Emerging Security Threats and

Countermeasures in IoT

Shiuhpyng Winston Shieh IEEE Reliability Society Vice President

IEEE IoT Initiative Steering Committee member

Editor-in-Chief, IEEE Reliability Digest

IEEE Fellow & ACM Distinguished Scientist

Distinguished Professor, CS Dept., NCTU, Taiwan

Director, Taiwan Information Security Center at NCTU Email: ssp@cs.nctu.edu.tw

ASIACCS –

Happy 10th

Anniversary

Outline

1

IEEE IoT Initiative’s perspective

IoT Security Threats and Pitfalls

Challenges and Countermeasures

Identity Management

Object Authentication

Vulnerability and Malware

Conclusions

Internet of Things (IoT)

2

What is Internet of Things?

What are the Things? Physical Objects?

Virtual Objects?

Both?

Researchers are still trying to reach a consensus of definitions and standards. IEEE IoT Initiative

NIST (National Institute of Standards and Technology)

ETSI (European Telecommunications Standards Institute)

CEN (European Committee for Standardization)

…...

http://commons.wikimedia.org/wiki/File:Internet_of_things_signed_by_the_author.jpg 3

Launched the IEEE IoT Web Portal

Average 2,200 visits/1,670

visitors per month

inception in June 2013

More than 70% of visitors return

> 63% of visitors from outside

US

Portal information refreshed ~

30 times

– Refreshes include new videos, IEEE IoT experts bylined and industry articles

Visitor Growth Profile

4

4

Launched Flagship Initiative Conference 5

First IEEE WF-IoT Conference

6-8 March 2014; Seoul, South Korea

237 attendees: 58% IEEE Members, 27% Non-Members, 15%

Students

Representation from 60+ global organizations

230 submitted and 127 accepted papers including 18 posters

Broad financial sponsorship

Financial surplus: $94K+

Participation in/support for IEEE and non-IEEE events

Oleg Logvinov

YK Chen: Challenges and

Opportunities of Connected

Vehicle Safety

Roberto Minerva: Great

Internet of Things Debate

Roberto Minerva:

From M2M to Virtual

Continuum

Roberto Minerva:

Steering Committee YK Chen:

General Chair

IEEE-SA Silver Sponsor

Oleg Logvinov: Ecosystem

Study on IoT standards

IoT Initiative: Bronze Sponsor

Roberto Minerva:

Mastering the Innovation

Challenges of the Future

Network Operators in an

Emerging IoT World

JaeSeung Song:

Understanding Global

M2M Standards

YK Chen:

General Co-

Chair 5

6

IEEE IoT on Twitter

1,000 meaningful followers in just eight months

IEEE IoT reaching >2.1 million Twitter users

IEEE IoT’s Klout score of 52 identifies it as a

top-tier voice and resource in social media

LinkedIn

1700+ Members in just one year

66% senior level or higher, 35% in engineering,

project management, or IT

Building a Diverse IoT Community

0

200

400

600

800

1000

1200

IEEE IoT Twitter Growth

January – August 2014

Followers

0

500

1000

1500

2000

LinkedIn Group Growth Launch to Present

Members

6

7

Newsletter launched Sept. 2014

Newsletter developed in record time

Bi-monthly; 4 articles per issue; 2

issues in 2014

The Institute Special Report: The Internet

of Things, March 2014

Online 45,000 visits

IoT Tech News video from issue featured on

IEEE.tv received >6,000 views

Marketing/PR Support for IoT Journal

Four issues; 33 papers

Close to 10K downloads in first six months

Newsletter/ Visibility in Existing Publications

7

Creating an IoT Ecosystem Through Standards

Workshops

Gathering of global IoT experts, leaders and other

participants to explore new technologies, IEEE

standards, applications and future business models

Prior Workshops

– Silicon Valley, CA

– Shenzen, China

– Milan, Italy

Launched New Standards Project – P2413

Will defines an architectural framework for the IoT,

including descriptions of various IoT domains,

definitions of IoT domain abstractions, and identification

of commonalities between different IoT domains

Launched Ecosystem Study

Determine the connective areas and potential gaps in

the concept of IoT that could be addressed through pre-

standards and standards activities.

The study will incent activities for 2015 and beyond.

