iot security framework
play

IOT SECURITY FRAMEWORK TechDay ICANN 61 Jacques Latour, CTO - PowerPoint PPT Presentation

Jun 20, 2023 •285 likes •537 views

DRAFT IOT SECURITY FRAMEWORK TechDay ICANN 61 Jacques Latour, CTO Canadian Internet Registration Authority March 12, 2018 DRAFT IoT THREAT LANDSCAPE SPECIFIC TO THE INTERNET - SCALE IoT device compromises: Used in internet attacks

  1. DRAFT IOT SECURITY FRAMEWORK TechDay ICANN 61 Jacques Latour, CTO Canadian Internet Registration Authority March 12, 2018

  2. DRAFT IoT THREAT LANDSCAPE SPECIFIC TO THE INTERNET - SCALE IoT device compromises: • – Used in internet attacks i.e. MEMCACHED, MIRAI Attack (DDoS) targeting DNS servers (+1 Tbs) IoT traffic reflection and amplification • – IoT device used to amplification traffic attack (DDoS) NTP, DNS, SNMP, (flavor of the day) The scale of IoT threat landscape and the breath of • exploits is what need to mitigated – IoT devices must not have wide open internet access (protected by firewall) – Inbound and outbound internet access must be controlled 2 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  3. DRAFT THE NEED FOR AN IoT SECURITY FRAMEWORK For many internet organizations, the #1 risk on their • risk register is a large scale DDoS attack. One of the mitigation mechanisms for this risk is to prevent weaponization of IoT devices Protecting IoT devices at the edge is another layer of • security that should be further developed The security controls would be aimed at protecting • the IoT devices from the internet, and to protect the internet from IoT devices. The threat that IoT devices bring is scale . The • scale of million and billions of IoT device is the threat we need to mitigate. 3 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  4. DRAFT 2 DISTINCT IDEAS INTO ONE SOLUTION IDEA #1 – ccTLD Home Registry .CA Home Registry Value Proposition: • For ccTLD, to have a domain per household • Leverage the DNSSEC chain of trust by having a registered domain for home use IDEA #2 – Secure Gateway IoT Secure Home Gateway Value Proposition: • To create a security framework to protect the Internet from IoT device attacks • To enhance the home network privacy & security with network access controls 4 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  5. DRAFT HOW CAN WE PROTECT IoT DEVICES? Control inbound and outbound network access Rule 1: Always place IoT behind firewall • Rule 2: Segment network by IoT type • Rule 3: Control access to and from the IoT device • Home Security Multimedia Services x Appliance IoT Cloud Sensors Management 5 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  6. DRAFT HOW CAN WE PROTECT IoT DEVICES? Control inbound and outbound network access Rule 1: Always place IoT behind firewall • Rule 2: Segment network by IoT type • Rule 3: Control access to and from the IoT device • Home Security Multimedia Appliance IoT Cloud Services Sensors Management 6 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  7. DRAFT HOW CAN WE PROTECT IoT DEVICES? Control inbound and outbound network access Rule 1: Always place IoT behind firewall • Rule 2: Segment network by IoT type • Rule 3: Control access to and from the IoT device • Home Security x Multimedia x Appliance IoT Cloud Services x Sensors Management 7 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  8. DRAFT ccTLD HOME REGISTRY IDEA Internet Home Network Trust OpenWrt Internal DNS/DNSSEC External IPSEC Home Gateway D-Zone firewall Wifi MiFi Zigbee myhome.ca NFC RFID IoT Cloud Remote Home Services Primary DNS Network .CA home Home Gateway .CA home Access (D-Zone Firewall) domain Provisioning domain (VPN IPSec) IPv6 ONLY  Home Network Registry 15 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  9. DRAFT LEVERAGING THE CHAIN OF TRUST IN DNSSEC AND SOME INNOVATION TO CREATE A SECURE HOME NETWORK PLATFORM 16 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  10. DRAFT Your local ccTLD will provision your DNSSEC signed domain internally on your gateway and externally on the Internet, and establish a secure chain of trust to your home gateway, magically solving all your worries and keeping your family safe  17 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  11. DRAFT WHAT DOES THIS BRING TO THE ccTLD DOMAIN INDUSTRY? myhome.ca IoT Cloud services A domain name per household!!! 