SlideShare ist ein Scribd-Unternehmen logo

Internet of things (IoT) Architecture Security Analysis

Daksh Raj Chopra
Daksh Raj Chopra

This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced by IoT devices are addressed along with newly Added Requirement for these devices. The Architecture which we will be using throughout our analysis is explained so as to a novice user. We will summarize the possible attacks and countermeasures for each and every domain followed by a developer friendly checklist to be followed for security.

Ingenieurwesen
1 von 14
Downloaden Sie, um offline zu lesen
Concordia Institute for Information System Engineering (CIISE) Concordia University ​Internet of Things(IoT) Three Domain Architecture Security Analysis INSE-6150 PROJECT REPORT Submitted to: Prof. Dr. Jeremy Clark Date: 04/27//2018 MANAV CHAWLA & DAKSH RAJ CHOPRA chawlamanav@hotmail.com​ ​ dakshchopra15@gmail.com 40058312 40054446      
IoT Three Domain Architecture Security Analysis  Abstract This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced by IoT devices are addressed along with newly Added Requirement for these devices. The Architecture which we will be using throughout our analysis is explained so as to a novice user. We will summarize the possible attacks and countermeasures for each and every domain followed by a developer friendly checklist to be followed for security. Introduction Smart Devices are a part of everybody’s life now, Five years back we never pictured our home making decisions on our own, Devices reading our thoughts and making decision based on our schedule but today We cannot go out without Google Assistant pinging us up at 9:00 am with work directions or my smart watch reminding me to drink water. Internet of Things is Interconnection of Network of these cyber physical devices or so called smart devices with the aim to make them smarter. Controlling them via apps is just a start and data analytics to improve the product so as to create a product that knows me better than anyone else. Human’s behaviour is sometimes so predictable and sometimes hard to guess. Your device will know you better than your friend soon. main usage of smart devices is for personal growth and for ease of use. IoT will help you save time for eg:- say you are out of milk, your fridge will alert the Grocery store and they make the item ready to be picked up, your phone sends you the location of the store and your car drive itself to that store while you sit back and eat your nutella.
Motivation Hacking via your smart device is one thing and using your Toaster to do this is the next big Thing, The Sandwich it makes might be burned but you can depend on it to exploit that buffer overflow bug. We are into an era of Internet of Thing (IoT), where everything is digitally connected to gather information and help making appliances systematic and easy to use for us. Just like guns were created for peace, and the world does its job to think critically and creatively, There always are consequences of what we made and how the world perceive it . Attackers have created their way through these smart devices as well. The Power of these Devices and their capability are limited thus these are more prone to Attackers as the level of security is offers is Not as much as our smartphones.The following address the few issues we have faced in the Past Times. So let's start with the consumer issues we face in IoT. With no encryption and zero authentication check, the attacker can use reverse engineering and send commands to the API which people generally don’t check . Attacker was able to read the packets and camera system was compromised. As the devices have no firewall attached, The attacker manipulated these devices to perform DoS attack on Dyn registrar bringing websites like twitter down in 2015. .This is the time when should think about the importance of security in IoT. The data going through all the devices. Where are they storing this data? Do they encrypt this data?. Generally, On the local network, if you just know the user ID, you have the access to the data. Data leakage amongst the devices is very common in the recent past times. Adding encryption to the data adds a little cost to product, which the company generally wants to avoid. IoT devices are generally made by the startups which are crowd funded or on a very little budget. They want to invest more on the device than to spend on its security. The Future is unpredictable but statistics are never wrong , we can still guess what the future holds for smart devices:- ● Even today it is not easy to keep just two devices a Mobile and a PC fully updated all the time with the latest version of OS and Application, just imagine a situation when we are loaded with many devices around us and keeping them free from the security bugs. ● The volume of data will be so much that it would be difficult to track and identify the suspicious traffic over the network. Missing such incidents will make a huge dent over the larger network. ● Even today the number of cyber attacks are so much that there is not even one day when we don’t have an attempt to barge the internet security. With the rise of IoT, such phishing and attacks will be definitely on the rise. ● IPv6 is still not fully perfected even though it has been there for quite some time, leave apart its complete implementation. With IoT in place, the threat is new and unknown. We might something that has much higher and effective security than that of IPv6. There are more reasons yet to be found as security and exploit goes hand to hand which we have witnessed over the past decade.
IoT security challenges IoT though being a computer system has some limitation and scalability issues which makes it somewhat different than the challenges faced by a smartphone or Computer. It already faces the challenges of current cyber Security along with that some specific IoT challenges are worth mentioning. ​IoT has unique characteristics and constraints when it comes to designing efficient defensive mechanisms against cyber-security threats that can be summarized by the following: ● IoT relies on microcontrollers with limited memory and computational power. This often makes it impractical to implement approaches designed for powerful computers. This in turn requires constrained IoT devices to be hidden behind secure gateways. ● Anything that is exposed to the Internet must be securely software upgradable. Proper Signature and encryption with high speed data delivery has so much constrain on the small computational device ● Threats based upon gaining physical access to IoT devices. The size of certain smart devices are smaller than a computer or even a smart phone while other could be secure at your place. ● User experience must be good enough to avoid becoming a weak link in the chain. ● The necessity of keeping up to date with security best practices.Our smart devices OS and computer OS provide tons of Updates ust to keep us secure is it feasible for small cheaper smart device to follow this process as a single person is soon going to own 5 smart device each, ● Lots of sensors will generate a vast amount of data although this varies by domain but the big data generated and used for analytics has various privacy and security challenges that should be kept feasible for the near future. IoT Security Requirements IoT Security Demands Some new Requirements along with those CyberSecurity Requirements of Confidentiality, Integrity, Authentication,Availability and Authorization.These are mentioned and Explained below:- ● Freshness​: The data generated should be fresh i.e. the attacker must not be able to return an entity into its old state using old data. ● Non-repudiation​: It ensures that an entity cannot deny an action that it has performed.If an object forwarded a message it has to Accept it. ● Forward Secrecy​: It ensures that after we leave the department, we should not be able to hear communication happening inside the department. ● Backward Secrecy​: It ensures that any new object that joins the network, it will not be able to communication that happened before its joining.
The Three Domain Architecture In Order to Understand the possible attacks and Exploits the architecture we are using for our evaluation must be clear. Evaluating IoT security is a very vast domain, so as to ​To achieve end-to-end security within an IoT solution, security must be a priority across all of the layers of our IoT architecture. ​Adopting a multi-tiered architecture allows you to focus on improving your understanding about how all of the most important aspects of the architecture operate independently before you integrate them within your IoT application. For our analysis we are considering the three Domain Architecture:- 1. ​Device Domain​ - This Domain is made up all the Smart Devices, These Devices are expected to change their Environment over time. SMart Devices Senses all the data and they forward the data to Edge Domain, This Domain also have actuators Responsible for acting on the decisions made. 2. ​Edge Domain - Devices in this domain are allocated one or more smart devices.Edge Domain Devices are typically responsible for performing operations on the data collected included preprocessing, filtering and Aggregation.As Devices change there location over time edge domain devices are also connected to each other so as to coordinate the smart object. 3. ​Cloud Domain - Cloud Domain is composed of large number of servers that have dedicated Virtual Machines(VMs) for each device and they are generally powerful system created to perform analytics. They have dashboards(or device management pages) for each device as well.
