emerging security threats and countermeasures in …...ieee iot reaching >2.1 million twitter...
TRANSCRIPT
Emerging Security Threats and
Countermeasures in IoT
Shiuhpyng Winston Shieh IEEE Reliability Society Vice President
IEEE IoT Initiative Steering Committee member
Editor-in-Chief, IEEE Reliability Digest
IEEE Fellow & ACM Distinguished Scientist
Distinguished Professor, CS Dept., NCTU, Taiwan
Director, Taiwan Information Security Center at NCTU Email: [email protected]
ASIACCS –
Happy 10th
Anniversary
Outline
1
IEEE IoT Initiative’s perspective
IoT Security Threats and Pitfalls
Challenges and Countermeasures
Identity Management
Object Authentication
Vulnerability and Malware
Conclusions
Internet of Things (IoT)
2
What is Internet of Things?
What are the Things? Physical Objects?
Virtual Objects?
Both?
Researchers are still trying to reach a consensus of definitions and standards. IEEE IoT Initiative
NIST (National Institute of Standards and Technology)
ETSI (European Telecommunications Standards Institute)
CEN (European Committee for Standardization)
…...
http://commons.wikimedia.org/wiki/File:Internet_of_things_signed_by_the_author.jpg 3
Launched the IEEE IoT Web Portal
Average 2,200 visits/1,670
visitors per month
inception in June 2013
More than 70% of visitors return
> 63% of visitors from outside
US
Portal information refreshed ~
30 times
– Refreshes include new videos, IEEE IoT experts bylined and industry articles
Visitor Growth Profile
4
4
Launched Flagship Initiative Conference 5
First IEEE WF-IoT Conference
6-8 March 2014; Seoul, South Korea
237 attendees: 58% IEEE Members, 27% Non-Members, 15%
Students
Representation from 60+ global organizations
230 submitted and 127 accepted papers including 18 posters
Broad financial sponsorship
Financial surplus: $94K+
Participation in/support for IEEE and non-IEEE events
Oleg Logvinov
YK Chen: Challenges and
Opportunities of Connected
Vehicle Safety
Roberto Minerva: Great
Internet of Things Debate
Roberto Minerva:
From M2M to Virtual
Continuum
Roberto Minerva:
Steering Committee YK Chen:
General Chair
IEEE-SA Silver Sponsor
Oleg Logvinov: Ecosystem
Study on IoT standards
IoT Initiative: Bronze Sponsor
Roberto Minerva:
Mastering the Innovation
Challenges of the Future
Network Operators in an
Emerging IoT World
JaeSeung Song:
Understanding Global
M2M Standards
YK Chen:
General Co-
Chair 5
6
IEEE IoT on Twitter
1,000 meaningful followers in just eight months
IEEE IoT reaching >2.1 million Twitter users
IEEE IoT’s Klout score of 52 identifies it as a
top-tier voice and resource in social media
1700+ Members in just one year
66% senior level or higher, 35% in engineering,
project management, or IT
Building a Diverse IoT Community
0
200
400
600
800
1000
1200
IEEE IoT Twitter Growth
January – August 2014
Followers
0
500
1000
1500
2000
LinkedIn Group Growth Launch to Present
Members
6
7
Newsletter launched Sept. 2014
Newsletter developed in record time
Bi-monthly; 4 articles per issue; 2
issues in 2014
The Institute Special Report: The Internet
of Things, March 2014
Online 45,000 visits
IoT Tech News video from issue featured on
IEEE.tv received >6,000 views
Marketing/PR Support for IoT Journal
Four issues; 33 papers
Close to 10K downloads in first six months
Newsletter/ Visibility in Existing Publications
7
Creating an IoT Ecosystem Through Standards
Workshops
Gathering of global IoT experts, leaders and other
participants to explore new technologies, IEEE
standards, applications and future business models
Prior Workshops
– Silicon Valley, CA
– Shenzen, China
– Milan, Italy
Launched New Standards Project – P2413
Will defines an architectural framework for the IoT,
including descriptions of various IoT domains,
definitions of IoT domain abstractions, and identification
of commonalities between different IoT domains
Launched Ecosystem Study
Determine the connective areas and potential gaps in
the concept of IoT that could be addressed through pre-
standards and standards activities.
The study will incent activities for 2015 and beyond.
