Embed Size (px)
DESCRIPTION
Towards a Secure Internet of Things Future Internet Assembly Budapest, May 2011. Oscar Garcia- Morchon ( [email protected] ). Distributed Sensor Systems - Philips Research Europe. Things and the Thing Lifecycle?. Manufactured. Reconfiguration SW Update. Installed. Removal. - PowerPoint PPT Presentation
Citation preview
Oscar Garcia-Morchon ([email protected])
Distributed Sensor Systems - Philips Research Europe
Towards a SecureInternet of Things
Future Internet Assembly Budapest, May 2011
Future Internet Assembly Budapest, May 2011
Things and the Thing Lifecycle?
ManufacturedInstalled
Commissioned
Operational
ReconfigurationSW Update
Decommissioned
Removal
Appl Reconfiguration
Operational
time
“Ubiquitous computing“ (1991, Mark Weiser)
Future Internet Assembly Budapest, May 2011
What do we actually need?System shall/should/may use…?
How does everything work together?
Gateway
Internet
Security in the IoT(*)
Security architecture
Applications and Security
Secure IoT
Guidelines& Standards
IoT Domain (e.g, based on CoAP/6LoWPAN or ZigBee)
(*) Garcia-Morchon, O., Keoh, SL., Kumar, S.,Hummen, R., Struik, R.: “Internet Draft: Security Considerations in the Internet of Things” CORE, IETF, March 2011.
Future Internet Assembly Budapest, May 2011
Security Architecture (1/2)
Gateway
Internet
IoT Domain (e.g, based onCoAP/6LoWPAN or ZigBee)
Node ANode B
Configuration entity
Future Internet Assembly Budapest, May 2011
Security Architecture (2/2)Bootstrapping Operation
Incremental deployment Privacy protection
Group creation Identity and key management
….
End-to-End security Mobility support
Heterogeneous IoT domainsGroup membership
Interactions between tech. and applications?
Gateway IoT Domain (e.g, based on CoAP/6LoWPAN or ZigBee)
Internet
E2E Security?
IP ↔ IoTtranslation
Attackers launch resource
exhaustion attack
Group management and secure multicast
Distributed vs Centralized ??
F(ID,y); ID=hash(Entity’s Name)
Future Internet Assembly Budapest, May 2011
Topics for discussion…and to keep in mind
Security architecture
Application and Security
Secure IoT
Guidelines & Standards
ManufacturedInstalled
Commissioned
Operational
ReconfigurationSW Update
Decommissioned
Removal
Appl Reconfiguration
Operational
time
NIST
FIPS 140-2
HIPAA
95/46/EC
Privacy-aware design
Antivirus (Stuxnet)
Confidentiality
Authentication
Integrity
Freshness
NISTIR 7628
Accountability
IDS
Revocation
Availability
Dependability
Risk Assessment & Design
Access control
Incremental deployment
Distributed or centralized
Bootstrapping & operation
Identity & key management
E2E vs local
Mobility Group security
