in security of iot
play

(In)Security of IoT Pascal Lafourcade Chaire de Confiance Num - PowerPoint PPT Presentation

Feb 08, 2024 •363 likes •807 views

IoTs and Security (In)Security of IoT Pascal Lafourcade Chaire de Confiance Num erique 15th March 2016 1 / 19 IoTs and Security Internet of Thing (IoT) 2 / 19 IoTs and Security Increasing Succes of IoT 3 / 19 IoTs and Security

  1. IoTs and Security (In)Security of IoT Pascal Lafourcade Chaire de Confiance Num´ erique 15th March 2016 1 / 19

  2. IoTs and Security Internet of Thing (IoT) 2 / 19

  3. IoTs and Security Increasing Succes of IoT 3 / 19

  4. IoTs and Security Reasons of the Succes of IOT Technology ◮ Wireless Communications: Wifi, 3G, 4G, Bluethooth, Sigfox ... ◮ Batteries ◮ CPU ◮ Sensors ◮ Price 4 / 19

  5. IoTs and Security Reasons of the Succes of IOT Technology ◮ Wireless Communications: Wifi, 3G, 4G, Bluethooth, Sigfox ... ◮ Batteries ◮ CPU ◮ Sensors ◮ Price Usage ◮ Monitoring services ◮ Hyperconnectivity 4 / 19 ◮ Avaibility

  6. IoTs and Security Wireless communications ⇒ Wormhole Attack 5 / 19

  7. IoTs and Security Real attacks on IoT from 2007 ... 6 / 19

  8. IoTs and Security Real attacks on IoT from 2007 ... 6 / 19

  9. IoTs and Security Real attacks on IoT from 2007 ... 6 / 19

  10. IoTs and Security Real attacks on IoT from 2007 ... S´ eminaire Confiance num´ erique : 7 avril 14h00 Amphi B IUT 6 / 19

  11. IoTs and Security Insecurity of IoT by HP in 2015 POODLE: Padding Oracle On Downgraded Legacy Encryption 7 / 19

  12. IoTs and Security TOP 10: Vulnerabilities of IoT 1. Insecure Web Interface (weak passwords, account protection) 2. Unsufficient Authtneitcation/Authorization 3. Insecure Newtork Services (ports open, DoS) 4. Lack of Transport Encryption 5. Privacy Concerns (leak of personal informations) 6. Insecure Cloud interfaces 7. Insecure Mobile Interfaces 8. Insufficient Security Configurability 9. Insecure Software/Firmeware 10. Poor Physical Security https://www.owasp.org/images/8/8e/Infographic-v1.jpg 8 / 19

  13. IoTs and Security How to Secure IoT Cryptography: ◮ Primitives: RSA, Elgamal, AES, DES, SHA-3 ... ◮ Protocols: Distributed Algorithms 9 / 19

  14. IoTs and Security How to Secure IoT Cryptography: ◮ Primitives: RSA, Elgamal, AES, DES, SHA-3 ... ◮ Protocols: Distributed Algorithms Properties: ◮ Secrecy, ◮ Authentication, ◮ Privacy ◮ Non Repudiation ... 9 / 19

  15. IoTs and Security How to Secure IoT Cryptography: ◮ Primitives: RSA, Elgamal, AES, DES, SHA-3 ... ◮ Protocols: Distributed Algorithms Properties: ◮ Secrecy, ◮ Authentication, ◮ Privacy ◮ Non Repudiation ... Intruders: ◮ Passive, active ◮ CPA, CCA ... 9 / 19

  16. IoTs and Security How to Secure IoT Cryptography: ◮ Primitives: RSA, Elgamal, AES, DES, SHA-3 ... ◮ Protocols: Distributed Algorithms Properties: ◮ Secrecy, ◮ Authentication, ◮ Privacy ◮ Non Repudiation ... Intruders: ◮ Passive, active ◮ CPA, CCA ... Designing such secure protocols is difficult 9 / 19

  17. IoTs and Security Is it preserving your privacy? 10 / 19

  18. IoTs and Security Is it preserving your privacy? 4096 RSA encryption 10 / 19

  19. IoTs and Security Is it preserving your privacy? 4096 RSA encryption Environs 60 temp´ eratures possibles: 35 ... 41 10 / 19

  20. IoTs and Security Is it preserving your privacy? 4096 RSA encryption Environs 60 temp´ eratures possibles: 35 ... 41 { 35 } pk , { 35 , 1 } pk , ..., { 41 } pk 10 / 19

  21. IoTs and Security 3-Pass Shamir 11 / 19

  22. IoTs and Security 3-Pass Shamir 11 / 19

  23. IoTs and Security 3-Pass Shamir 11 / 19

  24. IoTs and Security 3-Pass Shamir 11 / 19

  25. IoTs and Security 3-Pass Shamir Abstract Representation 1 A → B : { m } K A 11 / 19

  26. IoTs and Security 3-Pass Shamir Abstract Representation 1 A → B : { m } K A 2 → : {{ m } K A } K B B A 11 / 19

  27. IoTs and Security 3-Pass Shamir Abstract Representation 1 A → B : { m } K A Commutative 2 → : {{ m } K A } K B = {{ m } K B } K A Encryption B A 11 / 19