8
8
37 IEEE IoT Expert Bylines & Articles
9
9
IEEE IoT Initiative's definition - based on IoT Initiative’s white paper,
(TAB: Technical Activities Board; FDC: Future Direction Committee)
10
Small environment scenario: It’s a network that connects uniquely identifiable
“Things” to the internet.
The “Things” have sensing/actuation and potential programmability capability.
Information about the “Thing” can be collected.
The state of the “Thing” can be changed.
Connection from anywhere, at anytime, by anything
Large environment scenario: A self-configuring and adaptive complex network that
interconnects “things” to the Internet through the use of interoperable communication protocol.
‘Things’ to Ponder (Computer Security Division, NIST - Jeff Voas)
11
1. Things may be all software or hardware, a combination, or
human.
(Identity Related Issues)
2. Things may have a stealth/invisible mode coming and going
creating zero traceability.
(Privacy & Mobility Issues)
3. Authentication addresses the ‘Who’s Who’ and ‘What’s What’
questions. Things may misidentify.
(Identification & Authentication Issues)
4. Actuators are things; if fed malicious data from ‘other things’,
issues with life-threatening consequences are possible.
(Vulnerability and Malware Issues)
12
ReVuln Ltd. discovered a zero-day vulnerability in
the Samsung Smart TV that allows attackers to
obtain remote control.
ReVuln - The TV is watching you https://vimeo.com/55174958
Who is Listening?
Samsung is warning customers about discussing personal
information in front of their smart television set.
What is recorded?
Who can access the data?
What if being hacked?
13 BBC (09 Feb. 2015), Not in front of the telly: Warning over 'listening' TV [Online], Avaiable: http://www.bbc.com/news/technology-31296188
LIFX Bulbs Hack
IoT lightbulb (LIFX) connects to WiFi network and receives commands
The lightbulbs kept an encrypted WiFi credential using a pre-shared key
A global key is used as the pre-shared key
The WiFi credential is shared between newly joined lightbulb
Context Information Security (04 Jul. 2014), Hacking into Internet Connected Light Bulbs [Online],
Avaiable: http://www.contextis.com/resources/blog/hacking-internet-connected-light-bulbs/ 14
Hackers Breach White House's
Unclassified Computer Network
15
Oct 29, 2014, 12:41 AM ET By ABC NEWS via GOOD MORNING AMERICA
DHS said in a bulletin that the hacking campaign has been ongoing since 2011,
Russians have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.
a DHS alert bulletin said the “BlackEnergy” penetration recently had been detected by several companies.
DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year.
'Trojan Horse' Bug Lurking in Vital US Computers Since 2011
16
Nov 6, 2014, 2:13 PM ET
By JACK CLOHERTY and PIERRE THOMAS, ABC News
Cyber Attack on US Critical Infrastructure
A destructive “Trojan Horse” malware program has penetrated the software that runs much
of the US’ critical infrastructure according to the Department of Homeland Security.
The malware was inserted by hackers believed to be sponsored by the Russian government.
The hacked software is used to control complex industrial operations like oil and gas
pipelines, power transmission grids, water distribution and filtration systems, wind
turbines and even some nuclear plants.
Advanced Persistent Threat (APT)
Taiwan a ‘testing ground’ for Chinese cyber army
(Reuters, July 18, 2013)
HACKING NINE-TO-FIVE
“on Chinese national holidays, for example, we
don't see any hacking activity at all.”
http://www.reuters.com/article/2013/07/19/net-us-
taiwan-cyber-idUSBRE96H1C120130719
17
Recent Attacks in Japan
“Cybersecurity in Japan: Key Issues and Recent Regulatory Developments,” Nir Kshetri, University of North Carolina at Greensboro (also a research fellow of Kobe University).
Attacks on Mitsubishi Heavy Industries (50 types of viruses and malware products), IHI, Kawasaki
Lower House Diet members and secretaries, ID and passwords are stolen. – 480 lawmakers’ documents and emails.
According to NPA, 90% of accounts receiving fraudulent funds have Chinese names
18
Real world APT Attack to KHNP http://securityaffairs.co/wordpress/35013/cyber-crime/hacker-south-korean-nuclear-plants.html, March 18, 2015
19
KHNP (Korea Hydro & Nuclear Power) Responsible for maintain 23 nuclear power plants in
Korea.
