Internet of Things IoT Security Tutun Juh Telecommunication Engineering Depart School of Electrical Engineering & Informa Institut Teknologi Ban | Conference , 22 June 2015 ter Science Dept., Faculty of Mathematics and Natural Sciences tut Pertanian Bogor
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Internet of Things
IoT
Security
Tutun JuhanaTelecommunication Engineering Department
School of Electrical Engineering & InformaticsInstitut Teknologi Bandung|
Mini Conference , 22 June 2015Computer Science Dept., Faculty of Mathematics and Natural SciencesInstitut Pertanian Bogor
Analyze privacy impacts to stakeholders and adopt a Privacy-by-Design approach to IoT development and deployment
Apply a Secure Systems Engineering approach to architecting and deploying a new IoT System
Implement layered security protections to defend IoT assets
Implement data protection best-practices to protect sensitive information
Define lifecycle controls for IoT devices
Define and implement an authentication/authorization framework for the organization’s IoT Deployments
Define and implement a logging/audit framework for the organization’s IoT ecosystem
Further reading: Security Guidance for Early Adopters of the Internet of Things (IoT), CSA, April 2015
16/22
Cyber Security Pillars for Internet of Things Products
Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond, Prepared by: Ollie Whitehouse 17/22
“Conventional Security” Tech doesn’t applied to IoT• The longevity of the device
• Updates are harder (or impossible)
• The size of the device• Capabilities are limited – especially around crypto
• The fact there is a device• Usually no UI for entering userids and passwords
• The data• Often highly personal
• The mindset• Appliance manufacturers don’t think like security experts
• Embedded systems are often developed by grabbing existing chips, designs, etc
Securing the Internet of Things, Paul Fremantle, Paul Madsen 18/22
Device Classes – IETF RFC 7228 • Class 2: • Data size (memory): 50 KB• Code size (flash, disk): 250 KB • Can interact with Internet nodes. Example protocol: HTTP-over-SSL/TLS
• Class 1: • Data size (memory):10 KB • Code size (flash, disk): 100 KB • May interact with Internet nodes. Example protocol: CoAP-over-DTLS
• Class 0: • Data size (memory): <<10 KB• Code size (flash, disk): <<100 KB • Depend on intermediaries (e.g. class 1 or 2 components) to interact with
Internet nodes 19/22
Crypto
Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13