Attacks on IoT Cloud Domain Attacks On Cloud Servers , each Application is Dedicated one or more VMs where each VMs is assigned to one or more servers in the data center and gets certain CPU and memory resources allocation.HyperVisor is Responsible for monitoring those VMs and allocates the shared hardware. It also Creates logical separation among VMs and also from the underlying hardware. Cloud The Following attacks are possible on this domain:- 1. ​Hidden-Channel Attacks​: VMs Share some hardware Components among each other majorly the cache. So possibility for data breach and leakage among VMs is high . Steps Followed:- A. Map Target VM​: The Attacker try to locate the VM’s exact zone and server. The attacker rents VM in the same cluster using external IP B. Malicious VM placement​:The attacker places a malicious VM drive and traceroute to determine whether the location is correct or not, else released the VM and send another one. C. Cross VM-Data leakage​: Attacker uses cache and side channel time attack to Determine the Memory address used by Targeted VM. 2. ​VM Migration Attacks​: Data center supports live VM Migration service from one server to another. A. Control Plane attack​: By exploiting the Bug in the migration module software, the attacker can hack the server and take control over the module.migration module is responsible for handling the migration process.The attacker either moves more VMs than the capacity of server causing Denial of service or the attacker advertise high resource availability of one of the server he already controls causing all VMs to follow. B. Data Plane attacks​: Attacker targets the network links over which the VM is moved from one server to another this can be done by packet sniffing or Man in the middle attack. 3. ​Theft-of-Service Attack​: Malicious VM Demands more resources than the share it is supposed to obtain causing other VMs performance degrade. 4. ​VM Escape Attack​: Malicious VM gain root access by exploiting software bug and breaking the isolation.VM escape the hypervisor layer and now have the full access.
5. ​Insider Attack​: Data centre administrator have ability to access and modify collected data. Extremely sensitive data require extra care and cannot be placed in the hands of third party centres. We tested our Attacks on the basis of the requirements of IoT and here is the summary Attack Security Violation Hidden Channel ATtack VM Migration Attacks Theft-of Service Attack VM escape Attack Insider Attack Confidentiality Integrity Availability Non-Repudiation Edge Domain Devices Edge Devices or fog devices collects the sensing data that is reported from a set of smart objects. The fog device performs different operations on the collected data. Edge Devices share a lot of attacks and issues faced by Cloud domain The following Privacy or security concerns are applicable to this domain:- 1. Authentication and Trust​: The identity of the owner of the fog device is the major concern, whether is should be trusted or not by the smart device, the smart device .As the location of smart device is not fixed and different fog devices are assigned to it over time.Selecting a trustworthy fog device is a hard decision. 2. Migration Security attack : similar to the cloud domain, but the risk is higher here as migration is over the Internet not the VPN. 3. DoS Attack​: Fog devices does not generally have firewalls and has limited resources and power, thus attacking devices are way easier. 4. Container Threat​: A fog device may choose container over a VM so as to serve more Smart Device,Container share same Operating System among the different devices. THis raises more security concerns for data leakage and Hijacking. Attack Security Violation Authentication and Trust Migration Security Attack DoS Attack Container Threat Confidentiality Integrity Availability Authentication
Devices Domain Attacks Smart Devices consist of sensors that view the world as some numerical equation. The data is collected and sent to the fog devices, fog device perform some processing and send response to ​actuators which are responsible for performing some action like changing temperature or simple beep. Smart Device send data directly to fog devices or in a multi-hop fashion by using other smart devices. The Following Attacks are possible in Device domain layer:- 1. Jamming Attack : When Malicious user called jammer emits a signal that interferes with the legitimate signal.The Signal degrades the quality of signal if receiver is attacked or blocks the signal from transmitting if sender is jammed. The physical layer in the OSI stack of the device is the target for this attack. 2. Vampire Attack​: Certain smart devices like smart watch , fitness bands and other wireless devices have very limited battery life, Vampire Attacks as the name suggests drain the battery by making the device misbehave in a way that consumes extra power. a. Denial of Sleep​: smart devices are designed with a capability to switch to sleep mode when not in use, in this exploit the attacker prevents the smart device to enter into deep sleep mode. b. Flooding attack​: Adversary floods the smart device(multihop) with packets to be delivered to the fog device, making it consume extra amount of battery. c. Carrousel Attack​: If SOurce Routing is Supported, the Attacker makes the packet to route back and forth from the same target leading to power waste. d. S​tretch Attack​: If Source Routing is not supported then attacker can still select the longest possible path covering every node in order to increase the power consumption of theses devices. 3. Selective-Forwarding Attack​: Smart Devices Does not generally have high transmission rate, thus they rely on the multihop networks for delivery of packets to fog device. A malicious object is placed in the hop network and this object is expected to forward only a portion of packet to next hop causing it to resend again and again. 4. Sinkhole Attack​: A Malicious object portray as having the shortest path to fog device, causing other device to use his pathway and then the attacker can look into the packets if sent unencrypted or can perform selective forwarding attack. Attack Security Violation Jamming Attack Vampire Attack Selective Forwarding Attack Sinkhole Attack Confidentiality Availability Freshness
Preventive Measures of IoT Attacks Cloud Domain Measures The following measures or defense can be used against ​Hidden-Channel Attacks:- 1. Hard Isolation: The basic idea behind this preventive technique is to maintain high levels of isolation among the VMs. One way to do this is to complete isolate the cache dedicated for each VM, without being said this is really hard to achieve because the data in the cloud is shared and if this is not achieved there will be underutilization of servers in the cloud. A better way to achieve hard isolation is by letting each cloud client specify a list of trusted cloud users called the white list. The cloud client is fine with sharing the server with only the VMs belonging to the whitelist users. New algorithms are needed in that case to decide what sever each VM should be placed such that only VM belonging to whitelist share the memory. 2. Cache Flushing: This technique flushes the shared cache every time the allocation of the cache is switched from a VM to another. The downside of this countermeasure is that the VMs running on the server will experience frequent performance degradation as the shared cache will be emptied 8.5 Cloud Domain Attacks and Countermeasures 203 every time a switch from a VM to another occurs, which increases the time needed to access and fetch data due to higher cache misses. 3. Noisy Data Access Time: This technique adds random noise to the amount of time needed to fetch data, which makes it hard to tell whether or not the data was fetched from the cache or from the memory. This helps us in the way that the attacker won’t be able to know if the data was fetched from another VM that shares the same server. But adding noise to the data, it also adds time to fetch the data. 4. Limiting Cache Switching Rate: A relief system to constrain the measure of information that can be spilled crosswise over VMs can be accomplished by constraining how regularly the store is changed from a VM to another. The thought here is that if the store isn't changed from a VM to another too early, at that point the VM that has the store will adjust the substance of the where different lines of store will be supplanted different circumstances. This makes it hard for another VM to achieve fine-grained information of what information the past VM has gotten to while testing the reserve. The following measures or defense can be used against ​VM Migration Attacks:- 1. Server Authentication: We need to authenticate the servers while the VM migration is going on since in this process live data is transferred in some other VM. This is done by transmitting the memory of one VM server to another. So, if no authentication is done then the malicious attacker will be able to read all the content on this VM.
