Risk Factory: Let's Get Physical

Embed Size (px)


Security issues associated with the Internet of hings (IoT)

Text of Risk Factory: Let's Get Physical

  • 1. "Lets Get Physical"Cyber Security in an IP-EnabledWorld

2. A simple, easy to use, online, B2B procurement portal for purchasing products and services toidentify, minimise and manage the security threat to business data. www.riskfactory.com 3. Encryption CrackingData SlurpingCookies Script Scrapers Script Kiddies SpywareMockingbirdsRoad Apples Zombie Spim M alwarBotnets s SQL Injection Spoofers e GoogleStealth Bombs Port Scanning Hacking Worm Root Kits Backdoors sPharminWar Crackers gEavesdroppingSteganography DrivingDenial of Service AttacksX-Site Crawler Ear WiggingScriptings PhishingMan-in-the MiddleAdware Data Mining AttacksSuppressionScreen Grabbers FingerprintingViruses StrippingSmurfing Social Engineering 4. Always do whateversnext Wireless Bluetooth Cloud 5. Our Internet BasedOn 60s concepts, requirements &funding 70s computing environments 80s operating systems,applications, networks, andprogramming languages 90s security technology 2000s operational andbusiness practices 6. The End is Neigh In the next 2 years the present IPaddress space (IPv4) will reach its capacity. 7. Birth Follows EveryDeath It will be replaced by IPv6 which has addresses enough(about 5x10 to the 28 thpower) for each of the6.8 billion human beings on the planet. 8. In Other Words...Every human being on the planet could have theirown personal network the size of todays internet. 9. Why? The Internet is preparing to leave its virtualworld and enter our physical world. IPv6 provides an infrastructure forassigning IP addresses to physical things The networking of the virtual world to thephysical world The networking of things Evolution: from a network ofinterconnected computers to a network ofinterconnected objects 10. The "average" person owns somewhere between1000 to 5000 things possessions. 11. Imagine What if you could put them all on your own network? Have a complete inventory of everything you own and know where it is real-time? What if you could connect this network of your things to other networks and interact? Life on this planet would be significantly and profoundly changed. Wed never run out of anything. No more theft as we know it wed know exactly where things are at any given movement anywhere on the planet 12. Wake Up Its all ready here Internet of Things (IoT) Concept founded by Auto-ID Centre at in MIT back in 1999 Phase 1 underway, bottom up, level- specific functionality Internet Protocol for Smart Objects (IPSO) Alliance founded 2008 13. IoT Characteristics Pervasive: present throughout Ubiquitous: everywhere at the same time Evolving: constantly changing Global: everywhere on this planet 14. Beyond Accidental"Anytime, anywhere, by anyone and everything" 15. A Day in the Life 16. First Things First Everything on the electrical grid - first Balance of power (grids) Plant to substations Substations to lines Lines transformers Transformers to homes 17. Second Things Second Any thing with a power source toany thing with a power sourceand vice versa Refrigerator to a television Toaster to smoke detector Fire alarms to ovens Smoke detectors to gas supplier 18. And Last But Not Least Any person to any thing or any person? You to your house You to your appliances You to your car You to your. 19. Communication is Key Need mobile smart communication devices to connect: Things to things People to things IP Smart Objects (IPSO) RFID chip the leader 20. IoT Language Hello: My UID is 1234567fa and my challenge is X4665 Bonjour: My UID is af7654321 and the answer to your challenge is Ab455839 21. Communication 22. FrameworkNetless: is an anamorphic structure of nodes that is capableof holding some amounts of digital data. each node is a small,low-power wireless digital transponder. There is no permanentnetwork connection. Every time any node would appear in thevicinity of any other node - they would establish a wireless linkand swap the data that was stored internally.Keywords: permission-less, parasitic network, off-line data-sharing, city-net, WAN, othernet, decentralized, node-network,sneakernet, sensor-network, grassroots-network, wireless. 23. Looks Like 24. Soylent Green is People!Newly developed RFIDPowder, as invisible as aspeck of dust: 0.05 mm x0.05 x 0.005mmChips are packed with 128bits of static memory,enough to store a unique38-digit ID number, 2.45GHz, 1mWCan be embed directly intopieces of paperCurrent favored application:anti-counterfeiting 25. Already There Retail stores using RFID forstock control Vehicles paying by RFID onmotorways Cows, Dogs, Cats, Sheepimplanted with RFID chips Consumer products fromcars and mobiles tochildrens tennis shoes nowequipped with GPS RFIDchips 26. Security RequirementsCan our current C.I.A. definition fit the IoT?Pervasive: present throughout?Ubiquitous: everywhere simultaneously?Emerging: constantly evolving?Global: everywhere on this planet? 27. Application Challenges 28. IP ChallengesPacket spoofingNetwork traffic analysisDevice analysisDevice spoofingEncryptionKey distributionPrivacy protectionIdentity protectionIdentity and identifiermanagement 29. IPSO Challenges Devices are not reachable Most of the time a device is not connected Devices can be lost and stolen Makes security difficult when the device is not connected Devices are not crypto-engines Strong security difficult without processing power Devices have finite life Credentials need to be tied to lifetime Devices are transportable Will cross borders Devices need to be recognised by manyreaders 30. Privacy Challenges What things you own Where you bought them The price you paid forthem Where they are located What you use them for How often you use them What they connect to Who they connect to 31. Fraud Challenges "Thing" Theft Counterfeit Piracy 32. Professional Challenges See the bigger picture - now Anticipate the potential problems Security professionals are alwayscatching up to technology Step up. Consider the implications ofthenext world of networked things Prepare for it now Lead - Dont follow. 33. 26 Dover StreetLondonUnited KingdomW1S 4LY+44 (0)20 3586 1025+44 (0)20 7763 7101(fax)