SlideShare uma empresa Scribd logo

Privacy and security in IoT

Transferir como PPTX, PDF
V
Vasco Veloso

An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.

Dispositivos e hardware
1 de 18
Privacy and Security in IoT Pixels Camp 2017
The speaker Vasco Veloso vveloso@gmail.com • Worked from the kernel to the cloud. • Wrote a book on x86 assembly. • Built firmware for embedded systems. • Writing and designing software professionally since 1997. • Currently a Java software architect at Coriant Portugal. Privacy and Security in IoT - Pixels Camp 2017 2
Nothing is unbreakable… … but we can make it more difficult to break! Privacy and Security in IoT - Pixels Camp 2017 3
Why is this important? • Old concern • Regulation attempts date back to 2008 in the EU. • Remember all the talk around RFID? • 20 billion connected “Things” in 2020 (Gartner) • 20 billion new nodes ripe for attacking. • 20 billion new nodes surveilling each and every one of us. Privacy and Security in IoT - Pixels Camp 2017 4
Security risks • Device supply chain • Devices may be resold pre-programmed with malware. • Firmware upgrade • OTA may be abused. • Applications and services • Exposed services and end-user applications may be compromised. • Working network • User networks are hostile by definition. • Cloud service impersonation Privacy and Security in IoT - Pixels Camp 2017 5
Physical risk mitigation • Remove or limit access to debug and programming ports. • Some vendors provide authorization on debug ports. • Re-evaluate vendor designs. • Remove unnecessary connections and peripherals. • Study device flash memory protection mechanisms. • Memory/storage encryption and write control. • Use cryptographic hardware. • Detect tampering attempts. Privacy and Security in IoT - Pixels Camp 2017 6
Software risk mitigation • Use secure development practices for the platform and language. • Trim and re-evaluate third-party software and libraries. • Use sound and proven cryptographic implementations. • Secure the boot process. • Authenticate OTA update sources and targets. • Have distinct device signatures for software updates. • Pair external devices, such as phones, securely (e.g. secure NFC/Bluetooth). Privacy and Security in IoT - Pixels Camp 2017 7
Network risk mitigation • Different default credentials for all devices. • Security on the protocol level. • Peer authentication and authorization. • Secret sharing • Cryptographic one-way hashing • Zero knowledge proof • Nodes act only as clients towards the network. Privacy and Security in IoT - Pixels Camp 2017 8
Privacy risks • Identity disclosure • Device may transmit personally identifiable data. • Device transmissions may be recognizable. • Location disclosure • Device may transmit its explicit location. • Device may be itself traceable through its communications. • Data confidentiality • Cloud services may contain records full of personally identifiable data. Privacy and Security in IoT - Pixels Camp 2017 9
Privacy risk mitigation • Identity disclosure • Pseudonym. • Connection anonymization. • Location disclosure • Pseudonym. • Data confidentiality • No direct access to personally identifiable data from devices. • Secure data center / cloud resources. Privacy and Security in IoT - Pixels Camp 2017 10
Security and privacy first • Security and privacy are first-class requirements. • Design from the start with them in mind. • Define trust boundaries • Device/gateway, gateway/cloud, … • Imagine unlawful ways of interacting with the system • Threat modeling Privacy and Security in IoT - Pixels Camp 2017 11
Did it happen before? 120k IP cameras at risk of attack (September 2017) Persirai leverages a zero-day vulnerability to gain access and UPnP to connect to the device. Privacy and Security in IoT - Pixels Camp 2017 12 https://www.darkreading.com/attacks-breaches/new-iot-botnet-discovered-120k-ip-cameras-at-risk-of-attack/d/d-id/1328839
Did it happen before? Over 900k routers compromised in Germany (November 2016) Remote management was left enabled for the world at large. A variant of the Mirai worm was busy using well known credentials to change the routers’ firmware. Privacy and Security in IoT - Pixels Camp 2017 13 http://securityaffairs.co/wordpress/53871/iot/deutsche-telekom-hack.html Allestoerungen.de and OpenMaps
Did it happen before? Jeep hacked remotely (July 2015) Zero-day vulnerabilities that allowed remote control of a Jeep Cherokee were demonstrated to the press. Privacy and Security in IoT - Pixels Camp 2017 14 https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Andy Greenberg / Wired
Did it happen before? Remotely controlled car washes (July 2017) Attackers can take control of the machine by leveraging plain text HTTP connections and default credentials. Physical damage to property and humans becomes possible. Privacy and Security in IoT - Pixels Camp 2017 15 https://motherboard.vice.com/en_us/article/bjxe33/car-wash-hack-can-smash-vehicle-trap-passengers-douse-them-with-water
General Data Protection Regulation (EU) • Privacy by design and by default! • Minimize data collection. • Hide data. • Encrypt. • Anonymize. • Pseudonymize. • Control access to data. • Have a privacy policy. • Have means of determining the extent of privacy braches. Privacy and Security in IoT - Pixels Camp 2017 16
General Data Protection Regulation (EU) • Data subjects have rights: • Information • Access • Update • Object • Erasure • Export • Portability Privacy and Security in IoT - Pixels Camp 2017 17
That’s all folks Slides and reference papers available at https://github.com/vveloso/talks http://linkedin.com/in/vascoveloso vveloso@gmail.com Privacy and Security in IoT - Pixels Camp 2017 18

