CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES - - PowerPoint PPT Presentation

concerns solution danny de cock
SMART_READER_LITE
LIVE PREVIEW

CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES - - PowerPoint PPT Presentation

Apr 15, 2023 279 likes •378 views

Simply Smart Workshop IOT SECURITY AND PRIVACY CONCERNS & SOLUTION DANNY DE COCK HTTPS://WWW.GODOT.BE/SLIDES Feb 2018 IOT SCOPE Credits: Chragokyberneticks Credits: http://www.greenpeak.com Blue: Networked devices Green: Energy

slide-1
SLIDE 1

Simply Smart Workshop Feb 2018

IOT SECURITY AND PRIVACY CONCERNS & SOLUTION DANNY DE COCK

HTTPS://WWW.GODOT.BE/SLIDES

slide-2
SLIDE 2

2

IOT SCOPE

Credits: Chragokyberneticks Credits: http://www.greenpeak.com

  • Blue: Networked devices
  • Green: Energy Management
  • Red: IoT
slide-3
SLIDE 3

 IoT focuses on functionality, NOT security

  • Security is afterthought, secure client first!
  • Cumbersome over-the-air update mechanisms

 Each family of devices in their own silo

  • Amalgam of isolated component groups rather than integration
  • Impossible to apply sound security policies

 User data, preferences & behavior immediately pushed to cloud services

  • Who manages the cloud, who is it and where can you find them?
  • User awareness & ignorance: what happens to this data?

 Authentication, confidentiality and authorization problems

  • Silo-based management of keys, preferences, access control settings…
  • No real key management for individual instantiations
  • Low power = lightweight communications and security protocols

CORE SECURITY AND PRIVACY PROBLEMS

21/02/2018 3

slide-4
SLIDE 4

4

GLOBAL SYSTEM OVERVIEW

Remote User

Insecure Integrity-protected Confidential Secure Strong authentication Weak authentication

Locally operated Remotely accessible

Internet

Local Users Home

slide-5
SLIDE 5

 Impossible to change, configure and test individual IOT device families

  • New software versions and devices and features pop up continuously

 Two-fold solution:

  • Good old DMZ technology plus

Intelligent Internet Gateway (IIG)

  • Each IOT device type in its own zone
  • IIG manages connections:
  • Device-Device inside and across zones
  • Device-Internet and Internet-Device
  • Dedicated configuration manager
  • Configuration of IIG
  • Configuration of DMZ-zones

GENERIC & SIMPLE SOLUTION

Images: Tango! Desktop Project, benext.eu & Michael Mimoso, threatpost.com

21/02/2018 5

slide-6
SLIDE 6

 Contact details:

  • Email: Danny.DeCock@esat.kuleuven.be
  • Slides: https://www.godot.be/slides

QUESTIONS?

21/02/2018 6

slide-7
SLIDE 7

7

SECURITY VIEW

Multimedia Cluster

Service Providers & Applications Devices

Appliance Cluster Safety Cluster

Users

End-to-End Security Point-to-Point Security

21/02/2018

slide-8
SLIDE 8

8

PROTOCOL STACKS VIEW

User/Business Layer Uses devices & services Application Layer (OSI Layer 7) Offers Services to Users, Services and Devices Security Layer (OSI Layer 5 – Session) Protects Against Remote Evil Services and Devices Transport Layer (OSI Layer 4) Provides Reliable Communications Network Layer (OSI Layer 3) Provides Network Access Data Link Layer (OSI Layer 2) Communication Technologies, e.g., RF, WiFi, IR,…

Service Data Service Data Application processing Data Application processing Data Device-Device Security Device-Device Security Reliable Device-Device Communication Reliable Device-Device Communication Device-Device Data Transmission Device-Device Data Transmission Data Transmission over Physical Network Data Transmitted over Physical Network

21/02/2018