security must be Embedded • Know what is being protected • Trust begins at home – Secure boot, run time protection, process separation (TEE) • Trust between network elements – Authentication and confidentiality – Via registration protocols (trust all devices signed by manufacturer’s signing key) or online protocols (pairing, TLS, IKE) IoT Security Questions 1. What is the connectivity model? 2. Who owns the device? 3. What is running on it? 4. Where is it located? 5. How is it protected? 6. How are attacks detected? 7. What is the recovery mechanism? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 12
Secure Platform Principles Secure Boot Secure Storage Secure Execution Hardware Root of Trust Secure Asset Store Secure Communication IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 13
Platform Security • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 14
Platform Security • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 15
Exploring Virtualization Multiple Secure Domains More Reliable & Predictable Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 2 CPU 3 CPU 4 More Powerful & Efficient Safer! CPU 1 • Global Platform considering certifiable containers Secure Monitor • Secure services can only affect their container, not the overall system CPU 1 Secure Hypervisor CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 16
IoT in our daily lives • Sleep is precious • Alarm defaults to 8am – +45m (meeting delay) – -5m (gas) – -15m (accident) – -20m (late train) = EXTRA 5 mins!! IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 17
Portability, Virtualization, and Compute WHAT IS prpl? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 18
What is prpl? • A Foundation created to accelerate a robust ecosystem via collaboration – Open-source community supporting the MIPS architecture, and open to all – Provide access to free, unencumbered toolchains, associated libraries – Common platform, debuggers, probes and software easily accessible • Community Benefits – Large ROI benefit – up to 4x gain – Time-to-Market & lower TCO – Strengthen MIPS ecosystem – Accelerate MIPS64 to mainstream – Faster innovation through focus on core competency IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 19
Why Open-Source? • Enabling the Big Data revolution needs collaborative minds • Fragmentation will slow down innovation • More eyeballs = more secure IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 20
Synergies Drive Innovation • IoT will enable big data • big data needs analytics • analytics will improve processes for more IoT devices IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 21
KBMBGBPTEBZBYBnon-linear! BIG DATA IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 22
Big Data: The Internet of Cow 1.5B cows 200MB/yr/cow = 300,000 GB (0.3 petabytes) per year IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 23
Big Data: Turbines 12,000 turbines 500GB/day each = 6 million GB (6 petabytes) per day IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 24
Little Data  Big Data  Huge Data • Each successive node in the IoT chain adds – Data and Storage requirements – Processing Requirements – Multi-tenant Requirements (ie security) Bytes Megabytes Terabytes Petabytes Exabytes ZETTABYTES (1000^7) IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 25
lots of hardware DIVERSITY IN IoT IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 26
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 27
Key Enablers for IoT • Processing power • Networking infrastructure and connectivity • Low cost, secure devices • Storage • Loads and loads of secure, portable software • A way to make money IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 28
Standardization Challenge IoT Architecture For Heterogeneous Fleets of Things 1 3 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. 12 2 • Fragmentation! – Connectivity Standards – Operating Systems – Topologies – Security • Expect diverse solutions, so – Software abstraction (APIs) needed at each node – Multi-tenant environment needed for security IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 29
prpl foundation PORTABILITY AND VIRTUALIZATION IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 30
Mission ‘prpl’ is an open-source, community-driven, collaborative, non-profit consortium focusing on the MIPS architecture and ecosystem, and open to all - with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 31