Recomendados

IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
Vishnupriya T H
 
Internet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutionsInternet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutions
Shivam Kumar
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
gr9293
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 

Recomendados

IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
Vishnupriya T H
 
Internet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutionsInternet of things - challenges scopes and solutions
Internet of things - challenges scopes and solutions
Shivam Kumar
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
gr9293
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
The Avi Sharma
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
SanjayKumarYadav58
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
Ulf Mattsson
 
IoT Networking
IoT NetworkingIoT Networking
IoT Networking
Hitesh Mohapatra
 
Internet of Things (IOT)
Internet of Things (IOT)Internet of Things (IOT)
Internet of Things (IOT)
Kunal Adhikari
 
Internet of things
Internet of thingsInternet of things
Internet of things
Vikrant Negi
 
basic ppt on IOT
basic ppt on IOTbasic ppt on IOT
basic ppt on IOT
Namrata bajpai
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 
IoT
IoTIoT
IoT
Mphasis
 
Sensor networks
Sensor networksSensor networks
Sensor networks
Marc Pous
 
Internet of things(IoT)
Internet of things(IoT)Internet of things(IoT)
Internet of things(IoT)
NAGUR SHAREEF SHAIK
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 

Mais conteúdo relacionado

Mais procurados

Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 
Sensor networks
Sensor networksSensor networks
Sensor networks
Marc Pous
 

Mais procurados (20)

security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 
IoT Networking
IoT NetworkingIoT Networking
IoT Networking
 
Internet of Things (IOT)
Internet of Things (IOT)Internet of Things (IOT)
Internet of Things (IOT)
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
basic ppt on IOT
basic ppt on IOTbasic ppt on IOT
basic ppt on IOT
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
IoT
IoTIoT
IoT
 
Sensor networks
Sensor networksSensor networks
Sensor networks
 
Internet of things(IoT)
Internet of things(IoT)Internet of things(IoT)
Internet of things(IoT)
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 

Semelhante a Privacy and security in IoT

NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
Hans Klos
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
Jay Nagar
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
mahendrarm2112
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
Brian Knopf
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 

Semelhante a Privacy and security in IoT (20)

NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Crypto Vision Bot Using RSA Algorithm
Crypto Vision Bot Using RSA AlgorithmCrypto Vision Bot Using RSA Algorithm
Crypto Vision Bot Using RSA Algorithm
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
 
Conference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoTConference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoT
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
 
