Upload File

iot (in)security - hte · 2016-11-10 · iot (in)security (a pessimistic view on the future...

  • Home
  • Documents
  • IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS
29
IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS Lab) Department of Networked Systems and Services Budapest University of Technology and Economics www.crysys.hu

Upload: others

Post on 19-Jun-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

IoT (in)security(a pessimistic view on the Future Internet)

Levente Buttyán, PhD

Laboratory of Cryptography and System Security (CrySyS Lab)

Department of Networked Systems and Services

Budapest University of Technology and Economics

www.crysys.hu

Page 2: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu2

Page 3: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

”If you’re a researcher on this book thing and you were on Earth,

you must have been gathering material on it.”

”Well, I was able to extend the original entry a bit, yes.”

”Let me see what it says in this edition, then. I’ve got to see it.”

... ”What? Harmless! Is that all it’s got to say? Harmless! One word!

... Well, for God's sake I hope you managed to rectify that a bit.”

”Oh yes, well I managed to transmit a new entry off to the editor. He

had to trim it a bit, but it’s still an improvement.”

”And what does it say now?” asked Arthur.

”Mostly harmless,” admitted Ford with a slightly embarrassed

cough.

3

Page 4: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu4

Page 5: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

still

5

2016

Page 6: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu6

Page 7: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Smart homes

7

Page 8: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Smart vehicles (aka connected cars)

8

Page 9: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Smart factories (aka Industry 4.0)

9

Page 10: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

How about security?

10

Page 11: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

How about security?

11

Page 12: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

IoT from a hacker’s perspective

12

Internet of Things

cheap (in every sense)

computers easy to compromise

now easily searchable and

accessible remotely

Page 13: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu13

Page 14: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

It could really be a nightmare...

14

Page 15: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

It could really be a nightmare...

15

Page 16: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

It could really be a nightmare...

16

Page 17: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

IoT devices became the weakest link

17

Page 18: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Default passwords

18

Page 19: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Unpatched vulnerabilities

19

Page 20: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Factory made backdoors

20

Page 21: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Firewall bypass as a feature

21

source: IoT security is a nightm

are. But w

hat is the real risk?

Hactivity 2016 talk by Zoltán Balázs

Page 22: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu22

Page 23: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu23

Page 24: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Security economics

24

vendors build

cheap devices

maximize profit

minimize time to market

more features, no security

consumers buy

cheap devices

optimize price/value ratio

don’t understand the risk

can’t identify quality

misplaced incentives

makes no sense to build

secure devices

lemon market:

information asymmetry

consumers will pay average price

quality vendors leave the market

Page 25: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

Have you seen this before?

25

Page 26: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu26

”History is just new people making old mistakes.”— Sigmund Freud

Page 27: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu

still

27

2016

Page 28: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

CrySyS Lab, Budapest

www.crysys.hu28

will remain

2016

Page 29: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS

Laboratory of Cryptography and System Security (CrySyS Lab)

Department of Networked Systems and Services

Budapest University of Technology and Economics

www.crysys.hu

contact:

Levente Buttyán, PhD

Associate Professor, Head of the CrySyS Lab

[email protected]


IoT - Big Data & Security · IoT - Big Data & Security MWC Smart Cities Seminar Telefónica Global IoT Group Feb 2017. IoT Big Data and IoT Security in Smart Cities IoT Security IoT

IoT & SCADA Cyber Security Services...1.1.1. IoT Systems Service Description Deliverables IoT Cyber Security Assessment in: (High-level) Review overall security against key IOT vulnerability

of THINGS (IoT) - FlipsCloud · 2017-09-18 · Title: Internet of Things (IoT) security and privacy issues Author: Flipscloud Inc Subject: IoT security Keywords: IoT security,Internet

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 2 – Upcoming networks Generalities

Exploring IoT Security

Some IoT Security Learnings

IoT Security - COIT · IoT Security Protect Your IoT Devices and Keep your Business Running ©2018 Check Point Software Technologies Ltd. 2 IoT Security Represent a New Frontier The

IoT SAFE: Robust IoT security at scale

IoT Security Faux Pas

How to Future-Proof IoT Security · •Current Internet of Things (IoT) landscape •IoT threats •The IoT security problem •Building in device security •Future proofing •PKI

IoT Security Elements

© 2007 Levente Buttyán Security and Privacy in Upcoming Wireless Networks Security and Privacy in Upcoming Wireless Networks Lectures presented at SWING’07,

The IoT Hacker’s Toolkit - Security, CTFs, HackingGoals of IoT Security Researcher Understand IoT Devices Functions Security Properties Find Vulnerabilities Improve Security CVEs

IoT - Big Data & Security

Future-Proof Security & Privacy in IoT - ETSI...layers in IoT ecosystems are prerequisites to make security in IoT Future-Proof. Challenges & Opportunities in Security in IoT A. NXP:

Security Challenges inEmerging Technologies IoT &Wearablessecurity.ingrammicro.com/security/media/Security-Media-Library/... · Security Challenges in Emerging Technologies IoT &

IoT security patterns

IoT Cybersecurity - IoT Alliance Australia: Security Workstream

SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

IOT SECURITY: CHALLENGES, SOLUTIONS & FUTURE PROSPECTS · 2021. 2. 27. · This article considers IoT security challenges, security requirements for IoT architecture, current security

Security in IoT

IoT Security - UC Berkeley Sutardja Centerscet.berkeley.edu/wp-content/uploads/IoT-Security-Overview-Final.pdf · Importance of Security to IoT Security is both a barrier to widespread

Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

IoT SECURITY CHAMPIONS - IoT News - IoT Business News€¦ · IoT SECURITY CHAMPIoNS: Building trust into the iot IOT SECURITY ChAMPIOnS: Building Trust into the IoT p.3 \ Source

© Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 7: Secure routing in multi-hop

Getting started with IoT security · IoT devices. The IoT Security Foundation has prepared an IoT Security Compliance Framework to provide pragmatic guidance to businesses developing

Security challenges for IoT

IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

Debunking IoT Security Myths

IoT Security and Privacy

Floodgate IoT Security Toolkit - Nohaunohau.eu/wp-content/uploads/IconLabs.pdf · The Floodgate IoT Security Toolkit provides engineers developing IoT devices a comprehensive security

IOT SECURITY MARKET REPORT 2017-2022 · IOT SECURITY MARKET REPORT 2017-2022 IOT SECURITY MARKET REPORT ... 1 IoT Security Overview 7 ... 5.5.1 Security by design best practices and

Tamper resistant devices Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics [email protected]

IoT Security: F5 IoT Solution · IoT Security: F5 IoT Solution Author: Matt Mooseles Created Date: 10/1/2018 8:18:05 PM

IoT Security Testing - Deloitte United States · IoT Security Testing Benefits of IoT Security Testing Despite a complex IoT product architecture, IoT security testing (IST) is beneficial