Scalable Processor Architecture Needed, e.g. MIPS 1GHz+ CPU Solution mobile and home entertainment 32-bit microcontrollers for embedded storage, automotive and IoT 64-bit multicore advanced networking, datacenter and infrastructure Efficient solutions for a broad range of networking & storage applications IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 32
Key Domains Embedded& IoT Buildroot, RTOS Networking openWrt, yocto Montavista Datacenter RHEL, Fedora, Ubuntu, CentOS Digital Home & Mobile openWrt, Linux, Android IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 33
Work-flow Upstream projects: gnu.org, kernel.org, llvm.org prpl: Domains and Engineering Groups regardless of architecture ➢ license free versions supported kernels and projects projects pulled from upstream ❖ Optimized Linux Kernels ❖ SDKs and Tools ❖ launchpad to upstream ❖ advanced future work ➢ SDN ➢ heterogeneous compute ➢ LLVM ➢ vision IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 34
prpl Engineering Groups (PEGs) ▪ VZ Ecosystem ▪ Hypervisors (eg KVM, Fiasco.oc) ▪ OS ▪ Data Center – Redhat, Ubuntu, Debian, CentOS ▪ Networking –Montavista, OpenWrt ▪ Embedded/IoT & Mobile - Android, Chromium, Tizen, WebOS, RTOSs, Yocto ▪ Kernel (device tree, power mgmt, multi-threading) ▪ Portability ▪ JITs (V8, openJDK, etc) ▪ Emulation (QEMU) ▪ Tools (SDK, IDE) ▪ Platform ▪ UEFI and boot loaders ▪ Optimization ▪ Intrinsics (eg SIMD) and libraries (eg memcpy) – ■ Multimedia - video, audio, speech ■ Networking ■ Security ■ Networking (multi-core friendly and aynchronous) ■ e.g. BGP, OVS, snort, routing protocols, DPI IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 35
Low Cost Hardware ❖ MIPS CI20 ➢ dual core MIPS32 CPU @1.2GHz, PowerVR SGX540 GPU, HDMI, 1GB RAM, 8GB Flash, 2 usb, audio, WiFi, BT ➢ Linux and Android 4.4 - community supported, rasbpi header ➢ Available now - http://elinux.org/MIPS_Creator_CI20 ➢ Price: $40 ❖ prpl stamp #2 ➢ dual core MIPS32 interAptiv @600MHz, PowerVR SGX520, HDMI, 512MB RAM, 4 GB Flash, usb, audio, WiFi, BT, aggressive power savings modes enabling 30-day battery life ➢ Android Wear (smartwatch and IoT platform) ➢ ETA: Dec 2014 ➢ Price: $35 (est.) ❖ Interface Masters MIPS64 Niagara3218 ➢ MIPS64 network system ❖ Interface Masters MIPS64 Niagara804-BP ➢ MIPS64 network adapter IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 36
Summary: what will prpl do? • Focus on the software “glue” necessary to carry secure structured and unstructured data from the device to the datacenter • Example: – Secure hypervisors for multiple tenants – Portable software, such as JITs – SaaS, PaaS, IaaS OTA secure – Programming models to enable big data processing (eg hadoop) over heterogenous processors Embedded nodes OpenWrt hub Networking backbone Datacenter IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 37
E.g. Develop Software Enabling Security and Multiple Contexts • Multiple contexts are required – Shared resource – Protected resource – Energy conservation • Heterogenous programming models are required – Close working relationship with leading VMn VM3 VM2 VM1 Guest User -------- Guest Kernel Guest User -------- Guest Kernel Guest User -------- Guest Kernel vGPU 1 vGPU S/W 2 Secure Hypervisor (R/G MMU) CPU Cluster Coherent Fabric SoC Network layers Offloads (Crypto, IP, etc) I/O H/W Guest User -------- Guest Kernel industry consortia, leading semiconductor companies, OEMs and ISVs Memory Memory GPU Cluster Increase Privilege TPM ------- Boot ROM X X Secure Domains Protected Partitions IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 38
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 39
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 40
IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 41 41
Resources • http://prplfoundation.org • http://www.cisco.com/web/about/ac79/docs/in nov/IoE_Economy.pdf • http://theinstitute.ieee.org/benefits/standards/s etting-the-stage-for-the-internet-of-things • FTC Workshop on IoT and Security (Nov ‘13) • amit (at) prplfoundation (dot) org (thanks!) IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 42
Thanks!
How to Get Involved in prpl Mailing list lists.prplfoundation.org Wiki wiki.prplfoundation.org Forums forum.prplfoundation.org Code github.com/prplfoundation IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 44

