20 Billion IoT Devices In 2023 page 02 * Gemalto The State of - - PowerPoint PPT Presentation

20 billion iot devices in 2023
SMART_READER_LITE
LIVE PREVIEW

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of - - PowerPoint PPT Presentation

Nov 06, 2022 373 likes •633 views

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79 % required breach 48 % exists? improve 62 % security page 03 * Gemalto The State of IoT Security Honeypot A honeypot is a computer

slide-1
SLIDE 1
slide-2
SLIDE 2

In 2023 IoT Devices 20 Billion

* Gemalto – The State of IoT Security page 02

slide-3
SLIDE 3

page 03

guidelines required 79% breach exists? 48% improve security 62%

* Gemalto – The State of IoT Security

slide-4
SLIDE 4

page 04

A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

Honeypot

Source: – oswalpalash

slide-5
SLIDE 5

Hardware Honeypot

page 05

Remote Control Power Adapter Hardware Honeypot

slide-6
SLIDE 6

Hardware Honeypot

page 06

slide-7
SLIDE 7

Hardware Honeypot

page 07

City Device Price Arch New York, USA Raspberry Pi $20 ARM San Jose, USA Netgear R6100 $55 MIPS Beijing, China BeagleBone $45 ARM Shenzhen, China Linksys WRT54GS $40 MIPS All above RCPA $30

  • Internet access fee

>$30/month

slide-8
SLIDE 8

System Architecture

page 08

slide-9
SLIDE 9

Software Honeypot High Fidelity

page 09

Customizing QEMU configurations

Proper CPU, memory, and peripheral configurations

VM instances rearrangement

Change IPs and providers

Masking sensitive system information

Forge /proc/cpuinfo

slide-10
SLIDE 10

Software Honeypot Evidence Collection

page 010

CPU usage Network packets Process list

slide-11
SLIDE 11

Findings Deployment Overview

page 011

slide-12
SLIDE 12

Findings Geo-distribution

page 012

108

  • Jun. 2017 ~ Jun. 2018

~$6/month

slide-13
SLIDE 13

Findings General Attacking Flows

page 013

slide-14
SLIDE 14

Findings Fileless Attack

page 014

attacks that do not rely

  • n malware files
slide-15
SLIDE 15

Findings Hardware

page 015

suspicious connections

14.5M

5.5% 2.5% 6.2% 85. 8%

SSH / Telnet HTTP(S) Others SMB

46.9% 5.0% 48.1%

Others Malware-based Attacks Fileless Attacks

effective attacks

1.6M

slide-16
SLIDE 16

Findings Software

page 016

3.2% 8.9% 9.6% 78. 3%

SSH / Telnet SMB HTTP(S) Others

page 016

55.3%

5.3%

39.4%

Malware-based Attacks Fileless Attacks

suspicious connections

249M

effective attacks

26.4M

slide-17
SLIDE 17

Findings Less Fidelity

page 017

Public clouds

may prevent certain types of attacks

In-depth information

may be used to infer the honeypots

1100/day 670/day

slide-18
SLIDE 18

Findings Hardware

page 018

slide-19
SLIDE 19

Findings Software

page 019

slide-20
SLIDE 20

page 020

types

malware

598

MIPS 25.7% ARM 27.3%

Findings Malware-based Attacks

slide-21
SLIDE 21

page 021

Findings Fileless Attacks

01

Occupying end systems

e.g., altering passwords

05

Stealing data

e.g., reading the shadow file

02

Damaging system data

e.g., removing / altering configurations

06

Launching network attacks

e.g., sending malformed HTTP requests

03

Preventing monitoring

e.g., killing services

07

Other commands

e.g., who, lastlog

04

Retrieving system info

e.g., getting hardware information

08

No shell commands

e.g., SSH tunneling attacks

slide-22
SLIDE 22

Findings SSH Tunneling Attack

page 022

slide-23
SLIDE 23

page 023

Findings New Security Challenges & Defense Directions

01 56.2%: modify the filesystem 02 99.7%: using shell commands 03 0.3%: no traces

slide-24
SLIDE 24

page 024

Findings New Security Challenges & Defense Directions

slide-25
SLIDE 25

page 025

Conclusions & Future Work

01

Support of emerging IoT interfaces

02

Robustness to the interference of VM identity

03

In-depth analysis on advanced attacks

01

Build and deploy the HoneyCloud system

02

First taxonomy for fileless IoT attacks