SlideShare a Scribd company logo

IoT Security Patterns and Processes for Expanding Attack Surfaces

Mark Benson
Mark Benson

Presented at Internet of Things Stream Conference 2015 in San Francisco by Mark Benson on April 2nd, 2015. ABSTRACT: The growth of IoT is occurring at an incredible rate, justly raising alarms about security and privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the world’s most well known OEMs to deploy connected product fleets.

Technology
1 of 11
Download to read offline
IoT Security Patterns Mark Benson, CTO @markbenson IoT Stream Con, 23 April 2015
The IoT opportunity Recent Economist survey: Expect their company to be using IoT within 3 years “IoT is our single biggest threat AND biggest opportunity over the next 10 years” – Brand-name fortune 500 board of directors *Source: ABI Research, Cisco, Craig Hallum Estimates 0 2 4 6 8 10 12 14 16 18 20 $0 $50 $100 $150 $200 $250 DevicesBillions Market SizeBillions Big Data Analytics (53% CAGR) Connected Device Platforms (33% CAGR) Platforms (33% CAGR) Application Enablement Platforms (32% CAGR) Value Added Services (26% CAGR) System Integration Services (24% CAGR) Hardware (23% CAGR) Connectivity (12% CAGR) Internet-connected devices (Cisco Estimate) 95%
The Internet of Things? More like the Internet of Attack Vectors • Attack surfaces are expanding rapidly • Physical access to systems is becoming easier • Consumer privacy concerns are rising • Consequences of a breach are becoming more severe (critical infrastructure, brand deterioration, data privacy issues, etc.) • Product companies are being forced outside of their comfort zones • Three dimensions that make IoT security challenging…
1. Resource constraints MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP DTLS/UDP CoAP Binary Data MAC/PHY IP DTLS/UDP CoAP Binary Data SensorMAC/PHY Binary DataRest Use Motion Motion Motion Use Use Use Rest Rest Enterprise Web Services IoT Data Platform Gateway or Aggregator Sensing Node Has moderate resource constraints Has severe resource constraintsDeals with resource constraintsHas virtually no resource constraints Network MAC/PHY Binary Data Network
2. Deployment topologies Gateway IoT Cloud Gateway On-prem Gateway IoT CloudOn-prem Gateway IoT CloudOn-prem Analytics Analytics Sensors Short RF Gateways On-prem SW Long-haul Cloud Platform Analytics platform A. No cloud D. Closed network C. Multi-site E. Comprehensive B. Standard Local Display
3. Usage modes • Device cloud registration * Secure authentication * Secure API transports * Secure storage Initialization Operation Modification Retirement1 2 3 4 • Secure flash * OTP parts * Secure boot * Secure provisioning • Secure firmware updates * Disable test/debug interfaces * Factory defaults fallback * Disable test interfaces • Secure change of ownership • Device de-registration process • Optionally reenable retired devices • Secure encryption key deletion Things to note about IoT usage modes that affect security: 1. Some modes are normal and standard solutions exist 2. Some modes are new and standards are still emerging 3. Some modes are becoming more vulnerable due to resource constraints
Usage Modes Sim ple NovelStandard D eploym entTopologies C om plex Resource Constraints High Low The IoT security problem area A. High resource constraints B. Complex deployment topologies C. Novel usage modes Mo’ IoT, mo’ problems
The 4th dimension: time Now we have a Tesseract The difficulty with IoT security is that the landscape is constantly changing, even after products are deployed Security should be designed for from the beginning and embraced as a journey throughout It starts with a process…Modes Topologies Constraints Time
The web you should be weaving Secure processes => secure products => secure brand integrity Security Requirements Planning Design Implementation Verification Validation Deployment Operations Risk Analysis Threat Modeling Secure Design Practices Security-Focused Design Reviews Secure Coding Practices Third Party Security Audit Security-Focused Testing User Testing to Expose Weakpoints Penetration Testing Secure Deployment Practices Operational Risk Assessment Incident Response Preparedness Vulnerability Management Training and awareness Information Security Management System (ISMS) policies, procedures, and compliance audits Corporate strategy, governance, metrics, and optimization
Conclusion Takeaways: 1. Security processes. Have a security architecture from the beginning and evolve throughout (layers, topologies, modes) 2. Technology selection. Start it from the beginning and evolve thoughout 3. Operations planning. How do you respond if/when a security incident occurs in the field. Use checklists – http://owasp.org/ – http://builditsecure.ly/ Embrace the journey
Thank you Mark Benson @markbenson

