io iot t security
play

Io IoT T Security In Informatio ion sec securit ity - PDF document

Mar 19, 2024 •334 likes •558 views

Security & Knowledge Management a.a. 2019/20 Io IoT T Security In Informatio ion sec securit ity Confidentiality Data accessed just by permitted users Integrity Not tampered by not permitted users Availability

  1. Security & Knowledge Management – a.a. 2019/20 Io IoT T Security In Informatio ion sec securit ity • Confidentiality • Data accessed just by permitted users • Integrity • Not tampered by not permitted users • Availability • System to access data, from authorized user • Overflow (flooding), Spoofing (impersonate), man-in-the-middle (listen), malware (intrusion) 1

  2. Security & Knowledge Management – a.a. 2019/20 Web eb App pplic icatio ion sec security ty • Application and service exposed to user via HTTP(!!!)/HTTPS • Communication security • Security issues: • DDOS, BotNet, Post DoS (flooding) • SQL injection • Web Application Session hijack • Html & Js injection • Mobile App Targets: • Data • Identity • Availability • Attack based on SMS and MMS • + Jailbreaking Too ools ls for or a a sec security ty app approach (1) (1) • Encryption (symmetric + asymmetric keys) • Digital Signature • Digital Certificate • HTTPS (SSL/TLS) • Authentication protocols (basic, oauth2, openIdconnect) • JWT token, SAML, LDAP, Identity Providers (Keycloak) 2

  3. Security & Knowledge Management – a.a. 2019/20 Too ools ls for or a a sec security ty app approach (2) (2) • Symmetric cipher (use same unique key), fast • AES 128, AES 192, AES 256 • RC4, RC5, RC6 • DES • Asymmetric cipher (two related keys), slow • RSA • DSA, Elliptic CURVE • PKCS Too ools ls for or a a sec security ty app approach (3) (3) • Protection of a message • PubKey to encrypt a MSG that just the target can understand via PrivKey • Authentication, Non repudiation, integrity • PrivKey to digital sign a message that everybody can verify via PubKey • Digital Certificate (identify the client and the server) • OU Name + Email • Who issued the certificate (it’s signed!) • PubKey  (i.e. to retrieve the «official» PubKey of Webserver) • X.509 format based on ASN.1 (PEM+DER) 3

  4. Security & Knowledge Management – a.a. 2019/20 Too ools ls for or a a sec security ty app approach (4) (4) • Certification Authority (organization that issue certificate) • Self signed • Root-of-trust  Who issue digital certificate • To enforce check, i.e. Web Browser have a complete of official CA list to validate Web Server PubKeys «for domain name» • To create Client Certificate • Certificate Signing request CSR with • Signed with PrivKey of Client (to enforce Identify) • CA return a certificate with PubKey of Client (To enforce Identity) • + Sign with PrivKey della CA (to enforce Root-of-trust) Too ools ls for or a a sec security ty app approach (5) (5) • HTTPS on top of HTTP (always!!!) • Protect (almost) everything (except IP, Port, length of data) via SSL/TLS • Long term PrivKey/PubKey  cert X.509 server+client + CA • Short term SESSION-ID  symmetric for any connection 4

  5. Security & Knowledge Management – a.a. 2019/20 OAut uth2 (Aut uthorizatio ion) • Protocol allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf Ope penID Con onnect t (A (Aut uthentic icatio ion) • Identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end- user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end- user in an interoperable and REST-like manner 5

  6. Security & Knowledge Management – a.a. 2019/20 JW JWT T TOKEN IoT IoT ec ecos osystem • “a dynamic global network infrastructure with self-configuring capabilities based on standard and interoperable communication protocols where physical and virtual ‘Things’ have identities, physical attributes, and virtual personalities and use intelligent interfaces, and are seamlessly integrated into the information network” Institute of Network Cultures • “a global infrastructure for the information society enabling advanced services by interconnecting (physical and virtual) things based on, existing and evolving, interoperable information and communication technology” ITU-T (2012) Next Generation Networks 6