8

8

37 IEEE IoT Expert Bylines & Articles

9

9

IEEE IoT Initiative's definition - based on IoT Initiative’s white paper,

(TAB: Technical Activities Board; FDC: Future Direction Committee)

10

Small environment scenario: It’s a network that connects uniquely identifiable

“Things” to the internet.

The “Things” have sensing/actuation and potential programmability capability.

Information about the “Thing” can be collected.

The state of the “Thing” can be changed.

Connection from anywhere, at anytime, by anything

Large environment scenario: A self-configuring and adaptive complex network that

interconnects “things” to the Internet through the use of interoperable communication protocol.

‘Things’ to Ponder (Computer Security Division, NIST - Jeff Voas)

11

1. Things may be all software or hardware, a combination, or

human.

(Identity Related Issues)

2. Things may have a stealth/invisible mode coming and going

creating zero traceability.

(Privacy & Mobility Issues)

3. Authentication addresses the ‘Who’s Who’ and ‘What’s What’

questions. Things may misidentify.

(Identification & Authentication Issues)

4. Actuators are things; if fed malicious data from ‘other things’,

issues with life-threatening consequences are possible.

(Vulnerability and Malware Issues)

12

ReVuln Ltd. discovered a zero-day vulnerability in

the Samsung Smart TV that allows attackers to

obtain remote control.

ReVuln - The TV is watching you https://vimeo.com/55174958

Who is Listening?

Samsung is warning customers about discussing personal

information in front of their smart television set.

What is recorded?

Who can access the data?

What if being hacked?

13 BBC (09 Feb. 2015), Not in front of the telly: Warning over 'listening' TV [Online], Avaiable: http://www.bbc.com/news/technology-31296188

LIFX Bulbs Hack

IoT lightbulb (LIFX) connects to WiFi network and receives commands

The lightbulbs kept an encrypted WiFi credential using a pre-shared key

A global key is used as the pre-shared key

The WiFi credential is shared between newly joined lightbulb

Context Information Security (04 Jul. 2014), Hacking into Internet Connected Light Bulbs [Online],

Avaiable: http://www.contextis.com/resources/blog/hacking-internet-connected-light-bulbs/ 14

Hackers Breach White House's

Unclassified Computer Network

15

Oct 29, 2014, 12:41 AM ET By ABC NEWS via GOOD MORNING AMERICA

DHS said in a bulletin that the hacking campaign has been ongoing since 2011,

Russians have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.

a DHS alert bulletin said the “BlackEnergy” penetration recently had been detected by several companies.

DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year.

'Trojan Horse' Bug Lurking in Vital US Computers Since 2011

16

Nov 6, 2014, 2:13 PM ET

By JACK CLOHERTY and PIERRE THOMAS, ABC News

Cyber Attack on US Critical Infrastructure

A destructive “Trojan Horse” malware program has penetrated the software that runs much

of the US’ critical infrastructure according to the Department of Homeland Security.

The malware was inserted by hackers believed to be sponsored by the Russian government.

The hacked software is used to control complex industrial operations like oil and gas

pipelines, power transmission grids, water distribution and filtration systems, wind

turbines and even some nuclear plants.

Advanced Persistent Threat (APT)

Taiwan a ‘testing ground’ for Chinese cyber army

(Reuters, July 18, 2013)

HACKING NINE-TO-FIVE

“on Chinese national holidays, for example, we

don't see any hacking activity at all.”

http://www.reuters.com/article/2013/07/19/net-us-

taiwan-cyber-idUSBRE96H1C120130719

17

Recent Attacks in Japan

“Cybersecurity in Japan: Key Issues and Recent Regulatory Developments,” Nir Kshetri, University of North Carolina at Greensboro (also a research fellow of Kobe University).

Attacks on Mitsubishi Heavy Industries (50 types of viruses and malware products), IHI, Kawasaki

Lower House Diet members and secretaries, ID and passwords are stolen. – 480 lawmakers’ documents and emails.

According to NPA, 90% of accounts receiving fraudulent funds have Chinese names

18

Real world APT Attack to KHNP http://securityaffairs.co/wordpress/35013/cyber-crime/hacker-south-korean-nuclear-plants.html, March 18, 2015

19

KHNP (Korea Hydro & Nuclear Power) Responsible for maintain 23 nuclear power plants in

Korea.

