SlideShare une entreprise Scribd logo
1  sur  32
Télécharger pour lire hors ligne
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT Security:
Problems, Challenges
and Solutions
Liwei Ren, Ph.D
Trend Micro
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Background
 Liwei Ren
 Research interests
 Data security & privacy, network security analysis
 Data compression, math modeling & algorithms
 Measurable contributions:
 10+ academic publications
 20+ US patents granted
 1 security software company in Silicon Valley with successful exit.
 Education
 MS/BS in mathematics, Tsinghua University, Beijing
 Ph.D in mathematics, MS in information science, University of Pittsburgh
 Trend Micro™
 Global security software vendor with headquarter in Tokyo, and R&D centers in
Silicon Valley, Nanjing and Taipei.
 A leader in cloud security.
2
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Agenda
 Why do I have this sharing?
 IoT security: trends, problems and
challenges
 A few security technologies & IoT
 Standard security protocols
 Summary
3
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Why do I have this sharing?
 I am not an expert in IoT security yet
 What ?
 Why do you share?
 A new computing platform leads to new
security problems & challenges…
 and new opportunities as well!
 I started to investigate IoT security after
RSA conference in April:
 Too many questions (???)
 I like to invite experts to discuss via this
sharing
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Why do I have this sharing?
5
 IoT security means new opportunities for a security professional
(like myself) to develop novel security solutions!
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Trends (Stan Schneider | Electronic Design)
6
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Categories & Numbers:
 Source: Gartner Nov,2014)
 Internet of Things Units Installed Base by Category in Million
7
Category 2013 2014 2015 2020
Automotive 96.0 189.6 372.3 3,511.1
Consumer 1,842.1 2,244.5 2.874.9 13,172.5
Generic
Business 395.2 479.4 623.9 5,158.6
Vertical
Business 698.7 836.5 1,009.4 3,164.4
GrandTotal 3,032.0 3,750.0 4,880.6 25,006.6
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Categories & Numbers :
8
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 What’s new?
9
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Security cases
10
Attack
Name
Story Resource Date
Car recall Chrysler recalled 1.4 million hackable cars
in July, 2015
CNN News July 24,
2015
Lizard
Stressor
An attack online service hosted in
Bosnia. It can convert homes and
commercial routers into a zombie horde.
An online
article
Jan 2015
First wide-scale hack involving television
sets and at least one refrigerator .
750,000 spams were sent.
Proofpoint Jan,2014
Linux.Darll
oz
Discovered a worm for devices running
Linux .
Symantec Nov, 2013
Hacked
Camera
A hacker was able to shout abuse at a two-year-
old child by exploiting a vulnerability in a camera
advertised as an ideal "baby monitor".
ABC News Aug, 2013
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Problems and security challenges
 Many small devices have limited CPU power
 Not much processing power for security
 Need to look for new encryption scheme with less CPU
power.
 Can not install AV software
 Example: IP-addressable light bulbs.
 IoT also needs both encryption key management and
identity management
 It may scale into billions!
11
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Problems and security challenges
 New devices for endpoint security
 New firmware, embedded OS, new software & etc.
 It is not possible to support AV on every device.
 New transport protocols for making network security
difficult!
 Much more network traffic for security analysis
 Bad news for large enterprises as network security is already
complex and cumbersome
12
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 Seven IoT security risks*:
1. Disruption and denial-of-service attacks
2. Understanding the complexity of vulnerabilities
3. IoT vulnerability management
4. Identifying, implementing security controls
5. Fulfilling the need for security analytics capabilities
6. Modular hardware and software components
7. Rapid demand in bandwidth requirement
*Source: INFORMATION SECURITY INSIDER EDITION / SECURING THE
INTERNET OF THINGS, AUGUST 2014
13
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 IoT Security Top 10 (OWASP 2014):
 I1 Insecure Web Interface
 I2 Insufficient Authentication/Authorization
 I4 Lack of Transport Encryption
 I5 Privacy Concerns
 I9 Insecure Software/Firmware
 I3 Insecure Network Services
 I6 Insecure Cloud Interface
 I7 Insecure Mobile Interface
 I8 Insufficient Security Configurability
 I10 Poor Physical Security
14
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 IoT will merge the following domains:
15
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
IoT security: trends, problems and
challenges
 In the era of IoT,
 Do we need new concepts to describe IoT security ?
