SlideShare a Scribd company logo

ECLIPSE SAM IoT VIRTUAL CONFERENCE

Brain IoT Project
Brain IoT Project

Authors: - Salim Chehida, Université Grenoble Alpes - Abdelhakim Baouya, Université Grenoble Alpes - Miquel Cantero, Robotnik Automation S.L.L - Paul-Emmanuel Brun, Airbus Defence & Space - Guillemette Massot, Airbus Defence & Space Abstract: Security is one of the crucial challenges in the design and development of IoT applications. This paper presents an approach that focuses on existing security standards to evaluate and analyse the potential risks faced by IoT systems. It begins by identifying system assets and their associated vulnerabilities and threats. A list of security objectives and technical requirements are then defined to mitigate the risks and build a secure and safe system. We use our approach to assess risks in the robotic system for supporting the movement of loads in a warehouse.

Technology
1 of 15
Download to read offline
ECLIPSE SAM IoT VIRTUAL CONFERENCE, SEPTEMBER 17-18, 2020 Presented by Salim Chehida (University of Grenoble Alpes) at : Risk Assessment in IoT Case Study: Collaborative Robots System AUTHORS : Salim Chehida, Abdelhakim Baouya, Miquel Cantero, Paul-Emmanuel Brun, and Guillemette Massot
INTRODUCTION STATE OF THE ART APPROACH 2 OUTLINE CASE STUDY IDENTIFICATION OF ASSETS IDENTIFICATION OF THREATS AND VULNERABILITIES SPECIFICATION OF SECURITY OBJECTIVES AND REQUIREMENTS CONCLUSION
3INTRODUCTION IoT Systems Lot of devices (Actuators, Sensors, etc.) Lot of communication Technologies (NFC, Wi-Fi, LoRa, etc.) Vulnerabilities Attacks Security Risk Assessment Methodology Our objective Mitigate the risks and build a secure IoT systems Identify the most critical threats Provide the required measures to avoid threats
4STATE OF THE ART (SECURITY STANDARDS) Common Standards IoT Security Standards ISO/IEC 27002 ISO/IEC 27002, ISO/IEC 27005, AS/NZS 4360, BS7799 (ISO17799), NIST SP 800-30, NIST SP 800-82, IEEE 1686. - International standard that gives general guidance on the commonly accepted goals structured around 36 security objectives and 133 controls. - ITU-T (Y.2060, Y.2063, Y.2066, Y.2067, Y.2068, Y.2075,etc). - ISO/IEC 30128: covers IoT security related to sensor network application interface. - ETSI TS103645: gives security practices for consumer devices connected to the Internet.
5STATE OF THE ART (RISK ASSESSMENT METHODS) - EBIOS is used for the assessment and treatment of risks associated with an Information System. - CRAMM is a qualitative risk assessment methodology. - AURUM methodology that supports the NIST SP 800-30 standard. - CORAS allows risk assessment, documentation of intermediate results, and presentation of conclusions. - MEHARI aims to provide a risk management model compliant to ISO-27005. - OCTAVE allows to define a risk-based strategic assessment and planning technique for system security. - IT-Grundschutz provides methods, processes, procedures, and measures to establish a system for information security management. Generic, and they do not consider the complexity and the dynamic of IoT systems
6APPROACH Specify threats on the assets based on common threats database from EBIOS Build security requirements that implement the security objectives Identify the assets considering the IoT domain model Extract relevant objectives for the system from ISO-27002
7CASE STUDY (SERVICE ROBOTICS SYSTEM) - A fleet of robots installed in a warehouse to support the movement of loads. - Robots are expected to empty continuously an “unload area”. - Each robot picks item and places it in a specific storage area following some predefined rules.
8IDENTIFICATION OF ASSETS - An asset is “any tangible or intangible thing or characteristic that has value to an organization”. [ISO-27001] IoT Domain Model
9IDENTIFICATION OF ASSETS (EXAMPLES)
10IDENTIFICATION OF THREATS AND VULNERABILITIES Threat is “a potential cause of an unwanted incident, which may result in harm to a system or organization”. [ISO-27001] Vulnerability is “weakness that is related to the organizations’ assets, which sometimes could cause an unexpected incident”. [ISO-27001] EBIOS Threats Database o Physical damage: T-1010 to T-1050. o Natural events : T-2010 to T-2050. o Loss of essential services : T-3010 to T-3030. o Disturbance due to radiation : T-4010 to T-4030. o Compromise of information : T-5010 to T-5110. o Technical failures : T-6010 to T-6050. o Unauthorized actions : T-7010 to T-7050. o Compromise of functions :T-8010 to T-8050.
11IDENTIFICATION OF THREATS AND VULNERABILITIES (EXAMPLES)
12SPECIFICATION OF SECURITY OBJECTIVES - Extract security objectives needed to protect the system assets against the identified threats from ISO-27002 generic list. - Map each security objective with the threat list.
13SPECIFICATION OF SECURITY REQUIREMENTS - Define security requirements needed to ensure each security objective.
14CONCLUSION Advantage of our method : - Considers IoT domain model to identify all system assets. - Follows security standards to define security requirements of IoT systems. - Iterative approach that responds to the need for evolution. Applications : - Collaborative Robots System - Water Management Infrastructure
CONTACTS RESEARCHER, UNIVERSITY OF GRENOBLE ALPES Salim.Chehida@univ-grenoble-alpes.fr CONTACTS SALIM CHEHIDA

