Upload
dhruvin-patel
View
65
Download
0
Embed Size (px)
Citation preview
Presented by -Sonal Mehta -Jitendra Purohit -Jayshree Kanse -Shaoliang Zhong -Sanjana Brid -Dhruvin Patel
Internet of Things(IoT)
• What is IOT?
• Infrastructure
• Threats to Devices
• Botnet Attack
• Stuxnet
• Case Study
Agenda
2
IoT is an evolution of mobile, home and embedded applications that are being connected the internet integrating greater compute capabilities and using data analytics to extract meaningful information.
Definition
3
• Dynamic and Self-Adapting
• Self-Configuring
• Interoperable Communication Protocols
• Unique Identity
• Integrated into Information Network
IoT Characteristics
4
Infrastructure
5
• All about devices and apps.
• IOT needs a strong backbone! Why?
• Because behind-the-scenes stuff that ultimately enables and powers the end user.
• Example- Smart Parking System
Why Infrastructure?
6
More and more devices get connected online every day with approximately 9 billion devices already in use. With weak or almost no security, these devices can easily become a victim and turned into a BOT which can then be controlled and used to attack anything!
Example – Distributed Denial of Service attack.
Here Comes the RISK
7
• Distribute and De-risk. It is more difficult to carry out an attack when the target is not centrally located. This reduces the risks from DDOS or service interruptions.
• Ensure that default ID’s and Privileged Accounts on each system is changed, protected, and audited.
• Keep Privileged Accounts at a minimum and use a PAM solution.
• Use and adopt a Least Privilege Model.
• Make sure sensitive systems are air-gapped and access is heavily controlled.
•Adopt a White listing approach and Trusted Computing Model for systems which run specific applications or tasks.
•Keep applications and systems up to date.
Infrastructure Security
8
• We can sort potential attacks against the Internet of Things into three primary categories based on the target of the attack—attacks against a device, attacks against the communication between devices and masters, and attacks against the masters.
•Attacks against IoT Devices :To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function.
• Best Practice: Securing the Internet of Things requires device ID certificates to be issued to each device at the point of manufacturing to establish identity and facilitate authentication to service and other devices.
•Attacks against Communications : A common method of attack involves monitoring and altering messages as they are communicated. The volume and sensitivity of data traversing the IoT environment makes these types of attacks especially dangerous, as messages and data could be intercepted, captured, or manipulated while in transit.
•Best Practice: As sensitive data travels through the cloud and IoT environment, it should be encrypted to prevent interception.
Threats to Devices
9
• Attacks against the Master of Devices• For every device or service in the Internet of Things, there must be a master. The master’s role is to issue and manage devices, as well as facilitate data analysis. Attacks against the masters – including manufacturers, cloud service providers, and IoT solution providers – have the potential to inflict the most amount of harm. These parties will be entrusted with large amounts of data, some of it highly sensitive in nature.
• Best Practice: Code signing of firmware/software updates using code signed with digital certificates. Additionally, all communication with devices in the field should use SSL certificates.
Threats to Devices
10
A trillion points of vulnerability
• Every single device and sensor in the IoT represents a potential risk. How confident can an organization be that each of these devices have the controls in place to preserve the confidentiality of the data collected and the integrity of the data sent?
• One weak link could open up access to hundreds of thousands of devices on a network with potentially serious consequences.
Trust and data integrity
• Corporate systems will be bombarded by data from all manner of connected sensors in the IoT. But how sure can an organization be that the data has not been compromised or interfered with?
• Security must be built into the design of these devices and systems to create trust in both the hardware and integrity of the data.
Data collection, protection and privacy
• The vision for the IoT is to make our everyday lives easier and boost the efficiency and productivity of businesses and employees. The data collected will help us make smarter decisions. But this will also have an impact on privacy expectations. If data collected by connected devices is compromised it will undermine trust in the IoT. Trust is the foundation of the IoT and that needs to be underpinned by security and privacy.
Key IoT security challenges
11
• In-Car Wi-Fi
• Health Applications / Mobile Medical Devices
• Wearable Devices, Google Glass
• Retail Inventory Monitoring and Control, M2M
• Drones (unmanned aircraft) for domestic (non-military) use
Five categories of IoT devices at risk
12
Date: October 21st, 2016
DDOS- IoT Attack In Action
13
Time: 7 a.m.
Location: the East Coast of America
Target: Dyn, the DNS service
Damage: Twitter, GitHub, Spotify, New York Times, …
Data: 3 waves, 100 000 botnet nodes, 1.2 Tbps traffic
Source: Russia? China? WikiLeaks? -Mirai
“Mirai is malware that turns computer systems running Linux into remotely controlled "bots", that can be used as part of a botnet in large-scale network attacks”-Wikipedia
Target: IoT devices (webcams, routers)
Loophole: unchanged default username and password
Mirai
14
CNCIPs
bots
scanscan
attack!report
targets
HTTPTCPUDPGRE
15
Fun Facts/mirai/bot/scanner.c
Products of Chinese manufacturers
Fun Facts/mirai/cnc/admin.go
16
Google Translate says they are “user” and “password” in Russian
• Stuxnet is malicious worm that was targeted at a specific manufacturing facility. It was titled as the most complex worm at time of its discovery.
• Average viruses are about 10k bytes in size. Stuxnet was 500 KB
• Stuxnet had four zero-day vulnerability.
Stuxnet
17
USB Infection Vectors
•One of their customers of VirusBlockAda in Iran had been experiencing a number of BSOD failures and wanted help finding the cause.
•Research into that problem led to the discovery of the virus.
How was it Detected?
18
•The Stuxnet version discovered in June, 2010 initially spread through flash drives. *.lnk file on flash drive identifies a reference to a file (expected to be an icon).
•Once virus is uploaded and running, it hides the .lnk and source files. Stuxnet can use Windows shared folders to propagate itself over a local network. It places a dropper file on any shares on remote computers, and schedules a task to execute it.
How does it Spread?
19
20
Case Study- CISCO on IoT SecurityVectors on Attack in IoT
• Introduced by the Cisco Systems for IoT
• Extends Cloud computing services to the edge of the network and closer to the ground
• From central to distributed approach
• Analysis/Filtration of data done by Fog nodes
• Improves the security using CISCO fog data services
Fog Computing
21
CISCO Iot Platform Architecture
22
Cisco Computing Blog
23
Thank You!