2. Encrypting migrated memory pages: When the VM migration is going on, before doing that we can encrypt the memory pages, which helps in the way that if attacker is seeing the data in the migration process, it will be no use to him as all the memory pages will be encrypted. This measure doesn’t affect the performance as much and will be a good security measure for the migration. The following measures or defense can be used against ​Theft-of-Service Attacks:- 1. Fine-grain sampling using high precision clocks​: This measure helps in a way that since the malicious attacker assigns more resources to the hypervisor totally than to share it. So by using these high precision clocks we can do the sampling of resources to the hypervisor by giving it a limited time for the resource allocation.
2. Random sampling​: This is another good technique to randomly allocate the resources to the hypervisor so that no more resources can be added to it by anyone and everything will be distributed evenly in the VM. It will help us if the attacker wants to give more resources, he will not be able to do so. The following measure can be used against ​VM escape Attacks:- Add an isolation domain between the hypervisor and hardware: An example of such techniques is CloudVisor which basically adds an extra isolation layer between the hardware and the hypervisor through nested virtualization that prevents the malicious VM from obtaining the root privileges even if it bypasses the hypervisor layer. Other architecture solutions were also proposed to avoid VM Escape attacks. The following measures or defense can be used against ​Insider Attacks:- 1. Homomorphic Encryption: It is a type of encryption that allows computations on ciphertext, hence generating an encrypted result. So when it is decrypted, it matched the result of operation as if they were performed on the plaintext. Applying this, in the IoT allows cloud servers to perform the necessary processing operations on the encrypted data that is collected from the smart devices without giving the cloud servers the ability to interpret neither the input data nor the result as they are both encrypted using a secret key that is not shared with the cloud. Only the smart objects and the user running the IoT application can interpret these data as they have the key needed for decryption. 2. Secret storage through data chopping and permutation based on a secret key: Another form of protection against insider attacks is to chop the data collected by the smart object into multiple chunks and then to use a secret key to perform certain permutations on those chunks before sending the data to the cloud servers. This allows storing the data on the cloud servers in an uninterpretable form for the cloud administrators. Only authorized entities that have the secret key can return the stored data to an interpretable form by performing the correct permutations.
Edge Domain Measures Edge devices uses the same VM or container concept of Cloud domain thus the same measures can be used for Edge devices along with an Obfuscator device that prevents Information leakage by by emitting signals that make it hard for an unauthorized receiver to infer the amplitude, the frequency, and the time shift of the originally signals. The obfuscator does not only prevent such leakages but also acts as a relay that rebroadcasts some of the sent messages which increases the transmission rate between the sensing objects and the fog domain. Device Domain Measures The following measures or defense can be used against ​Jamming Attack:- 1. Frequency Hopping: ​This is a technique when the sender and receiver switch from a frequency to another in order to escape from any possible jamming signal. This switching is based on a random sequence. If the attacker comes to know about this, he will try to switch the frequency and collide with same frequency. But since it’s a 2 person game, the chances of him colliding in the same frequency is very less. 2. Spread Spectrum: This technique uses a hopping sequence that converts the narrow band signal into a signal with a very wide band, which makes it harder for malicious users to detect or jam the resulting signal. This technique is also very efficient when the transmitted data is protected by an error correction technique as it allows the reconstruction of the original signal even if few bits of the transmitted data was jammed by the attacker. 3. Directional Antennas: The use of directional antennas can mitigate jamming attacks from being successful as the sender and receiver antennas will have less sensitivity to the noise coming from the random directions that are different from the direction that connects the sender and the receiver. 4. Jamming Detection: Different detective techniques were proposed in the literature to detect jamming attacks. The receiver can detect that it is a victim of a jamming attack by collecting features such as the received signal strength (RSS) and the ratio of corrupted received packets. Advanced machine learning technique can then be used to differentiate jamming attacks from the degradation caused by the poor quality of the channel due to normal changes in the wireless link. The following measures or defense can be used against ​Vampire Attack:- 1. Rate limitation: This technique is widely used in the datacenters on the hypervisor layer. This is done to dedicate more resources to the rate limiters in the sense to enhance performance and control the rate of traffic. 2. Monitor whether or not the forwarded packets are making progress towards their destination: By this way, we can check if the packets being sent are received by the receiver or not. If they are no making any progress then some on stealing packets in between and data is being sent to the attacker. The following measures or defense can be used against ​Selective Forwarding Attack:-
1. Path Redundancy: The longer the path, more are the chances that there is a man in middle to read all the data travelling in that path. Path redundancy helps in successful packets sent to the receiver since, the distance is shot making it less vulnerable to any attack. 2. Choose certain intermediate objects as checkpoints to acknowledge received packets: This technique will ensure that the packets sent are received at every node. If there is a reduction in received packets then keeping intermediate objects as checkpoints, we can check where is the attacker and can fix that part. The following measure can be used against ​Sinkhole Attack:- Analyze the collected routing information from multiple objects: Another technique to know about the packets received are equal to the packets sent from different objects in the network. Conclusion Consumer should now indulge in simple practice to update passwords, softwares of these current generation smart devices and manually check if its correct manufacturer version or not.The user must also follow proper guidelines described by manufacturer for creating a secure environment. We have created a checklist practice for developer to follow based on Countermeasures to be followed for up for upcoming products. The current Generation of IoT devices made the manufacturers lot to learn from the security perspective, so for the next wave of devices the following is a mandatory checklist:- 1. Authentication​: Routers when first launched came with a default open link and “admin“ password but now they are more secure by a complex set of initial password because over the period of time the manufactures learned and implemented the same should be followed for now smart devices. 2. Debug​: Manufactures have bad habit of leaving debug access enabled on certain devices with some hardcoded password and non standard port but attacks are one step ahead it will eventually be discovered and exploited when physical access to device is granted. So no debug mode. 3. Encryption​: The world would be so simple if humans start trusting each other and we stop investing in the cyber crime world probably in some parallel universe. Sending unencrypted packets to other smart device/fog device or cloud device was a bad idea. All communications between an IoT device and the cloud need to be encrypted. Use SSL/TLS where appropriate. 4. Privacy​: Ethical consideration is added whenever the term privacy is used. The data stored in cloud server and used for analytics must be encrypted with the least amount of personal data possible or better use links rather than real information. 5. Web Interface​: Any web or app interface to communicate with the smart device must be protected from other cyber security web attacks.
6. Firmware updates​: Frequent security patches are a must for current and future generation devices. Bugs in code can be exploited and may cause security concerns. Therefore all IoT devices should support Over-The-Air (OTA) updates along with Signature verification. The following covers enough for the next generation devices. The next gen devices will open up new but hard to crack portals for attackers leading to more extended research on the security of IoTs. References 1. Ammar Rayes, Salam Samer (auth.), “Internet of Things From Hype to Reality: The Road to Digitization ​[1 ed.]” 2. https://www.ibm.com/developerworks/library/iot-lp201-iot-architectures/ 3. https://www.w3.org/Talks/2016/0614-iot-security.pdf 4. https://www.androidauthority.com/iot-security-gary-explains-727977/ 5. https://medium.com/@Willitchang/bankex-iot-and-financial-revolution-660cc2e0584a 6. https://www.quora.com/Is-there-any-good-tutorial-resource-to-understand-Homomor hic-Enc 7. ryption-from-scratch-OR-any-flow-of-background-study-to-understand-it 8. https://wso2.com/library/articles/2017/09/securing-communication-between-devices-and-t he-iot-platform/ 9. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/perform ance/encrypted-vmotion-vsphere65-perf.pdf 10. https://en.wikipedia.org/wiki/Rate_limiting 11. https://en.wikipedia.org/wiki/Homomorphic_encryption

