The Internet of Things (IoT) offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues. Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
2. Contents
What’s the Internet of Things?
Tecnologies and Applications of IoT
Challenges and Issues in IoT
Recent IoT Hacks
Hardware Security in IOT
Conclusion
3. What’s the Internet of Things
From any time ,any place connectivity for anyone, we will now have connectivity for
anything!
4. The Internet of Things
Internet of Things refers to the concept that the Internet is no longer just a global
network for people to communicate with one another using computers, but it is
also a platform for devices to communicate electronically with the world around
them.
The Internet of Things, also called the Internet of Objects, refers to a wireless
network between objects, usually the network will be wireless and self-configuring,
such as household appliances.
“Internet of Objects” “Machine-to-Machine Era” “Internet of Everything”
16. The Security Problems of Perception Layer Data
Information Collection and Transmission:
The main equipment in perception layer includes RFID, zigbee, all kinds of sensors
Sensor nodes have many varieties and high heterogeneity. They have generally
simple structure and processor. These make them could not have complex security
protection capability.
When data are collected, the way of information transmission is basically the
wireless network transmission. The signals are exposed in the public place. If it
lacks effective protection measures, the signals will be monitored, intercepted, and
disturbed easily.
17. Several common kinds of attack:
1) Node Capture: Key nodes are controlled easily by the attackers such as gateway node.
It may leaks all information, including group communication key, radio key, matching
key etc, and then threats the security of the entire network.
2) Fake Node and Malicious Data: The attackers add a node to the system, and input
fake code or data. They stop transmitting real data. The sleep of the energy limited
node is denied. They consume precious energy of nodes, and potentially control or
destroy the entire network.
3) SCA (Side Channel Attack): Attacker attacks encryption devices, through the side
channel leakage information in the process of the device operation, such as time
consumption, power consumption, or electromagnetic radiation.
4) Timing Attack: By analyzing the time required for executing encryption algorithm, to
obtain key information.
18. Security in embedded devices
The solution selected for security in embedded devices is always a question of
trade-off between security, flexibility, performance, power consumption and cost.
Existing Solutions to these problems are divided into three approaches:
A. Software only Approach
B. Hardware only Approach
C. Hybrid Approach
19. Hardware only Approach Security
There are many existing solutions to counter different attacks.
Encryption of information is used for confidentiality.
The most popular cipher algorithms are: RSA, ECC, AES,3DES.
Most of these algorithms and processes are very much computationally
intensive. So, we require dedicated hardware or Digital Signal Processors (DSP).
This approach makes use of ASICs (Application Specific Integrated Circuits)
and FPGA to implement a given cryptography algorithm in hardware. This
policy allow controlling precisely the parameters energy, computation capacity
and time constraints but it is generally not optimum for the flexibility and cost
parameters. In [7] a new logic style for secure IC against differential power
analysis is presented.
20. Perception Layer Security Measures:
1) RFID Security Measures:
a) Access Control: Mainly in order to prevent the user's privacy leaks, to protect the
information in the RFID tags can not be read at will. Including label failure, chip protection,
antenna energy analysis, etc.
b) Data Encryption: For the data security of RFID system, it’s very necessary to encrypt the
RFID signal using the appropriate algorithm.
2) Wireless Sensor Network Security Measures:
a) Secret Key Algorithms: Key algorithm mainly includes symmetric key algorithm and
asymmetric keys algorithm. Asymmetric keys algorithm mainly use RAS (Rivest-Shamir-
Adleman) and ECC (Elliptic Curves Cryptography).
b) Security Routing Protocol: The efficient security routing protocol algorithm generally
uses the following mechanisms: clustering mechanism, data fusion mechanism,
21. Hardware security system for WLANs:
At the end hosts, the encryption and authentication services are performed before
the data are passed to a radio card. Thus, the expensive security part is applied to
the data prior to its delivery to a low-performance processor at the wireless card.
At the access point (AP), the increasing complexity of security protocols signifies
the need to improve the performance of network processing hardware for real-
time cryptographic processing. The cryptographic algorithms’ throughput and
delay can be improved by implementing the algorithms in specialized processors
using an application-specified integrated circuit (ASIC) solution or a field-
programmable gate array (FPGA) implementation.
Several hardware implementations to enhance the performance of cryptographic
algorithms as AES, DES, RSA, HMAC, MD5, HASH algorithms.
