• Home

  • Documents

  • SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation...
23
SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf

SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

  • Upload
    others

  • View
    15

  • Download
    0

Embed Size (px)

Citation preview

Page 1: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

SCALING UP IOT SECURITYIoT Security Foundation Conference December 2018

Leo Dorrendorf

Page 2: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Security architect

Diverse product

range

Multiple R&D teams

Different security

levels

Updated standards

and regulation

Supply chain

security

Evolving threat

intelligence

Rising attacks

The challenges of IoT security architecture

Page 3: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Rising attacks on IoT

Global Number of

IoT devices (Billions)Source: Statista

Number of detected malwares

Against IoT devicesSource: Kaspersky Lab

Number of reported

Infected devicesSource: VDOO Research

Page 4: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Auto-analyzed IoT

embedded systems

3,737Aggregated IoT

vulnerabilities

162,151 500-day

vulnerabilities

Our research

Page 5: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

The state of IoT security

Page 6: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple
Page 7: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

The problems with the manual approach

Quick Scalable Reusable Standardized

Page 8: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple
Page 9: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

The advantages of the automated approach

Quick Scalable Reusable Standardized

Page 10: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

The IoT security process

Training Requirements Design Implementation Release

1 2 3 4 65

Verification

Page 11: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Creating a requirements database

Internal research

Industry standards

Industry publications

Public threat intelligence

REQ.1

REQ.2

REQ.3

REQ.4

Page 12: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Linking related objects

REQ.1

REQ.2

REQ.3

REQ.4Industry standards

Attack methods

Device attributes

Scan results

Page 13: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Filtering relevant requirements

SD card

Wi-Fi

USB

Ethern

et

HW

RN

G

Relevant

RequirementsREQ.1

REQ.2

REQ.3

REQ.4

Page 14: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Integrating existing standards

https://xkcd.com/927

shared under the Creative Commons license by its author

https://xkcd.com/927
https://xkcd.com/927
Page 15: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Integrating existing standards

REQ.1

REQ.2

REQ.3

REQ.4

Page 16: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Mapping requirements

Page 17: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Filtering to a selected standard

REQ.1

REQ.2

REQ.3

REQ.4

Relevant

Requirements

Page 18: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Automatic scanning for requirement status

Device

firmware

Requirement

status

REQ.1

REQ.2

REQ.3

REQ.4

Page 19: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Security as part of continuous integration

v0.1 v0.5 v1.0

REQ.1

REQ.2

REQ.3

REQ.4

REQ.1

REQ.2

REQ.3

REQ.4

REQ.1

REQ.2

REQ.3

REQ.4

Page 20: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Post-release protection

Vulnerable

software

Fundamental fix

Countermeasures

Page 21: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Conclusion

01 What is the right security level for my product?

02 What do I already have in my product?

03 What gaps do I have?

04 How to bridge the gaps?

06 How can I maintain trust and security?

05 How can I be trusted by my customers?

Page 22: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Conclusion

Massive data set (over 20K firmwares)

Page 23: SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

THANK [email protected] @leodorrendorf


IoT Security Elements

IoT Security Elements

Business
IoT Security Testing - Deloitte United States · IoT Security Testing Benefits of IoT Security Testing Despite a complex IoT product architecture, IoT security testing (IST) is beneficial

IoT Security Testing - Deloitte United States · IoT Security Testing Benefits of IoT Security Testing Despite a complex IoT product architecture, IoT security testing (IST) is beneficial

Documents
Scaling the Cloud - Cloud Security

Scaling the Cloud - Cloud Security

Technology
Scaling IoT Security

Scaling IoT Security

Technology
Floodgate IoT Security Toolkit - Nohaunohau.eu/wp-content/uploads/IconLabs.pdf · The Floodgate IoT Security Toolkit provides engineers developing IoT devices a comprehensive security

Floodgate IoT Security Toolkit - Nohaunohau.eu/wp-content/uploads/IconLabs.pdf · The Floodgate IoT Security Toolkit provides engineers developing IoT devices a comprehensive security

Documents
Security in IoT

Security in IoT

Engineering
IoT Cybersecurity - IoT Alliance Australia: Security Workstream

IoT Cybersecurity - IoT Alliance Australia: Security Workstream

Technology
SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK ...€¦ · IoT Security of Things Event / 19th October ... SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK, MARKETING MANAGER

SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK ...€¦ · IoT Security of Things Event / 19th October ... SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK, MARKETING MANAGER

Documents
IoT security patterns

IoT security patterns

Software
IoT security: real problems and solutions Introductionfiles.informatandm.com/uploads/2017/5/IoT_Security...IoT security: real problems and solutions Introduction “IoT security”

IoT security: real problems and solutions Introductionfiles.informatandm.com/uploads/2017/5/IoT_Security...IoT security: real problems and solutions Introduction “IoT security”