 Do we need new security models for IoT?
 What is the gap between IoT security and existing
security solutions?
 When cloud arrived, what did we do for new solutions?
 When smart phones and BYOD come, what did we do?
 What makes IoT different from the last two major waves?
16
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Simple taxonomy of IoT security
17
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 My interests for evaluating a few solutions:
 Endpoint security
 Vulnerability and patch management
 Network security
 Network monitoring & visibility
 NetFlow based security analysis
18
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Vulnerability and patch management with FOTA
 FOTA = Firmware Over The Air
 FOTA is a technology developed for updating the firmware of
mobile phones due to software bug fixes.
 It uses delta encoding (aka, differential compression) technique
to reduce the patch size.
 Delta encoding can be shown as follows conceptually:
19
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Vulnerability and patch management with FOTA
 Delta encoding was used for software vulnerability management.
A significant example is Google Chrome software updating
powered by an very efficient delta coding algorithm Courgette
 We use the same concept for IoT device security.
20
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Vulnerability and patch management with FOTA
 FOTA for bug fix of mobile phones in old days, and vulnerability
management as well today.
 FOTA is also under development for car ECU patch
management in the field of telematics, for the security purpose.
21
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Vulnerability and patch management with FOTA
 FOTA for IoT security for general devices:
22
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Network Security:
 Network monitoring & visibility
 NetFlow based security analysis
23
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Network Security: monitoring & visibility with simple
information:
 How many devices are there in this enterprise network?
 What kind of devices are they?
 Which devices transfer data which is not encrypted.
 Which has heavy volume of traffic?
 Which devices are most active ?
 …
24
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Network Security: NetFlow based security analysis
 NetFlow is a router feature that collects IP network traffic as it
enters or exits an interface.
 Version 5 collects the following values:
 …
 Timestamps for the flow start and finish time, in milliseconds since the last boot.
 Number of bytes and packets observed in the flow
 source & destination IP addresses
 Source and destination port numbers for TCP, UDP, SCTP
 ICMP Type and Code.
 IP protocol
 Type of Service (ToS) value
 …
25
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
A few security technologies & IoT
 Network Security: NetFlow based security analysis
26
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Standard security protocols
 Why do we need a security information protocol
such as OpenIOC?
 Describing security information
 Retrieving actionable security information
 Exchange security information between organizations
 Technical support for an intelligence security model
 How many security information protocol?
 OpenIOC
 CybOX
 IODEF
27
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Standard security protocols
 What is security information?
 A piece of information that can be used to search for or identify
potentially compromised systems.
 Example:
 IP Address / Domain Name
 URL
 File Hash
 Email Address
 X-Mailer
 HTTP User Agent
 File Mutex
 …….
28
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Standard security protocols
 Why do I discuss these security information protocols?
 There are still many security vendors not using protocols for exchanging information. A best
practice is encouraged!
 Currently, these three protocols are not unified yet. This is not good!
 My personal opinion:
 They will become even more important in the era of IoT security.
29
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Summary
 IoT: trends & security challenges
 A few security technologies for IoT
 Why standard security protocols are
important.
30
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Additional Information
 IoT Security Startups
 ZingBox
 VisualThreat : car cyber security
 Bastille Networks
 Mocana
 …
 Interesting news:
 September 2015: McAfee created a new Automotive Security Review
Board (ASRB).
 August 2015: Symantec announced that it is securing 1 billions IoT
devices.
 July 2015: Symantec and Frost Data Capital work together to fund
early-stage startups in big data and IoT security
 May 2015: Google is offering a lightweight OS for IoT devices.
31
2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Q & A
 Thank you for your attention!
 Do you have questions?
 Email: liwei_ren@trendmicro.com
 Home page: https://pitt.academia.edu/LiweiRen
32