Empfohlen

Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 

Empfohlen

Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
IoT Security Awareness Training : Tonex Training
IoT Security Awareness Training : Tonex TrainingIoT Security Awareness Training : Tonex Training
IoT Security Awareness Training : Tonex TrainingBryan Len
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay KumarOWASP Delhi
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)FFRI, Inc.
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 

Weitere ähnliche Inhalte

Was ist angesagt?

Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
IoT Security Awareness Training : Tonex Training
IoT Security Awareness Training : Tonex TrainingIoT Security Awareness Training : Tonex Training
IoT Security Awareness Training : Tonex TrainingBryan Len
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay KumarOWASP Delhi
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 

Was ist angesagt? (20)

Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
IoT Security Awareness Training : Tonex Training
IoT Security Awareness Training : Tonex TrainingIoT Security Awareness Training : Tonex Training
IoT Security Awareness Training : Tonex Training
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
IoT security
IoT securityIoT security
IoT security
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 

Ähnlich wie IoT Security Imperative: Stop your Fridge from Sending you Spam

Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)FFRI, Inc.
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudWSO2
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014Mirantis
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
IoT Panel- Cisco and Intel
IoT Panel- Cisco and Intel IoT Panel- Cisco and Intel
IoT Panel- Cisco and Intel Bessie Wang
 
Paris Bluemix Meetup 17 dec 2014 - Bluemix and Watson Overview
Paris Bluemix Meetup 17 dec 2014 - Bluemix and Watson OverviewParis Bluemix Meetup 17 dec 2014 - Bluemix and Watson Overview
Paris Bluemix Meetup 17 dec 2014 - Bluemix and Watson OverviewIBM France Lab
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
Cisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance ÜrünleriCisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance Ürünlericem lale
 
Physical Security, IoT & The Role of Open Standards
Physical Security, IoT & The Role of Open StandardsPhysical Security, IoT & The Role of Open Standards
Physical Security, IoT & The Role of Open StandardsMemoori
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...APNIC
 
Building the Internet of Everything
Building the Internet of Everything Building the Internet of Everything
Building the Internet of Everything Cisco Canada
 

Ähnlich wie IoT Security Imperative: Stop your Fridge from Sending you Spam (20)

Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - arm
 
An introduction to the prpl foundation
An introduction to the prpl foundationAn introduction to the prpl foundation
An introduction to the prpl foundation
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
IoT Panel- Cisco and Intel
IoT Panel- Cisco and Intel IoT Panel- Cisco and Intel
IoT Panel- Cisco and Intel
 
Paris Bluemix Meetup 17 dec 2014 - Bluemix and Watson Overview
Paris Bluemix Meetup 17 dec 2014 - Bluemix and Watson OverviewParis Bluemix Meetup 17 dec 2014 - Bluemix and Watson Overview
Paris Bluemix Meetup 17 dec 2014 - Bluemix and Watson Overview
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Cisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance ÜrünleriCisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance Ürünleri
 
Physical Security, IoT & The Role of Open Standards
Physical Security, IoT & The Role of Open StandardsPhysical Security, IoT & The Role of Open Standards
Physical Security, IoT & The Role of Open Standards
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
 
Building the Internet of Everything
Building the Internet of Everything Building the Internet of Everything
Building the Internet of Everything
 

Kürzlich hochgeladen

Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...SUHANI PANDEY
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Datingkojalkojal131
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 

Kürzlich hochgeladen (20)

Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 

IoT Security Imperative: Stop your Fridge from Sending you Spam

  • 1. Getting Hacked Via Your Fridge or, the IoT Security Imperative Amit Rohatgi, president prpl Foundation CIE-SF / CINA September Seminar 9/4/2014
  • 2. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 2
  • 3. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 3
  • 4. More connected homes, more problems • “Smart refrigerators and TVs hacked to send out spam …” – NBC news • If hackers can exploit a weakness in a single type of Internet-connected home appliance or system—such as an Internet-connected door lock—they may be able to harm thousands of people at once. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 4
  • 5. Incorrect Perception  Bad Planning • Integration • Device cost • Data mining • Footprint Lower TCO Added revenue • Security & privacy • Integrity • Reliability Higher cost?? Waste of time?? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 5
  • 6. Target Breach: an anatomy $200M cost, CEO ousted 1 HVAC systems Compromised credentials from HVAC vendor monitor temp. changes for see how long customers stay 2 Malware programs installed on HVAC systems 3 Unified backend systems at store (and most retailers) 4 PoS system breached 5 Millions of credit card numbers start flowing out 6 Breach detected! Manual intervention was needed 7 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 6
  • 7. How Big Is this Problem? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 7
  • 8. Problem – Enterprise and Corporate Risk • According to the MPAA and RIAA – studios and artists lost over $10B due to piracy in 2010 • Technology companies, such as Qualcomm and Cisco, lose hundreds of millions in revenue, due to cloning • Corporate Cloud usage is on the rise with Mobile access – A breach at the corporate level would be very expensive IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 8
  • 9. Problem – Personal Risk • Mobile devices are “valuable” – due to their transaction and content capabilities – Privacy loss more than hardware loss – Attackers want data, not devices • Mobile cloud storage is UP ! – Need to “bind” device to cloud • Devices are easily “rooted” – Secure sandboxes for data and code execution are required IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 9
  • 10. IoT Market Challenges • Scale – Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real time data mgmt.) • Multiple technologies and standards – Creation of technology silos – Established / emerging / competing – Standardization is a key enabler • Solutions are highly fragmented – Need for common/flexible platforms – Applications environments with multiple PKIs or Roots of Trust • Low power requirements – Operate for 2 years on a coin battery • Cost limitation • Long life cycles Security IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 10
  • 11. IoT Security Chain (device-to-datacenter) Sensors Nodes Aggregation Points Routers /Gateways STBs Cloud HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates Secure sensor data for sensitive applications (e.g. medical, industrial, enterprise) Enable in field device personalization (add/remove features) Future proof designs with flexible programmable architecture Private Data Disposal Secure Server + Secure Network => Secure Services Secure Remote Monitoring Protect Intellectual Property against SW cloning (e.g. proprietary algorithms) Intellectual Property Tampering Detection Intrusion Detection and Secure Remote Monitoring IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 11
  • 12. IoT Security Aspects • System Security must be Embedded • Know what is being protected • Trust begins at home – Secure boot, run time protection, process separation (TEE) • Trust between network elements – Authentication and confidentiality – Via registration protocols (trust all devices signed by manufacturer’s signing key) or online protocols (pairing, TLS, IKE) IoT Security Questions 1. What is the connectivity model? 2. Who owns the device? 3. What is running on it? 4. Where is it located? 5. How is it protected? 6. How are attacks detected? 7. What is the recovery mechanism? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 12
  • 13. Secure Platform Principles Secure Boot Secure Storage Secure Execution Hardware Root of Trust Secure Asset Store Secure Communication IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 13
  • 14. Platform Security • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 14
  • 15. Platform Security • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 15
