SlideShare une entreprise Scribd logo
1  sur  69
Télécharger pour lire hors ligne
Will Internet of Things
be Secure Enough ?
https://www.youtube.com/user/dastikop
Ravindra Dastikop
http://dastikop.blogspot.in
Internet of Things
A new World of CONNECTED Objects
IoT SESSIONS
Session 1
Web Architecture for an Internet of Things
Session 2
Will IoT be Secure Enough?
Session 3
Applications of IoT
Session 4
Research Directions in IoT
Will IoT be secure enough?
Session 2
ISSUE
• Privacy and Security are major
challenge in building IoT ecosystem
• They are source of friction on the
path to adoption.
AGENDA
• The IoT World Described
• The Security Architecture
• layers
• challenge
• solutions
• Conclusion
IoT Described
The main concept of IoT is the ability to
connect loosely defined smart objects and
enable them to interact with
• other objects,
• the environment, or
• more complex and legacy computing
devices
IOT: Communication Infrastructure
The communication infrastructure will be
based on an extension of the Internet,
which will enable transparent use of object
resources across the globe.
An IOT enabled world
Smart objects will densely populate human life and
human environment, interacting both by providing ,
processing and delivering any sort of information or
command
objects in the environment will be able to tell us about
themselves, their state, or their surroundings and
can be used remotely
An IOT enabled world
Sensors will be integrated in buildings,
vehicles, and common environments, carried
by people and attached to animals and will
communicate among them locally and
remotely in order to provide integrated
services.
IoT : Examples
• Mobile devices can adopt silent mode when entering a
meeting room if this is the request of the meeting
moderator
• Alert user and turn-off the radio before entering sensitive
medical areas or
• detect when user enters the car and connect to its sound
systems
• Wireless sensors could let people check where their pet is
real-time as well as control the temperature of each room
of their home while they are out
IoT : Examples
• Emergency services could be remotely and
automatically altered if fire is detected in a
building or if a patient’s medical parameters
drop beyond a critical threshold
The Consequence
With such a deep penetration of technology
which will introduce a new kind of
automation and remote interaction, it will
surely pose new security and privacy
challenges.
Security in IoT
1. In IoT security is inseparable from safety
2. Whether accidental or malicious,
interference in the controls of
1. a pacemaker, or
2. a car or nuclear reactor poses a threat
to life.
The Interaction Time
You may Pose Questions
Now
The Security Architecture
Security architecture
Reference: Security in the Internet of Things: A Review
Perceptual Layer
• The most basic level is the perceptual layer (also known
as recognition layer), which collects all kinds of
information through physical equipment and identifies
the physical world, the information includes object
properties, environmental condition etc; and physical
equipments include RFID reader, all kinds of sensors, GPS
and other equipments.
• The key component in this layer is sensors for capturing
and representing the physical world in the digital world.
Network Layer
• The second level is network layer. Network layer is
responsible for the reliable transmission of information
from perceptual layer, initial processing of information,
classification and polymerization.
• In this layer the information transmission is relied on
several basic networks, which are the internet, mobile
communication network, satellite nets, wireless network,
network infrastructure and communication protocols are
also essential to the information exchange between devices
Support Layer
• The third level is support layer. Support layer will set
up a reliable support platform for the application
layer.
• On this support platform all kind of intelligent
computing powers will be organized through network
grid and cloud computing.
• It plays the role of combining application layer upward
and network layer downward.
Application Layer
• The application layer is the topmost and terminal
level.
• Application layer provides the personalized services
according to the needs of the users.
• Users can access to the internet of thing through the
application layer interface using of television, personal
computer or mobile equipment and so on.
Security architecture
Reference: Security in the Internet of Things: A Review
The Interaction Time
You may Pose Questions
Now
The Security Architecture
Challenges
Perceptual Layer
• Usually perceptual nodes are short of computer power and
storage capacity because they are simple and with less power.
• Therefore it is unable to apply frequency hopping communication