Contenu connexe

Tendances

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Zakaria Hossain
 
Internet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutionsInternet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutionsShivam Kumar
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Iot architecture
Iot architectureIot architecture
Iot architectureAnam Iqbal
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applicationsPasquale Puzio
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | EdurekaIoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | EdurekaEdureka!
 
Internet of things (IOT) connects physical to digital
Internet of things (IOT) connects physical to digitalInternet of things (IOT) connects physical to digital
Internet of things (IOT) connects physical to digitalEslam Nader
 
IoT Introduction Architecture and Applications
IoT Introduction Architecture and ApplicationsIoT Introduction Architecture and Applications
IoT Introduction Architecture and ApplicationsThe IOT Academy
 

Tendances (20)

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)
 
Internet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutionsInternet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutions
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Internet of things(IOT)
Internet of things(IOT)Internet of things(IOT)
Internet of things(IOT)
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
Introduction to IOT
Introduction to IOTIntroduction to IOT
Introduction to IOT
 
Internet of things(IoT)
Internet of things(IoT)Internet of things(IoT)
Internet of things(IoT)
 
IoT
IoT  IoT
IoT
 
Iot architecture
Iot architectureIot architecture
Iot architecture
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applications
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
IoT
IoTIoT
IoT
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | EdurekaIoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
 
Internet of things (IOT) connects physical to digital
Internet of things (IOT) connects physical to digitalInternet of things (IOT) connects physical to digital
Internet of things (IOT) connects physical to digital
 
IoT Introduction Architecture and Applications
IoT Introduction Architecture and ApplicationsIoT Introduction Architecture and Applications
IoT Introduction Architecture and Applications
 

En vedette

Why the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeedWhy the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeedNuance Communications
 
Innovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AIInnovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AIAmazon Web Services
 
AI is the Catalyst of IoT
AI is the Catalyst of IoTAI is the Catalyst of IoT
AI is the Catalyst of IoTAhmed Banafa
 
IoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from PatentsIoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Artificial intelligence and IoT
Artificial intelligence and IoTArtificial intelligence and IoT
Artificial intelligence and IoTVeselin Pizurica
 
When IoT Meets Artificial Intelligence
 When IoT Meets Artificial Intelligence When IoT Meets Artificial Intelligence
When IoT Meets Artificial IntelligenceVeselin Pizurica
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architectureMachinePulse
 
Fog Computing with VORTEX
Fog Computing with VORTEXFog Computing with VORTEX
Fog Computing with VORTEXAngelo Corsaro
 
cloud security using Fog Computing
cloud security using Fog Computingcloud security using Fog Computing
cloud security using Fog Computingarchana lisbon
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with FogAchu Anna
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloudpriyanka reddy
 
What is fog computing
What is fog computingWhat is fog computing
What is fog computingAhmed Banafa
 
What Exactly Is The "Internet of Things"?
What Exactly Is The "Internet of Things"?What Exactly Is The "Internet of Things"?
What Exactly Is The "Internet of Things"?Postscapes
 
Fog computing technology
Fog computing technologyFog computing technology
Fog computing technologyNikhil Sabu
 

En vedette (20)

Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
 
How AI connect dots for IoT
How AI connect dots for IoTHow AI connect dots for IoT
How AI connect dots for IoT
 
Why the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeedWhy the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeed
 
Innovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AIInnovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AI
 
AI is the Catalyst of IoT
AI is the Catalyst of IoTAI is the Catalyst of IoT
AI is the Catalyst of IoT
 
IoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from PatentsIoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
 
Artificial intelligence and IoT
Artificial intelligence and IoTArtificial intelligence and IoT
Artificial intelligence and IoT
 
When IoT Meets Artificial Intelligence
 When IoT Meets Artificial Intelligence When IoT Meets Artificial Intelligence
When IoT Meets Artificial Intelligence
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architecture
 
Face detection issues
Face detection issuesFace detection issues
Face detection issues
 
Fog Computing with VORTEX
Fog Computing with VORTEXFog Computing with VORTEX
Fog Computing with VORTEX
 
cloud security using Fog Computing
cloud security using Fog Computingcloud security using Fog Computing
cloud security using Fog Computing
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with Fog
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
 
Latest Thesis Topics for Fog computing
Latest Thesis Topics for Fog computingLatest Thesis Topics for Fog computing
Latest Thesis Topics for Fog computing
 
Fog computing
Fog computingFog computing
Fog computing
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
 
What is fog computing
What is fog computingWhat is fog computing
What is fog computing
 
What Exactly Is The "Internet of Things"?
What Exactly Is The "Internet of Things"?What Exactly Is The "Internet of Things"?
What Exactly Is The "Internet of Things"?
 