  • 16. Exploring Virtualization Multiple Secure Domains More Reliable & Predictable Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 2 CPU 3 CPU 4 More Powerful & Efficient Safer! CPU 1 • Global Platform considering certifiable containers Secure Monitor • Secure services can only affect their container, not the overall system CPU 1 Secure Hypervisor CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 16
  • 17. IoT in our daily lives • Sleep is precious • Alarm defaults to 8am – +45m (meeting delay) – -5m (gas) – -15m (accident) – -20m (late train) = EXTRA 5 mins!! IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 17
  • 18. Portability, Virtualization, and Compute WHAT IS prpl? IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 18
  • 19. What is prpl? • A Foundation created to accelerate a robust ecosystem via collaboration – Open-source community supporting the MIPS architecture, and open to all – Provide access to free, unencumbered toolchains, associated libraries – Common platform, debuggers, probes and software easily accessible • Community Benefits – Large ROI benefit – up to 4x gain – Time-to-Market & lower TCO – Strengthen MIPS ecosystem – Accelerate MIPS64 to mainstream – Faster innovation through focus on core competency IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 19
  • 20. Why Open-Source? • Enabling the Big Data revolution needs collaborative minds • Fragmentation will slow down innovation • More eyeballs = more secure IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 20
  • 21. Synergies Drive Innovation • IoT will enable big data • big data needs analytics • analytics will improve processes for more IoT devices IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 21
  • 22. KBMBGBPTEBZBYBnon-linear! BIG DATA IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 22
  • 23. Big Data: The Internet of Cow 1.5B cows 200MB/yr/cow = 300,000 GB (0.3 petabytes) per year IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 23
  • 24. Big Data: Turbines 12,000 turbines 500GB/day each = 6 million GB (6 petabytes) per day IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 24
  • 25. Little Data  Big Data  Huge Data • Each successive node in the IoT chain adds – Data and Storage requirements – Processing Requirements – Multi-tenant Requirements (ie security) Bytes Megabytes Terabytes Petabytes Exabytes ZETTABYTES (1000^7) IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 25
  • 26. lots of hardware DIVERSITY IN IoT IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 26
  • 27. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 27
  • 28. Key Enablers for IoT • Processing power • Networking infrastructure and connectivity • Low cost, secure devices • Storage • Loads and loads of secure, portable software • A way to make money IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 28
  • 29. Standardization Challenge IoT Architecture For Heterogeneous Fleets of Things 1 3 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. 12 2 • Fragmentation! – Connectivity Standards – Operating Systems – Topologies – Security • Expect diverse solutions, so – Software abstraction (APIs) needed at each node – Multi-tenant environment needed for security IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 29
  • 30. prpl foundation PORTABILITY AND VIRTUALIZATION IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 30
  • 31. Mission ‘prpl’ is an open-source, community-driven, collaborative, non-profit consortium focusing on the MIPS architecture and ecosystem, and open to all - with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 31
  • 32. Scalable Processor Architecture Needed, e.g. MIPS 1GHz+ CPU Solution mobile and home entertainment 32-bit microcontrollers for embedded storage, automotive and IoT 64-bit multicore advanced networking, datacenter and infrastructure Efficient solutions for a broad range of networking & storage applications IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 32
  • 33. Key Domains Embedded& IoT Buildroot, RTOS Networking openWrt, yocto Montavista Datacenter RHEL, Fedora, Ubuntu, CentOS Digital Home & Mobile openWrt, Linux, Android IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 33
  • 34. Work-flow Upstream projects: gnu.org, kernel.org, llvm.org prpl: Domains and Engineering Groups regardless of architecture ➢ license free versions supported kernels and projects projects pulled from upstream ❖ Optimized Linux Kernels ❖ SDKs and Tools ❖ launchpad to upstream ❖ advanced future work ➢ SDN ➢ heterogeneous compute ➢ LLVM ➢ vision IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 34