and public key encryption algorithm to security protection.
• And it is very difficult to set up security protection system.
• Meanwhile attacks from the external network such as deny of
service (DOS) also bring new security problems.
• on the other hand sensor data still need the protection for
integrity, authenticity and confidentiality.
Network Layer
• The core network has relatively completely safety
protection ability,
• But Man-in-the-Middle Attack and counterfeit attack
still exist,
• meanwhile junk mail and computer virus cannot be
ignored, a large number of data sending cause
congestion.
Therefore security mechanism in this level is very
important to the IoT.
Support Layer
This layer does the mass data processing and
intelligent decision of network behavior in
this layer, intelligent processing is limited for
malicious information, so it is a challenge to
improve the ability to recognize the
malicious information.
Application Layer
• In this level security needs for different
application environment are different,
• data sharing is that one of the
characteristics of application layer,
• which creating problems of data privacy,
access control and disclosure of
information.
The Security Architecture
Requirements
Security requirements in each level
Perceptual Layer-1
• At first node authentication is necessary to
prevent illegal node access;
• secondly to protect the confidentiality of
information transmission between the
nodes, data encryption is absolute
necessity;
Perceptual Layer-1
• The data encryption key agreement is an important
process in advance; the stronger are the safety
measures, the more is consumption of resources, to
solve this problem, lightweight encryption technology
becomes important, which includes Lightweight
cryptographic algorithm and lightweight cryptographic
protocol.
• At the same time the integrity and authenticity of
sensor data is becoming research focus.
Network Layer-1
• In this layer existing communication security
mechanisms are difficult to be applied.
• Identity authentication is a kind of
mechanism to prevent the illegal nodes, and it
is the premise of the security mechanism,
confidentiality and integrality are of equal
importance, thus we also need to establish
data confidentiality and integrality
Network Layer-2
Besides distributed denial of service attack
(DDoS) is a common attack method in the
network and is particularly severe in the
internet of thing, so to prevent the DDOS
attack for the vulnerable node is another
problem to be solved in this layer.
Support Layer
• Support layer needs a lot of the application
security architecture such as cloud
computing and
• secure multiparty computation, almost
all of the strong encryption algorithm and
encryption protocol, stronger system
security technology and anti-virus.
Application Layer
To solve the security problem of application layer, we need
two aspects.
• One is the authentication and key agreement across
the heterogeneous network,
• the other is user’s privacy protection.
• In addition, education and management are very
important to information security, especially password
management
The Importance of IoT Security
• In summary security technology in the IoT is
very important and full of challenges.
• On the other hand laws and regulations
issues are also significant.
IOT Security Scenarios- 1
1. In a factory floor automation, deeply embedded
programmable logic controllers (PLCs) that
operate robotic systems are typically integrated
with the enterprise IT infrastructure
2. How can those PLCs be shielded from human
interferences while at the same time
protecting the investments in the IT
infrastructure and leveraging the security
controls available
IOT Security Scenario-2
1. Control systems for nuclear reactors are
attached to infrastructure.
2. How can they receive software updates or
security patches in a timely manner
without impairing functional safety or
incurring significant recertification costs
every time a patch is rolled out
IOT Security Scenarios- 3
1. A smart meter – one which is able to send energy
usage data to the utility operator for dynamic billing
or real-time power grid optimization-
2. This must be able to protect that information from
unauthorized usage or disclosure.
3. Information that power usage has dipped could
indicate that home is empty, making it an ideal
target for a burglary or worse.
The Interaction Time
You may Pose Questions
Now
The Security Architecture
Features
Security and privacy issues
● Resilience to attacks
● Data Authentication
● Access Control
● Client privacy
Security and privacy issues
● Resilience to attacks
○ the system has to avoid single
points of failure and adjust itself
to node failures
Security and privacy issues
● Data Authentication
○ As a rule, retrieved address and