Customized 0-day E-mails with malicious attachment are sent to staff

Exploit Hangul Word Processor (HWP, a Korea Word Processor).

Information leakage Plant blueprint

Employees’ privacy

http://securityaffairs.co/wordpress/35013/cyber-

crime/hacker-south-korean-nuclear-plants.html

Surveillance Video Camera

20

The website Insecam

(http://insecam.com/)

exposes at least 73,000

webcam by exploiting the

default ID/Password of the

video camera devices

Does Your Flashlight Spotlights Your Secrets?

21

SnoopWall: “We tested and installed the Top 10 Android Flashlight Apps…”

“All of the applications below appear to obtain access and information way beyond the needs of a Flashlight.”

“Some appear specifically designed to collect and expose your personal information”

http://www.snoopwall.com/wp-content/uploads/2014/10/Flashlight-Spyware-Appendix-2014.pdf

Security Issues

22

Identity Management

Authentication Methods

Vulnerability and Malware Analysis

Data Security

Personal Privacy

Efficient Cryptosystems

Secure Protocols

….

This talk is focused on the first three issues.

Special Features Differentiate IoT from the

Conventional

23

Privacy: Private and sensitive data gathered

Lightweight: lightweight devices, low computation,

weak security, vulnerability

Scalability: Large quantity of Things

Heterogeneity: The heterogeneity of Things

Simple Naming: User friendly Identity Management

Auto-Configuration: self configurable

Security Pitfalls:

Lightweight Devices Carrying Highly Private,

Sensitive Data

24

Weak, Lightweight devices: wearable devices, mobile devices, surveillance cameras, smart

meters, sensors, smart door-locks…

Usually lack of security protection such as firewalls, strong

cryptosystems, robust protocols…

Highly Sensitive Data Highly sensitive data includes geographic position, private

pictures, daily electricity usage, door access, actuator

configuration…

Scalability

25

Billions of objects are connected to the network.

Conventional identity management schemes

cannot handle a large number of devices.

https://dmiessler.cachefly.net/images/internet-of-things-concept-illustration.jpg

Security of Heterogeneous Things

26

A large number of heterogeneous devices

Security problems

More complex

Simple Naming

27

Due to the large number and heterogeneity of IoT objects, identity management schemes and naming policies may become more complex.

The complex schemes and policies may cause inconvenience for users to read, input, or remember the object identifier.

Human readable, memorable, and property-aware identifiers are desirable.

A personalized alias manager (or contact manager) can make the identity management simpler and more friendly.

Auto-Configuration

28

Naïve Users do not prefer complex security settings for IoT

devices.

Simple naming, identification and authentication for users.

Importing X.509 certificate is complex and not friendly to naive users.

A possible scenario:

A passcode is printed on the label of the devices.

Naming, identification, and authentication

settings can be automatically done after

the entering the passcode.

A new standard may need to be

established for the above automation.

http://www.att.com/support_media/images/100/Pace4111N-Sticker.jpg

Possible Solutions

29

Identity Management

Object Authentication

Vulnerability and Malware

30

The Problem: Isolated Information Islands

Requirements of IoT Identity Management

Conventional Object Identification Methods

Cognitive Name Service – A Property-aware Object Identification Scheme

Object Identification in IoT

31

Object Identification is a fundamental issue to be addressed for IoT security.

An object can be authenticated only if it can be uniquely identified.

DLNA and AirPlay work great but they are designed for LAN, instead of connecting through Internet.

Proprietary identity management schemes may lead to isolated object domains called Information Islands.

The Problem: Isolated Information Islands

Information Island Using Proprietary

Protocols

Closed

Object Domain A

Object

Domain D

Object

Domain C

Object

Domain E

Internet

T

T

T

Translators/Gateways T Isolated

Information Island

Closed

Object Domain B

32 32

Requirements of IoT Identity Management

33

Uniqueness The assignment of identifiers to objects must be unique.

Coverage The identifiers should cover most of the objects to

reduce isolated information islands.

Property-awareness An property-aware identifier should present the

properties (name, location, and time) of the object to reflect it’s actual characteristics.

Simple naming The identifiers should be user-readable and easy to

remember.

Hierarchical Structure The identifier could be in a hierarchical structure thus

provide delegated administration.