Empfohlen

IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2John Staveley
 
Getting started with satellite IoT
Getting started with satellite IoTGetting started with satellite IoT
Getting started with satellite IoTJohn Staveley
 
IoT on Raspberry Pi
IoT on Raspberry PiIoT on Raspberry Pi
IoT on Raspberry PiJohn Staveley
 
Birdwatching using a Raspberry pi, Azure IoT Hub and Cognitive services
Birdwatching using a Raspberry pi, Azure IoT Hub and Cognitive servicesBirdwatching using a Raspberry pi, Azure IoT Hub and Cognitive services
Birdwatching using a Raspberry pi, Azure IoT Hub and Cognitive servicesJohn Staveley
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1Abe Arredondo
 
IoT-SecurityECC-v4
IoT-SecurityECC-v4IoT-SecurityECC-v4
IoT-SecurityECC-v4Abe Arredondo
 

Empfohlen

IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2John Staveley
 
Getting started with satellite IoT
Getting started with satellite IoTGetting started with satellite IoT
Getting started with satellite IoTJohn Staveley
 
IoT on Raspberry Pi
IoT on Raspberry PiIoT on Raspberry Pi
IoT on Raspberry PiJohn Staveley
 
Birdwatching using a Raspberry pi, Azure IoT Hub and Cognitive services
Birdwatching using a Raspberry pi, Azure IoT Hub and Cognitive servicesBirdwatching using a Raspberry pi, Azure IoT Hub and Cognitive services
Birdwatching using a Raspberry pi, Azure IoT Hub and Cognitive servicesJohn Staveley
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1Abe Arredondo
 
IoT-SecurityECC-v4
IoT-SecurityECC-v4IoT-SecurityECC-v4
IoT-SecurityECC-v4Abe Arredondo
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 
Azure Sphere
Azure SphereAzure Sphere
Azure SphereMirco Vanini
 
Crypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsCrypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsHannes Tschofenig
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Mirco Vanini
 
Brillo/Weave Part 2: Deep Dive
Brillo/Weave Part 2: Deep DiveBrillo/Weave Part 2: Deep Dive
Brillo/Weave Part 2: Deep DiveJalal Rohani
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiKuniyasu Suzaki
 
IoT Workshop in Macao
IoT Workshop in MacaoIoT Workshop in Macao
IoT Workshop in MacaoShigeru Kobayashi
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreveerababu penugonda(Mr-IoT)
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereMirco Vanini
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Hannes Tschofenig
 
Lecture 1 - Introduction to IoT
Lecture 1 - Introduction to IoTLecture 1 - Introduction to IoT
Lecture 1 - Introduction to IoTAlexandru Radovici
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Mirco Vanini
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSHASHANK WANKHADE
 
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysHow Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysPriyanka Aash
 
IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdfSudhanshiBakre1
 
The internet of things (io t) : IoT academy
The internet of things (io t) : IoT academy The internet of things (io t) : IoT academy
The internet of things (io t) : IoT academy AnkitThakkar46
 

Weitere ähnliche Inhalte

Was ist angesagt?

The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 
Crypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsCrypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsHannes Tschofenig
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Mirco Vanini
 
Brillo/Weave Part 2: Deep Dive
Brillo/Weave Part 2: Deep DiveBrillo/Weave Part 2: Deep Dive
Brillo/Weave Part 2: Deep DiveJalal Rohani
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiKuniyasu Suzaki
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereMirco Vanini
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Hannes Tschofenig
 
Lecture 1 - Introduction to IoT
Lecture 1 - Introduction to IoTLecture 1 - Introduction to IoT
Lecture 1 - Introduction to IoTAlexandru Radovici
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Mirco Vanini
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSHASHANK WANKHADE
 
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysHow Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysPriyanka Aash
 

Was ist angesagt? (20)

The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 Devices
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
 
Azure Sphere
Azure SphereAzure Sphere
Azure Sphere
 
Crypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsCrypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M Processors
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?
 
