securing the web of things
play

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of - PowerPoint PPT Presentation

Nov 27, 2023 •116 likes •273 views

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of Things Internet of Things (IoT) Incompatible standards, platforms, technologies World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and

  1. Securing the Web of Things Andrei Sabelfeld @asabelfeld

  2. Web of Things Internet of Things (IoT) • Incompatible standards, platforms, technologies “World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and platform-independent standards needed to overcome the fragmentation of the IoT” -W3C CEO Dr. Jeff Jaffe, 2017 Security implications?

  3. Software as enabling technology • Software at the heart • Third-party code everywhere • Libraries, gadgets, ads, analytics, tracking, fingerprinting,.. • Malicious/buggy code • Ex-filtrating private information • Malwartising • Defacing web sites • Phishing attacks • Cryptojacking Securing software is a must for IoT

  4. IoT apps “Connecting otherwise unconnected services”

  5. IoT apps • “Managing users’ digital lives” • Smart homes, smartphones, cars, fitness armbands • Online services (Google, Dropbox,…) • Social networks (Facebook, Twitter,…) • End-user programming • Anyone can create and publish apps • Most apps by third parties • Web interface + smartphone clients

  6. IFTTT “If This Then That” • Trigger-action programming • Largest IoT app platform • Over 500 integrated services • Millions of users and billions of running apps

  7. IFTTT app If this then that Action Trigger What can go wrong? J

  8. Demo

  9. Attack by malicious app maker then If

  10. IFTTT app If this then that Action Trigger What can go wrong? J

  11. Attack by malicious app maker then If

  12. In-car infotainment apps • Stores for 3 rd -party in-car apps • GM: JavaScript/HTML5 • Volvo Cars, Renault, Nissan, and Mitsubishi: Android Automotive • Sensitive sources • Location, odometer, current speed, backup camera, microphone ⇒ location tracking, audio spying • Sensitive destinations • seat settings, climate control, stereo volume ⇒ “soundblast”, driver disruption

  13. Countermeasures • Application-level security then • Secure code in control of IoT! If • API control • Location API JSFlow • Voice command API • Information flow control • Track the flow of information through JavaScript code • Block flow from sensitive sources to attacker

  14. Securing IoT apps • Securing IoT a presssing challenge • Incompatible standards, platforms and technologies • Web of Things to reduce IoT fragmentation • Need to secure code in control of IoT applications • JavaScript at heart • IFTTT security • Informaiton flow control • In-car app security • Permissions and API security

  15. Read more in IEEE Security & Privacy Magazine 2019 Joint work in part with Iulia Bastys and Musard Balliu and in part with Benjamin Eriksson

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing the Internet of Things CSM-ACE 2013 13 November 2013 www.cyberunited.com Darin

Securing the Internet of Things CSM-ACE 2013 13 November 2013 www.cyberunited.com Darin

Intelligence and Security Informatics Securing the Internet of Things CSM-ACE 2013 13 November 2013 www.cyberunited.com Darin Andersen 20 Years Hi-Tech and 12 Years Cybersecurity Experience International Cyber Speaker, Insider Threat, SiOT

226 views • 20 slides
Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The Waiting Room Working with Audio Working with Video Using the Tool Tray Chat In the Meeting When Things Go Wrong 2 Securing Your

325 views • 14 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng , Xiaojing Liao, XiaoFeng Wang, Haining Wang, Qiang Li, Kai Yang, Hongsong Zhu, Limin Sun USENIX Security 2019 Internet-of-Things (IoT) Devices IoT

422 views • 23 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

853 views • 28 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

NON-PROFIT PRESENTATION TIPS FOR NON-PROFIT PRESENTATION TIPS FOR SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 | info@212mediastudios.com Having an efgective communication strategy is the fjrst step for your

116 views • 9 slides
Revelation 1:19 Write the things which you have seen, and the things which are, and the

Revelation 1:19 Write the things which you have seen, and the things which are, and the

Revelation 1:19 Write the things which you have seen, and the things which are, and the things which will take place after this. Revelation 4:1 After these things I looked, and behold, a door standing open in heaven. And the

438 views • 30 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

537 views • 10 slides
1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint

1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint

Control Risks 1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint Consultant Associate Director Associate Director Cyber Protect Digital Forensics Crisis Management Global Cyber Security trends

801 views • 31 slides
Document Engineering: Designing Documents for Transactions and Web Services OASIS Symposium - 10

Document Engineering: Designing Documents for Transactions and Web Services OASIS Symposium - 10

Document Engineering: Designing Documents for Transactions and We... file:///C:/Documents%20and%20Settings/glushko/My%20Documents/L... Document Engineering: Designing Documents for Transactions and Web Services OASIS Symposium - 10 May 2006

936 views • 46 slides
Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre:

Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre:

Status of Storm+Lustre and Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre: Test Bed SE server configuration: This test machine is originally prepared for dCache+Lustre frontend, Model Dell

449 views • 12 slides
Cause-Effect Pairs Challenge Isabelle Guyon ChaLearn Thanks Initial impulse : Joris Mooij,

Cause-Effect Pairs Challenge Isabelle Guyon ChaLearn Thanks Initial impulse : Joris Mooij,

Cause-Effect Pairs Challenge Isabelle Guyon ChaLearn Thanks Initial impulse : Joris Mooij, Dominik Janzing, and Bernhard Schlkopf, from the Max Planck. Examples of algorithms and data: Povilas Daniuis, Arthur Gretton, Patrik O. Hoyer,

385 views • 35 slides
iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA

iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA

iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA Dashboard Integrated with Network Layer (PacketX , UPAS) Field WiFi /BLE /ZigBee Layer (ArcRan iSecMaster) Endpoint Layer (Comodo)

549 views • 13 slides
Table of Contents Berner Fachhochschule, Technik und Informatik Cross Site Request Forgery - CSRF

Table of Contents Berner Fachhochschule, Technik und Informatik Cross Site Request Forgery - CSRF

Table of Contents Berner Fachhochschule, Technik und Informatik Cross Site Request Forgery - CSRF Presentation Vulnerability Advanced Web Technology CSRF allows to access the intranet Protection 10) XSS, CSRF and SQL Injection

559 views • 10 slides
Why Laboratory Syntax? The traditional ways of data collection are deeply

Why Laboratory Syntax? The traditional ways of data collection are deeply

Why Laboratory Syntax? The traditional ways of data collection are deeply flawed: statistically unreliable highly subjective fraught with confounding factors that may have nothing to do with language

1.07k views • 53 slides
Jonathan

Jonathan

Jonathan Worthington YAPC::EU::2005 Overview This talk is

922 views • 52 slides

More recommend