Fog computing technology
Fog computing technologyFog computing technology
Fog computing technology
 

Similaire à IoT Security: Problems, Challenges and Solutions

Report the whole IoT r0.0.pptx
Report   the whole IoT r0.0.pptxReport   the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxoldmanegan
 
SecureMAG vol9
SecureMAG vol9SecureMAG vol9
SecureMAG vol9alvin chin
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14Mark Morley, MBA
 
The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)Cloudera, Inc.
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security:  IBM HorizonWatch 2016 Trend BriefInternet of Things Security:  IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefBill Chamberlin
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityShane Glenn
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014Bessie Wang
 
Digital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesDigital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesMuleSoft
 
El IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCO
El IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCOEl IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCO
El IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCODomotys
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOThe Economist Media Businesses
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
 Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...IndianAppDevelopers
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductSalesforce Developers
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT ImplementationsTechWell
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Intel Corporation Award Write Up
Intel Corporation Award Write UpIntel Corporation Award Write Up
Intel Corporation Award Write UpClaudia Toscano
 

Similaire à IoT Security: Problems, Challenges and Solutions (20)

Report the whole IoT r0.0.pptx
Report   the whole IoT r0.0.pptxReport   the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptx
 
SecureMAG vol9
SecureMAG vol9SecureMAG vol9
SecureMAG vol9
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
 
The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security:  IBM HorizonWatch 2016 Trend BriefInternet of Things Security:  IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014
 
Digital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesDigital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected Devices
 
El IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCO
El IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCOEl IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCO
El IoT y la gestión de las empresas del futuro, IGNASI ERRANDO, CISCO
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEO
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
 Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
 
IoT security Q3 2020 overview
IoT security Q3 2020 overview IoT security Q3 2020 overview
IoT security Q3 2020 overview
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
 
NSW-IOT-Summit-July2018.pdf
NSW-IOT-Summit-July2018.pdfNSW-IOT-Summit-July2018.pdf
NSW-IOT-Summit-July2018.pdf
 
Intel Corporation Award Write Up
Intel Corporation Award Write UpIntel Corporation Award Write Up
Intel Corporation Award Write Up
 

Plus de Liwei Ren任力偉

信息安全领域里的创新和机遇
信息安全领域里的创新和机遇信息安全领域里的创新和机遇
信息安全领域里的创新和机遇Liwei Ren任力偉
 
Introduction to Deep Neural Network
Introduction to Deep Neural NetworkIntroduction to Deep Neural Network
Introduction to Deep Neural NetworkLiwei Ren任力偉
 
移动互联网时代下创新的思维
移动互联网时代下创新的思维移动互联网时代下创新的思维
移动互联网时代下创新的思维Liwei Ren任力偉
 
非齐次特征值问题解存在性研究
非齐次特征值问题解存在性研究非齐次特征值问题解存在性研究
非齐次特征值问题解存在性研究Liwei Ren任力偉
 
Arm the World with SPN based Security
Arm the World with SPN based SecurityArm the World with SPN based Security
Arm the World with SPN based SecurityLiwei Ren任力偉
 
Extending Boyer-Moore Algorithm to an Abstract String Matching Problem
Extending Boyer-Moore Algorithm to an Abstract String Matching ProblemExtending Boyer-Moore Algorithm to an Abstract String Matching Problem
Extending Boyer-Moore Algorithm to an Abstract String Matching ProblemLiwei Ren任力偉
 
Near Duplicate Document Detection: Mathematical Modeling and Algorithms
Near Duplicate Document Detection: Mathematical Modeling and AlgorithmsNear Duplicate Document Detection: Mathematical Modeling and Algorithms
Near Duplicate Document Detection: Mathematical Modeling and AlgorithmsLiwei Ren任力偉
 
Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...
Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...
Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...Liwei Ren任力偉
 
