Internet of Things (IoT) is an emerging platform for human interaction. As such it needs enough security and privacy guarantees to make it an attractive platform for people to come onboard.
3. IoT SESSIONS
Session 1
Web Architecture for an Internet of Things
Session 2
Will IoT be Secure Enough?
Session 3
Applications of IoT
Session 4
Research Directions in IoT
5. ISSUE
• Privacy and Security are major
challenge in building IoT ecosystem
• They are source of friction on the
path to adoption.
6. AGENDA
• The IoT World Described
• The Security Architecture
• layers
• challenge
• solutions
• Conclusion
7. IoT Described
The main concept of IoT is the ability to
connect loosely defined smart objects and
enable them to interact with
• other objects,
• the environment, or
• more complex and legacy computing
devices
8. IOT: Communication Infrastructure
The communication infrastructure will be
based on an extension of the Internet,
which will enable transparent use of object
resources across the globe.
9. An IOT enabled world
Smart objects will densely populate human life and
human environment, interacting both by providing ,
processing and delivering any sort of information or
command
objects in the environment will be able to tell us about
themselves, their state, or their surroundings and
can be used remotely
10. An IOT enabled world
Sensors will be integrated in buildings,
vehicles, and common environments, carried
by people and attached to animals and will
communicate among them locally and
remotely in order to provide integrated
services.
11. IoT : Examples
• Mobile devices can adopt silent mode when entering a
meeting room if this is the request of the meeting
moderator
• Alert user and turn-off the radio before entering sensitive
medical areas or
• detect when user enters the car and connect to its sound
systems
• Wireless sensors could let people check where their pet is
real-time as well as control the temperature of each room
of their home while they are out
12. IoT : Examples
• Emergency services could be remotely and
automatically altered if fire is detected in a
building or if a patient’s medical parameters
drop beyond a critical threshold
13. The Consequence
With such a deep penetration of technology
which will introduce a new kind of
automation and remote interaction, it will
surely pose new security and privacy
challenges.
14. Security in IoT
1. In IoT security is inseparable from safety
2. Whether accidental or malicious,
interference in the controls of
1. a pacemaker, or
2. a car or nuclear reactor poses a threat
to life.
18. Perceptual Layer
• The most basic level is the perceptual layer (also known
as recognition layer), which collects all kinds of
information through physical equipment and identifies
the physical world, the information includes object
properties, environmental condition etc; and physical
equipments include RFID reader, all kinds of sensors, GPS
and other equipments.
• The key component in this layer is sensors for capturing
and representing the physical world in the digital world.
19. Network Layer
• The second level is network layer. Network layer is
responsible for the reliable transmission of information
from perceptual layer, initial processing of information,
classification and polymerization.
• In this layer the information transmission is relied on
several basic networks, which are the internet, mobile
communication network, satellite nets, wireless network,
network infrastructure and communication protocols are
also essential to the information exchange between devices
20. Support Layer
• The third level is support layer. Support layer will set
up a reliable support platform for the application
layer.
• On this support platform all kind of intelligent
computing powers will be organized through network
grid and cloud computing.
• It plays the role of combining application layer upward
and network layer downward.
21. Application Layer
• The application layer is the topmost and terminal
level.
• Application layer provides the personalized services
according to the needs of the users.
• Users can access to the internet of thing through the
application layer interface using of television, personal
computer or mobile equipment and so on.
25. Perceptual Layer
• Usually perceptual nodes are short of computer power and
storage capacity because they are simple and with less power.
• Therefore it is unable to apply frequency hopping communication
and public key encryption algorithm to security protection.
• And it is very difficult to set up security protection system.
• Meanwhile attacks from the external network such as deny of
service (DOS) also bring new security problems.
• on the other hand sensor data still need the protection for
integrity, authenticity and confidentiality.
26. Network Layer
• The core network has relatively completely safety
protection ability,
• But Man-in-the-Middle Attack and counterfeit attack
still exist,
• meanwhile junk mail and computer virus cannot be
ignored, a large number of data sending cause
congestion.
Therefore security mechanism in this level is very
important to the IoT.
27. Support Layer
This layer does the mass data processing and
intelligent decision of network behavior in
this layer, intelligent processing is limited for
malicious information, so it is a challenge to
improve the ability to recognize the
malicious information.
28. Application Layer
• In this level security needs for different
application environment are different,
• data sharing is that one of the
characteristics of application layer,
• which creating problems of data privacy,
access control and disclosure of
information.
31. Perceptual Layer-1
• At first node authentication is necessary to
prevent illegal node access;
• secondly to protect the confidentiality of
information transmission between the
nodes, data encryption is absolute
necessity;
32. Perceptual Layer-1
• The data encryption key agreement is an important
process in advance; the stronger are the safety
measures, the more is consumption of resources, to
solve this problem, lightweight encryption technology
becomes important, which includes Lightweight
cryptographic algorithm and lightweight cryptographic
protocol.
• At the same time the integrity and authenticity of
sensor data is becoming research focus.
33. Network Layer-1
• In this layer existing communication security
mechanisms are difficult to be applied.
• Identity authentication is a kind of
mechanism to prevent the illegal nodes, and it
is the premise of the security mechanism,
confidentiality and integrality are of equal
importance, thus we also need to establish
data confidentiality and integrality
34. Network Layer-2
Besides distributed denial of service attack
(DDoS) is a common attack method in the
network and is particularly severe in the
internet of thing, so to prevent the DDOS
attack for the vulnerable node is another
problem to be solved in this layer.