object information must be
authenticated
Security and privacy issues
● Access Control
○ Information providers must be
able to implement access control
on the data provided
Security and privacy issues
● Client privacy
○ measures need to be taken that only the
information provider is able to infer
from observing the use of the lookup
system related to a specific customer; at
least inference should be very hard to
conduct
The Interaction Time
You may Pose Questions
Now
The Security Architecture
Solutions
Building Security for IoT
1. No one single control is going to adequately protect
a device in an IoT environment.
2. Hence, a multi-layered approach to security that
starts at the beginning when the
1. power is applied,
2. establishes a trusted computing baseline and
3. anchors that trust in something that can not be
tampered with.
Building Security for IoT
Security must be addressed throughout the device
lifecycle, from initial design to the operational
environment
1. Secure booting
2. Access control
3. Device authentication
4. Firewalling and IPS
5. Updates and patches
Secure Booting
•When power is first introduced to the device, the
authenticity and integrity of the software on the device is
verified using cryptographically generated digital
signature.
•A digital signature attached to the software image and
verified by the device ensures that only the software that has
been authorized to run on that device, and signed by the
entity that authorized it , will be loaded
•The foundation of trust has been established , but the
device still needs protection from various run-time threats
and malicious intentions
Access Control
• Different forms of resource and access
control are applied.
•Mandatory or role-based access controls
built into the operating system limit the
privileges' of device component and
applications so they access only the
resources they need to do their jobs.
Device authentication
• When a device is plugged into network, it
should authenticate itself prior receiving
or transmitting data.
• Machine authentication is similar to user
authentication
Firewalling and IPS
The device needs a firewall or deep packet
inspection capability to control traffic that
is destined to terminate at the devices.
Example: smart energy grid
Updates and patches
Once the device is in operation, it will start
receiving hot patches and software
updates. software updates security patches
must be delivered in such a way that
conserves the limited bandwidth and
internet connectivity of an embedded device.
The Interaction Time
You may Pose Questions
Now
Security requirements in each level
Conclusions
• Privacy and security are essential features
of modern networks.
• Internet of Things is no exception
• Industry has built different security
approaches to ensure security and privacy
The Security Architecture
Additional Dimensions
Secure Multi-party computations( SMC)-1
• Internet of Things will create tremendous
opportunities to improve people’s lives. The core
property of most ubiquitous applications is the ability
to perform joint cooperative tasks involving
computations with inputs supplied by separate parts or
things.
• These computations are performed by mutually
untrusting parties on inputs containing private
information containing user’s daily activities.
•
Secure Multi-party computations( SMC)-2
• Secure Multi-party computations may become a
relevant and practial approach that should be
considered as a technological enforcement to protect
user’s privacy
• Secure multi-party computation (also known as
secure computation or multi-party computation
(MPC)) is a subfield of cryptography with the goal to
create methods for parties to jointly compute a
function over their inputs, and keeping these inputs
private.
Privacy enhancing Technologies ( PET)
• Virtual Private network(VPN)
• Transport layer Security ( TLS)
• DNS Security Extensions
• Onion Routing
• Private Information Retrieval (PIR)
IoT in Action
The
Conclusion
Conclusions
• IoT security design should enable an open, pervasive
and interoperable yet secure infrastructure
• For the sake of privacy and flexibility, IoT or smart
objects must be capable of implementing individual,
user set policies
• Infrastructural security services should be accessible
transparently and regardless of the connection uses by
nomadic smart IoT objects
References
• An Overview of Privacy and security Issues in the
Internet of Things- Carlo Maria Medaglia and
Alexandru Serbanati
• Internet of Things and Privacy Preserving
Technologies- Vladimir Oleshchuk
• Internet of Things- New Security and Privacy
Challenges- Rolf H. Weber
End of Session 2
Questions
Upcoming SESSIONS
Session 3
Applications of IoT
Contact Information
Visit
http://dastikop.blogspot.in
email: ravindra.dastikop@gmail.com
http://youtube.com/user/dastikop