22. Automotive Applications Security:
Modern cars are no longer mere mechanical devices and they are dominated by a
large number of IT systems that guide a wide number of embedded systems called
Electronic Control Unit (ECU).
ECUs relying on information received from open communication channels created
by other ECUs or even other vehicles that are not under its control leaves the doors
wide open for manipulations or misuse.
we need a vehicular hardware security module (HSM) that enables a holistic
protection of in-vehicle ECUs and their communications.
In order to ensure some security aspects in automotive environment, it is needed a
hardware implementation of the Advanced Encryption Standard (AES) algorithm or
any other algorithm as ECC/RSA, DES.
24. Hardware Bluetooth Security:
The Bluetooth security layer uses four key elements:
a Bluetooth device address, two separate key types (authentication and encryption),
and a random number generation.
Bluetooth can implement its security layer’s key-generation mechanism and
authentication in software or hardware. Software implementation usually satisfies
user requirements, but in time-critical applications or processing-constrained
devices, a hardware implementation is preferable.
26. Conclusion
The IoT is growing quickly, bringing devices such as smart meters, smart homes,
wearable electronics and a host of other applications to the attention of businesses,
governments, the general public, and hackers. Basic security flaws have been identified
in some systems, which could carry serious risks for consumers and for operators such
as utility companies.
Hardware-based solutions developed to secure computers connected to the Internet of
People can also be used to overcome the challenges facing IoT applications, and are
quickly adapting to meet the needs of resource-constrained embedded systems.
Embedded Security for IoT will be crucial and important with strong security
mechanisms which will prevent damages and economical losses offering new business
opportunities.
IoT Hardware security architecture is still in its exploratory stage, so it’s facing more
severe challenges in security than expected.
Editor's Notes
by using a $20 toolkit called CAN Hacking Tool (CHT), hackers can hack your Smart Cars, giving entire control of your car to an attacker from windows and headlights to its steering and brakes.
Now a new research carried out on the Tesla Smart car has proved that the hackers are able to remotely locate or unlock the Tesla Motors Inc. electric vehicles, just by cracking a six-character password using traditional hacking techniques.
Dubbed the “red-button attack”, this man-in-the-middle hack could be used to intercept data – including sound and pictures – and use the stream to takeover apps being shown on the TV, letting hackers post to your Facebook, for example.
DES This is the 'Data Encryption Standard'. This is a cipher that operates on 64-bit blocks of data, using a 56-bit key. It is a 'private key' system. Further Details on the DES Algorithm
RSA RSA is a public-key system designed by Rivest, Shamir, and Adleman. Further Details on the RSA Algorithm
HASH A 'hash algorithm' is used for computing a condensed representation of a fixed length message/file. This is sometimes known as a 'message digest', or a 'fingerprint'..
MD5 MD5 is a 128 bit message digest function. It was developed by Ron Rivest. Further Details on the MD5 Algorithm
AES This is the Advanced Encryption Standard (using the Rijndael block cipher) approved by NIST.
SHA-1 SHA-1 is a hashing algorithm similar in structure to MD5, but producing a digest of 160 bits (20 bytes).Because of the large digest size, it is less likely that two different messages will have the same SHA-1 message digest. For this reason SHA-1 is recommended in preference to MD5.
HMAC HMAC is a hashing method that uses a key in conjunction with an algorithm such as MD5 or SHA-1. Thus one can refer to HMAC-MD5 and HMAC-SHA1.
In order
to reliably enforce the security of software security mechanisms, the application
of hardware security modules (HSM) is one eective countermeasure as HSMs:
{ protect software security measures by acting as trusted security anchor,
{ securely generate, store, and process security-critical material shielded from
any potentially malicious software,
{ restrict the possibilities of hardware tampering attacks by applying eective
tamper-protection measures,
{ accelerate security measures by applying specialized cryptographic hardware,
{ reduce security costs on high volumes by applying highly optimized special
circuitry instead of costly general purpose hardware.
Unfortunately, there are currently no automotive-capable HSMs available
The HSM was especially designed for protecting
e-safety applications such as emergency break based on communications
between vehicles (V2V) or emergency call based on communications between
vehicles and (trac) infrastructures (V2I).
Our Contributions and Paper Outline.