35. Support Layer
• Support layer needs a lot of the application
security architecture such as cloud
computing and
• secure multiparty computation, almost
all of the strong encryption algorithm and
encryption protocol, stronger system
security technology and anti-virus.
36. Application Layer
To solve the security problem of application layer, we need
two aspects.
• One is the authentication and key agreement across
the heterogeneous network,
• the other is user’s privacy protection.
• In addition, education and management are very
important to information security, especially password
management
37. The Importance of IoT Security
• In summary security technology in the IoT is
very important and full of challenges.
• On the other hand laws and regulations
issues are also significant.
38. IOT Security Scenarios- 1
1. In a factory floor automation, deeply embedded
programmable logic controllers (PLCs) that
operate robotic systems are typically integrated
with the enterprise IT infrastructure
2. How can those PLCs be shielded from human
interferences while at the same time
protecting the investments in the IT
infrastructure and leveraging the security
controls available
39. IOT Security Scenario-2
1. Control systems for nuclear reactors are
attached to infrastructure.
2. How can they receive software updates or
security patches in a timely manner
without impairing functional safety or
incurring significant recertification costs
every time a patch is rolled out
40. IOT Security Scenarios- 3
1. A smart meter – one which is able to send energy
usage data to the utility operator for dynamic billing
or real-time power grid optimization-
2. This must be able to protect that information from
unauthorized usage or disclosure.
3. Information that power usage has dipped could
indicate that home is empty, making it an ideal
target for a burglary or worse.
43. Security and privacy issues
● Resilience to attacks
● Data Authentication
● Access Control
● Client privacy
44. Security and privacy issues
● Resilience to attacks
○ the system has to avoid single
points of failure and adjust itself
to node failures
45. Security and privacy issues
● Data Authentication
○ As a rule, retrieved address and
object information must be
authenticated
46. Security and privacy issues
● Access Control
○ Information providers must be
able to implement access control
on the data provided
47. Security and privacy issues
● Client privacy
○ measures need to be taken that only the
information provider is able to infer
from observing the use of the lookup
system related to a specific customer; at
least inference should be very hard to
conduct
50. Building Security for IoT
1. No one single control is going to adequately protect
a device in an IoT environment.
2. Hence, a multi-layered approach to security that
starts at the beginning when the
1. power is applied,
2. establishes a trusted computing baseline and
3. anchors that trust in something that can not be
tampered with.
51. Building Security for IoT
Security must be addressed throughout the device
lifecycle, from initial design to the operational
environment
1. Secure booting
2. Access control
3. Device authentication
4. Firewalling and IPS
5. Updates and patches
52. Secure Booting
•When power is first introduced to the device, the
authenticity and integrity of the software on the device is
verified using cryptographically generated digital
signature.
•A digital signature attached to the software image and
verified by the device ensures that only the software that has
been authorized to run on that device, and signed by the
entity that authorized it , will be loaded
•The foundation of trust has been established , but the
device still needs protection from various run-time threats
and malicious intentions
53. Access Control
• Different forms of resource and access
control are applied.
•Mandatory or role-based access controls
built into the operating system limit the
privileges' of device component and
applications so they access only the
resources they need to do their jobs.
54. Device authentication
• When a device is plugged into network, it
should authenticate itself prior receiving
or transmitting data.
• Machine authentication is similar to user
authentication
55. Firewalling and IPS
The device needs a firewall or deep packet
inspection capability to control traffic that
is destined to terminate at the devices.
Example: smart energy grid
56. Updates and patches
Once the device is in operation, it will start
receiving hot patches and software
updates. software updates security patches
must be delivered in such a way that
conserves the limited bandwidth and
internet connectivity of an embedded device.
59. Conclusions
• Privacy and security are essential features
of modern networks.
• Internet of Things is no exception
• Industry has built different security
approaches to ensure security and privacy
61. Secure Multi-party computations( SMC)-1
• Internet of Things will create tremendous
opportunities to improve people’s lives. The core
property of most ubiquitous applications is the ability
to perform joint cooperative tasks involving
computations with inputs supplied by separate parts or
things.
• These computations are performed by mutually
untrusting parties on inputs containing private
information containing user’s daily activities.
•
62. Secure Multi-party computations( SMC)-2
• Secure Multi-party computations may become a
relevant and practial approach that should be
considered as a technological enforcement to protect
user’s privacy
• Secure multi-party computation (also known as
secure computation or multi-party computation
(MPC)) is a subfield of cryptography with the goal to
create methods for parties to jointly compute a
function over their inputs, and keeping these inputs
private.
63. Privacy enhancing Technologies ( PET)
• Virtual Private network(VPN)
• Transport layer Security ( TLS)
• DNS Security Extensions
• Onion Routing
• Private Information Retrieval (PIR)
65. Conclusions
• IoT security design should enable an open, pervasive
and interoperable yet secure infrastructure
• For the sake of privacy and flexibility, IoT or smart
objects must be capable of implementing individual,
user set policies
• Infrastructural security services should be accessible
transparently and regardless of the connection uses by
nomadic smart IoT objects
66. References
• An Overview of Privacy and security Issues in the
Internet of Things- Carlo Maria Medaglia and
Alexandru Serbanati
• Internet of Things and Privacy Preserving
Technologies- Vladimir Oleshchuk
• Internet of Things- New Security and Privacy
Challenges- Rolf H. Weber