Phase locking in chains of multiple-coupled oscillators
Phase locking in chains of multiple-coupled oscillatorsPhase locking in chains of multiple-coupled oscillators
Phase locking in chains of multiple-coupled oscillatorsLiwei Ren任力偉
 
On existence of the solution of inhomogeneous eigenvalue problem
On existence of the solution of inhomogeneous eigenvalue problemOn existence of the solution of inhomogeneous eigenvalue problem
On existence of the solution of inhomogeneous eigenvalue problemLiwei Ren任力偉
 
Binary Similarity : Theory, Algorithms and Tool Evaluation
Binary Similarity :  Theory, Algorithms and  Tool EvaluationBinary Similarity :  Theory, Algorithms and  Tool Evaluation
Binary Similarity : Theory, Algorithms and Tool EvaluationLiwei Ren任力偉
 
Taxonomy of Differential Compression
Taxonomy of Differential CompressionTaxonomy of Differential Compression
Taxonomy of Differential CompressionLiwei Ren任力偉
 
Bytewise Approximate Match: Theory, Algorithms and Applications
Bytewise Approximate Match:  Theory, Algorithms and ApplicationsBytewise Approximate Match:  Theory, Algorithms and Applications
Bytewise Approximate Match: Theory, Algorithms and ApplicationsLiwei Ren任力偉
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 

Plus de Liwei Ren任力偉 (20)

信息安全领域里的创新和机遇
信息安全领域里的创新和机遇信息安全领域里的创新和机遇
信息安全领域里的创新和机遇
 
企业安全市场综述
企业安全市场综述 企业安全市场综述
企业安全市场综述
 
Introduction to Deep Neural Network
Introduction to Deep Neural NetworkIntroduction to Deep Neural Network
Introduction to Deep Neural Network
 
聊一聊大明朝的火器
聊一聊大明朝的火器聊一聊大明朝的火器
聊一聊大明朝的火器
 
防火牆們的故事
防火牆們的故事防火牆們的故事
防火牆們的故事
 
移动互联网时代下创新的思维
移动互联网时代下创新的思维移动互联网时代下创新的思维
移动互联网时代下创新的思维
 
硅谷的那点事儿
硅谷的那点事儿硅谷的那点事儿
硅谷的那点事儿
 
非齐次特征值问题解存在性研究
非齐次特征值问题解存在性研究非齐次特征值问题解存在性研究
非齐次特征值问题解存在性研究
 
世纪猜想
世纪猜想世纪猜想
世纪猜想
 
Arm the World with SPN based Security
Arm the World with SPN based SecurityArm the World with SPN based Security
Arm the World with SPN based Security
 
Extending Boyer-Moore Algorithm to an Abstract String Matching Problem
Extending Boyer-Moore Algorithm to an Abstract String Matching ProblemExtending Boyer-Moore Algorithm to an Abstract String Matching Problem
Extending Boyer-Moore Algorithm to an Abstract String Matching Problem
 
Near Duplicate Document Detection: Mathematical Modeling and Algorithms
Near Duplicate Document Detection: Mathematical Modeling and AlgorithmsNear Duplicate Document Detection: Mathematical Modeling and Algorithms
Near Duplicate Document Detection: Mathematical Modeling and Algorithms
 
Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...
Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...
Monotonicity of Phaselocked Solutions in Chains and Arrays of Nearest-Neighbo...
 
Phase locking in chains of multiple-coupled oscillators
Phase locking in chains of multiple-coupled oscillatorsPhase locking in chains of multiple-coupled oscillators
Phase locking in chains of multiple-coupled oscillators
 
On existence of the solution of inhomogeneous eigenvalue problem
On existence of the solution of inhomogeneous eigenvalue problemOn existence of the solution of inhomogeneous eigenvalue problem
On existence of the solution of inhomogeneous eigenvalue problem
 
Math stories
Math storiesMath stories
Math stories
 
Binary Similarity : Theory, Algorithms and Tool Evaluation
Binary Similarity :  Theory, Algorithms and  Tool EvaluationBinary Similarity :  Theory, Algorithms and  Tool Evaluation
Binary Similarity : Theory, Algorithms and Tool Evaluation
 
Taxonomy of Differential Compression
Taxonomy of Differential CompressionTaxonomy of Differential Compression
Taxonomy of Differential Compression
 