Customized 0-day E-mails with malicious attachment are sent to staff
Exploit Hangul Word Processor (HWP, a Korea Word Processor).
Information leakage Plant blueprint
Employees’ privacy
http://securityaffairs.co/wordpress/35013/cyber-
crime/hacker-south-korean-nuclear-plants.html
Surveillance Video Camera
20
The website Insecam
(http://insecam.com/)
exposes at least 73,000
webcam by exploiting the
default ID/Password of the
video camera devices
Does Your Flashlight Spotlights Your Secrets?
21
SnoopWall: “We tested and installed the Top 10 Android Flashlight Apps…”
“All of the applications below appear to obtain access and information way beyond the needs of a Flashlight.”
“Some appear specifically designed to collect and expose your personal information”
http://www.snoopwall.com/wp-content/uploads/2014/10/Flashlight-Spyware-Appendix-2014.pdf
Security Issues
22
Identity Management
Authentication Methods
Vulnerability and Malware Analysis
Data Security
Personal Privacy
Efficient Cryptosystems
Secure Protocols
….
This talk is focused on the first three issues.
Special Features Differentiate IoT from the
Conventional
23
Privacy: Private and sensitive data gathered
Lightweight: lightweight devices, low computation,
weak security, vulnerability
Scalability: Large quantity of Things
Heterogeneity: The heterogeneity of Things
Simple Naming: User friendly Identity Management
Auto-Configuration: self configurable
Security Pitfalls:
Lightweight Devices Carrying Highly Private,
Sensitive Data
24
Weak, Lightweight devices: wearable devices, mobile devices, surveillance cameras, smart
meters, sensors, smart door-locks…
Usually lack of security protection such as firewalls, strong
cryptosystems, robust protocols…
Highly Sensitive Data Highly sensitive data includes geographic position, private
pictures, daily electricity usage, door access, actuator
configuration…
Scalability
25
Billions of objects are connected to the network.
Conventional identity management schemes
cannot handle a large number of devices.
https://dmiessler.cachefly.net/images/internet-of-things-concept-illustration.jpg
Security of Heterogeneous Things
26
A large number of heterogeneous devices
Security problems
More complex
Simple Naming
27
Due to the large number and heterogeneity of IoT objects, identity management schemes and naming policies may become more complex.
The complex schemes and policies may cause inconvenience for users to read, input, or remember the object identifier.
Human readable, memorable, and property-aware identifiers are desirable.
A personalized alias manager (or contact manager) can make the identity management simpler and more friendly.
Auto-Configuration
28
Naïve Users do not prefer complex security settings for IoT
devices.
Simple naming, identification and authentication for users.
Importing X.509 certificate is complex and not friendly to naive users.
A possible scenario:
A passcode is printed on the label of the devices.
Naming, identification, and authentication
settings can be automatically done after
the entering the passcode.
A new standard may need to be
established for the above automation.
http://www.att.com/support_media/images/100/Pace4111N-Sticker.jpg
Possible Solutions
29
Identity Management
Object Authentication
Vulnerability and Malware
30
The Problem: Isolated Information Islands
Requirements of IoT Identity Management
Conventional Object Identification Methods
Cognitive Name Service – A Property-aware Object Identification Scheme
Object Identification in IoT
31
Object Identification is a fundamental issue to be addressed for IoT security.
An object can be authenticated only if it can be uniquely identified.
DLNA and AirPlay work great but they are designed for LAN, instead of connecting through Internet.
Proprietary identity management schemes may lead to isolated object domains called Information Islands.
The Problem: Isolated Information Islands
Information Island Using Proprietary
Protocols
Closed
Object Domain A
Object
Domain D
Object
Domain C
Object
Domain E
Internet
T
T
T
Translators/Gateways T Isolated
Information Island
Closed
Object Domain B
32 32
Requirements of IoT Identity Management
33
Uniqueness The assignment of identifiers to objects must be unique.
Coverage The identifiers should cover most of the objects to
reduce isolated information islands.
Property-awareness An property-aware identifier should present the
properties (name, location, and time) of the object to reflect it’s actual characteristics.
Simple naming The identifiers should be user-readable and easy to
remember.
Hierarchical Structure The identifier could be in a hierarchical structure thus
provide delegated administration.
