The Internet of Things: An Overview Karen Rose Senior Director, - - PowerPoint PPT Presentation

the internet of things
SMART_READER_LITE
LIVE PREVIEW

The Internet of Things: An Overview Karen Rose Senior Director, - - PowerPoint PPT Presentation

Jan 13, 2024 373 likes •681 views

The Internet of Things: An Overview Karen Rose Senior Director, Strategy & Analysis Internet Society 1 IoT Concepts & Drivers IoT Key Challenges Security (and recent DDOS attacks) Privacy Interoperability Paper available at:

slide-1
SLIDE 1

1

Karen Rose Senior Director, Strategy & Analysis Internet Society

The Internet of Things:

An Overview

slide-2
SLIDE 2

2

  • IoT Concepts & Drivers
  • IoT Key Challenges

Security (and recent DDOS attacks) Privacy Interoperability

Paper available at: http://www.internetsociety.org/IoT

slide-3
SLIDE 3

3

IoT Overview: Concepts & Drivers

slide-4
SLIDE 4

4

What is IoT really?

  • Despite the buzz, no single definition.
  • Or agreed numbers, or categories, or taxonomies...
  • Different emphasis on different aspects of the concept
  • Functionally: The extension of network connectivity and

computing capability to a variety of objects, devices, sensors and everyday items allowing them to generate/exchange data, often with remote with data analytic/management capabilities.

  • As Value: Data & what can be done with it.
  • As a Vision: The realization of a ‘hyper-connected” world.
  • This is why it matters.
  • This is why it’s hard.

One view, from McKinsey Global Institute:

slide-5
SLIDE 5

5

Computers, Networks, and “Things”

“Machine to Machine” (M2M) (~1970s +)

Internet of Things Beginnings

Carnegie Mellon Internet Coke Machine (1982, 1990) Trojan Room Coffee Pot (first webcam) (1991) Internet Toaster (1990)

slide-6
SLIDE 6

6

Internet Invariants: What Makes IoT Possible

G l

  • b

a l R e a c h & I n t e g r i t y G e n e r a l P u r p

  • s

e P e r m i s s i

  • n

l e s s I n n

  • v

a t i

  • n

A c c e s s i b l e Interoperability & mutual agreement Collaboration Interoperable Building Blocks No Permanent Favorites

slide-7
SLIDE 7

7

If it’s not new, why now?:

A Confluence of Market Trends UBIQUITOUS CONNECTIVITY WIDESPREAD ADOPTION OF IP COMPUTING ECONOMICS MINIATURIZATION ADVANCES IN DATA ANALYTICS

UBIQUITOUS CONNECTIVITY

WIDESPREAD ADOPTION OF IP

COMPUTING ECONOMICS

MINIATURIZATION

ADVANCES IN DATA ANALYTICS RISE OF CLOUD COMPUTING

slide-8
SLIDE 8

8

IoT Challenges

slide-9
SLIDE 9

9

Key IoT Challenges

slide-10
SLIDE 10

10

Key IoT Challenges

slide-11
SLIDE 11

11

Security

slide-12
SLIDE 12

12

Security Must be a Fundamental Priority

  • Security information technology is not new, but IoT presents different

challenges

  • Growth in devices increases the surface available for cyberattack
  • Poorly secured devices affect the security of the Internet and other devices

globally, not just locally.

  • Not just data at stake; Vulnerable devices interacting with the physical

world could present risk to property and life Developers and users of IoT devices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm.

slide-13
SLIDE 13

13

A Spectrum of Unique IoT Device Security Challenges

See also IETF RFC 7452 Architectural Considerations in Smart Object Networking

  • Cost/Size/Functionality
  • Volume of Identical Devices
  • Deployment at Mass Scale
  • Long Service Life
  • No / Limited Upgradability
  • Limited Visibility into Internal

Workings

  • Embedded Devices
  • Physical Security Vulnerabilities
  • Unintended Use
  • BYOIoT

Internet connectivity as the next product “value add”

slide-14
SLIDE 14

14

Recent IoT-Related DDoS Attacks

Date Target Size

20 September KrebsOnSecurity (Security Blog) ~660 Gbps 20 September OVH

(French Hosting Provider)

~1 Tbps 21 October DYN

(DNS Managed Services)

~1.2 Tbps

  • All Linked to the Mirai malware which uses IoT devices as Bots
  • Mirai source code released on hacking websites in October
slide-15
SLIDE 15

15

Krebs DDoS attack data

From CloudFlare POV & Analysis of KOSA:

  • Several waves of the attack
  • Largest attack originated from bots on

737 Networks

  • Some 128,833 unique IP addresses

Location of top source ASN’s (wave 3):

It’s not about where you are, it’s about what’s exploitable on your network!