Contenu connexe

Tendances

IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoTAmit Dev
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Internet of things (iot)
Internet of things (iot)Internet of things (iot)
Internet of things (iot)sankar s
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
Intro to wireless sensor network
Intro to wireless sensor networkIntro to wireless sensor network
Intro to wireless sensor networkVrince Vimal
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 

Tendances (20)

IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoT
 
IoT security
IoT securityIoT security
IoT security
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
 
Internet of things (iot)
Internet of things (iot)Internet of things (iot)
Internet of things (iot)
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Intro to wireless sensor network
Intro to wireless sensor networkIntro to wireless sensor network
Intro to wireless sensor network
 
Iot
IotIot
Iot
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solution
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT security
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 

Similaire à Will Internet of Things (IoT) be secure enough?

Internet of Things IoT Security Perspective
Internet of Things IoT Security PerspectiveInternet of Things IoT Security Perspective
Internet of Things IoT Security Perspectiveijtsrd
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsBHAVANA KONERU
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT ssk
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTRAJESHWARI M
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
Chapter-5.pptx
Chapter-5.pptxChapter-5.pptx
Chapter-5.pptxRenu875977
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docxballolliemin
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentDr. Amarjeet Singh
 
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...IRJET Journal
 
IOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSIOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSDineshV95
 
Unit 6 Final ppt (1).ppt
Unit 6 Final ppt (1).pptUnit 6 Final ppt (1).ppt
Unit 6 Final ppt (1).pptnadoje
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
Security Requirements in IoT Architecture
Security	Requirements	in	IoT	Architecture Security	Requirements	in	IoT	Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
IRJET- Authentication and Context Awareness Access Control in Internet of Things
IRJET- Authentication and Context Awareness Access Control in Internet of ThingsIRJET- Authentication and Context Awareness Access Control in Internet of Things
IRJET- Authentication and Context Awareness Access Control in Internet of ThingsIRJET Journal
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...cyberprosocial
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 

Similaire à Will Internet of Things (IoT) be secure enough? (20)

Internet of Things IoT Security Perspective
Internet of Things IoT Security PerspectiveInternet of Things IoT Security Perspective
Internet of Things IoT Security Perspective
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
Internet of Things Forensics
Internet of Things ForensicsInternet of Things Forensics
Internet of Things Forensics
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Chapter-5.pptx
Chapter-5.pptxChapter-5.pptx
Chapter-5.pptx
 
Network security
Network securityNetwork security
Network security
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docx
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT Environment
 
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
 
IOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSIOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITS
 
Lecture 11
Lecture 11Lecture 11
Lecture 11
 
Unit 6 Final ppt (1).ppt
Unit 6 Final ppt (1).pptUnit 6 Final ppt (1).ppt
Unit 6 Final ppt (1).ppt
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
Security Requirements in IoT Architecture
Security	Requirements	in	IoT	Architecture Security	Requirements	in	IoT	Architecture
Security Requirements in IoT Architecture
 
IRJET- Authentication and Context Awareness Access Control in Internet of Things
IRJET- Authentication and Context Awareness Access Control in Internet of ThingsIRJET- Authentication and Context Awareness Access Control in Internet of Things
IRJET- Authentication and Context Awareness Access Control in Internet of Things
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-Review
 

Plus de Ravindra Dastikop

1. Digital india: A Resident approach
1. Digital india:   A  Resident approach1. Digital india:   A  Resident approach
1. Digital india: A Resident approachRavindra Dastikop
 
Data protection Framework in India - Seven Key Principles
Data protection Framework in India - Seven Key Principles  Data protection Framework in India - Seven Key Principles
Data protection Framework in India - Seven Key Principles Ravindra Dastikop
 
Unified Payment Interface (UPI)
Unified Payment Interface (UPI)Unified Payment Interface (UPI)
Unified Payment Interface (UPI)Ravindra Dastikop
 
Aadhaar : Locking your biometrics
Aadhaar : Locking your biometricsAadhaar : Locking your biometrics
Aadhaar : Locking your biometricsRavindra Dastikop
 
Jeevan Praman- The Digital Life Certificate
Jeevan Praman- The Digital Life Certificate Jeevan Praman- The Digital Life Certificate
Jeevan Praman- The Digital Life Certificate Ravindra Dastikop
 