Documents
Scaling IoT Deployments: DevOps for the Internet of Things

Scaling IoT Deployments: DevOps for the Internet of Things

Technology
Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

Documents
The challenge of scaling IoT Modern security for ... · Modern security for microcontrollers ... The assumption of being hacked at some point requires a solid ... eSAME

The challenge of scaling IoT Modern security for ... · Modern security for microcontrollers ... The assumption of being hacked at some point requires a solid ... eSAME

Documents
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud

Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud

Technology
IOT SECURITY - Internet of Things news...1 IOT SECURITY The Key Ingredients for Success 1. Securing the IoT: Understanding the Landscape 1.1 Introduction: The Importance of IoT Security

IOT SECURITY - Internet of Things news...1 IOT SECURITY The Key Ingredients for Success 1. Securing the IoT: Understanding the Landscape 1.1 Introduction: The Importance of IoT Security

Documents
Security Challenges inEmerging Technologies IoT &Wearablessecurity.ingrammicro.com/security/media/Security-Media-Library/... · Security Challenges in Emerging Technologies IoT &

Security Challenges inEmerging Technologies IoT &Wearablessecurity.ingrammicro.com/security/media/Security-Media-Library/... · Security Challenges in Emerging Technologies IoT &

Documents
Scaling IoT

Scaling IoT

Technology
IOT SECURITY & MONITORING · The IoT security and monitoring solution helps detect threats, crimes, incidents and monitor ... bandwidth of the video by scaling the size and frame

IOT SECURITY & MONITORING · The IoT security and monitoring solution helps detect threats, crimes, incidents and monitor ... bandwidth of the video by scaling the size and frame

Documents
IoT SAFE: Robust IoT security at scale

IoT SAFE: Robust IoT security at scale

Documents
IoT - Big Data & Security · IoT - Big Data & Security MWC Smart Cities Seminar Telefónica Global IoT Group Feb 2017. IoT Big Data and IoT Security in Smart Cities IoT Security IoT

IoT - Big Data & Security · IoT - Big Data & Security MWC Smart Cities Seminar Telefónica Global IoT Group Feb 2017. IoT Big Data and IoT Security in Smart Cities IoT Security IoT

Documents
IoT Meets Security

IoT Meets Security

Software
How to Future-Proof IoT Security · •Current Internet of Things (IoT) landscape •IoT threats •The IoT security problem •Building in device security •Future proofing •PKI

How to Future-Proof IoT Security · •Current Internet of Things (IoT) landscape •IoT threats •The IoT security problem •Building in device security •Future proofing •PKI

Documents
GOTO Copenhagen 2016 - Scaling IoT

GOTO Copenhagen 2016 - Scaling IoT

Technology
IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

Documents
The IoT Guide - Able Device · 6TH MOBILE IoT SUMMIT SCALING GLOBAL DEPLOYMENT 6TH MOBILE IoT SUMMIT SCALING GLOBAL DEPLOYMENT 13:00 – 14:00 Welcome Lunch, Registration and Demonstrations

The IoT Guide - Able Device · 6TH MOBILE IoT SUMMIT SCALING GLOBAL DEPLOYMENT 6TH MOBILE IoT SUMMIT SCALING GLOBAL DEPLOYMENT 13:00 – 14:00 Welcome Lunch, Registration and Demonstrations

Documents
Security & Scaling at Microsoft

Security & Scaling at Microsoft

Technology
MongoDB : Scaling, Security & Performance

MongoDB : Scaling, Security & Performance

Technology
Future-Proof Security & Privacy in IoT - ETSI...layers in IoT ecosystems are prerequisites to make security in IoT Future-Proof. Challenges & Opportunities in Security in IoT A. NXP:

Future-Proof Security & Privacy in IoT - ETSI...layers in IoT ecosystems are prerequisites to make security in IoT Future-Proof. Challenges & Opportunities in Security in IoT A. NXP:

Documents
IOT SECURITY: CHALLENGES, SOLUTIONS & FUTURE PROSPECTS · 2021. 2. 27. · This article considers IoT security challenges, security requirements for IoT architecture, current security

IOT SECURITY: CHALLENGES, SOLUTIONS & FUTURE PROSPECTS · 2021. 2. 27. · This article considers IoT security challenges, security requirements for IoT architecture, current security

Documents
Scaling IOT Solutionsedpsieee.ieeesiliconvalley.org/EDP2016/Papers/4-1 Ken... · 2019-04-14 · Placeholder Footer Copy / BU Logo or Name Goes Here Scaling IOT Solutions Ken Caviasca

Scaling IOT Solutionsedpsieee.ieeesiliconvalley.org/EDP2016/Papers/4-1 Ken... · 2019-04-14 · Placeholder Footer Copy / BU Logo or Name Goes Here Scaling IOT Solutions Ken Caviasca

Documents