18 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  12. DRAFT THE FOCUS IS ON AUTOMATION Registry Home Network Automation Automation + Innovation 19 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  13. DRAFT STEP 1 When you buy a home gateway, it comes bundled • with a .CA ‘home network’ domain name + A 2 nd or 3 rd level domain i.e. myhome.net.ca i.e. myhome.ca RFID card (Code to activate provisioning and domain) 21 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  14. DRAFT STEP 2 Then you follow the provisioning instructions • – Install & open the CIRA Home Gateway app – Turn on the Home Gateway – “TAP” your mobile to discover the home gateway – Pick a domain name, 2 nd or 3 rd level domain name – Enter the secret code (“TAP” RFID card) – Home Gateway ready for configuration + myhome.ca code 22 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  15. DRAFT STEP 3 Automated Backend Provisioning @ CIRA • – CIRA creates the .CA domain name in the registry – CIRA signs the .CA domain with DNSSEC – CIRA is primary for the external DNS view of the .CA domain – CIRA provides secondary DNS to the .CA domain + + DNSSEC .CA EXTERNAL (Keys) Registry (Internet) 23 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  16. DRAFT STEP 4 Automated Home Gateway provisioning • – Establish secure connection to Home Gateway – Securely send private DNSSEC key to Home Gateway, setup internal DNS and DNSSEC – Configure Home Gateway for DNS integration with registry (à la dynamic DNS) for external services + +   DNSSEC INTERNAL EXTERNAL (Keys) (Home Network) (Internet) Dynamic DNS 24 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  17. DRAFT STEP 5 Setup secure home network infrastructure • – Using your trusted mobile & the app, “TAP” the Home Gateway to: • Learn the WIFI password • Get the IPSec password, SSO tokens and keys to VPN in your home network – Use your mobile and “TAP” all your IoT devices to add on your home WIFI network, easy peasy  25 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  18. DRAFT AT THIS POINT WE HAVE A home gateway fully provisioned with a .CA domain • name, with both internal and external domain name resolution, signed with DNSSEC. – WIFI and other networks securely provisioned and setup Now we’re ready to provision the IoT devices • Internal domain fully operational fridge.myhouse.ca Internal IP printer.myhouse.ca Internal IP Secured internally by DNSSEC External domain to allow exposing internal services and make them vpn.myhouse.ca External IP available externally 26 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  19. DRAFT NOW, LET’S SEE HOW WE PROVISION IoT DEVICES IN HOME NETWORK Once the IoT device has network access TAP to discover • IoT device exposes via RFID (or similar) the services available • Pick relevant IoT services category fro provisioning • Expose Services JSON blob / RFID 27 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  20. DRAFT ADDING REMOTE VPN ACCESS TO TRUSTED MOBILE Mobile (2) Grant permission and credentials to mobile for remote home access (1) Tap the mobile Discover services 28 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  21. DRAFT ADDING YOUR CAR TO REMOTE ACCESS YOUR HOME NETWORK (2) Assign roles Car Control car feature View car alerts (1) Tap the car View car status/location Discover services Grant permission and credentials to car mobile for remote home access 29 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  22. DRAFT WHAT DO YOU THINK? Want to help? 34 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  23. DRAFT GOING FORWARD, IT’S A JOURNEY! ccTLD VALUE PROPOSITION Motivation • – Ensure long term ccTLD relevance in the future of IoT – To create a secure <internet home> IoT environment Proposing ccTLD to develop a solution • – To keep the home network safe and secure – To leverage DNSSEC as an innovation platform to create a hub for “home trust” – That leverages the ccTLD registry expertise – To enhance OpenWRT with this functionality 35 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  24. DRAFT NEXT STEPS – BUILD A PROTOTYPE Develop a Proof of Concept and prototype • – Using .CZ Omnia Home Gateway (openWRT) – Home Gateway App (Android/iPhone) – Develop some IoT discoverable devices (RFID) Use public GitHub to document the functional • specification and repo for prototype software – Functional specification – Software repository 36 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