Vision: Property-Aware Identity
Management
34
Short Alias
Alias Manager
in the smart device
Property-aware identifier
Property-aware identifier
Property-aware identifier
Property-aware Identity
in the sub-domain
(User-friendly)
(Coverage)
(Property-awareness, Uniqueness)
(Hierarchical Structure)
(Property-awareness, Uniqueness)
(Property-awareness, Uniqueness)
Home Gateway
Property-aware
overlay network
35
Address-based identification method:
IPv4 / IPv6
Addressing is efficient.
Easy implementation.
Not property-aware.
Conventional Object Identification
Methods (1/2)
36
Name-based identification method: Domain Name
Name is more readable than addressing.
Need an unambiguous mapping to address.
Name-Address Resolution: DNS (Domain Name System)
DNS could be a bridge connecting existent information islands. Translate the existent identifiers to DNS-format.
The DNS-format names uniquely identify the objects.
Object information can be retrieved through DNS queries.
e.g. Object Name Service (ONS)
Time attributes are not included.
The network location is only a record associated with the object name, instead of being independent. (‘Who ‘s Who’ and ‘What’s What’ )
Conventional Object Identification
Methods (2/2)
DNS Security Extension (DNSSEC)
37
DNS Security Extension (DNSSEC) seems a
remedy for the name service because it
supports many resource types (RRs).
provides integrity protection for the records.
38
An IoT object may deliver messages to anything, from anywhere, and at anytime.
Property-aware identification should:
simultaneously presents naming, addressing, and timing properties of each IoT object.
use unique, text-based, and human-readable identifier assignment for user friendly.
Cognitive Name Service (CNS): With property-aware identifiers, the properties of objects are
presented.
It works as an overlay network which virtually bridges various object domains.
Zhi-Kai Zhang, Michael Cheng Yi Cho, Zong-Yu Wu, Shiuhpyng Shieh, “Identify and Authenticate IoT Objects in a More Natural Way,” IEEE Computer, August, 2015
Cognitive Name Service – A Property-aware Object Identification Scheme
Property-aware Object Identifier
39
Object_Name
-name of the object
(Hierarchical Structure)
TObj
-Validity Period of the object name
(Start_time-End_time)
Location_Name
-name of the location
(Hierarchical Structure)
TLoc
-Validity period of the location
name
(Start_time-End_time)
TObj.Object_Name ::TLoc.Location_Name
Example: (A smart phone in Cellular/Wi-Fi network) 20140101-20161231.Objx.IoTserv.com.tw::20150101-20161231.SimCardx.mobile.isp.com.tw
20140101-20161231.Objx.IoTserv.com.tw::20150101-20150110.ip1.WiFix.cs.nctu.edu.tw
The “Objx” is a smart phone currently registered to
“IoTserv” (registered domain) and both locations (visiting
domains) are valid. May be associated with Location-based Access Control.
TO.Object_Name TO.Object_Name
Resolution Flow of Cognitive Name Service
(CNS)
TL.Location_Name TL.Location_Name
TObj.Object_Name ::TL.Location_Name TObj.Object_Name ::TL.Location_Name
Location Resolution Servers
Query Query
Reply with
Object ID, auth info,
location name, etc
Reply with
location identifier, such
as network address …
Object_Name Verification
and
Location_Name Verification ① ①
② ③
④
Translation
40
③ ②
Name Resolution Servers
Object name in
registered domain object name in
visiting Domain
Cognitive Name Service Overlay Network
41
Object
Domain D
Object
Domain C
T
T
Translators/Gateways T
Internet
Object
Domain B
T
Object
Domain E T Object
Domain A T
Cognitive Name Service Property-aware
overlay network
The Challenges in Construction (1/2)
42
Efficiency
Due to the scale of IoT devices/objects, the queries
and responses could be increased greatly.
How to improve the performance of Name/Location
Resolution Servers is a challenge.
Cache Consistency
Caches may be applied for the performance.
The consistency between the updated record and
related caches is a challenge.
43
Fast Handover
To provide mobility to the objects.
It can be handled in either the identity management
level or the underlying network layers.
Global Clock Trustworthy
Timing issue is a key element to security.
The synchronization and even trustworthiness of a
global clock will be a challenge.
The Challenges in Construction (2/2)
Authentication in IoT
44
Traditional password-based or crypto-based
authentication may not be applicable due to the
scale of IoT objects.