The Practice of digital india
The Practice of digital indiaThe Practice of digital india
The Practice of digital indiaRavindra Dastikop
 
What are the features of DigiLocker?
What are the features of DigiLocker?What are the features of DigiLocker?
What are the features of DigiLocker?Ravindra Dastikop
 
Meghraj - Government of India Cloud
Meghraj - Government of India Cloud Meghraj - Government of India Cloud
Meghraj - Government of India Cloud Ravindra Dastikop
 
An Overview of Internet of Things
An Overview of Internet of Things An Overview of Internet of Things
An Overview of Internet of Things Ravindra Dastikop
 
Digital india a world scale market within home
Digital india  a world scale market within homeDigital india  a world scale market within home
Digital india a world scale market within homeRavindra Dastikop
 
Webinar: Cloud Computing - Service and Deployment Models
Webinar: Cloud Computing - Service and Deployment Models Webinar: Cloud Computing - Service and Deployment Models
Webinar: Cloud Computing - Service and Deployment Models Ravindra Dastikop
 
#1 introduction to cloud computing
#1  introduction to cloud computing #1  introduction to cloud computing
#1 introduction to cloud computing Ravindra Dastikop
 
Cloud Computing - An Introduction
Cloud Computing - An IntroductionCloud Computing - An Introduction
Cloud Computing - An IntroductionRavindra Dastikop
 
Webinars With Ravindra Dastikop
Webinars With Ravindra DastikopWebinars With Ravindra Dastikop
Webinars With Ravindra DastikopRavindra Dastikop
 

Plus de Ravindra Dastikop (20)

National Health Stack
National Health Stack  National Health Stack
National Health Stack
 
1. Digital india: A Resident approach
1. Digital india:   A  Resident approach1. Digital india:   A  Resident approach
1. Digital india: A Resident approach
 
Data protection Framework in India - Seven Key Principles
Data protection Framework in India - Seven Key Principles  Data protection Framework in India - Seven Key Principles
Data protection Framework in India - Seven Key Principles
 
Digital India : An Overview
Digital India : An OverviewDigital India : An Overview
Digital India : An Overview
 
Unified Payment Interface (UPI)
Unified Payment Interface (UPI)Unified Payment Interface (UPI)
Unified Payment Interface (UPI)
 
Aadhaar : Locking your biometrics
Aadhaar : Locking your biometricsAadhaar : Locking your biometrics
Aadhaar : Locking your biometrics
 
Digilocker in education
 Digilocker in education  Digilocker in education
Digilocker in education
 
Jeevan Praman- The Digital Life Certificate
Jeevan Praman- The Digital Life Certificate Jeevan Praman- The Digital Life Certificate
Jeevan Praman- The Digital Life Certificate
 
Aadhaar in Kannada
Aadhaar in KannadaAadhaar in Kannada
Aadhaar in Kannada
 
The Practice of digital india
The Practice of digital indiaThe Practice of digital india
The Practice of digital india
 
What are the features of DigiLocker?
What are the features of DigiLocker?What are the features of DigiLocker?
What are the features of DigiLocker?
 
What is DigiLocker?
What is DigiLocker?What is DigiLocker?
What is DigiLocker?
 
Meghraj - Government of India Cloud
Meghraj - Government of India Cloud Meghraj - Government of India Cloud
Meghraj - Government of India Cloud
 
An Overview of Internet of Things
An Overview of Internet of Things An Overview of Internet of Things
An Overview of Internet of Things
 
Digital india a world scale market within home
Digital india  a world scale market within homeDigital india  a world scale market within home
Digital india a world scale market within home
 
Webinar: Cloud Computing - Service and Deployment Models
Webinar: Cloud Computing - Service and Deployment Models Webinar: Cloud Computing - Service and Deployment Models
Webinar: Cloud Computing - Service and Deployment Models
 
#1 introduction to cloud computing
#1  introduction to cloud computing #1  introduction to cloud computing
#1 introduction to cloud computing
 
