concerns solution danny de cock
play

CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES - PowerPoint PPT Presentation

Simply Smart Workshop IOT SECURITY AND PRIVACY CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES Feb 2018 IOT SCOPE Credits: Chragokyberneticks Credits: http://www.greenpeak.com Blue: Networked devices Green: Energy


  1. Simply Smart Workshop IOT SECURITY AND PRIVACY CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES Feb 2018

  2. IOT SCOPE Credits: Chragokyberneticks Credits: http://www.greenpeak.com • Blue: Networked devices • Green: Energy Management • Red: IoT 2

  3. CORE SECURITY AND PRIVACY PROBLEMS  IoT focuses on functionality, NOT security  Security is afterthought, secure client first!  Cumbersome over-the-air update mechanisms  Each family of devices in their own silo  Amalgam of isolated component groups rather than integration  Impossible to apply sound security policies  User data, preferences & behavior immediately pushed to cloud services  Who manages the cloud, who is it and where can you find them?  User awareness & ignorance: what happens to this data?  Authentication, confidentiality and authorization problems  Silo- based management of keys, preferences, access control settings…  No real key management for individual instantiations  Low power = lightweight communications and security protocols 21/02/2018 3

  4. GLOBAL SYSTEM OVERVIEW Home Internet Remote User Locally operated Remotely accessible Strong authentication Weak authentication Insecure Integrity-protected Confidential Local Users 4 Secure

  5. GENERIC & SIMPLE SOLUTION  Impossible to change, configure and test individual IOT device families  New software versions and devices and features pop up continuously  Two-fold solution:  Good old DMZ technology plus Intelligent Internet Gateway (IIG)  Each IOT device type in its own zone  IIG manages connections:  Device-Device inside and across zones  Device-Internet and Internet-Device  Dedicated configuration manager  Configuration of IIG  Configuration of DMZ-zones 21/02/2018 5 Images: Tango! Desktop Project, benext.eu & Michael Mimoso, threatpost.com

  6. QUESTIONS?  Contact details:  Email: Danny.DeCock@esat.kuleuven.be  Slides: https://www.godot.be/slides 21/02/2018 6

  7. SECURITY VIEW Service Providers Devices Users & Applications Multimedia Cluster End-to-End Security Appliance Cluster Point-to-Point Security Safety Cluster 21/02/2018 7

  8. PROTOCOL STACKS VIEW User/Business Layer Uses devices & services Service Data Application Layer (OSI Layer 7) Application processing Data Offers Services to Users, Services and Devices Device-Device Security Reliable Device-Device Communication Security Layer (OSI Layer 5 – Session) Device-Device Data Transmission Data Transmission over Physical Network Protects Against Remote Evil Services and Devices Transport Layer (OSI Layer 4) Data Transmitted over Physical Network Provides Reliable Communications Device-Device Data Transmission Reliable Device-Device Communication Network Layer (OSI Layer 3) Device-Device Security Provides Network Access Application processing Data Service Data Data Link Layer (OSI Layer 2) Communication Technologies, e.g., RF, WiFi, IR,… 21/02/2018 8

Recommend


More recommend