Recommended

Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityHome
 
Vlsi design and fabrication ppt
Vlsi design and fabrication pptVlsi design and fabrication ppt
Vlsi design and fabrication pptManjushree Mashal
 
Seminar report on image sensor
Seminar report on image sensorSeminar report on image sensor
Seminar report on image sensorJaydeepBhayani773
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
A reliable next generation cyber security architecture for industrial interne...
A reliable next generation cyber security architecture for industrial interne...A reliable next generation cyber security architecture for industrial interne...
A reliable next generation cyber security architecture for industrial interne...IJECEIAES
 
Smau Milano 2015 - Stefano Zanero
Smau Milano 2015 - Stefano ZaneroSmau Milano 2015 - Stefano Zanero
Smau Milano 2015 - Stefano ZaneroSMAU
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 

Recommended

Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityHome
 
Vlsi design and fabrication ppt
Vlsi design and fabrication pptVlsi design and fabrication ppt
Vlsi design and fabrication pptManjushree Mashal
 
Seminar report on image sensor
Seminar report on image sensorSeminar report on image sensor
Seminar report on image sensorJaydeepBhayani773
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
A reliable next generation cyber security architecture for industrial interne...
A reliable next generation cyber security architecture for industrial interne...A reliable next generation cyber security architecture for industrial interne...
A reliable next generation cyber security architecture for industrial interne...IJECEIAES
 
Smau Milano 2015 - Stefano Zanero
Smau Milano 2015 - Stefano ZaneroSmau Milano 2015 - Stefano Zanero
Smau Milano 2015 - Stefano ZaneroSMAU
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Cyber security and Industry.pptx
Cyber security and Industry.pptxCyber security and Industry.pptx
Cyber security and Industry.pptxSabahat Waheed
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Mahmud Hossain
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
 
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksSIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksIJECEIAES
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...IRJET Journal
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...Nabil Bouzerna
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Pierre-Jean Verrando
 
IRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET Journal
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgL. Duke Golden
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
DEDA: An algorithm for early detection of topology attacks in the internet of...
DEDA: An algorithm for early detection of topology attacks in the internet of...DEDA: An algorithm for early detection of topology attacks in the internet of...
DEDA: An algorithm for early detection of topology attacks in the internet of...IJECEIAES
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...Mark Underwood
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadBrain IoT Project
 
Statistical model checking bip tool
Statistical model checking bip toolStatistical model checking bip tool
Statistical model checking bip toolBrain IoT Project
 

More Related Content

Similar to ECLIPSE SAM IoT VIRTUAL CONFERENCE

Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Cyber security and Industry.pptx
Cyber security and Industry.pptxCyber security and Industry.pptx
Cyber security and Industry.pptxSabahat Waheed
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Mahmud Hossain
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
 
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksSIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksIJECEIAES
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...IRJET Journal
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...Nabil Bouzerna
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Pierre-Jean Verrando
 
IRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET Journal
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgL. Duke Golden
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
DEDA: An algorithm for early detection of topology attacks in the internet of...
DEDA: An algorithm for early detection of topology attacks in the internet of...DEDA: An algorithm for early detection of topology attacks in the internet of...
DEDA: An algorithm for early detection of topology attacks in the internet of...IJECEIAES
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...Mark Underwood
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 

Similar to ECLIPSE SAM IoT VIRTUAL CONFERENCE (20)

Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
Cyber security and Industry.pptx
Cyber security and Industry.pptxCyber security and Industry.pptx
Cyber security and Industry.pptx
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
 
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksSIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
 
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
IoT Based Anti-Theft Detection and Alarm System Using NodeMCU and Blynk Appli...
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
 
IRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoT
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current status
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktg
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
DEDA: An algorithm for early detection of topology attacks in the internet of...
DEDA: An algorithm for early detection of topology attacks in the internet of...DEDA: An algorithm for early detection of topology attacks in the internet of...
DEDA: An algorithm for early detection of topology attacks in the internet of...
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOT
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 

More from Brain IoT Project

Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadBrain IoT Project
 
Statistical model checking bip tool
Statistical model checking bip toolStatistical model checking bip tool
Statistical model checking bip toolBrain IoT Project
 
Rigorous system design the bip framework
Rigorous system design the bip frameworkRigorous system design the bip framework
Rigorous system design the bip frameworkBrain IoT Project
 
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...Brain IoT Project
 
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...Brain IoT Project
 
SAM-IoT: Securing low power device communication in critical infrastructure m...
SAM-IoT: Securing low power device communication in critical infrastructure m...SAM-IoT: Securing low power device communication in critical infrastructure m...
SAM-IoT: Securing low power device communication in critical infrastructure m...Brain IoT Project
 
Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadBrain IoT Project
 
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoTIMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoTBrain IoT Project
 
ROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case StudyROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case StudyBrain IoT Project
 
Overview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoTOverview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoTBrain IoT Project
 
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...Brain IoT Project
 
Brain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overviewBrain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overviewBrain IoT Project
 

More from Brain IoT Project (12)

Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges Ahead
 
Statistical model checking bip tool
Statistical model checking bip toolStatistical model checking bip tool
Statistical model checking bip tool
 
Rigorous system design the bip framework
Rigorous system design the bip frameworkRigorous system design the bip framework
Rigorous system design the bip framework
 
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
SAM-IoT: A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physica...
 
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
SAM-IoT: Model Based Methodology and Framework for Design and Management of N...
 
SAM-IoT: Securing low power device communication in critical infrastructure m...
SAM-IoT: Securing low power device communication in critical infrastructure m...SAM-IoT: Securing low power device communication in critical infrastructure m...
SAM-IoT: Securing low power device communication in critical infrastructure m...
 
Virtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges AheadVirtual Twins: Modeling Trends and Challenges Ahead
Virtual Twins: Modeling Trends and Challenges Ahead
 
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoTIMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
IMB Brokerage day - EMALCSA: SICA platform and BRAIN-IoT
 
ROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case StudyROBOT PATH FINDER Case Study
ROBOT PATH FINDER Case Study
 
Overview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoTOverview of the WP4 of BRAIN-IoT
Overview of the WP4 of BRAIN-IoT
 
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
Using Eclipse technologies to develop the BRAIN-IoT model-based framework for...
 
Brain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overviewBrain-IoT Project: Security Cluster activities overview
Brain-IoT Project: Security Cluster activities overview
 