  7. Security & Knowledge Management – a.a. 2019/20 IoT IoT ar archit itecture • Independent IoT ecosystems that can be • physical • virtual • hybrid mix of the two • consist of a list of active physical devices, sensors, actuators, services, communication protocols and layers, final users, developers and interface layers. IoT ar IoT archit itecture • Several functional blocks are defined in an IoT system, even if a common conceptualization is not found , but several different approaches are usual considered: 3-layer, 5-layer, cloud and fog systems, social IoT paradigms. Business Layer Application Layer Application Layer Network Layer Processing Layer Perception Layer Network Layer Perception Layer 7

  8. Security & Knowledge Management – a.a. 2019/20 IoT IoT Sen entie ient t sol solutio ions IoT and City data World IoT Applications Dashboards and Apps My IoT Devices Big Data Analytics, Artificial Intelligence 15 State-of of-the-art t IoT IoT ar archit itecture 8

  9. Security & Knowledge Management – a.a. 2019/20 Azur ure Microsoft t IoT IoT (1) (1) Azur ure Microsoft t IoT IoT (2) (2) • Hub that communicate with the internal ecosystem • .NET, Java,Node.js, C, Python • MQTT, AMQP, MQTT on WebSocket, HTTPS, AMQP on WebSocket • TLS, SAS Token, IAM, x.509 9

  10. Security & Knowledge Management – a.a. 2019/20 AWS – Amaz azon IoT IoT (1) (1) AWS – Amaz azon IoT IoT (1) (1) • Data collected by Rules Engine and from the Device Shadows. • C, Javascript, Java, Python, IOS, Android, Arduino Yun • MQTT, MQTT on WebSocket, HTTPS • TLS, x.509, IAM, Amazon Cognito, Federated Identities 10

  11. Security & Knowledge Management – a.a. 2019/20 Goo oogle e IoT IoT Goo oogle e IoT IoT • Core that communicate with internal functionalities, in a Pub/Sub and Dataflow manner • Go, Java, .NET, Javascript, IOS, Android, PHP, Ruby, Python • MQTT, HTTP • JSON Token, IAM, x.509 11

  12. Security & Knowledge Management – a.a. 2019/20 Blockchain sol solutio ion (1) (1) • One node validates the block (called mining in bitcoin) and broadcasts it back to the network. • The nodes add the block to their chain of blocks if the blocks is verified and the block correctly references the previous block Blockchain sol solutio ion (2) (2) • Central hub that maintains references of member repository where the datasets are actually stored and distributed • Delete from Block chain? • Rule enforcement (everything distributed)? 12

  13. Security & Knowledge Management – a.a. 2019/20 IO IOT involved en enti titie ies Data Edge Data Cloud Data Sources Processor Injection Processor Visualization IoT Context IoT Context IoT App IoT App IoT Context IoT Devices Dashboards Brokers Brokers Brokers (sensors, actuators) IoT Registries IoT Edge Directory and storage Security and Privacy Management (GDPR compliance) 25 IoT IoT mai ain com omponents • IoT Device • IoT Router (with/without computation capabilities) • IoT Broker (+ Shadowing) • IoT Device Directory • IoT User Management • IoT Service Bus (Pub/Sub, Rule-engine, Data-driven) • IoT Analytics • IoT Data repository • IoT Applications (off-grid/on-cloud) • IoT Dashboards 13

  14. Security & Knowledge Management – a.a. 2019/20 SNAP4CITY pla platform IoT IoT/IoE on on the the fi field lds On Cloud IoT Directory (1) Registration IoT Devices Raspberry PI (2) Discovery IoT Devices Internet IoT Devices IOT Edge With IOT App distributed IoT Context IoT Context IoT Context Brokers IoT Devices Brokers Brokers IOT Button On Premise 28 14

