securing the web of things
play

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of - PowerPoint PPT Presentation

Nov 27, 2023 •116 likes •273 views

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of Things Internet of Things (IoT) Incompatible standards, platforms, technologies World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and

  1. Securing the Web of Things Andrei Sabelfeld @asabelfeld

  2. Web of Things Internet of Things (IoT) • Incompatible standards, platforms, technologies “World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and platform-independent standards needed to overcome the fragmentation of the IoT” -W3C CEO Dr. Jeff Jaffe, 2017 Security implications?

  3. Software as enabling technology • Software at the heart • Third-party code everywhere • Libraries, gadgets, ads, analytics, tracking, fingerprinting,.. • Malicious/buggy code • Ex-filtrating private information • Malwartising • Defacing web sites • Phishing attacks • Cryptojacking Securing software is a must for IoT

  4. IoT apps “Connecting otherwise unconnected services”

  5. IoT apps • “Managing users’ digital lives” • Smart homes, smartphones, cars, fitness armbands • Online services (Google, Dropbox,…) • Social networks (Facebook, Twitter,…) • End-user programming • Anyone can create and publish apps • Most apps by third parties • Web interface + smartphone clients

  6. IFTTT “If This Then That” • Trigger-action programming • Largest IoT app platform • Over 500 integrated services • Millions of users and billions of running apps

  7. IFTTT app If this then that Action Trigger What can go wrong? J

  8. Demo

  9. Attack by malicious app maker then If

  10. IFTTT app If this then that Action Trigger What can go wrong? J

  11. Attack by malicious app maker then If

  12. In-car infotainment apps • Stores for 3 rd -party in-car apps • GM: JavaScript/HTML5 • Volvo Cars, Renault, Nissan, and Mitsubishi: Android Automotive • Sensitive sources • Location, odometer, current speed, backup camera, microphone ⇒ location tracking, audio spying • Sensitive destinations • seat settings, climate control, stereo volume ⇒ “soundblast”, driver disruption

  13. Countermeasures • Application-level security then • Secure code in control of IoT! If • API control • Location API JSFlow • Voice command API • Information flow control • Track the flow of information through JavaScript code • Block flow from sensitive sources to attacker

  14. Securing IoT apps • Securing IoT a presssing challenge • Incompatible standards, platforms and technologies • Web of Things to reduce IoT fragmentation • Need to secure code in control of IoT applications • JavaScript at heart • IFTTT security • Informaiton flow control • In-car app security • Permissions and API security

  15. Read more in IEEE Security & Privacy Magazine 2019 Joint work in part with Iulia Bastys and Musard Balliu and in part with Benjamin Eriksson

Recommend

Securing the Internet of Things CSM-ACE 2013 13 November 2013 www.cyberunited.com Darin

Securing the Internet of Things CSM-ACE 2013 13 November 2013 www.cyberunited.com Darin

Intelligence and Security Informatics Securing the Internet of Things CSM-ACE 2013 13 November 2013 www.cyberunited.com Darin Andersen 20 Years Hi-Tech and 12 Years Cybersecurity Experience International Cyber Speaker, Insider Threat, SiOT

226 views • 20 slides
Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The Waiting Room Working with Audio Working with Video Using the Tool Tray Chat In the Meeting When Things Go Wrong 2 Securing Your

325 views • 14 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng , Xiaojing Liao, XiaoFeng Wang, Haining Wang, Qiang Li, Kai Yang, Hongsong Zhu, Limin Sun USENIX Security 2019 Internet-of-Things (IoT) Devices IoT

422 views • 23 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

853 views • 28 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

NON-PROFIT PRESENTATION TIPS FOR NON-PROFIT PRESENTATION TIPS FOR SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 | info@212mediastudios.com Having an efgective communication strategy is the fjrst step for your

116 views • 9 slides
Revelation 1:19 Write the things which you have seen, and the things which are, and the

Revelation 1:19 Write the things which you have seen, and the things which are, and the

Revelation 1:19 Write the things which you have seen, and the things which are, and the things which will take place after this. Revelation 4:1 After these things I looked, and behold, a door standing open in heaven. And the

438 views • 30 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

537 views • 10 slides
Hebrews 6:9, But, beloved, we are confident of better things concerning you yes things of

Hebrews 6:9, But, beloved, we are confident of better things concerning you yes things of

Hebrews 6:9, But, beloved, we are confident of better things concerning you yes things of better things concerning you, yes, things that accompany salvation, though we speak in this manner. Hebrews 6:10, For God is not unjust to forget

739 views • 41 slides
Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha Presented By: Eric Simpson Summary Traditional Secure Communications Securing the physical layer with UWB TH-PPM RFID digital baseband

386 views • 19 slides
- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas

- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas

- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel Overview 1. Automotive Networks 2. SecVI Research Project 3. Software-Defined Networking

344 views • 31 slides
9/6/20 Exceptions: What to do when things go bad IO: Where things often go bad 1 An exception

9/6/20 Exceptions: What to do when things go bad IO: Where things often go bad 1 An exception

9/6/20 Exceptions: What to do when things go bad IO: Where things often go bad 1 An exception is an object describing unusual or erroneous situation Division by 0 in computing expression (ArithmeticException) Array index out of bounds

371 views • 8 slides
WHAT? DAMAGE TO THE CARGO The safe stowage and securing of cargoes depend on proper planning,

WHAT? DAMAGE TO THE CARGO The safe stowage and securing of cargoes depend on proper planning,

WHAT? DAMAGE TO THE CARGO The safe stowage and securing of cargoes depend on proper planning, execution and supervision. Personnel commissioned to tasks of cargo stowage and securing should be properly qualified and experienced. Monday, January

116 views • 7 slides
Securing & Sustaining Mutual Fund Trust Status Tips & Traps Portfolio

Securing & Sustaining Mutual Fund Trust Status Tips & Traps Portfolio

Securing & Sustaining Mutual Fund Trust Status Tips & Traps Portfolio Management Association of Canada Seminar Offices of McMillan LLP Toronto, Ontario September 21, 2011 Part I Securing and Sustaining Mutual Fund

816 views • 42 slides
The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference,

The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference,

The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference, Glasgow, 16 th June 2016 The Role of Government in Securing the CAV Ecosystem 1 CAVs present tremendous opportunities safety efficiency mobility

393 views • 11 slides
Getting Things Done Der Antiverpeil Talk 2007-12-29, Berlin Getting Things Done Overview

Getting Things Done Der Antiverpeil Talk 2007-12-29, Berlin Getting Things Done Overview

Getting Things Done Der Antiverpeil Talk 2007-12-29, Berlin Getting Things Done Overview Introduction The Problem: Why Things Are on your Mind The Idea: Outsource your Brain Methodologies Tools Getting started Chaos

451 views • 23 slides

More recommend