Recommended

IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay KumarOWASP Delhi
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 

Recommended

IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay KumarOWASP Delhi
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against themNick Allott
 
Internet of Things (IoT) Security
Internet of Things (IoT) SecurityInternet of Things (IoT) Security
Internet of Things (IoT) Securityshiriskumar
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESManisha Luthra
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)Sanjay Kumar (Seeking options outside India)
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 

More Related Content

What's hot

Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against themNick Allott
 
Internet of Things (IoT) Security
Internet of Things (IoT) SecurityInternet of Things (IoT) Security
Internet of Things (IoT) Securityshiriskumar
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESManisha Luthra
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 

What's hot (20)

IOT Security
IOT SecurityIOT Security
IOT Security
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Iot Security
Iot SecurityIot Security
Iot Security
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
 
IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them
 
Internet of Things (IoT) Security
Internet of Things (IoT) SecurityInternet of Things (IoT) Security
Internet of Things (IoT) Security
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 

Viewers also liked

Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns Exosite
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) Lori MacVittie
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPNIC
 
MinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board Computer
MinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board ComputerMinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board Computer
MinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board ComputerDrew Fustini
 
Difference between soc and single board computer ppt1
Difference between soc and single board computer ppt1Difference between soc and single board computer ppt1
Difference between soc and single board computer ppt1Edgefxkits & Solutions
 
Data analytics for monitoring IoT infrastructures by G.Madhusudan, Orange Labs
Data analytics for monitoring IoT infrastructures by G.Madhusudan, Orange LabsData analytics for monitoring IoT infrastructures by G.Madhusudan, Orange Labs
Data analytics for monitoring IoT infrastructures by G.Madhusudan, Orange LabsEuroIoTa
 
The Rise of Platforms in the IoT
The Rise of Platforms in the IoTThe Rise of Platforms in the IoT
The Rise of Platforms in the IoTMark Benson
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityThom. Poole
 
How & Why SME's Go On The Internet
How & Why SME's Go On The InternetHow & Why SME's Go On The Internet
How & Why SME's Go On The InternetThom. Poole
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns John Mathon
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 

Viewers also liked (16)

IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change)
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of Things
 
MinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board Computer
MinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board ComputerMinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board Computer
MinnowBoard MAX: Open Source Hardware 64-bit x86 Single Board Computer
 
Difference between soc and single board computer ppt1
Difference between soc and single board computer ppt1Difference between soc and single board computer ppt1
Difference between soc and single board computer ppt1
 
Data analytics for monitoring IoT infrastructures by G.Madhusudan, Orange Labs
Data analytics for monitoring IoT infrastructures by G.Madhusudan, Orange LabsData analytics for monitoring IoT infrastructures by G.Madhusudan, Orange Labs
Data analytics for monitoring IoT infrastructures by G.Madhusudan, Orange Labs
 
The Rise of Platforms in the IoT
The Rise of Platforms in the IoTThe Rise of Platforms in the IoT
The Rise of Platforms in the IoT
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
How & Why SME's Go On The Internet
How & Why SME's Go On The InternetHow & Why SME's Go On The Internet
How & Why SME's Go On The Internet
 
AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystem
 

Similar to IoT Security Patterns and Processes for Expanding Attack Surfaces

Understanding and Mitigating IoT Security Hazards
Understanding and Mitigating IoT Security HazardsUnderstanding and Mitigating IoT Security Hazards
Understanding and Mitigating IoT Security HazardsMark Benson
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
5 phases of IoT
5 phases of IoT5 phases of IoT
5 phases of IoTExosite
 
Key challenges facing the future of IoT
Key challenges facing the future of IoTKey challenges facing the future of IoT
Key challenges facing the future of IoTAhmed Banafa
 
Future of IoT: Key Challenges to Face
Future of IoT: Key Challenges to FaceFuture of IoT: Key Challenges to Face
Future of IoT: Key Challenges to FaceAltoros
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesThe IOT Academy
 
6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation
6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation
6 Practical Steps F&B Companies Can Take to Achieve Digital TransformationSafetyChain Software
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
IoT security Compliance Checklist
IoT security Compliance ChecklistIoT security Compliance Checklist
IoT security Compliance ChecklistPriyaNemade
 
IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist PriyaNemade
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security SBWebinars
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesAhmed Banafa
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 

Similar to IoT Security Patterns and Processes for Expanding Attack Surfaces (20)