Brillo/Weave Part 2: Deep Dive
Brillo/Weave Part 2: Deep DiveBrillo/Weave Part 2: Deep Dive
Brillo/Weave Part 2: Deep Dive
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
 
IoT Workshop in Macao
IoT Workshop in MacaoIoT Workshop in Macao
IoT Workshop in Macao
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure Sphere
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0
 
Lecture 1 - Introduction to IoT
Lecture 1 - Introduction to IoTLecture 1 - Introduction to IoT
Lecture 1 - Introduction to IoT
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time password
 
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysHow Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days
 

Ähnlich wie Internet of things (IoT) Architecture Security Analysis

The internet of things (io t) : IoT academy
The internet of things (io t) : IoT academy The internet of things (io t) : IoT academy
The internet of things (io t) : IoT academy AnkitThakkar46
 
The internet of things (io t)
The internet of things (io t)The internet of things (io t)
The internet of things (io t)shashankvaidyar2
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxvoversbyobersby
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principlesardexateam
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxvrickens
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTSKS
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxmariuse18nolet
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdfonline Marketing
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET Journal
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts#essaywriting
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxinfosec train
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
Unit 3 - Internet of Things - www.rgpvnotes.in.pdf
Unit 3 - Internet of Things - www.rgpvnotes.in.pdfUnit 3 - Internet of Things - www.rgpvnotes.in.pdf
Unit 3 - Internet of Things - www.rgpvnotes.in.pdfShubhamYadav73126
 

Ähnlich wie Internet of things (IoT) Architecture Security Analysis (20)

IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdf
 
The internet of things (io t) : IoT academy
The internet of things (io t) : IoT academy The internet of things (io t) : IoT academy
The internet of things (io t) : IoT academy
 
The internet of things (io t)
The internet of things (io t)The internet of things (io t)
The internet of things (io t)
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principles
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
sample assignment
sample assignmentsample assignment
sample assignment
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
Unit 3 - Internet of Things - www.rgpvnotes.in.pdf
Unit 3 - Internet of Things - www.rgpvnotes.in.pdfUnit 3 - Internet of Things - www.rgpvnotes.in.pdf
Unit 3 - Internet of Things - www.rgpvnotes.in.pdf
 

Mehr von Daksh Raj Chopra

Prove/disprove of microphone used for targeting Ads
Prove/disprove of microphone used for targeting Ads Prove/disprove of microphone used for targeting Ads
Prove/disprove of microphone used for targeting Ads Daksh Raj Chopra
 
Foundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor ProjectFoundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor ProjectDaksh Raj Chopra
 
Foundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor ProjectFoundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor ProjectDaksh Raj Chopra
 
8 bit Multiplier Accumulator
8 bit Multiplier Accumulator8 bit Multiplier Accumulator
8 bit Multiplier AccumulatorDaksh Raj Chopra
 
Simulation of a Wireless Sub Network using QualNET
Simulation of a Wireless Sub Network using QualNETSimulation of a Wireless Sub Network using QualNET
Simulation of a Wireless Sub Network using QualNETDaksh Raj Chopra
 
MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...
MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...
MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...Daksh Raj Chopra
 
DTMF based Home Automation System
DTMF based Home Automation SystemDTMF based Home Automation System
DTMF based Home Automation SystemDaksh Raj Chopra
 
Advance Microcontroller AVR
Advance Microcontroller AVRAdvance Microcontroller AVR
Advance Microcontroller AVRDaksh Raj Chopra
 
DTMF based Home Applicance System
DTMF based Home Applicance SystemDTMF based Home Applicance System
DTMF based Home Applicance SystemDaksh Raj Chopra
 

Mehr von Daksh Raj Chopra (12)

Prove/disprove of microphone used for targeting Ads
Prove/disprove of microphone used for targeting Ads Prove/disprove of microphone used for targeting Ads
Prove/disprove of microphone used for targeting Ads
 
Foundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor ProjectFoundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor Project
 
Foundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor ProjectFoundations for New Champlain Bridge Corridor Project
Foundations for New Champlain Bridge Corridor Project
 
Maggi noodles Case Study
Maggi noodles Case StudyMaggi noodles Case Study
Maggi noodles Case Study
 
8 bit Multiplier Accumulator
8 bit Multiplier Accumulator8 bit Multiplier Accumulator
8 bit Multiplier Accumulator
 
Simulation of a Wireless Sub Network using QualNET
Simulation of a Wireless Sub Network using QualNETSimulation of a Wireless Sub Network using QualNET
Simulation of a Wireless Sub Network using QualNET
 
Safety guard for blind
Safety guard for blindSafety guard for blind
Safety guard for blind
 
Self Organizing Maps
Self Organizing MapsSelf Organizing Maps
Self Organizing Maps
 
MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...
MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...
MATLAB IMPLEMENTATION OF SELF-ORGANIZING MAPS FOR CLUSTERING OF REMOTE SENSIN...
 
DTMF based Home Automation System
DTMF based Home Automation SystemDTMF based Home Automation System
DTMF based Home Automation System
 
Advance Microcontroller AVR
Advance Microcontroller AVRAdvance Microcontroller AVR
Advance Microcontroller AVR
 
DTMF based Home Applicance System
DTMF based Home Applicance SystemDTMF based Home Applicance System
DTMF based Home Applicance System
 

Kürzlich hochgeladen

Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesMayuraD1
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxNadaHaitham1
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Call Girls Mumbai
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdfKamal Acharya
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdfAldoGarca30
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...Amil baba
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Servicemeghakumariji156
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdfKamal Acharya
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationBhangaleSonal
 

Kürzlich hochgeladen (20)

Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 

Internet of things (IoT) Architecture Security Analysis

  • 1. Concordia Institute for Information System Engineering (CIISE) Concordia University ​Internet of Things(IoT) Three Domain Architecture Security Analysis INSE-6150 PROJECT REPORT Submitted to: Prof. Dr. Jeremy Clark Date: 04/27//2018 MANAV CHAWLA & DAKSH RAJ CHOPRA chawlamanav@hotmail.com​ ​ dakshchopra15@gmail.com 40058312 40054446      
  • 2. IoT Three Domain Architecture Security Analysis  Abstract This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced by IoT devices are addressed along with newly Added Requirement for these devices. The Architecture which we will be using throughout our analysis is explained so as to a novice user. We will summarize the possible attacks and countermeasures for each and every domain followed by a developer friendly checklist to be followed for security. Introduction Smart Devices are a part of everybody’s life now, Five years back we never pictured our home making decisions on our own, Devices reading our thoughts and making decision based on our schedule but today We cannot go out without Google Assistant pinging us up at 9:00 am with work directions or my smart watch reminding me to drink water. Internet of Things is Interconnection of Network of these cyber physical devices or so called smart devices with the aim to make them smarter. Controlling them via apps is just a start and data analytics to improve the product so as to create a product that knows me better than anyone else. Human’s behaviour is sometimes so predictable and sometimes hard to guess. Your device will know you better than your friend soon. main usage of smart devices is for personal growth and for ease of use. IoT will help you save time for eg:- say you are out of milk, your fridge will alert the Grocery store and they make the item ready to be picked up, your phone sends you the location of the store and your car drive itself to that store while you sit back and eat your nutella.
  • 3. Motivation Hacking via your smart device is one thing and using your Toaster to do this is the next big Thing, The Sandwich it makes might be burned but you can depend on it to exploit that buffer overflow bug. We are into an era of Internet of Thing (IoT), where everything is digitally connected to gather information and help making appliances systematic and easy to use for us. Just like guns were created for peace, and the world does its job to think critically and creatively, There always are consequences of what we made and how the world perceive it . Attackers have created their way through these smart devices as well. The Power of these Devices and their capability are limited thus these are more prone to Attackers as the level of security is offers is Not as much as our smartphones.The following address the few issues we have faced in the Past Times. So let's start with the consumer issues we face in IoT. With no encryption and zero authentication check, the attacker can use reverse engineering and send commands to the API which people generally don’t check . Attacker was able to read the packets and camera system was compromised. As the devices have no firewall attached, The attacker manipulated these devices to perform DoS attack on Dyn registrar bringing websites like twitter down in 2015. .This is the time when should think about the importance of security in IoT. The data going through all the devices. Where are they storing this data? Do they encrypt this data?. Generally, On the local network, if you just know the user ID, you have the access to the data. Data leakage amongst the devices is very common in the recent past times. Adding encryption to the data adds a little cost to product, which the company generally wants to avoid. IoT devices are generally made by the startups which are crowd funded or on a very little budget. They want to invest more on the device than to spend on its security. The Future is unpredictable but statistics are never wrong , we can still guess what the future holds for smart devices:- ● Even today it is not easy to keep just two devices a Mobile and a PC fully updated all the time with the latest version of OS and Application, just imagine a situation when we are loaded with many devices around us and keeping them free from the security bugs. ● The volume of data will be so much that it would be difficult to track and identify the suspicious traffic over the network. Missing such incidents will make a huge dent over the larger network. ● Even today the number of cyber attacks are so much that there is not even one day when we don’t have an attempt to barge the internet security. With the rise of IoT, such phishing and attacks will be definitely on the rise. ● IPv6 is still not fully perfected even though it has been there for quite some time, leave apart its complete implementation. With IoT in place, the threat is new and unknown. We might something that has much higher and effective security than that of IPv6. There are more reasons yet to be found as security and exploit goes hand to hand which we have witnessed over the past decade.
  • 4. IoT security challenges IoT though being a computer system has some limitation and scalability issues which makes it somewhat different than the challenges faced by a smartphone or Computer. It already faces the challenges of current cyber Security along with that some specific IoT challenges are worth mentioning. ​IoT has unique characteristics and constraints when it comes to designing efficient defensive mechanisms against cyber-security threats that can be summarized by the following: ● IoT relies on microcontrollers with limited memory and computational power. This often makes it impractical to implement approaches designed for powerful computers. This in turn requires constrained IoT devices to be hidden behind secure gateways. ● Anything that is exposed to the Internet must be securely software upgradable. Proper Signature and encryption with high speed data delivery has so much constrain on the small computational device ● Threats based upon gaining physical access to IoT devices. The size of certain smart devices are smaller than a computer or even a smart phone while other could be secure at your place. ● User experience must be good enough to avoid becoming a weak link in the chain. ● The necessity of keeping up to date with security best practices.Our smart devices OS and computer OS provide tons of Updates ust to keep us secure is it feasible for small cheaper smart device to follow this process as a single person is soon going to own 5 smart device each, ● Lots of sensors will generate a vast amount of data although this varies by domain but the big data generated and used for analytics has various privacy and security challenges that should be kept feasible for the near future. IoT Security Requirements IoT Security Demands Some new Requirements along with those CyberSecurity Requirements of Confidentiality, Integrity, Authentication,Availability and Authorization.These are mentioned and Explained below:- ● Freshness​: The data generated should be fresh i.e. the attacker must not be able to return an entity into its old state using old data. ● Non-repudiation​: It ensures that an entity cannot deny an action that it has performed.If an object forwarded a message it has to Accept it. ● Forward Secrecy​: It ensures that after we leave the department, we should not be able to hear communication happening inside the department. ● Backward Secrecy​: It ensures that any new object that joins the network, it will not be able to communication that happened before its joining.
  • 5. The Three Domain Architecture In Order to Understand the possible attacks and Exploits the architecture we are using for our evaluation must be clear. Evaluating IoT security is a very vast domain, so as to ​To achieve end-to-end security within an IoT solution, security must be a priority across all of the layers of our IoT architecture. ​Adopting a multi-tiered architecture allows you to focus on improving your understanding about how all of the most important aspects of the architecture operate independently before you integrate them within your IoT application. For our analysis we are considering the three Domain Architecture:- 1. ​Device Domain​ - This Domain is made up all the Smart Devices, These Devices are expected to change their Environment over time. SMart Devices Senses all the data and they forward the data to Edge Domain, This Domain also have actuators Responsible for acting on the decisions made. 2. ​Edge Domain - Devices in this domain are allocated one or more smart devices.Edge Domain Devices are typically responsible for performing operations on the data collected included preprocessing, filtering and Aggregation.As Devices change there location over time edge domain devices are also connected to each other so as to coordinate the smart object. 3. ​Cloud Domain - Cloud Domain is composed of large number of servers that have dedicated Virtual Machines(VMs) for each device and they are generally powerful system created to perform analytics. They have dashboards(or device management pages) for each device as well.