Bytewise Approximate Match: Theory, Algorithms and Applications
Bytewise Approximate Match:  Theory, Algorithms and ApplicationsBytewise Approximate Match:  Theory, Algorithms and Applications
Bytewise Approximate Match: Theory, Algorithms and Applications
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 

Dernier

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 

Dernier (20)

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 

IoT Security: Problems, Challenges and Solutions

  • 1. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT Security: Problems, Challenges and Solutions Liwei Ren, Ph.D Trend Micro
  • 2. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Background  Liwei Ren  Research interests  Data security & privacy, network security analysis  Data compression, math modeling & algorithms  Measurable contributions:  10+ academic publications  20+ US patents granted  1 security software company in Silicon Valley with successful exit.  Education  MS/BS in mathematics, Tsinghua University, Beijing  Ph.D in mathematics, MS in information science, University of Pittsburgh  Trend Micro™  Global security software vendor with headquarter in Tokyo, and R&D centers in Silicon Valley, Nanjing and Taipei.  A leader in cloud security. 2
  • 3. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Agenda  Why do I have this sharing?  IoT security: trends, problems and challenges  A few security technologies & IoT  Standard security protocols  Summary 3
  • 4. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Why do I have this sharing?  I am not an expert in IoT security yet  What ?  Why do you share?  A new computing platform leads to new security problems & challenges…  and new opportunities as well!  I started to investigate IoT security after RSA conference in April:  Too many questions (???)  I like to invite experts to discuss via this sharing
  • 5. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Why do I have this sharing? 5  IoT security means new opportunities for a security professional (like myself) to develop novel security solutions!
  • 6. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Trends (Stan Schneider | Electronic Design) 6
  • 7. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Categories & Numbers:  Source: Gartner Nov,2014)  Internet of Things Units Installed Base by Category in Million 7 Category 2013 2014 2015 2020 Automotive 96.0 189.6 372.3 3,511.1 Consumer 1,842.1 2,244.5 2.874.9 13,172.5 Generic Business 395.2 479.4 623.9 5,158.6 Vertical Business 698.7 836.5 1,009.4 3,164.4 GrandTotal 3,032.0 3,750.0 4,880.6 25,006.6
  • 8. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Categories & Numbers : 8
  • 9. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  What’s new? 9
  • 10. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Security cases 10 Attack Name Story Resource Date Car recall Chrysler recalled 1.4 million hackable cars in July, 2015 CNN News July 24, 2015 Lizard Stressor An attack online service hosted in Bosnia. It can convert homes and commercial routers into a zombie horde. An online article Jan 2015 First wide-scale hack involving television sets and at least one refrigerator . 750,000 spams were sent. Proofpoint Jan,2014 Linux.Darll oz Discovered a worm for devices running Linux . Symantec Nov, 2013 Hacked Camera A hacker was able to shout abuse at a two-year- old child by exploiting a vulnerability in a camera advertised as an ideal "baby monitor". ABC News Aug, 2013
  • 11. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Problems and security challenges  Many small devices have limited CPU power  Not much processing power for security  Need to look for new encryption scheme with less CPU power.  Can not install AV software  Example: IP-addressable light bulbs.  IoT also needs both encryption key management and identity management  It may scale into billions! 11
  • 12. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Problems and security challenges  New devices for endpoint security  New firmware, embedded OS, new software & etc.  It is not possible to support AV on every device.  New transport protocols for making network security difficult!  Much more network traffic for security analysis  Bad news for large enterprises as network security is already complex and cumbersome 12
  • 13. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  Seven IoT security risks*: 1. Disruption and denial-of-service attacks 2. Understanding the complexity of vulnerabilities 3. IoT vulnerability management 4. Identifying, implementing security controls 5. Fulfilling the need for security analytics capabilities 6. Modular hardware and software components 7. Rapid demand in bandwidth requirement *Source: INFORMATION SECURITY INSIDER EDITION / SECURING THE INTERNET OF THINGS, AUGUST 2014 13
  • 14. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  IoT Security Top 10 (OWASP 2014):  I1 Insecure Web Interface  I2 Insufficient Authentication/Authorization  I4 Lack of Transport Encryption  I5 Privacy Concerns  I9 Insecure Software/Firmware  I3 Insecure Network Services  I6 Insecure Cloud Interface  I7 Insecure Mobile Interface  I8 Insufficient Security Configurability  I10 Poor Physical Security 14
  • 15. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  IoT will merge the following domains: 15