Without global Root Certificate Authority
(Root CA). It is hard to build up a global trust
chain.
Lack of global authentication infrastructure
Object Authentication in Conventional
IoT Security Protocols
45
MAC layer security
Pre-shared key security mechanism
Ex. IEEE 802.15.4
Transport layer security
TLS or DTLS basis
Ex. CoAP and MQTT
However, global PKI does not exist.
Delegated Authentication
46
It is expensive to issue certificates to every object in
IoT.
Some domains have existent authentication
mechanism.
Non-sensitive or internal objects may not need to be
authenticated publicly.
Authentication in a delegated structure could be
more practical.
Delegated Authentication Scenario
47
Wearable
Device
Handheld
Device
Access Point /
Base Station Internet
Gateway /
Access Point
Smart
Furniture/Appliance
Cloud
Service
Multiple
Redundancy
Delegated
Authentication
Delegated
Authentication
Models of Delegated Authentication
48
Authentication by Gateway
Authentication by Security Token
Authentication by Trust Chain
Authentication by Global Trust Infrastructure
Delegated Authentication by Gateway
49
The authentication process relies on the gateway
between the communication parties.
The authentication process is repeated for each
communication session.
Pros:
The authentication method for foreign peers is
independent of the one for domestic peers.
Cons:
Single point of failure, such as compromised gateway,
exposes all the peers to threats.
The gateway can be the bottleneck of performance.
Delegated Authentication by Security Token
50
The gateway is responsible for initiating the first authentication session and establishing security tokens.
The authentication for following sessions relies on the security tokens.
Pros:
The load for succeeding authentication after initialization is removed from the gateway.
Cons:
Single point of failure may occur on the gateway.
Designing a secure and efficient scheme using security tokens could be difficult.
Delegated Authentication by Trust Chain
51
The gateway requests a digital certificate from a public CA (Certificate Authority) and issues proprietary certificates to the domestic objects.
Mutual authentication is achieved through the same trusted (public or proprietary) CA following the trust chain.
Pros:
After the setup phase, there will be no further authentication workload on the gateway.
The proprietary certificate authority is employed to reduce the cost of obtaining public certificates.
Cons:
Single point of failure may occur on the proprietary CA.
A fair amount of computation power is required for the devices.
Authentication by Global Trust Infrastructure
52
All the peers are registered to the global trust infrastructure, such as using X.509 standard with global root CA.
No delegation is made.
Pros:
A global trust infrastructure is more reliable than home/personal gateways.
The gateway does not intervene in authentication process at all.
Cons:
No global trust infrastructures are available in the current Internet.
Even if a global trust infrastructure is available, the registration fee could be high as a whole for all the domestic objects.
Vulnerability and Malware
53
IoT malware is no longer a hypothesis
Smart living on Android
Android security testing
Cloudebug – IoT malware analysis
ProbeBuilder – IoT device monitor
Cloud marketplace - Cloud & IoT
Wide Spread of Vulnerable Devices
54
HP recent study 70% of devices are vulnerable to attacks 540,435 devices are vulnerable
Distribution in IPv4 space is demonstrated in figure
Security mechanisms are not applicable in IoT due to the resource-constraints Lack of protection compare to traditional
computer User not awareness about security in
devices
http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-Study-Reveals-70-Percent-of-
Internet-of-Things-Devices/ba-p/6556284?jumpid=va_y92mxk3jtn#.VEipXhaXi_8
A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-
Area Scan
IoT malware is no longer a hypothesis!
55
Linux.Darlloz, confirmed by Symantec in Nov. 2013 Infect multiple hardware
architectures including: x86 ARM MIPS PowerPC etc.
Linux.Darlloz infected 31,716 worldwide devices (at least) in the short period of 4 months. [5]
Malware Against IoT Devices
56
IoT end-device is rarely equipped with the strong
security defense as that of a central one.
A break-in point for malware to get into the IoT network
Central server
IoT end-device Malware
Attacking Attempt
break
Rapid Propagation
57
Great connectivity
IoT services consists of a large number of
connected devices, which benefits the
adversaries as a hotbed to spread out their
crafted malware.