  • 35. prpl Engineering Groups (PEGs) ▪ VZ Ecosystem ▪ Hypervisors (eg KVM, Fiasco.oc) ▪ OS ▪ Data Center – Redhat, Ubuntu, Debian, CentOS ▪ Networking –Montavista, OpenWrt ▪ Embedded/IoT & Mobile - Android, Chromium, Tizen, WebOS, RTOSs, Yocto ▪ Kernel (device tree, power mgmt, multi-threading) ▪ Portability ▪ JITs (V8, openJDK, etc) ▪ Emulation (QEMU) ▪ Tools (SDK, IDE) ▪ Platform ▪ UEFI and boot loaders ▪ Optimization ▪ Intrinsics (eg SIMD) and libraries (eg memcpy) – ■ Multimedia - video, audio, speech ■ Networking ■ Security ■ Networking (multi-core friendly and aynchronous) ■ e.g. BGP, OVS, snort, routing protocols, DPI IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 35
  • 36. Low Cost Hardware ❖ MIPS CI20 ➢ dual core MIPS32 CPU @1.2GHz, PowerVR SGX540 GPU, HDMI, 1GB RAM, 8GB Flash, 2 usb, audio, WiFi, BT ➢ Linux and Android 4.4 - community supported, rasbpi header ➢ Available now - http://elinux.org/MIPS_Creator_CI20 ➢ Price: $40 ❖ prpl stamp #2 ➢ dual core MIPS32 interAptiv @600MHz, PowerVR SGX520, HDMI, 512MB RAM, 4 GB Flash, usb, audio, WiFi, BT, aggressive power savings modes enabling 30-day battery life ➢ Android Wear (smartwatch and IoT platform) ➢ ETA: Dec 2014 ➢ Price: $35 (est.) ❖ Interface Masters MIPS64 Niagara3218 ➢ MIPS64 network system ❖ Interface Masters MIPS64 Niagara804-BP ➢ MIPS64 network adapter IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 36
  • 37. Summary: what will prpl do? • Focus on the software “glue” necessary to carry secure structured and unstructured data from the device to the datacenter • Example: – Secure hypervisors for multiple tenants – Portable software, such as JITs – SaaS, PaaS, IaaS OTA secure – Programming models to enable big data processing (eg hadoop) over heterogenous processors Embedded nodes OpenWrt hub Networking backbone Datacenter IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 37
  • 38. E.g. Develop Software Enabling Security and Multiple Contexts • Multiple contexts are required – Shared resource – Protected resource – Energy conservation • Heterogenous programming models are required – Close working relationship with leading VMn VM3 VM2 VM1 Guest User -------- Guest Kernel Guest User -------- Guest Kernel Guest User -------- Guest Kernel vGPU 1 vGPU S/W 2 Secure Hypervisor (R/G MMU) CPU Cluster Coherent Fabric SoC Network layers Offloads (Crypto, IP, etc) I/O H/W Guest User -------- Guest Kernel industry consortia, leading semiconductor companies, OEMs and ISVs Memory Memory GPU Cluster Increase Privilege TPM ------- Boot ROM X X Secure Domains Protected Partitions IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 38
  • 39. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 39
  • 40. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 40
  • 41. IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 41 41
  • 42. Resources • http://prplfoundation.org • http://www.cisco.com/web/about/ac79/docs/in nov/IoE_Economy.pdf • http://theinstitute.ieee.org/benefits/standards/s etting-the-stage-for-the-internet-of-things • FTC Workshop on IoT and Security (Nov ‘13) • amit (at) prplfoundation (dot) org (thanks!) IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 42
  • 44. How to Get Involved in prpl Mailing list lists.prplfoundation.org Wiki wiki.prplfoundation.org Forums forum.prplfoundation.org Code github.com/prplfoundation IoT & Security: presented Thursday, September 4th, 2014 by Amit Rohatgi at CIE-SF 44

Hinweis der Redaktion

  1. As we connect more and more devices to the Internet, everything from the thermostat to the toilet to the front door itself may create a potential new opening for electronic intruders. As with computers, there are ways to protect these devices from outsiders, but Crowley and Bryan’s experiences indicate that, for now at least, this isn’t always a primary concern for companies in a rush to sell this equipment. Making devices more secure can add time to product development....
  2. Target may be subject to fines for violating payment card industry data security standards (PCI DSS). However, the current PCI DSS v3.0 states "Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of an entity’s network is not a PCI DSS requirement."
  3. What is being protected? Protection from malware, network-based attacks and hackers Protection of devices from attacks that manipulate the authentication keys or firmware Protection of communications between devices and other parts of the solution chain
  4. Virtualization provides Hardware firewall-grade security Scalability Reliability Necessary Isolation For secure applications to run on consumer devices
  5. Wearables also play in – monitoring your sleep pattern