T ow owar ards s Trust stwor worthy thy In Intern ernet et of Th Things ings for or Miss ssion ion-Cri Critic tical al Appl pplications ications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Internet of Things is a game changer
Organizations are benefiting from IoT today Lido Stone Works
However, IoT projects can be complex Long Hard to Difficult to timelines scale customize
IoT Challenges Scale # devices >> # humans, and growing fast Volume of data generated (and network traffic) Pace Innovation pressure: analysis, command and control Skill pressure: data science, other (niche) specialties Environment Extreme heterogeneity IT/OT collaboration Internet security and privacy Emerging standards & regulations New competitors
Connect millions of devices and integrate your business systems with new insights to transform your business. Get started quickly with preconfigured solutions for common Azure IoT Suite IoT scenarios. azure.microsoft.com/solutions/iot-suite/ Leverage a worldwide ecosystem of experienced IoT partners to tailor IoT solutions to your needs.
Connect and scale Analyze and act Integrate and transform with efficiency on new data business processes Analytics Dynamics SAP SalseForce Device Registry Oracle DB2 WebSphere Rules and Actions Real-time And operating Twitter Dashboards & Visualization Informix Office 365 more systems
Accelerate time to value with preconfigured solutions Get started in minutes Fine-tuned to specific assets and processes Modify existing rules and alerts Highly visual for your real-time operational data Add your devices and begin tailor to your needs Integrate with back-end systems
Azure IoT Suite architecture Azure IoT Suite Remote Monitoring Web/Mobile App Power BI Devices DocumentDB Back end Storage blobs systems and C# simulator processes Logic Apps Web Jobs Stream Analytics Event Hub IoT Hub Azure Active Directory
Security from the ground up Microsoft Cloud Largest online services in the world Centers of excellence Operational Security Assurance (OSA) process Security Development Lifecycle (SDL) azure.microsoft.com/documentation/articles/securing-iot-ground-up/
Defense in depth Securely connect Over a secure internet To Microsoft Azure – built with millions of devices . . . connection . . . security from the ground up Device Security Connection Security Cloud Security
THE EVOLUTION OF ATTACKS 2003-2004 Volume and Impact Script Kiddies BLASTER, SLAMMER Motive: Mischief
THE EVOLUTION OF ATTACKS 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, 2003-2004 IDENTITY THEFT Motive: Profit Script Kiddies BLASTER, SLAMMER Motive: Mischief
THE EVOLUTION OF ATTACKS 2012 - Beyond 2005-PRESENT Organized Crime RANSOMWARE, Nation States, CLICK-FRAUD, Activists, 2003-2004 IDENTITY THEFT Terror Groups BRAZEN, Motive: Profit COMPLEX, PERSISTENT Script Kiddies Motives: BLASTER, SLAMMER IP Theft, Damage, Motive: Mischief Disruption
Insecure design Unauthorized control of Jeep Unauthorized control of Nissan Leaf www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ www.bbc.com/news/technology-35642749
North Carolina Highway Signs Compromised Penetration of a Water Treatment By a Foreign Hacker* Facility by a Foreign Hacker* *NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/
State sponsored attacks IR-40 facility in Arak, Iran https://en.wikipedia.org/wiki/Nuclear_program_of_Iran
Why is IoT vulnerable?
In Information Technology (IT (IT) - th the ap appli lication of of computers an and tele lecommunications equip ipment to o store, retrieve, tr transmit an and man anipulate data* Mission of IT How? • Secure Development Lifecycle Design and maintain • Secure Network Technologies software, hardware and • Threat & Vulnerability Mitigation network resources which • Monitoring and Alerting run securely and privately • Software/Firmware Auto-Updates • Privacy Models *en.wikipedia.org/wiki/Information_technology
Operations Technology (O (OT) - collects information and causes changes in the physical world through the direct monitoring and control of physical devices in industrial contexts How? Ho Mission of OT • Robust machines, with built-in safety Design and maintain machines features • which run reliably, and safely Automated monitoring and control • (do not cause injury or harm to Isolate and control – cut off all other machines, humans, and interaction with the world • the environment) Design to protect against natural and man-made disasters
System of Systems Information Operational T echnology T echnology Specialists Specialists
Integration of IT and OT Complex merger of Compromise of safety because of lack of security security aspects Machine‘s control sequece modified without access control (lack of between IT and OT information integrity) Compromise of reliablity because of lack of security Modified operation controls can cause machines to become less reliable (malicious outsider or insider threat) Leakage of business process secrets Realtime business process details stolen (confidentiality of information)
Environment Threats Privacy Security Trustworthy IoT Reliability Safety System faults Human Errors
The STRIDE model Spoofing Identity: T ampering with Data: Repudiation: Information Disclosure: Denial of Service: Elevation of Privilege: aka.ms/iotarch
Component Threat Mitigation Risk Implementation Device S Assigning identity to Replacing device or part Authenticating the device, using the device and of the device with some Transport Layer Security (TLS) or IPSec. authenticating the other device. How do we Infrastructure should support using device know we are talking to the pre-shared key (PSK) on those devices right device? that cannot handle full asymmetric cryptography. Field Gateway S Authenticating the If someone can spoof TLS RSA/PSK, IPSe, RFC 4279. All the Field gateway to Cloud Field Gateway, then it can same key storage and attestation Gateway present itself as any concerns of devices in general device Device TID TLS (PSK/RSA) to Reading data in transit Security on the protocol level encrypt the traffic. between devices. (HTTP(S)/AMQP/MQTT/CoAP . Tampering with the data. Overloading the device with new connections
• Protecting physical devices
IoT hardware manufacturer and integrator IoT solution developer IoT solution deployer IoT solution operator
Telemetry based IoT security • Near real-time monitoring for on-device security properties, such as state of OS, malware, IP attack surface. Upload data to Azure Security Security state Center • Analysis in the cloud with global intelligence for attacks monitoring • Present security status to device owner in a user friendly and usable fashion. Suggest mitigations • Train ML models for normal behavior based on telemetry data (more Anomaly detection accurate with more data) • Detect anomalous behavior based on known physical and security based on telemetry attack vectors, e.g. tampering, moving device from one location to another, insider attack to take physical control of device data • Examples scenarios: Device tampering, sleep, context based anomalies
Challenges of telemetry-based IoT security monitoring • Constantly adapt telemetry models Technical • Generalize telemetry models • Mapping between real-world and cyber context • Business model Implementation • Sharing of threat information – ISAC (DHS) and Infoguard (FBI) • Standards for sharing vulnerabilities • IoT Device Security Certification – is it even possible
In closing Internet of Things is the next big thing For IoT hacks it is not about if , but when and how Security in IoT is an ecosystem play There is promise in data science based security anomaly detection How do you sell security investments?
Thank you
Recommend
More recommend