  • 6. Attacks on IoT Cloud Domain Attacks On Cloud Servers , each Application is Dedicated one or more VMs where each VMs is assigned to one or more servers in the data center and gets certain CPU and memory resources allocation.HyperVisor is Responsible for monitoring those VMs and allocates the shared hardware. It also Creates logical separation among VMs and also from the underlying hardware. Cloud The Following attacks are possible on this domain:- 1. ​Hidden-Channel Attacks​: VMs Share some hardware Components among each other majorly the cache. So possibility for data breach and leakage among VMs is high . Steps Followed:- A. Map Target VM​: The Attacker try to locate the VM’s exact zone and server. The attacker rents VM in the same cluster using external IP B. Malicious VM placement​:The attacker places a malicious VM drive and traceroute to determine whether the location is correct or not, else released the VM and send another one. C. Cross VM-Data leakage​: Attacker uses cache and side channel time attack to Determine the Memory address used by Targeted VM. 2. ​VM Migration Attacks​: Data center supports live VM Migration service from one server to another. A. Control Plane attack​: By exploiting the Bug in the migration module software, the attacker can hack the server and take control over the module.migration module is responsible for handling the migration process.The attacker either moves more VMs than the capacity of server causing Denial of service or the attacker advertise high resource availability of one of the server he already controls causing all VMs to follow. B. Data Plane attacks​: Attacker targets the network links over which the VM is moved from one server to another this can be done by packet sniffing or Man in the middle attack. 3. ​Theft-of-Service Attack​: Malicious VM Demands more resources than the share it is supposed to obtain causing other VMs performance degrade. 4. ​VM Escape Attack​: Malicious VM gain root access by exploiting software bug and breaking the isolation.VM escape the hypervisor layer and now have the full access.
  • 7. 5. ​Insider Attack​: Data centre administrator have ability to access and modify collected data. Extremely sensitive data require extra care and cannot be placed in the hands of third party centres. We tested our Attacks on the basis of the requirements of IoT and here is the summary Attack Security Violation Hidden Channel ATtack VM Migration Attacks Theft-of Service Attack VM escape Attack Insider Attack Confidentiality Integrity Availability Non-Repudiation Edge Domain Devices Edge Devices or fog devices collects the sensing data that is reported from a set of smart objects. The fog device performs different operations on the collected data. Edge Devices share a lot of attacks and issues faced by Cloud domain The following Privacy or security concerns are applicable to this domain:- 1. Authentication and Trust​: The identity of the owner of the fog device is the major concern, whether is should be trusted or not by the smart device, the smart device .As the location of smart device is not fixed and different fog devices are assigned to it over time.Selecting a trustworthy fog device is a hard decision. 2. Migration Security attack : similar to the cloud domain, but the risk is higher here as migration is over the Internet not the VPN. 3. DoS Attack​: Fog devices does not generally have firewalls and has limited resources and power, thus attacking devices are way easier. 4. Container Threat​: A fog device may choose container over a VM so as to serve more Smart Device,Container share same Operating System among the different devices. THis raises more security concerns for data leakage and Hijacking. Attack Security Violation Authentication and Trust Migration Security Attack DoS Attack Container Threat Confidentiality Integrity Availability Authentication
  • 8. Devices Domain Attacks Smart Devices consist of sensors that view the world as some numerical equation. The data is collected and sent to the fog devices, fog device perform some processing and send response to ​actuators which are responsible for performing some action like changing temperature or simple beep. Smart Device send data directly to fog devices or in a multi-hop fashion by using other smart devices. The Following Attacks are possible in Device domain layer:- 1. Jamming Attack : When Malicious user called jammer emits a signal that interferes with the legitimate signal.The Signal degrades the quality of signal if receiver is attacked or blocks the signal from transmitting if sender is jammed. The physical layer in the OSI stack of the device is the target for this attack. 2. Vampire Attack​: Certain smart devices like smart watch , fitness bands and other wireless devices have very limited battery life, Vampire Attacks as the name suggests drain the battery by making the device misbehave in a way that consumes extra power. a. Denial of Sleep​: smart devices are designed with a capability to switch to sleep mode when not in use, in this exploit the attacker prevents the smart device to enter into deep sleep mode. b. Flooding attack​: Adversary floods the smart device(multihop) with packets to be delivered to the fog device, making it consume extra amount of battery. c. Carrousel Attack​: If SOurce Routing is Supported, the Attacker makes the packet to route back and forth from the same target leading to power waste. d. S​tretch Attack​: If Source Routing is not supported then attacker can still select the longest possible path covering every node in order to increase the power consumption of theses devices. 3. Selective-Forwarding Attack​: Smart Devices Does not generally have high transmission rate, thus they rely on the multihop networks for delivery of packets to fog device. A malicious object is placed in the hop network and this object is expected to forward only a portion of packet to next hop causing it to resend again and again. 4. Sinkhole Attack​: A Malicious object portray as having the shortest path to fog device, causing other device to use his pathway and then the attacker can look into the packets if sent unencrypted or can perform selective forwarding attack. Attack Security Violation Jamming Attack Vampire Attack Selective Forwarding Attack Sinkhole Attack Confidentiality Availability Freshness
  • 9. Preventive Measures of IoT Attacks Cloud Domain Measures The following measures or defense can be used against ​Hidden-Channel Attacks:- 1. Hard Isolation: The basic idea behind this preventive technique is to maintain high levels of isolation among the VMs. One way to do this is to complete isolate the cache dedicated for each VM, without being said this is really hard to achieve because the data in the cloud is shared and if this is not achieved there will be underutilization of servers in the cloud. A better way to achieve hard isolation is by letting each cloud client specify a list of trusted cloud users called the white list. The cloud client is fine with sharing the server with only the VMs belonging to the whitelist users. New algorithms are needed in that case to decide what sever each VM should be placed such that only VM belonging to whitelist share the memory. 2. Cache Flushing: This technique flushes the shared cache every time the allocation of the cache is switched from a VM to another. The downside of this countermeasure is that the VMs running on the server will experience frequent performance degradation as the shared cache will be emptied 8.5 Cloud Domain Attacks and Countermeasures 203 every time a switch from a VM to another occurs, which increases the time needed to access and fetch data due to higher cache misses. 3. Noisy Data Access Time: This technique adds random noise to the amount of time needed to fetch data, which makes it hard to tell whether or not the data was fetched from the cache or from the memory. This helps us in the way that the attacker won’t be able to know if the data was fetched from another VM that shares the same server. But adding noise to the data, it also adds time to fetch the data. 4. Limiting Cache Switching Rate: A relief system to constrain the measure of information that can be spilled crosswise over VMs can be accomplished by constraining how regularly the store is changed from a VM to another. The thought here is that if the store isn't changed from a VM to another too early, at that point the VM that has the store will adjust the substance of the where different lines of store will be supplanted different circumstances. This makes it hard for another VM to achieve fine-grained information of what information the past VM has gotten to while testing the reserve. The following measures or defense can be used against ​VM Migration Attacks:- 1. Server Authentication: We need to authenticate the servers while the VM migration is going on since in this process live data is transferred in some other VM. This is done by transmitting the memory of one VM server to another. So, if no authentication is done then the malicious attacker will be able to read all the content on this VM.
  • 10. 2. Encrypting migrated memory pages: When the VM migration is going on, before doing that we can encrypt the memory pages, which helps in the way that if attacker is seeing the data in the migration process, it will be no use to him as all the memory pages will be encrypted. This measure doesn’t affect the performance as much and will be a good security measure for the migration. The following measures or defense can be used against ​Theft-of-Service Attacks:- 1. Fine-grain sampling using high precision clocks​: This measure helps in a way that since the malicious attacker assigns more resources to the hypervisor totally than to share it. So by using these high precision clocks we can do the sampling of resources to the hypervisor by giving it a limited time for the resource allocation.