Understanding and Mitigating IoT Security Hazards
Understanding and Mitigating IoT Security HazardsUnderstanding and Mitigating IoT Security Hazards
Understanding and Mitigating IoT Security Hazards
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
5 phases of IoT
5 phases of IoT5 phases of IoT
5 phases of IoT
 
Key challenges facing the future of IoT
Key challenges facing the future of IoTKey challenges facing the future of IoT
Key challenges facing the future of IoT
 
Future of IoT: Key Challenges to Face
Future of IoT: Key Challenges to FaceFuture of IoT: Key Challenges to Face
Future of IoT: Key Challenges to Face
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 
IoT-Device-Security.pptx
IoT-Device-Security.pptxIoT-Device-Security.pptx
IoT-Device-Security.pptx
 
6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation
6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation
6 Practical Steps F&B Companies Can Take to Achieve Digital Transformation
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 
IoT security Compliance Checklist
IoT security Compliance ChecklistIoT security Compliance Checklist
IoT security Compliance Checklist
 
IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security
 
IoT security compliance checklist
IoT security compliance checklistIoT security compliance checklist
IoT security compliance checklist
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation Challenges
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 

More from Mark Benson

The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...Mark Benson
 
Building an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent DisasterBuilding an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent DisasterMark Benson
 
IoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common PitfallsIoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common PitfallsMark Benson
 
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT RetrofitsImproving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT RetrofitsMark Benson
 
Enabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing TechnologyEnabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing TechnologyMark Benson
 
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...Mark Benson
 
Future on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management SolutionsFuture on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management SolutionsMark Benson
 
A Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected ProductsA Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected ProductsMark Benson
 
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and DataDeveloping a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and DataMark Benson
 
Business Analytics and the Internet of Things
Business Analytics and the Internet of ThingsBusiness Analytics and the Internet of Things
Business Analytics and the Internet of ThingsMark Benson
 
Industrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected ProductsIndustrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected ProductsMark Benson
 
Building Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product StrategyBuilding Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product StrategyMark Benson
 
Disruptive Innovation Through IoT
Disruptive Innovation Through IoTDisruptive Innovation Through IoT
Disruptive Innovation Through IoTMark Benson
 
Cloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersCloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersMark Benson
 
Introduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging TrendsIntroduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging TrendsMark Benson
 
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...Mark Benson
 
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...Mark Benson
 
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...Mark Benson
 
Android Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software StrategyAndroid Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software StrategyMark Benson
 

More from Mark Benson (19)

The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...The Organizational Psychology of the Internet of Things: How to Use Technolog...
The Organizational Psychology of the Internet of Things: How to Use Technolog...
 
Building an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent DisasterBuilding an Organizational IoT Competency: How to Prevent Disaster
Building an Organizational IoT Competency: How to Prevent Disaster
 
IoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common PitfallsIoT for Organizations: Avoiding Common Pitfalls
IoT for Organizations: Avoiding Common Pitfalls
 
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT RetrofitsImproving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
Improving Energy Efficiency of Intelligent Buildings with Smart IoT Retrofits
 
Enabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing TechnologyEnabling Service-Delivery Business Models with Remote Sensing Technology
Enabling Service-Delivery Business Models with Remote Sensing Technology
 
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
Data Analytics for IoT Device Deployments: Industry Trends and Architectural ...
 
Future on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management SolutionsFuture on Water: IoT Infiltration into Water Management Solutions
Future on Water: IoT Infiltration into Water Management Solutions
 
A Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected ProductsA Modern Platform Approach for Creating Smart Connected Products
A Modern Platform Approach for Creating Smart Connected Products
 
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and DataDeveloping a Future-Proof IoT Roadmap for Connected Devices and Data
Developing a Future-Proof IoT Roadmap for Connected Devices and Data
 
Business Analytics and the Internet of Things
Business Analytics and the Internet of ThingsBusiness Analytics and the Internet of Things
Business Analytics and the Internet of Things
 
Industrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected ProductsIndustrial Business Transformation Through Connected Products
Industrial Business Transformation Through Connected Products
 
Building Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product StrategyBuilding Sticky Brand Loyalty with a Connected Product Strategy
Building Sticky Brand Loyalty with a Connected Product Strategy
 
Disruptive Innovation Through IoT
Disruptive Innovation Through IoTDisruptive Innovation Through IoT
Disruptive Innovation Through IoT
 
Cloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersCloud 101 for Embedded Designers
Cloud 101 for Embedded Designers
 
Introduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging TrendsIntroduction to the M2M Ecosystem: Emerging Trends
Introduction to the M2M Ecosystem: Emerging Trends
 
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
Trading Power and Performance to Achieve Optimal Thermal Design for Battery-P...
 