Vision: Property-Aware Identity

Management

34

Short Alias

Alias Manager

in the smart device

Property-aware identifier

Property-aware identifier

Property-aware identifier

Property-aware Identity

in the sub-domain

(User-friendly)

(Coverage)

(Property-awareness, Uniqueness)

(Hierarchical Structure)

(Property-awareness, Uniqueness)

(Property-awareness, Uniqueness)

Home Gateway

Property-aware

overlay network

35

Address-based identification method:

IPv4 / IPv6

Addressing is efficient.

Easy implementation.

Not property-aware.

Conventional Object Identification

Methods (1/2)

36

Name-based identification method: Domain Name

Name is more readable than addressing.

Need an unambiguous mapping to address.

Name-Address Resolution: DNS (Domain Name System)

DNS could be a bridge connecting existent information islands. Translate the existent identifiers to DNS-format.

The DNS-format names uniquely identify the objects.

Object information can be retrieved through DNS queries.

e.g. Object Name Service (ONS)

Time attributes are not included.

The network location is only a record associated with the object name, instead of being independent. (‘Who ‘s Who’ and ‘What’s What’ )

Conventional Object Identification

Methods (2/2)

DNS Security Extension (DNSSEC)

37

DNS Security Extension (DNSSEC) seems a

remedy for the name service because it

supports many resource types (RRs).

provides integrity protection for the records.

38

An IoT object may deliver messages to anything, from anywhere, and at anytime.

Property-aware identification should:

simultaneously presents naming, addressing, and timing properties of each IoT object.

use unique, text-based, and human-readable identifier assignment for user friendly.

Cognitive Name Service (CNS): With property-aware identifiers, the properties of objects are

presented.

It works as an overlay network which virtually bridges various object domains.

Zhi-Kai Zhang, Michael Cheng Yi Cho, Zong-Yu Wu, Shiuhpyng Shieh, “Identify and Authenticate IoT Objects in a More Natural Way,” IEEE Computer, August, 2015

Cognitive Name Service – A Property-aware Object Identification Scheme

Property-aware Object Identifier

39

Object_Name

-name of the object

(Hierarchical Structure)

TObj

-Validity Period of the object name

(Start_time-End_time)

Location_Name

-name of the location

(Hierarchical Structure)

TLoc

-Validity period of the location

name

(Start_time-End_time)

TObj.Object_Name ::TLoc.Location_Name

Example: (A smart phone in Cellular/Wi-Fi network) 20140101-20161231.Objx.IoTserv.com.tw::20150101-20161231.SimCardx.mobile.isp.com.tw

20140101-20161231.Objx.IoTserv.com.tw::20150101-20150110.ip1.WiFix.cs.nctu.edu.tw

The “Objx” is a smart phone currently registered to

“IoTserv” (registered domain) and both locations (visiting

domains) are valid. May be associated with Location-based Access Control.

TO.Object_Name TO.Object_Name

Resolution Flow of Cognitive Name Service

(CNS)

TL.Location_Name TL.Location_Name

TObj.Object_Name ::TL.Location_Name TObj.Object_Name ::TL.Location_Name

Location Resolution Servers

Query Query

Reply with

Object ID, auth info,

location name, etc

Reply with

location identifier, such

as network address …

Object_Name Verification

and

Location_Name Verification ① ①

② ③

④

Translation

40

③ ②

Name Resolution Servers

Object name in

registered domain object name in

visiting Domain

Cognitive Name Service Overlay Network

41

Object

Domain D

Object

Domain C

T

T

Translators/Gateways T

Internet

Object

Domain B

T

Object

Domain E T Object

Domain A T

Cognitive Name Service Property-aware

overlay network

The Challenges in Construction (1/2)

42

Efficiency

Due to the scale of IoT devices/objects, the queries

and responses could be increased greatly.

How to improve the performance of Name/Location

Resolution Servers is a challenge.

Cache Consistency

Caches may be applied for the performance.

The consistency between the updated record and

related caches is a challenge.

43

Fast Handover

To provide mobility to the objects.

It can be handled in either the identity management

level or the underlying network layers.

Global Clock Trustworthy

Timing issue is a key element to security.

The synchronization and even trustworthiness of a

global clock will be a challenge.

The Challenges in Construction (2/2)

Authentication in IoT

44

Traditional password-based or crypto-based

authentication may not be applicable due to the

scale of IoT objects.

Without global Root Certificate Authority

(Root CA). It is hard to build up a global trust

chain.