Teaching using the cloud
Teaching using the cloudTeaching using the cloud
Teaching using the cloud
 
Cloud Computing - An Introduction
Cloud Computing - An IntroductionCloud Computing - An Introduction
Cloud Computing - An Introduction
 
Webinars With Ravindra Dastikop
Webinars With Ravindra DastikopWebinars With Ravindra Dastikop
Webinars With Ravindra Dastikop
 

Dernier

M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxDr. Santhosh Kumar. N
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxiammrhaywood
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17Celine George
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphNetziValdelomar1
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRATanmoy Mishra
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxMYDA ANGELICA SUAN
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice documentXsasf Sfdfasd
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and stepobaje godwin sunday
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 

Dernier (20)

M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a Paragraph
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice document
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and step
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 

Will Internet of Things (IoT) be secure enough?

  • 1. Will Internet of Things be Secure Enough ? https://www.youtube.com/user/dastikop Ravindra Dastikop http://dastikop.blogspot.in
  • 2. Internet of Things A new World of CONNECTED Objects
  • 3. IoT SESSIONS Session 1 Web Architecture for an Internet of Things Session 2 Will IoT be Secure Enough? Session 3 Applications of IoT Session 4 Research Directions in IoT
  • 4. Will IoT be secure enough? Session 2
  • 5. ISSUE • Privacy and Security are major challenge in building IoT ecosystem • They are source of friction on the path to adoption.
  • 6. AGENDA • The IoT World Described • The Security Architecture • layers • challenge • solutions • Conclusion
  • 7. IoT Described The main concept of IoT is the ability to connect loosely defined smart objects and enable them to interact with • other objects, • the environment, or • more complex and legacy computing devices
  • 8. IOT: Communication Infrastructure The communication infrastructure will be based on an extension of the Internet, which will enable transparent use of object resources across the globe.
  • 9. An IOT enabled world Smart objects will densely populate human life and human environment, interacting both by providing , processing and delivering any sort of information or command objects in the environment will be able to tell us about themselves, their state, or their surroundings and can be used remotely
  • 10. An IOT enabled world Sensors will be integrated in buildings, vehicles, and common environments, carried by people and attached to animals and will communicate among them locally and remotely in order to provide integrated services.
  • 11. IoT : Examples • Mobile devices can adopt silent mode when entering a meeting room if this is the request of the meeting moderator • Alert user and turn-off the radio before entering sensitive medical areas or • detect when user enters the car and connect to its sound systems • Wireless sensors could let people check where their pet is real-time as well as control the temperature of each room of their home while they are out
  • 12. IoT : Examples • Emergency services could be remotely and automatically altered if fire is detected in a building or if a patient’s medical parameters drop beyond a critical threshold
  • 13. The Consequence With such a deep penetration of technology which will introduce a new kind of automation and remote interaction, it will surely pose new security and privacy challenges.
  • 14. Security in IoT 1. In IoT security is inseparable from safety 2. Whether accidental or malicious, interference in the controls of 1. a pacemaker, or 2. a car or nuclear reactor poses a threat to life.
  • 15. The Interaction Time You may Pose Questions Now
  • 17. Security architecture Reference: Security in the Internet of Things: A Review
  • 18. Perceptual Layer • The most basic level is the perceptual layer (also known as recognition layer), which collects all kinds of information through physical equipment and identifies the physical world, the information includes object properties, environmental condition etc; and physical equipments include RFID reader, all kinds of sensors, GPS and other equipments. • The key component in this layer is sensors for capturing and representing the physical world in the digital world.
  • 19. Network Layer • The second level is network layer. Network layer is responsible for the reliable transmission of information from perceptual layer, initial processing of information, classification and polymerization. • In this layer the information transmission is relied on several basic networks, which are the internet, mobile communication network, satellite nets, wireless network, network infrastructure and communication protocols are also essential to the information exchange between devices