Recently uploaded

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

ECLIPSE SAM IoT VIRTUAL CONFERENCE

  • 1. ECLIPSE SAM IoT VIRTUAL CONFERENCE, SEPTEMBER 17-18, 2020 Presented by Salim Chehida (University of Grenoble Alpes) at : Risk Assessment in IoT Case Study: Collaborative Robots System AUTHORS : Salim Chehida, Abdelhakim Baouya, Miquel Cantero, Paul-Emmanuel Brun, and Guillemette Massot
  • 2. INTRODUCTION STATE OF THE ART APPROACH 2 OUTLINE CASE STUDY IDENTIFICATION OF ASSETS IDENTIFICATION OF THREATS AND VULNERABILITIES SPECIFICATION OF SECURITY OBJECTIVES AND REQUIREMENTS CONCLUSION
  • 3. 3INTRODUCTION IoT Systems Lot of devices (Actuators, Sensors, etc.) Lot of communication Technologies (NFC, Wi-Fi, LoRa, etc.) Vulnerabilities Attacks Security Risk Assessment Methodology Our objective Mitigate the risks and build a secure IoT systems Identify the most critical threats Provide the required measures to avoid threats
  • 4. 4STATE OF THE ART (SECURITY STANDARDS) Common Standards IoT Security Standards ISO/IEC 27002 ISO/IEC 27002, ISO/IEC 27005, AS/NZS 4360, BS7799 (ISO17799), NIST SP 800-30, NIST SP 800-82, IEEE 1686. - International standard that gives general guidance on the commonly accepted goals structured around 36 security objectives and 133 controls. - ITU-T (Y.2060, Y.2063, Y.2066, Y.2067, Y.2068, Y.2075,etc). - ISO/IEC 30128: covers IoT security related to sensor network application interface. - ETSI TS103645: gives security practices for consumer devices connected to the Internet.
  • 5. 5STATE OF THE ART (RISK ASSESSMENT METHODS) - EBIOS is used for the assessment and treatment of risks associated with an Information System. - CRAMM is a qualitative risk assessment methodology. - AURUM methodology that supports the NIST SP 800-30 standard. - CORAS allows risk assessment, documentation of intermediate results, and presentation of conclusions. - MEHARI aims to provide a risk management model compliant to ISO-27005. - OCTAVE allows to define a risk-based strategic assessment and planning technique for system security. - IT-Grundschutz provides methods, processes, procedures, and measures to establish a system for information security management. Generic, and they do not consider the complexity and the dynamic of IoT systems
  • 6. 6APPROACH Specify threats on the assets based on common threats database from EBIOS Build security requirements that implement the security objectives Identify the assets considering the IoT domain model Extract relevant objectives for the system from ISO-27002
  • 7. 7CASE STUDY (SERVICE ROBOTICS SYSTEM) - A fleet of robots installed in a warehouse to support the movement of loads. - Robots are expected to empty continuously an “unload area”. - Each robot picks item and places it in a specific storage area following some predefined rules.
  • 8. 8IDENTIFICATION OF ASSETS - An asset is “any tangible or intangible thing or characteristic that has value to an organization”. [ISO-27001] IoT Domain Model
  • 10. 10IDENTIFICATION OF THREATS AND VULNERABILITIES Threat is “a potential cause of an unwanted incident, which may result in harm to a system or organization”. [ISO-27001] Vulnerability is “weakness that is related to the organizations’ assets, which sometimes could cause an unexpected incident”. [ISO-27001] EBIOS Threats Database o Physical damage: T-1010 to T-1050. o Natural events : T-2010 to T-2050. o Loss of essential services : T-3010 to T-3030. o Disturbance due to radiation : T-4010 to T-4030. o Compromise of information : T-5010 to T-5110. o Technical failures : T-6010 to T-6050. o Unauthorized actions : T-7010 to T-7050. o Compromise of functions :T-8010 to T-8050.
  • 11. 11IDENTIFICATION OF THREATS AND VULNERABILITIES (EXAMPLES)
  • 12. 12SPECIFICATION OF SECURITY OBJECTIVES - Extract security objectives needed to protect the system assets against the identified threats from ISO-27002 generic list. - Map each security objective with the threat list.
  • 13. 13SPECIFICATION OF SECURITY REQUIREMENTS - Define security requirements needed to ensure each security objective.
  • 14. 14CONCLUSION Advantage of our method : - Considers IoT domain model to identify all system assets. - Follows security standards to define security requirements of IoT systems. - Iterative approach that responds to the need for evolution. Applications : - Collaborative Robots System - Water Management Infrastructure
  • 15. CONTACTS RESEARCHER, UNIVERSITY OF GRENOBLE ALPES Salim.Chehida@univ-grenoble-alpes.fr CONTACTS SALIM CHEHIDA