Lack of global authentication infrastructure

Object Authentication in Conventional

IoT Security Protocols

45

MAC layer security

Pre-shared key security mechanism

Ex. IEEE 802.15.4

Transport layer security

TLS or DTLS basis

Ex. CoAP and MQTT

However, global PKI does not exist.

Delegated Authentication

46

It is expensive to issue certificates to every object in

IoT.

Some domains have existent authentication

mechanism.

Non-sensitive or internal objects may not need to be

authenticated publicly.

Authentication in a delegated structure could be

more practical.

Delegated Authentication Scenario

47

Wearable

Device

Handheld

Device

Access Point /

Base Station Internet

Gateway /

Access Point

Smart

Furniture/Appliance

Cloud

Service

Multiple

Redundancy

Delegated

Authentication

Delegated

Authentication

Models of Delegated Authentication

48

Authentication by Gateway

Authentication by Security Token

Authentication by Trust Chain

Authentication by Global Trust Infrastructure

Delegated Authentication by Gateway

49

The authentication process relies on the gateway

between the communication parties.

The authentication process is repeated for each

communication session.

Pros:

The authentication method for foreign peers is

independent of the one for domestic peers.

Cons:

Single point of failure, such as compromised gateway,

exposes all the peers to threats.

The gateway can be the bottleneck of performance.

Delegated Authentication by Security Token

50

The gateway is responsible for initiating the first authentication session and establishing security tokens.

The authentication for following sessions relies on the security tokens.

Pros:

The load for succeeding authentication after initialization is removed from the gateway.

Cons:

Single point of failure may occur on the gateway.

Designing a secure and efficient scheme using security tokens could be difficult.

Delegated Authentication by Trust Chain

51

The gateway requests a digital certificate from a public CA (Certificate Authority) and issues proprietary certificates to the domestic objects.

Mutual authentication is achieved through the same trusted (public or proprietary) CA following the trust chain.

Pros:

After the setup phase, there will be no further authentication workload on the gateway.

The proprietary certificate authority is employed to reduce the cost of obtaining public certificates.

Cons:

Single point of failure may occur on the proprietary CA.

A fair amount of computation power is required for the devices.

Authentication by Global Trust Infrastructure

52

All the peers are registered to the global trust infrastructure, such as using X.509 standard with global root CA.

No delegation is made.

Pros:

A global trust infrastructure is more reliable than home/personal gateways.

The gateway does not intervene in authentication process at all.

Cons:

No global trust infrastructures are available in the current Internet.

Even if a global trust infrastructure is available, the registration fee could be high as a whole for all the domestic objects.

Vulnerability and Malware

53

IoT malware is no longer a hypothesis

Smart living on Android

Android security testing

Cloudebug – IoT malware analysis

ProbeBuilder – IoT device monitor

Cloud marketplace - Cloud & IoT

Wide Spread of Vulnerable Devices

54

HP recent study 70% of devices are vulnerable to attacks 540,435 devices are vulnerable

Distribution in IPv4 space is demonstrated in figure

Security mechanisms are not applicable in IoT due to the resource-constraints Lack of protection compare to traditional

computer User not awareness about security in

devices

http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-Study-Reveals-70-Percent-of-

Internet-of-Things-Devices/ba-p/6556284?jumpid=va_y92mxk3jtn#.VEipXhaXi_8

A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-

Area Scan

IoT malware is no longer a hypothesis!

55

Linux.Darlloz, confirmed by Symantec in Nov. 2013 Infect multiple hardware

architectures including: x86 ARM MIPS PowerPC etc.

Linux.Darlloz infected 31,716 worldwide devices (at least) in the short period of 4 months. [5]

Malware Against IoT Devices

56

IoT end-device is rarely equipped with the strong

security defense as that of a central one.

A break-in point for malware to get into the IoT network

Central server

IoT end-device Malware

Attacking Attempt

break

Rapid Propagation

57

Great connectivity

IoT services consists of a large number of

connected devices, which benefits the

adversaries as a hotbed to spread out their

crafted malware.

