internet of secure things
TRANSCRIPT
What is Really Needed to Secure the Internet of Things?
Contents• Introduction
• OWASP Internet of Things Top Ten Project
• Security Challenges for IoT
• Cyber Warfare
• Security Requirements of IoST(Internet of Secure Things)
• Conclusion
• Question & Answer
Introduction
• IoT includes everything in our life.
• But many devices are vulnerable from attack.
• It is necessary to secure the Things themselves.
• Insecure Web Interface (XSS/SQLi/CSRF)
• Insufficient Authentication / Authorization
• Insecure Network Services (BOF / Fuzzing)
• Lack of Transport Encryption (Lack of SSL / TLS)
• Privacy Concerns (Data Encryption)
• Insecure Cloud Interface
• Insecure Mobile Interface
• Insufficient Security Configurability
• Insecure Software / Firmware (need Encrypted Update)
• Poor Physical Security (External Ports, Storage Eject)
Vulnerabilities of IoT Device
Security Challenges for IoT• Critical Functionality
• Replication
• Security Assumptions
• Not easily Patched
• Long Life Cycle
• Proprietary / Industry specific Protocols
• Deployed outside of Enterprise Security Perimeter
Critical Functionality
Replication
Replication
Security Assumption
Not Easily Patched
Long Life Cycle
15~20Years
Specific Protocols
Deployed Outside of Enterprise Security Perimeter
Cyber Warfare, StuxNet
Secure Boot Secure code Updates
Data Security
AuthenticationSecure
CommunicationProtection
Against AttacksMonitoring
Embedded Security Management
Device Tampering Detection
Requirements IoST
Conclusion
Security must be consideredearly in the design process.