  • 20. Support Layer • The third level is support layer. Support layer will set up a reliable support platform for the application layer. • On this support platform all kind of intelligent computing powers will be organized through network grid and cloud computing. • It plays the role of combining application layer upward and network layer downward.
  • 21. Application Layer • The application layer is the topmost and terminal level. • Application layer provides the personalized services according to the needs of the users. • Users can access to the internet of thing through the application layer interface using of television, personal computer or mobile equipment and so on.
  • 22. Security architecture Reference: Security in the Internet of Things: A Review
  • 23. The Interaction Time You may Pose Questions Now
  • 25. Perceptual Layer • Usually perceptual nodes are short of computer power and storage capacity because they are simple and with less power. • Therefore it is unable to apply frequency hopping communication and public key encryption algorithm to security protection. • And it is very difficult to set up security protection system. • Meanwhile attacks from the external network such as deny of service (DOS) also bring new security problems. • on the other hand sensor data still need the protection for integrity, authenticity and confidentiality.
  • 26. Network Layer • The core network has relatively completely safety protection ability, • But Man-in-the-Middle Attack and counterfeit attack still exist, • meanwhile junk mail and computer virus cannot be ignored, a large number of data sending cause congestion. Therefore security mechanism in this level is very important to the IoT.
  • 27. Support Layer This layer does the mass data processing and intelligent decision of network behavior in this layer, intelligent processing is limited for malicious information, so it is a challenge to improve the ability to recognize the malicious information.
  • 28. Application Layer • In this level security needs for different application environment are different, • data sharing is that one of the characteristics of application layer, • which creating problems of data privacy, access control and disclosure of information.
  • 31. Perceptual Layer-1 • At first node authentication is necessary to prevent illegal node access; • secondly to protect the confidentiality of information transmission between the nodes, data encryption is absolute necessity;
  • 32. Perceptual Layer-1 • The data encryption key agreement is an important process in advance; the stronger are the safety measures, the more is consumption of resources, to solve this problem, lightweight encryption technology becomes important, which includes Lightweight cryptographic algorithm and lightweight cryptographic protocol. • At the same time the integrity and authenticity of sensor data is becoming research focus.
  • 33. Network Layer-1 • In this layer existing communication security mechanisms are difficult to be applied. • Identity authentication is a kind of mechanism to prevent the illegal nodes, and it is the premise of the security mechanism, confidentiality and integrality are of equal importance, thus we also need to establish data confidentiality and integrality
  • 34. Network Layer-2 Besides distributed denial of service attack (DDoS) is a common attack method in the network and is particularly severe in the internet of thing, so to prevent the DDOS attack for the vulnerable node is another problem to be solved in this layer.
  • 35. Support Layer • Support layer needs a lot of the application security architecture such as cloud computing and • secure multiparty computation, almost all of the strong encryption algorithm and encryption protocol, stronger system security technology and anti-virus.
  • 36. Application Layer To solve the security problem of application layer, we need two aspects. • One is the authentication and key agreement across the heterogeneous network, • the other is user’s privacy protection. • In addition, education and management are very important to information security, especially password management
  • 37. The Importance of IoT Security • In summary security technology in the IoT is very important and full of challenges. • On the other hand laws and regulations issues are also significant.
  • 38. IOT Security Scenarios- 1 1. In a factory floor automation, deeply embedded programmable logic controllers (PLCs) that operate robotic systems are typically integrated with the enterprise IT infrastructure 2. How can those PLCs be shielded from human interferences while at the same time protecting the investments in the IT infrastructure and leveraging the security controls available
  • 39. IOT Security Scenario-2 1. Control systems for nuclear reactors are attached to infrastructure. 2. How can they receive software updates or security patches in a timely manner without impairing functional safety or incurring significant recertification costs every time a patch is rolled out
  • 40. IOT Security Scenarios- 3 1. A smart meter – one which is able to send energy usage data to the utility operator for dynamic billing or real-time power grid optimization- 2. This must be able to protect that information from unauthorized usage or disclosure. 3. Information that power usage has dipped could indicate that home is empty, making it an ideal target for a burglary or worse.