The advantage for malicious intent Rapid propagation of

the malware infection

Lower security strength of IoT end-devices

http://4.bp.blogspot.com/-XAsXMXrVRn4/Uyqy3GL-9EI/AAAAAAAAatg/T1_l1UZYSNI/s1600/Linux-malware-Internet-of-Things-security-app.png

Smart Living on Android

58

The Market Share of Android

59

M

350M

700M

1,050M

1,400M

2013 2015

Gartner: Worldwide Devices Shipment by Segment

iOS/OS X Windows series

Others Android

Android meets IoT

On-Line Course

“Programming the Internet of Things with Android,” Michael Lehman, on lynda.com

Commercial Website

http://www.smartliving.io/index.html

http://smartliving.hkt.com/eng/

Development

Android Wear, AndroidAuto, Google Fit

Samsung IoT, on http://developer.samsung.com/iot

60

Android Amplifies IoT, But… All-or-nothing choice for permission

Users cannot determine at run-time

Coarse-granularity permissions

IoT will brings more data into smartphone.

How could we properly and flexibly manage them.

Android Malware

Repackage Apps

Spyware

Adware tracking users that breaks users’ privacy

Spear-fishing for installing apps

61

Excessive Access Rights by Flashlight Apps

62

http://www.snoopwall.com/wp-content/uploads/2014/10/Flashlight-Spyware-Appendix-2014.pdf

Android Security Testing

Permission Check Android permission specification

Dataflow Analysis Dynamic/static taint analysis

Privilige Escalation Detection Colluding attacks for data leakage.

Policy Enforcement Kernel patching, Android framework hooking

63

More Challenges

Management issue: Bring Your Own Devices (BYOD) More chances being compromised.

Mobile device management (MDM) surveillance employees’ devices.

Maintenance issue: out-of-date devices Old Android version, no longer supported

Android APIs may suffer security problem, for example, SSL connection,

Should be considered along with IoT

64

IoT Malware Analysis

Lightweight devices lack of computation resource

for in-depth malware analysis.

Malware analysis platform is desirable

e.g. Cloudebug - malware analysis on the cloud

65

Interactive Analysis is Desired

For the portable devices requiring human

interaction, it is predicted that malware within may

need interaction for activation.

Existing cloud-based malware analysis systems

serve in the black-box paradigm.

Users cannot interact with the analysis procedure.

Malware may not be triggered.

66

Cloudebug –

Online Interactive Malware Testbed

A cloud-based malware testbed Allowing users to perform interactive, in-depth malware

analysis online. (http://cloudebug.cs.nctu.edu.tw)

Chi-Wei Wang; Chia-Wei Wang; Chu-An Hsieh; Shieh, S.W., “Cloudebug: A Programmable Online Malware Testbed,” Computer , vol.47, no.7, pp.90,92, July 2014

67

IoT Device Monitor

Lightweight devices cannot afford to execute

heavyweight security tools.

e.g. Anti-virus, IDS, IPS, etc.

Event monitor may be the least-overhead security

feature.

Allowing offline auditing for security threat discovery.

Where to insert the probs?

68

Diverse IoT devices

The systems running on numerous devices differs from:

Instruction Architecture Set (ISA)

OS Type, Distribution, and Version

Customized System

A security specialist may need to manually reverse the system (customized or close-source) to develop monitors for a subject device.

Ad-hoc

Human-intensive

Time-consuming

An automatic solution is needed.

69

ProbeBuilder

Given the event-of-interest to be monitored for a device, the proposed method automatically … Locates the hooking point to precisely capture the event.

There could be many hooking point in the control flow for a target event. (ex. file creation)

The right position should avoid capturing unrelated data.

Explores how the event-sensitive data can be extracted. Validates the above finding with 3-phase verification.

The proposed idea can greatly reduce efforts to develop monitor for devices.

Wang, Chi-Wei; Wang, Chia-wei; Shieh, Shiuhpyng, "ProbeBuilder: Uncovering Opaque Kernel Data Structures for Automatic Probe Construction," Dependable and Secure Computing, IEEE Transactions on , vol.PP, no.99, pp.1,1 doi: 10.1109/TDSC.2015.2416728

70

Conclusions

71

Security issues are revisited.

Identity Management

Requirements and the concept of Cognitive Name Service

are introduced.

Object Authentication

Four types of authentication methods are summarized.

Vulnerability and Malware

Testing of the security of apps will be critical for various IoT

devices.

Tools are introduced for Malware Analysis and Device

Monitor in IoT: Cloudebug and ProbeBuilder