  25. DRAFT Questions? https://github.com/CIRALabs/Secure-IoT- Home-Gateway 38 CIRA - ICANN61 - IoT Security Framework - 2018-03-12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the

Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the

Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the Security of International Spent Nuclear Fuel Transportation Adam D. Williams Global Security Research &amp; Analysis Sandia National Laboratories

505 views • 13 slides
Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS

Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS

Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS Forum December 2016 C ommissioner for P rivacy and D ata P rotection Introductions Pr Presenter esenter Commissioner Privacy and Data Protection

363 views • 23 slides
Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum

Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum

Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum December 2016 C ommissioner for P rivacy and D ata P rotection Introductions Pr Presenter esenter Commissioner Privacy and Data Protection David

415 views • 20 slides
EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.4/D4.4

EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.4/D4.4

EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.4/D4.4 EU-SEC D4.4 Fabasoft &amp; PwC Pilot on Framework Verification 1 Assumptions &amp; Approach I. Assumption: Fabasoft ha a Star attestation and

226 views • 5 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware &amp; a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware &amp; a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware &amp; a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware &amp; SoDware pentester -

803 views • 40 slides
Degrees of Risk Defining a Risk Management Framework for Climate Security Nick Mabey, E3G

Degrees of Risk Defining a Risk Management Framework for Climate Security Nick Mabey, E3G

Degrees of Risk Defining a Risk Management Framework for Climate Security Nick Mabey, E3G February 2011 Background to the Report Builds on E3Gs climate security work since 2005 Seminars with climate and security experts in 2009-10

811 views • 51 slides
CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable

CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable

CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable security Consumer NoBce California Online Privacy ProtecBon Act 1 Civil Code 1798.81.5 A business that owns, licenses, or maintains

545 views • 16 slides
Security and the .NET Framework Code Access Security Enforces security policy on code

Security and the .NET Framework Code Access Security Enforces security policy on code

Security and the .NET Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other code can be more, less, or

695 views • 21 slides
Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum

Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum

Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum MELBOURNE MARCH 2017 C ommissioner for P rivacy and D ata P rotection Introductions Data Pr Data Protect otection Branch ion Branch

443 views • 21 slides
Enabling Practical SDN Security Applications with OFX (The O pen F low e X tension Framework)

Enabling Practical SDN Security Applications with OFX (The O pen F low e X tension Framework)

Enabling Practical SDN Security Applications with OFX (The O pen F low e X tension Framework) John Sonchack, Adam J. Aviv, Eric Keller, and Jonathan M. Smith Outline Introduction Overview of OFX Using OFX Benchmarks 2 Basic Networking:

604 views • 35 slides
Framework for Application Security Testing September 11th, 2018 Create thousands of security

Framework for Application Security Testing September 11th, 2018 Create thousands of security

Framework for Application Security Testing September 11th, 2018 Create thousands of security tests from existing functional tests automatically Wallarm FAST enables secure CI / CD Wallarm FAST has many cool features to help

476 views • 14 slides
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions The

472 views • 33 slides
National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education &amp; Awareness Branch (CE&amp;A) T HE CYBER THREAT

315 views • 13 slides
with the Metasploit Framework defcon 17 Who Are We? Chris Gates &lt;cg [@]

with the Metasploit Framework defcon 17 Who Are We? Chris Gates &lt;cg [@]

Attacking Oracle with the Metasploit Framework defcon 17 Who Are We? Chris Gates &lt;cg [@] metasploit.com&gt; What pays the bills Pentester for Security Blogger http:/ / carnal0wnage.attackresearch.com Security Twit