Source: https://blog.cloudflare.com/say-cheese-a-snapshot-of-the- massive-ddos-attacks-coming-from-iot-cameras/

slide-16
SLIDE 16

Images from: http://krebsonsecurity.com/ dyn.com, ovh.com and http://opte.org/

slide-17
SLIDE 17

17

What vulnerabilities does Mirai exploit?

  • Human behaviour!
  • Scans the Internet

for IoT devices that have not changed factory username and password defaults

  • 68+ username and

password pairs in Mirai’s source code.

Source: https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/

slide-18
SLIDE 18

18

The Good News: Internet Resiliency and Collaborative Security in Action

  • The Internet did not “go down”
  • Website & service disruptions but

functionality restored relatively swiftly

  • Collaboration and collective action

across companies to stem the attacks

  • Widespread information sharing
  • Collaboration between private sector

and government

  • Multistakeholder dialouges
  • Key Action Points:
  • Good design practices
  • Data confidentiality, authentication, and

access control

  • Field upgradability
  • Device obsolescence
  • Standards and metrics
  • Consumer awareness
  • Penalties for irresponsible actors?
slide-19
SLIDE 19

19

Online Trust Alliance IoT Security Framework and Resources

19

https://otalliance.org/initiatives/internet-things

slide-20
SLIDE 20

20

Privacy

slide-21
SLIDE 21

21

Privacy and IoT: Data is a Double-Edged Sword

  • The data streams /analytics that drive the value IoT can also paint very detailed

and intrusive pictures of our lives.

  • Expands the feasibility / reach of surveillance and tracking
  • Redefining the debate about privacy issues
  • Can dramatically change the ways personal data is collected, analyzed,

used and protected.

  • Implications on our:
  • Basic rights
  • Sense of personal safety and control
  • Ability to trust the Internet and devices connected to it.
slide-22
SLIDE 22

22

Meaningful Awareness & Control Breakdown of “Notice and Consent” Managing Across Many Devices

Different Dimensions of Privacy Challenges in IoT

Individual Preferences in Common Contexts Aggregation of Personal / Behavioral Data

Cross-Border Data Flows Global Data Protection Discrimination Law Enforcement

slide-23
SLIDE 23

23

Enhancing Privacy in IoT

  • Strategies need to be developed that respect individual privacy choices across a

broad spectrum of expectations, while still fostering innovation in new technology and services.

  • Traditional on-line privacy models may not fit.
  • Adapting/adopting basic privacy principles, such as:
  • Transparency/Openness
  • Meaningful Choice
  • Data Minimization
  • Use Limitation
  • Among others..
slide-24
SLIDE 24

24

Interoperability & Standards

slide-25
SLIDE 25

25

I&S: Not Just a Tech Challenge, It’s a Market Issue

Overall

  • N. America

Europe Source: World Economic Forum

40% Interoperability is necessary to create up to

40 percent of the economic value generated by IoT

  • - McKinsey Global Institute

Efficiency Scale Market Value

slide-26
SLIDE 26

26

Interoperability / Standards Considerations

  • Complex / Dynamic Service Delivery Chains and Use Cases
  • Land Rush and Schedule Risk
  • Proliferation of Standards Efforts
  • Industry coalitions, alliances, SDOs, proprietary development etc.
  • Where is Interoperability Needed?
  • Reusable Building Blocks
  • Best Practices and Reference Models

Source: xkdc

Ultimately about advancing innovation and user choice

slide-27
SLIDE 27

27

Closing Thoughts

  • IoT is happening now, with tremendous transformational

potential

  • May change the way we think about what it means to

be “online”

  • But the challenges must be addressed to realize the
  • pportunities and benefits
  • Significant. Real. But not insurmountable
  • Solutions won’t found by simply pitting promise vs.

peril

  • It will take Informed engagement, dialogue, and collaboration across a

range of stakeholders to find solutions and to plot the most effective ways forward.

slide-28
SLIDE 28

28

Additional Information and Resources

Internet Invariants: http://www.internetsociety.org/internet- invariants-what-really-matters Collaborative Security: http://www.internetsociety.org/ collaborativesecurity Trust Policy Framework: http://www.internetsociety.org/doc/ policy-framework-open-and-trusted- internet ISOC Briefing Papers: http://www.internetsociety.org/ policybriefs ISOC Deploy360 Resources: http://www.internetsociety.org/deploy360/ Mutually Agreed Norms for Routing Security (MANRS) Initiative: http://www.routingmanifesto.org/ ISOC IoT Overview Paper: http://www.internetsociety.org/iot Online Trust Alliance IoT Resources (IoT Framework, Consumer Check lists etc.): https://otalliance.org/iot

slide-29
SLIDE 29

29

Karen Rose

  • Sr. Director, Strategy & Analysis

rose@isoc.org

Thank You

The Internet of Things: An Overview

Understanding the Issues and Challenges of a More Connected World

http://www.internetsociety.org/IoT