Internet of Things (IoT) Security using stream cipher.ppt
Internet of Things (IoT) Security using stream cipher.pptInternet of Things (IoT) Security using stream cipher.ppt
Internet of Things (IoT) Security using stream cipher.ppt
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Cisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance ÜrünleriCisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance Ürünleri
 
Iot privacy-soscon-2019
Iot privacy-soscon-2019Iot privacy-soscon-2019
Iot privacy-soscon-2019
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Rapid industrial grade IoT prototyping with sierra wireless
Rapid industrial grade IoT prototyping with sierra wirelessRapid industrial grade IoT prototyping with sierra wireless
Rapid industrial grade IoT prototyping with sierra wireless
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 

Último

Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
amitlee9823
 
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
motiram463
 
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
amitlee9823
 
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Naicy mandal
 
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
kojalkojal131
 
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
ehyxf
 
怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证
怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证
怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证
tufbav
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Call Girls in Nagpur High Profile
 
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
amitlee9823
 
一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证
一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证
一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证
wpkuukw
 
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
amitlee9823
 

Último (20)

Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
 
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
 
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
 
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
 
Escorts Service Daryaganj - 9899900591 College Girls & Models 24/7
Escorts Service Daryaganj - 9899900591 College Girls & Models 24/7Escorts Service Daryaganj - 9899900591 College Girls & Models 24/7
Escorts Service Daryaganj - 9899900591 College Girls & Models 24/7
 
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
 
怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证
怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证
怎样办理斯威本科技大学毕业证(SUT毕业证书)成绩单留信认证
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Pimple Saudagar Call Me 7737669865 Budget Friendly No Advance Booking
 
Introduction-to-4x4-SRAM-Memory-Block.pptx
Introduction-to-4x4-SRAM-Memory-Block.pptxIntroduction-to-4x4-SRAM-Memory-Block.pptx
Introduction-to-4x4-SRAM-Memory-Block.pptx
 
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
 
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
(INDIRA) Call Girl Napur Call Now 8617697112 Napur Escorts 24x7
 
SM-N975F esquematico completo - reparación.pdf
SM-N975F esquematico completo - reparación.pdfSM-N975F esquematico completo - reparación.pdf
SM-N975F esquematico completo - reparación.pdf
 
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Sanjay Nagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证
一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证
一比一定(购)坎特伯雷大学毕业证(UC毕业证)成绩单学位证
 
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In RT Nagar ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
 

