Download to read offline
Uploaded byIndicThreads
Iot secure connected devices indicthreads
The document discusses strategies for building secure connected devices, emphasizing the importance of established security standards and transport layer security (TLS) for device interactions. It highlights the risks associated with increased attack surfaces and the need for comprehensive user authentication and device management. Additionally, it addresses concerns about malware and the necessity of strong encryption and firmware management to mitigate potential security vulnerabilities.
More Related Content
Similar to Iot secure connected devices indicthreads
![[TestWarez 2017] Securing the Internet of Things](https://cdn.slidesharecdn.com/ss_thumbnails/qfit2017nazimeksecuring-the-iot-180103212455-thumbnail.jpg?width=640&height=640&fit=bounds)
Iot secure connected devices indicthreads
- 1.
- 2. Who am I? •IoT @ Marvell for 7 years • 1st Apple HomeKit SDK, 1st Google Weave on μC • Powering millions of Wi-Fi IoT devices in the field
- 5.
- 9. Google for theterm IoT Security
- 10. Result Type I:Doomsday Hacking Scenarios
- 11. Yes, security isa concern • Increased surface area for attacks • Connects to the physical world around us • Newer and tinier hardware • Newer developers
- 12. Courtesy: Darkreading.com Result TypeII: Buy Our Product
- 13. But How DoI Build for Security?
- 14.
- 15.
- 20.
- 22. Standards! • No home-grownsecurity schemes • Rely on established security standards #2
- 23. TLS • Transport LayerSecurity • Certificate-based Server Authentication • Secure Key Exchange • Encrypted Channel • Certificate-based Device Authentication • Secures Bank Transactions
- 24. Technology Advancements • HardwareCapability • Memory • CPU • Strong Software • Many Open Source implementations
- 26. Courtesy: Ars Technica Aninteresting search engine
- 28. Malformed Content? • Whatabout: malware/viruses? • Communicate with known server • controller by known entities • Write protection
- 30.
- 32. Local Network • Actsas a client for outside world • router firewall • Encrypted traffic at the MAC layer • Requires Password/Certificate for access (explicit delegation)
- 33. Switch Network? • RememberAP Security • Force physical access to reset-to-factory
- 34.
- 35. Authenticate the otherendpoint! #3
- 36. Authenticate the otherendpoint!
- 38. Compromised User • Guestaccess to the network? • Malware on user’s phone? • Additional Cryptographic layers on top of the MAC layer • User Management
- 39.
- 40.
- 43. Physical modification • Changethe server address/keys? • Change the firmware? • Trusted Boot • Signed Firmware • Encryption
- 44. Device Phishing • Completelychange the device? • Device Authentication – PKI
- 45. Zarro Boogs Found! •Firmware upgradeability • Connectivity Bonus: evolving appliances • Fix security vulnerabilities • Possible attack vector
- 46.
- 48.
Editor's Notes
- #22 Mention that direct access to the device is protected by the gateway/firewall man in the middle - read/modify traffic replay - open door lock dns spoof - redirect to malicious server
- #27 Talk about user-association challenges, TLS, authorized APIs OLA Money example
- #32 From an attacker’s point of view, attack vector limited to being near each device and then exploiting the vulnerability
- #35 From an attacker’s point of view, attack vector limited to being near each device and then exploiting the vulnerability