  • 16. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. IoT security: trends, problems and challenges  In the era of IoT,  Do we need new concepts to describe IoT security ?  Do we need new security models for IoT?  What is the gap between IoT security and existing security solutions?  When cloud arrived, what did we do for new solutions?  When smart phones and BYOD come, what did we do?  What makes IoT different from the last two major waves? 16
  • 17. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Simple taxonomy of IoT security 17
  • 18. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  My interests for evaluating a few solutions:  Endpoint security  Vulnerability and patch management  Network security  Network monitoring & visibility  NetFlow based security analysis 18
  • 19. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Vulnerability and patch management with FOTA  FOTA = Firmware Over The Air  FOTA is a technology developed for updating the firmware of mobile phones due to software bug fixes.  It uses delta encoding (aka, differential compression) technique to reduce the patch size.  Delta encoding can be shown as follows conceptually: 19
  • 20. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Vulnerability and patch management with FOTA  Delta encoding was used for software vulnerability management. A significant example is Google Chrome software updating powered by an very efficient delta coding algorithm Courgette  We use the same concept for IoT device security. 20
  • 21. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Vulnerability and patch management with FOTA  FOTA for bug fix of mobile phones in old days, and vulnerability management as well today.  FOTA is also under development for car ECU patch management in the field of telematics, for the security purpose. 21
  • 22. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Vulnerability and patch management with FOTA  FOTA for IoT security for general devices: 22
  • 23. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Network Security:  Network monitoring & visibility  NetFlow based security analysis 23
  • 24. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Network Security: monitoring & visibility with simple information:  How many devices are there in this enterprise network?  What kind of devices are they?  Which devices transfer data which is not encrypted.  Which has heavy volume of traffic?  Which devices are most active ?  … 24
  • 25. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Network Security: NetFlow based security analysis  NetFlow is a router feature that collects IP network traffic as it enters or exits an interface.  Version 5 collects the following values:  …  Timestamps for the flow start and finish time, in milliseconds since the last boot.  Number of bytes and packets observed in the flow  source & destination IP addresses  Source and destination port numbers for TCP, UDP, SCTP  ICMP Type and Code.  IP protocol  Type of Service (ToS) value  … 25
  • 26. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. A few security technologies & IoT  Network Security: NetFlow based security analysis 26
  • 27. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Standard security protocols  Why do we need a security information protocol such as OpenIOC?  Describing security information  Retrieving actionable security information  Exchange security information between organizations  Technical support for an intelligence security model  How many security information protocol?  OpenIOC  CybOX  IODEF 27
  • 28. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Standard security protocols  What is security information?  A piece of information that can be used to search for or identify potentially compromised systems.  Example:  IP Address / Domain Name  URL  File Hash  Email Address  X-Mailer  HTTP User Agent  File Mutex  ……. 28
  • 29. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Standard security protocols  Why do I discuss these security information protocols?  There are still many security vendors not using protocols for exchanging information. A best practice is encouraged!  Currently, these three protocols are not unified yet. This is not good!  My personal opinion:  They will become even more important in the era of IoT security. 29
  • 30. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Summary  IoT: trends & security challenges  A few security technologies for IoT  Why standard security protocols are important. 30
  • 31. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Additional Information  IoT Security Startups  ZingBox  VisualThreat : car cyber security  Bastille Networks  Mocana  …  Interesting news:  September 2015: McAfee created a new Automotive Security Review Board (ASRB).  August 2015: Symantec announced that it is securing 1 billions IoT devices.  July 2015: Symantec and Frost Data Capital work together to fund early-stage startups in big data and IoT security  May 2015: Google is offering a lightweight OS for IoT devices. 31
  • 32. 2015 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved. Q & A  Thank you for your attention!  Do you have questions?  Email: liwei_ren@trendmicro.com  Home page: https://pitt.academia.edu/LiweiRen 32