Privacy and security in IoT

  • 1. Privacy and Security in IoT Pixels Camp 2017
  • 2. The speaker Vasco Veloso vveloso@gmail.com • Worked from the kernel to the cloud. • Wrote a book on x86 assembly. • Built firmware for embedded systems. • Writing and designing software professionally since 1997. • Currently a Java software architect at Coriant Portugal. Privacy and Security in IoT - Pixels Camp 2017 2
  • 3. Nothing is unbreakable… … but we can make it more difficult to break! Privacy and Security in IoT - Pixels Camp 2017 3
  • 4. Why is this important? • Old concern • Regulation attempts date back to 2008 in the EU. • Remember all the talk around RFID? • 20 billion connected “Things” in 2020 (Gartner) • 20 billion new nodes ripe for attacking. • 20 billion new nodes surveilling each and every one of us. Privacy and Security in IoT - Pixels Camp 2017 4
  • 5. Security risks • Device supply chain • Devices may be resold pre-programmed with malware. • Firmware upgrade • OTA may be abused. • Applications and services • Exposed services and end-user applications may be compromised. • Working network • User networks are hostile by definition. • Cloud service impersonation Privacy and Security in IoT - Pixels Camp 2017 5
  • 6. Physical risk mitigation • Remove or limit access to debug and programming ports. • Some vendors provide authorization on debug ports. • Re-evaluate vendor designs. • Remove unnecessary connections and peripherals. • Study device flash memory protection mechanisms. • Memory/storage encryption and write control. • Use cryptographic hardware. • Detect tampering attempts. Privacy and Security in IoT - Pixels Camp 2017 6
  • 7. Software risk mitigation • Use secure development practices for the platform and language. • Trim and re-evaluate third-party software and libraries. • Use sound and proven cryptographic implementations. • Secure the boot process. • Authenticate OTA update sources and targets. • Have distinct device signatures for software updates. • Pair external devices, such as phones, securely (e.g. secure NFC/Bluetooth). Privacy and Security in IoT - Pixels Camp 2017 7
  • 8. Network risk mitigation • Different default credentials for all devices. • Security on the protocol level. • Peer authentication and authorization. • Secret sharing • Cryptographic one-way hashing • Zero knowledge proof • Nodes act only as clients towards the network. Privacy and Security in IoT - Pixels Camp 2017 8
  • 9. Privacy risks • Identity disclosure • Device may transmit personally identifiable data. • Device transmissions may be recognizable. • Location disclosure • Device may transmit its explicit location. • Device may be itself traceable through its communications. • Data confidentiality • Cloud services may contain records full of personally identifiable data. Privacy and Security in IoT - Pixels Camp 2017 9
  • 10. Privacy risk mitigation • Identity disclosure • Pseudonym. • Connection anonymization. • Location disclosure • Pseudonym. • Data confidentiality • No direct access to personally identifiable data from devices. • Secure data center / cloud resources. Privacy and Security in IoT - Pixels Camp 2017 10
  • 11. Security and privacy first • Security and privacy are first-class requirements. • Design from the start with them in mind. • Define trust boundaries • Device/gateway, gateway/cloud, … • Imagine unlawful ways of interacting with the system • Threat modeling Privacy and Security in IoT - Pixels Camp 2017 11
  • 12. Did it happen before? 120k IP cameras at risk of attack (September 2017) Persirai leverages a zero-day vulnerability to gain access and UPnP to connect to the device. Privacy and Security in IoT - Pixels Camp 2017 12 https://www.darkreading.com/attacks-breaches/new-iot-botnet-discovered-120k-ip-cameras-at-risk-of-attack/d/d-id/1328839
  • 13. Did it happen before? Over 900k routers compromised in Germany (November 2016) Remote management was left enabled for the world at large. A variant of the Mirai worm was busy using well known credentials to change the routers’ firmware. Privacy and Security in IoT - Pixels Camp 2017 13 http://securityaffairs.co/wordpress/53871/iot/deutsche-telekom-hack.html Allestoerungen.de and OpenMaps
  • 14. Did it happen before? Jeep hacked remotely (July 2015) Zero-day vulnerabilities that allowed remote control of a Jeep Cherokee were demonstrated to the press. Privacy and Security in IoT - Pixels Camp 2017 14 https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Andy Greenberg / Wired
  • 15. Did it happen before? Remotely controlled car washes (July 2017) Attackers can take control of the machine by leveraging plain text HTTP connections and default credentials. Physical damage to property and humans becomes possible. Privacy and Security in IoT - Pixels Camp 2017 15 https://motherboard.vice.com/en_us/article/bjxe33/car-wash-hack-can-smash-vehicle-trap-passengers-douse-them-with-water
  • 16. General Data Protection Regulation (EU) • Privacy by design and by default! • Minimize data collection. • Hide data. • Encrypt. • Anonymize. • Pseudonymize. • Control access to data. • Have a privacy policy. • Have means of determining the extent of privacy braches. Privacy and Security in IoT - Pixels Camp 2017 16
  • 17. General Data Protection Regulation (EU) • Data subjects have rights: • Information • Access • Update • Object • Erasure • Export • Portability Privacy and Security in IoT - Pixels Camp 2017 17
  • 18. That’s all folks Slides and reference papers available at https://github.com/vveloso/talks http://linkedin.com/in/vascoveloso vveloso@gmail.com Privacy and Security in IoT - Pixels Camp 2017 18