  • 41. The Interaction Time You may Pose Questions Now
  • 43. Security and privacy issues ● Resilience to attacks ● Data Authentication ● Access Control ● Client privacy
  • 44. Security and privacy issues ● Resilience to attacks ○ the system has to avoid single points of failure and adjust itself to node failures
  • 45. Security and privacy issues ● Data Authentication ○ As a rule, retrieved address and object information must be authenticated
  • 46. Security and privacy issues ● Access Control ○ Information providers must be able to implement access control on the data provided
  • 47. Security and privacy issues ● Client privacy ○ measures need to be taken that only the information provider is able to infer from observing the use of the lookup system related to a specific customer; at least inference should be very hard to conduct
  • 48. The Interaction Time You may Pose Questions Now
  • 50. Building Security for IoT 1. No one single control is going to adequately protect a device in an IoT environment. 2. Hence, a multi-layered approach to security that starts at the beginning when the 1. power is applied, 2. establishes a trusted computing baseline and 3. anchors that trust in something that can not be tampered with.
  • 51. Building Security for IoT Security must be addressed throughout the device lifecycle, from initial design to the operational environment 1. Secure booting 2. Access control 3. Device authentication 4. Firewalling and IPS 5. Updates and patches
  • 52. Secure Booting •When power is first introduced to the device, the authenticity and integrity of the software on the device is verified using cryptographically generated digital signature. •A digital signature attached to the software image and verified by the device ensures that only the software that has been authorized to run on that device, and signed by the entity that authorized it , will be loaded •The foundation of trust has been established , but the device still needs protection from various run-time threats and malicious intentions
  • 53. Access Control • Different forms of resource and access control are applied. •Mandatory or role-based access controls built into the operating system limit the privileges' of device component and applications so they access only the resources they need to do their jobs.
  • 54. Device authentication • When a device is plugged into network, it should authenticate itself prior receiving or transmitting data. • Machine authentication is similar to user authentication
  • 55. Firewalling and IPS The device needs a firewall or deep packet inspection capability to control traffic that is destined to terminate at the devices. Example: smart energy grid
  • 56. Updates and patches Once the device is in operation, it will start receiving hot patches and software updates. software updates security patches must be delivered in such a way that conserves the limited bandwidth and internet connectivity of an embedded device.
  • 57. The Interaction Time You may Pose Questions Now
  • 59. Conclusions • Privacy and security are essential features of modern networks. • Internet of Things is no exception • Industry has built different security approaches to ensure security and privacy
  • 61. Secure Multi-party computations( SMC)-1 • Internet of Things will create tremendous opportunities to improve people’s lives. The core property of most ubiquitous applications is the ability to perform joint cooperative tasks involving computations with inputs supplied by separate parts or things. • These computations are performed by mutually untrusting parties on inputs containing private information containing user’s daily activities. •
  • 62. Secure Multi-party computations( SMC)-2 • Secure Multi-party computations may become a relevant and practial approach that should be considered as a technological enforcement to protect user’s privacy • Secure multi-party computation (also known as secure computation or multi-party computation (MPC)) is a subfield of cryptography with the goal to create methods for parties to jointly compute a function over their inputs, and keeping these inputs private.
  • 63. Privacy enhancing Technologies ( PET) • Virtual Private network(VPN) • Transport layer Security ( TLS) • DNS Security Extensions • Onion Routing • Private Information Retrieval (PIR)
  • 65. Conclusions • IoT security design should enable an open, pervasive and interoperable yet secure infrastructure • For the sake of privacy and flexibility, IoT or smart objects must be capable of implementing individual, user set policies • Infrastructural security services should be accessible transparently and regardless of the connection uses by nomadic smart IoT objects
  • 66. References • An Overview of Privacy and security Issues in the Internet of Things- Carlo Maria Medaglia and Alexandru Serbanati • Internet of Things and Privacy Preserving Technologies- Vladimir Oleshchuk • Internet of Things- New Security and Privacy Challenges- Rolf H. Weber
  • 67. End of Session 2 Questions