Simply Smart Workshop IOT SECURITY AND PRIVACY CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES Feb 2018
IOT SCOPE Credits: Chragokyberneticks Credits: http://www.greenpeak.com • Blue: Networked devices • Green: Energy Management • Red: IoT 2
CORE SECURITY AND PRIVACY PROBLEMS IoT focuses on functionality, NOT security Security is afterthought, secure client first! Cumbersome over-the-air update mechanisms Each family of devices in their own silo Amalgam of isolated component groups rather than integration Impossible to apply sound security policies User data, preferences & behavior immediately pushed to cloud services Who manages the cloud, who is it and where can you find them? User awareness & ignorance: what happens to this data? Authentication, confidentiality and authorization problems Silo- based management of keys, preferences, access control settings… No real key management for individual instantiations Low power = lightweight communications and security protocols 21/02/2018 3
GLOBAL SYSTEM OVERVIEW Home Internet Remote User Locally operated Remotely accessible Strong authentication Weak authentication Insecure Integrity-protected Confidential Local Users 4 Secure
GENERIC & SIMPLE SOLUTION Impossible to change, configure and test individual IOT device families New software versions and devices and features pop up continuously Two-fold solution: Good old DMZ technology plus Intelligent Internet Gateway (IIG) Each IOT device type in its own zone IIG manages connections: Device-Device inside and across zones Device-Internet and Internet-Device Dedicated configuration manager Configuration of IIG Configuration of DMZ-zones 21/02/2018 5 Images: Tango! Desktop Project, benext.eu & Michael Mimoso, threatpost.com
QUESTIONS? Contact details: Email: Danny.DeCock@esat.kuleuven.be Slides: https://www.godot.be/slides 21/02/2018 6
SECURITY VIEW Service Providers Devices Users & Applications Multimedia Cluster End-to-End Security Appliance Cluster Point-to-Point Security Safety Cluster 21/02/2018 7
PROTOCOL STACKS VIEW User/Business Layer Uses devices & services Service Data Application Layer (OSI Layer 7) Application processing Data Offers Services to Users, Services and Devices Device-Device Security Reliable Device-Device Communication Security Layer (OSI Layer 5 – Session) Device-Device Data Transmission Data Transmission over Physical Network Protects Against Remote Evil Services and Devices Transport Layer (OSI Layer 4) Data Transmitted over Physical Network Provides Reliable Communications Device-Device Data Transmission Reliable Device-Device Communication Network Layer (OSI Layer 3) Device-Device Security Provides Network Access Application processing Data Service Data Data Link Layer (OSI Layer 2) Communication Technologies, e.g., RF, WiFi, IR,… 21/02/2018 8
Recommend
More recommend