  15. Security & Knowledge Management – a.a. 2019/20 Gen eneric ic IoT IoT ar archit itecture IoT cl cloud inf nfrastruct cture Securit urity and Privacy Ma Management User re Us registry try My Pers My rsona nal Ow Ownership hip & D & Delegati tion Devices’ Devices’ Data ta Real al Wor orld Data ta Data ta IoT T Users’ Cont ntext IoT T Cont ntext IoT T Cont ntext Directory ry Data ta Bro rokers Bro roker Bro roker IoT T Dashb hboard d IoT T IoT IoT App IoT IoT Builde der App Fire rewall Fire rewall IoT T Devices Mi MicroServ rvices (sens nsors, actua uators) Sma martCi rtCity ty API IoT T local al solution on IoT T Edge Analyti tics Know owle ledge base (on pr prem emise se) (aggregators, S Dashb hboards ds fro rom cloud ud Data ta Shado dow Schedu duling distr tribu butors) IoT T Any ny othe her r sta tatic tic and d re real-tim time data ta App Dashbo hboar ards ds (loc ocal al) sources 29 IO IOT on on pr prem emis ise e vs s on on cl cloud Dash shboa oards On n the Fie ield ld IoT oT loc ocal al IoT oT clou loud solu so lutio ion infr nfrastructure (on on pr premis ise) es IoT Devi evices es ervices (sen enso sors, s, act ctuator ors) s) All the he other er oServ IoT Edg dge cl cloud ser ervices es IoT App pp MicroS IoT Firewall (IoT oT Brok oker) r) IOT On Premise 30 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Mutual Authentication and Authorization for Interconnecting Home Automation Systems Master Thesis

Mutual Authentication and Authorization for Interconnecting Home Automation Systems Master Thesis

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Mutual Authentication and Authorization for Interconnecting Home Automation Systems Master Thesis Final talk Karthik Mathiazhagan

735 views • 18 slides
What it means for LIRs Alain P. AI NA Special Project M anager What is Resource Certification ?

What it means for LIRs Alain P. AI NA Special Project M anager What is Resource Certification ?

Resource Certification What it means for LIRs Alain P. AI NA Special Project M anager What is Resource Certification ? Resource Certification is is a security framework for verifying the association between resource holders and their

569 views • 20 slides
Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018

Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018 Applied Networking Research Workshop (ANRW)

303 views • 11 slides
Overview of IEEE 802.16 Security David Johnston & Jesse Walker Presented By: Anil Bazaz

Overview of IEEE 802.16 Security David Johnston & Jesse Walker Presented By: Anil Bazaz

Overview of IEEE 802.16 Security David Johnston & Jesse Walker Presented By: Anil Bazaz CS6204, Spring 2005 Intro to IEEE 802.16 Standard for Wireless Metropolitan Area Networks (WMANs) Flavors: IEEE 802.16-2001, 802.16a, 802.16c,

844 views • 14 slides
Benedikt Brecht, CAMP Principal Investigator, VWGoA October 2015 1 CAMP Partners Project funded

Benedikt Brecht, CAMP Principal Investigator, VWGoA October 2015 1 CAMP Partners Project funded

V2X Security Credential Management System (SCMS) Proof-of-Concept Implementation funded by US DOT/NHTSA Benedikt Brecht, CAMP Principal Investigator, VWGoA October 2015 1 CAMP Partners Project funded by Supported by October 2015 2 What is

562 views • 29 slides
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of

Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of

Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy Process (SDL) Deployment and

382 views • 26 slides
Documentation Title II, Part A Needs Assessment and Planning Title II, Part A Needs

Documentation Title II, Part A Needs Assessment and Planning Title II, Part A Needs

Documentation Title II, Part A Needs Assessment and Planning Title II, Part A Needs Assessment Worksheet and/or documentation to support the data analysis provided in Section II of the LEA Equity Plan Meeting agendas and/or minutes,

460 views • 18 slides
Community Health Worker (CHW) Certification Application for Experienced CHWs Office of Population

Community Health Worker (CHW) Certification Application for Experienced CHWs Office of Population

Community Health Worker (CHW) Certification Application for Experienced CHWs Office of Population Health Improvement, CHW Certification Program Team Kimberly Hiner and Tina Backe November 2019 Certification Application for Experienced CHWs

914 views • 37 slides

More recommend