The advantage for malicious intent Rapid propagation of
the malware infection
Lower security strength of IoT end-devices
http://4.bp.blogspot.com/-XAsXMXrVRn4/Uyqy3GL-9EI/AAAAAAAAatg/T1_l1UZYSNI/s1600/Linux-malware-Internet-of-Things-security-app.png
Smart Living on Android
58
The Market Share of Android
59
M
350M
700M
1,050M
1,400M
2013 2015
Gartner: Worldwide Devices Shipment by Segment
iOS/OS X Windows series
Others Android
Android meets IoT
On-Line Course
“Programming the Internet of Things with Android,” Michael Lehman, on lynda.com
Commercial Website
http://www.smartliving.io/index.html
http://smartliving.hkt.com/eng/
Development
Android Wear, AndroidAuto, Google Fit
Samsung IoT, on http://developer.samsung.com/iot
60
Android Amplifies IoT, But… All-or-nothing choice for permission
Users cannot determine at run-time
Coarse-granularity permissions
IoT will brings more data into smartphone.
How could we properly and flexibly manage them.
Android Malware
Repackage Apps
Spyware
Adware tracking users that breaks users’ privacy
Spear-fishing for installing apps
61
Excessive Access Rights by Flashlight Apps
62
http://www.snoopwall.com/wp-content/uploads/2014/10/Flashlight-Spyware-Appendix-2014.pdf
Android Security Testing
Permission Check Android permission specification
Dataflow Analysis Dynamic/static taint analysis
Privilige Escalation Detection Colluding attacks for data leakage.
Policy Enforcement Kernel patching, Android framework hooking
63
More Challenges
Management issue: Bring Your Own Devices (BYOD) More chances being compromised.
Mobile device management (MDM) surveillance employees’ devices.
Maintenance issue: out-of-date devices Old Android version, no longer supported
Android APIs may suffer security problem, for example, SSL connection,
Should be considered along with IoT
64
IoT Malware Analysis
Lightweight devices lack of computation resource
for in-depth malware analysis.
Malware analysis platform is desirable
e.g. Cloudebug - malware analysis on the cloud
65
Interactive Analysis is Desired
For the portable devices requiring human
interaction, it is predicted that malware within may
need interaction for activation.
Existing cloud-based malware analysis systems
serve in the black-box paradigm.
Users cannot interact with the analysis procedure.
Malware may not be triggered.
66
Cloudebug –
Online Interactive Malware Testbed
A cloud-based malware testbed Allowing users to perform interactive, in-depth malware
analysis online. (http://cloudebug.cs.nctu.edu.tw)
Chi-Wei Wang; Chia-Wei Wang; Chu-An Hsieh; Shieh, S.W., “Cloudebug: A Programmable Online Malware Testbed,” Computer , vol.47, no.7, pp.90,92, July 2014
67
IoT Device Monitor
Lightweight devices cannot afford to execute
heavyweight security tools.
e.g. Anti-virus, IDS, IPS, etc.
Event monitor may be the least-overhead security
feature.
Allowing offline auditing for security threat discovery.
Where to insert the probs?
68
Diverse IoT devices
The systems running on numerous devices differs from:
Instruction Architecture Set (ISA)
OS Type, Distribution, and Version
Customized System
A security specialist may need to manually reverse the system (customized or close-source) to develop monitors for a subject device.
Ad-hoc
Human-intensive
Time-consuming
An automatic solution is needed.
69
ProbeBuilder
Given the event-of-interest to be monitored for a device, the proposed method automatically … Locates the hooking point to precisely capture the event.
There could be many hooking point in the control flow for a target event. (ex. file creation)
The right position should avoid capturing unrelated data.
Explores how the event-sensitive data can be extracted. Validates the above finding with 3-phase verification.
The proposed idea can greatly reduce efforts to develop monitor for devices.
Wang, Chi-Wei; Wang, Chia-wei; Shieh, Shiuhpyng, "ProbeBuilder: Uncovering Opaque Kernel Data Structures for Automatic Probe Construction," Dependable and Secure Computing, IEEE Transactions on , vol.PP, no.99, pp.1,1 doi: 10.1109/TDSC.2015.2416728
70
Conclusions
71
Security issues are revisited.
Identity Management
Requirements and the concept of Cognitive Name Service
are introduced.
Object Authentication
Four types of authentication methods are summarized.
Vulnerability and Malware
Testing of the security of apps will be critical for various IoT
devices.
Tools are introduced for Malware Analysis and Device
Monitor in IoT: Cloudebug and ProbeBuilder