  28. IoTs and Security 3-Pass Shamir Abstract Representation 1 A → B : { m } K A Commutative 2 → : {{ m } K A } K B = {{ m } K B } K A Encryption B A 3 A → B : { m } K B 11 / 19

  29. IoTs and Security Logical Attack on Shamir 3-Pass Protocol (I) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k XOR Properties (ACUN) ◮ ( x ⊕ y ) ⊕ z = x ⊕ ( y ⊕ z ) A ssociativity ◮ x ⊕ y = y ⊕ x C ommutativity ◮ x ⊕ 0 = x U nity ◮ x ⊕ x = 0 N ilpotency 12 / 19

  30. IoTs and Security Logical Attack on Shamir 3-Pass Protocol (I) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k XOR Properties (ACUN) ◮ ( x ⊕ y ) ⊕ z = x ⊕ ( y ⊕ z ) A ssociativity ◮ x ⊕ y = y ⊕ x C ommutativity ◮ x ⊕ 0 = x U nity ◮ x ⊕ x = 0 N ilpotency Vernam encryption is a commutative encryption : {{ m } K A } K I = ( m ⊕ K A ) ⊕ K I = ( m ⊕ K I ) ⊕ K A = {{ m } K I } K A 12 / 19

  31. IoTs and Security Logical Attack on Shamir 3-Pass Protocol (II) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k Shamir 3-Pass Protocol 1 A → B : m ⊕ K A 2 B → A : ( m ⊕ K A ) ⊕ K B 3 → B : m ⊕ K B A Passive attacker : m ⊕ K A m ⊕ K B ⊕ K A m ⊕ K B 13 / 19

  32. IoTs and Security Logical Attack on Shamir 3-Pass Protocol (II) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k Shamir 3-Pass Protocol 1 A → B : m ⊕ K A 2 B → A : ( m ⊕ K A ) ⊕ K B 3 → B : m ⊕ K B A Passive attacker : m ⊕ K A ⊕ m ⊕ K B ⊕ K A ⊕ m ⊕ K B = m 13 / 19

  33. IoTs and Security Second Example Needham Schroeder Key Echange 1976 A → B : { A , N A } Pub ( B ) B → A : { N A , N B } Pub ( A ) A → B : { N B } Pub ( B ) ◮ Use cryptography ◮ Small programs ◮ Distributed 14 / 19

  34. IoTs and Security Cryptography is not sufficient ! Example : Needham Schroeder Key Echange A → B : { A , N A } Pub ( B ) B → A : { N A , N B } Pub ( A ) A → B : { N B } Pub ( B ) 15 / 19

  35. IoTs and Security Cryptography is not sufficient ! Example : Needham Schroeder Key Echange A → B : { A , N A } Pub ( B ) B → A : { N A , N B } Pub ( A ) A → B : { N B } Pub ( B ) Broken 17 years after, by G. Lowe A → I : { A , N A } Pub ( I ) I → B : { A , N A } Pub ( B ) A ← I : { N A , N B } Pub ( A ) I ← B : { N A , N B } Pub ( A ) A → I : { N B } Pub ( I ) I → B : { N B } Pub ( B ) 15 / 19

  36. IoTs and Security Cryptography is not sufficient ! Example : Needham Schroeder Key Echange A → B : { A , N A } Pub ( B ) B → A : { N A , N B } Pub ( A ) A → B : { N B } Pub ( B ) Broken 17 years after, by G. Lowe A → I : { A , N A } Pub ( I ) I → B : { A , N A } Pub ( B ) A ← I : { N A , N B } Pub ( A ) I ← B : { N A , N B } Pub ( A ) A → I : { N B } Pub ( I ) I → B : { N B } Pub ( B ) Computer-Aided Security 15 / 19

  37. IoTs and Security Formal Verification Approaches Designer Attacker 16 / 19

  38. IoTs and Security Formal Verification Approaches Designer Attacker 16 / 19 Security Team

  39. IoTs and Security Formal Verification Approaches Designer Attacker Give a proof 16 / 19 Security Team

  40. IoTs and Security Formal Verification Approaches Designer Attacker Give a proof Find a flaw 16 / 19 Security Team

  41. IoTs and Security Security Challenges for IoT Data exchanged should be protected. Security Properties ◮ Data Integrity ◮ Data Confidentiality ◮ Data Privacy ◮ Authentication ◮ Non-repudiation ◮ Avaibility 17 / 19

  42. IoTs and Security 5 Things to Bring Home 1. Severals security challenges in IoT 2. Security has to be taken at the design of IoT 3. Designing secure protocols is difficult 4. Tradeoff between security, battery, CPU and price. 5. Formal methods can help you for designing secure protocols Protocol + Properties + Intruder ⇒ Security 18 / 19

  43. IoTs and Security Thanks for your attention Questions ? 19 / 19

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security Specialists M. ANGELA SASSE, RUHR UNIVERSITY BOCHUM & UCL The problem MENSCHLICH WELTOFFEN LEISTUNGSSTARK 2 ENISA Report December 2018

362 views • 33 slides
Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security:

Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security:

Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security: The protection a ff orded a

160 views • 4 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Election Security and Integrity What is election security? What is election integrity? Election

Election Security and Integrity What is election security? What is election integrity? Election

Election Security and Integrity What is election security? What is election integrity? Election Security = Physical Security + Cybersecurity Physical Security Security plans Secure storage of voting machines and electronic pollbooks

341 views • 13 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides

More recommend