  • 11. 2. Random sampling​: This is another good technique to randomly allocate the resources to the hypervisor so that no more resources can be added to it by anyone and everything will be distributed evenly in the VM. It will help us if the attacker wants to give more resources, he will not be able to do so. The following measure can be used against ​VM escape Attacks:- Add an isolation domain between the hypervisor and hardware: An example of such techniques is CloudVisor which basically adds an extra isolation layer between the hardware and the hypervisor through nested virtualization that prevents the malicious VM from obtaining the root privileges even if it bypasses the hypervisor layer. Other architecture solutions were also proposed to avoid VM Escape attacks. The following measures or defense can be used against ​Insider Attacks:- 1. Homomorphic Encryption: It is a type of encryption that allows computations on ciphertext, hence generating an encrypted result. So when it is decrypted, it matched the result of operation as if they were performed on the plaintext. Applying this, in the IoT allows cloud servers to perform the necessary processing operations on the encrypted data that is collected from the smart devices without giving the cloud servers the ability to interpret neither the input data nor the result as they are both encrypted using a secret key that is not shared with the cloud. Only the smart objects and the user running the IoT application can interpret these data as they have the key needed for decryption. 2. Secret storage through data chopping and permutation based on a secret key: Another form of protection against insider attacks is to chop the data collected by the smart object into multiple chunks and then to use a secret key to perform certain permutations on those chunks before sending the data to the cloud servers. This allows storing the data on the cloud servers in an uninterpretable form for the cloud administrators. Only authorized entities that have the secret key can return the stored data to an interpretable form by performing the correct permutations.
  • 12. Edge Domain Measures Edge devices uses the same VM or container concept of Cloud domain thus the same measures can be used for Edge devices along with an Obfuscator device that prevents Information leakage by by emitting signals that make it hard for an unauthorized receiver to infer the amplitude, the frequency, and the time shift of the originally signals. The obfuscator does not only prevent such leakages but also acts as a relay that rebroadcasts some of the sent messages which increases the transmission rate between the sensing objects and the fog domain. Device Domain Measures The following measures or defense can be used against ​Jamming Attack:- 1. Frequency Hopping: ​This is a technique when the sender and receiver switch from a frequency to another in order to escape from any possible jamming signal. This switching is based on a random sequence. If the attacker comes to know about this, he will try to switch the frequency and collide with same frequency. But since it’s a 2 person game, the chances of him colliding in the same frequency is very less. 2. Spread Spectrum: This technique uses a hopping sequence that converts the narrow band signal into a signal with a very wide band, which makes it harder for malicious users to detect or jam the resulting signal. This technique is also very efficient when the transmitted data is protected by an error correction technique as it allows the reconstruction of the original signal even if few bits of the transmitted data was jammed by the attacker. 3. Directional Antennas: The use of directional antennas can mitigate jamming attacks from being successful as the sender and receiver antennas will have less sensitivity to the noise coming from the random directions that are different from the direction that connects the sender and the receiver. 4. Jamming Detection: Different detective techniques were proposed in the literature to detect jamming attacks. The receiver can detect that it is a victim of a jamming attack by collecting features such as the received signal strength (RSS) and the ratio of corrupted received packets. Advanced machine learning technique can then be used to differentiate jamming attacks from the degradation caused by the poor quality of the channel due to normal changes in the wireless link. The following measures or defense can be used against ​Vampire Attack:- 1. Rate limitation: This technique is widely used in the datacenters on the hypervisor layer. This is done to dedicate more resources to the rate limiters in the sense to enhance performance and control the rate of traffic. 2. Monitor whether or not the forwarded packets are making progress towards their destination: By this way, we can check if the packets being sent are received by the receiver or not. If they are no making any progress then some on stealing packets in between and data is being sent to the attacker. The following measures or defense can be used against ​Selective Forwarding Attack:-
  • 13. 1. Path Redundancy: The longer the path, more are the chances that there is a man in middle to read all the data travelling in that path. Path redundancy helps in successful packets sent to the receiver since, the distance is shot making it less vulnerable to any attack. 2. Choose certain intermediate objects as checkpoints to acknowledge received packets: This technique will ensure that the packets sent are received at every node. If there is a reduction in received packets then keeping intermediate objects as checkpoints, we can check where is the attacker and can fix that part. The following measure can be used against ​Sinkhole Attack:- Analyze the collected routing information from multiple objects: Another technique to know about the packets received are equal to the packets sent from different objects in the network. Conclusion Consumer should now indulge in simple practice to update passwords, softwares of these current generation smart devices and manually check if its correct manufacturer version or not.The user must also follow proper guidelines described by manufacturer for creating a secure environment. We have created a checklist practice for developer to follow based on Countermeasures to be followed for up for upcoming products. The current Generation of IoT devices made the manufacturers lot to learn from the security perspective, so for the next wave of devices the following is a mandatory checklist:- 1. Authentication​: Routers when first launched came with a default open link and “admin“ password but now they are more secure by a complex set of initial password because over the period of time the manufactures learned and implemented the same should be followed for now smart devices. 2. Debug​: Manufactures have bad habit of leaving debug access enabled on certain devices with some hardcoded password and non standard port but attacks are one step ahead it will eventually be discovered and exploited when physical access to device is granted. So no debug mode. 3. Encryption​: The world would be so simple if humans start trusting each other and we stop investing in the cyber crime world probably in some parallel universe. Sending unencrypted packets to other smart device/fog device or cloud device was a bad idea. All communications between an IoT device and the cloud need to be encrypted. Use SSL/TLS where appropriate. 4. Privacy​: Ethical consideration is added whenever the term privacy is used. The data stored in cloud server and used for analytics must be encrypted with the least amount of personal data possible or better use links rather than real information. 5. Web Interface​: Any web or app interface to communicate with the smart device must be protected from other cyber security web attacks.
  • 14. 6. Firmware updates​: Frequent security patches are a must for current and future generation devices. Bugs in code can be exploited and may cause security concerns. Therefore all IoT devices should support Over-The-Air (OTA) updates along with Signature verification. The following covers enough for the next generation devices. The next gen devices will open up new but hard to crack portals for attackers leading to more extended research on the security of IoTs. References 1. Ammar Rayes, Salam Samer (auth.), “Internet of Things From Hype to Reality: The Road to Digitization ​[1 ed.]” 2. https://www.ibm.com/developerworks/library/iot-lp201-iot-architectures/ 3. https://www.w3.org/Talks/2016/0614-iot-security.pdf 4. https://www.androidauthority.com/iot-security-gary-explains-727977/ 5. https://medium.com/@Willitchang/bankex-iot-and-financial-revolution-660cc2e0584a 6. https://www.quora.com/Is-there-any-good-tutorial-resource-to-understand-Homomor hic-Enc 7. ryption-from-scratch-OR-any-flow-of-background-study-to-understand-it 8. https://wso2.com/library/articles/2017/09/securing-communication-between-devices-and-t he-iot-platform/ 9. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/perform ance/encrypted-vmotion-vsphere65-perf.pdf 10. https://en.wikipedia.org/wiki/Rate_limiting 11. https://en.wikipedia.org/wiki/Homomorphic_encryption