868 views • 54 slides
EMERGING ENERGY SECURITY RISKS AND RISK MITIGATION: THE ROLE OF INTERNATIONAL LEGAL FRAMEWORK

EMERGING ENERGY SECURITY RISKS AND RISK MITIGATION: THE ROLE OF INTERNATIONAL LEGAL FRAMEWORK

EMERGING ENERGY SECURITY RISKS AND RISK MITIGATION: THE ROLE OF INTERNATIONAL LEGAL FRAMEWORK Dr. Andrei Konoplyanik Deputy Secretary General Energy Charter Secretariat Panel Session on Energy Security: Emerging Energy Security Risks and

180 views • 16 slides
Implementation and Simulation of LVS in ns-2 Presented by Yuzhuang Hu yhu1@sfu.ca Roadmap

Implementation and Simulation of LVS in ns-2 Presented by Yuzhuang Hu yhu1@sfu.ca Roadmap

Implementation and Simulation of LVS in ns-2 Presented by Yuzhuang Hu yhu1@sfu.ca Roadmap Project introduction and motivation Related work Implementation issues of lvs in ns Simulation scenarios Future work Project Goal and

454 views • 17 slides
An Architecture for Tracing Incidents across the Internet Glenn Mansfield Keeni Cyber Solutions

An Architecture for Tracing Incidents across the Internet Glenn Mansfield Keeni Cyber Solutions

An Architecture for Tracing Incidents across the Internet Glenn Mansfield Keeni Cyber Solutions Inc. Inch-wg, IETF-61 November, 2004 The two-tier Architecture Query Intra-domain Incident Intra-domain Response Tracer Tracer Tracer Query

255 views • 8 slides
Market Reform and Policy Issues for Implementation of Health Reform in North Carolina In-Person

Market Reform and Policy Issues for Implementation of Health Reform in North Carolina In-Person

Market Reform and Policy Issues for Implementation of Health Reform in North Carolina In-Person TAG Meeting #8 August 30, 2012 Agenda 9:30 9:35 Welcome and Introductions 9:35 9:40 Project Timeline, Goals/Objectives of Todays

837 views • 54 slides
political law 2016 FARA Registration Requirements AUTHORS: T he Foreign Agents Registration Act

political law 2016 FARA Registration Requirements AUTHORS: T he Foreign Agents Registration Act

political law 2016 FARA Registration Requirements AUTHORS: T he Foreign Agents Registration Act (FARA, 22 U.S.C. 611 et seq .) requires persons and entities Ronald M. Jacobs to register with the Department of Justice, FARA Registration

279 views • 4 slides
Smart Connected Services Investor Presentation I n f o r m a t i o n a s o f J a n u a r y 2

Smart Connected Services Investor Presentation I n f o r m a t i o n a s o f J a n u a r y 2

Smart Connected Services Investor Presentation I n f o r m a t i o n a s o f J a n u a r y 2 0 1 9 Safe Harbor Statement This presentation contains forward-looking statements. In particular, statements regarding future economic performance,

510 views • 33 slides
Smart Connected Services Investor Presentation I n f o r m a t i o n a s o f A u g u s t 2 7

Smart Connected Services Investor Presentation I n f o r m a t i o n a s o f A u g u s t 2 7

Smart Connected Services Investor Presentation I n f o r m a t i o n a s o f A u g u s t 2 7 , 2 0 1 9 Proprietary and confidential. August 27, 2019 Safe Harbor Statement This presentation contains forward-looking statements. In

470 views • 33 slides
Alpha Presentation Connected Appliances Analytics Dashboard The Capstone Experience Team

Alpha Presentation Connected Appliances Analytics Dashboard The Capstone Experience Team

Alpha Presentation Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool Derrick Neier Jim Solce Zack Taylor Joe Tuohey Department of Computer Science and Engineering Michigan State University Fall 2012 From

222 views • 7 slides
Consumer IoT security What is consumer IoT? We have defined consumer IoT as products that are

Consumer IoT security What is consumer IoT? We have defined consumer IoT as products that are

DCMS Consultation: Regulatory proposals for Consumer IoT security What is consumer IoT? We have defined consumer IoT as products that are connected to the internet and/or home network. A non-exhaustive list of examples includes: Connected

437 views • 30 slides

More recommend