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
Preparing For Future Health Technology Trends by Analyzing Current Consumer D...
 
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
Multi-Core Architectural Decomposition Methods for Low-Power Symmetric and As...
 
Android Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software StrategyAndroid Adoption and its Economic Impacts to Software Strategy
Android Adoption and its Economic Impacts to Software Strategy
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

IoT Security Patterns and Processes for Expanding Attack Surfaces

  • 1. IoT Security Patterns Mark Benson, CTO @markbenson IoT Stream Con, 23 April 2015
  • 2. The IoT opportunity Recent Economist survey: Expect their company to be using IoT within 3 years “IoT is our single biggest threat AND biggest opportunity over the next 10 years” – Brand-name fortune 500 board of directors *Source: ABI Research, Cisco, Craig Hallum Estimates 0 2 4 6 8 10 12 14 16 18 20 $0 $50 $100 $150 $200 $250 DevicesBillions Market SizeBillions Big Data Analytics (53% CAGR) Connected Device Platforms (33% CAGR) Platforms (33% CAGR) Application Enablement Platforms (32% CAGR) Value Added Services (26% CAGR) System Integration Services (24% CAGR) Hardware (23% CAGR) Connectivity (12% CAGR) Internet-connected devices (Cisco Estimate) 95%
  • 3. The Internet of Things? More like the Internet of Attack Vectors • Attack surfaces are expanding rapidly • Physical access to systems is becoming easier • Consumer privacy concerns are rising • Consequences of a breach are becoming more severe (critical infrastructure, brand deterioration, data privacy issues, etc.) • Product companies are being forced outside of their comfort zones • Three dimensions that make IoT security challenging…
  • 4. 1. Resource constraints MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP TLS/TCP HTTP App Data MAC/PHY IP DTLS/UDP CoAP Binary Data MAC/PHY IP DTLS/UDP CoAP Binary Data SensorMAC/PHY Binary DataRest Use Motion Motion Motion Use Use Use Rest Rest Enterprise Web Services IoT Data Platform Gateway or Aggregator Sensing Node Has moderate resource constraints Has severe resource constraintsDeals with resource constraintsHas virtually no resource constraints Network MAC/PHY Binary Data Network
  • 5. 2. Deployment topologies Gateway IoT Cloud Gateway On-prem Gateway IoT CloudOn-prem Gateway IoT CloudOn-prem Analytics Analytics Sensors Short RF Gateways On-prem SW Long-haul Cloud Platform Analytics platform A. No cloud D. Closed network C. Multi-site E. Comprehensive B. Standard Local Display
  • 6. 3. Usage modes • Device cloud registration * Secure authentication * Secure API transports * Secure storage Initialization Operation Modification Retirement1 2 3 4 • Secure flash * OTP parts * Secure boot * Secure provisioning • Secure firmware updates * Disable test/debug interfaces * Factory defaults fallback * Disable test interfaces • Secure change of ownership • Device de-registration process • Optionally reenable retired devices • Secure encryption key deletion Things to note about IoT usage modes that affect security: 1. Some modes are normal and standard solutions exist 2. Some modes are new and standards are still emerging 3. Some modes are becoming more vulnerable due to resource constraints
  • 8. The 4th dimension: time Now we have a Tesseract The difficulty with IoT security is that the landscape is constantly changing, even after products are deployed Security should be designed for from the beginning and embraced as a journey throughout It starts with a process…Modes Topologies Constraints Time
  • 9. The web you should be weaving Secure processes => secure products => secure brand integrity Security Requirements Planning Design Implementation Verification Validation Deployment Operations Risk Analysis Threat Modeling Secure Design Practices Security-Focused Design Reviews Secure Coding Practices Third Party Security Audit Security-Focused Testing User Testing to Expose Weakpoints Penetration Testing Secure Deployment Practices Operational Risk Assessment Incident Response Preparedness Vulnerability Management Training and awareness Information Security Management System (ISMS) policies, procedures, and compliance audits Corporate strategy, governance, metrics, and optimization
  • 10. Conclusion Takeaways: 1. Security processes. Have a security architecture from the beginning and evolve throughout (layers, topologies, modes) 2. Technology selection. Start it from the beginning and evolve thoughout 3. Operations planning. How do you respond if/when a security incident occurs in the field. Use checklists – http://owasp.org/ – http://builditsecure.ly/ Embrace the journey