(In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17...
Transcript of (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17...
![Page 1: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/1.jpg)
YOUR LOGO YOUR LOGO
(In)Security in the Internet of Things
Seminar Past and Future of Science
HTW SS 2014
Nico Maas (3583600)
![Page 2: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/2.jpg)
YOUR LOGO
Personal Details
Nico Maas
IT Systemelektroniker (Uni SB)
Applied Informatics (HTW SB)
6. Semester HTW
Page 2 of 17
![Page 3: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/3.jpg)
YOUR LOGO
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
Page 3 of 17
Agenda
![Page 4: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/4.jpg)
YOUR LOGO
“The state of the art is perhaps analogous to the
period when scribes had to know as much about
making ink or baking clay as they did about writing.”
[C0] Mark Weiser, “The computer for the 21st century”, 1991
“Internet of Things”
[C1] Kevin Ashton, P&G, 1999
Page 4 of 17
Definition
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
![Page 5: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/5.jpg)
Definition
Page 5 of 17 P1
![Page 6: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/6.jpg)
YOUR LOGO
CIA Triad
- confidentiality: „Unauthorized information release [...]”
- integrity: „Unauthorized information modification [...]”
- availability: „Unauthorized denial of use [...]”
Jerome H. Saltzer and Michael D. Schroeder,
MIT, 1975 [C2]
Definition
Page 6 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
![Page 7: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/7.jpg)
YOUR LOGO
Definition
Page 7 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
P2
![Page 8: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/8.jpg)
YOUR LOGO
Provider: mbed.org
Page 8 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
P3
P4
C: IP, Heartbleed
I: Backdoors
A: Failover, RAID, Backups
![Page 9: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/9.jpg)
YOUR LOGO
Provider: Xively
Page 9 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
P5
P6
C: Data Theft, Heartbleed
I: Data Manipulation
A: Failover, RAID, Backups
![Page 10: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/10.jpg)
YOUR LOGO
Provider: Xively
Page 10 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
P7
P8
![Page 11: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/11.jpg)
YOUR LOGO
Access
Page 11 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
C: UPnP, TR-069
I: Linux, Firmware Autoupgrades
A: TCP(32764), UPnP (..again)
P9
Linksys WAG200G
![Page 12: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/12.jpg)
YOUR LOGO
IoT Devices
Page 12 of 17
P10
P11
P12
![Page 13: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/13.jpg)
YOUR LOGO
IoT Devices
Page 13 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
C: „CiscoGate“, Physical Security
I: E-Lock, Elliptic Curves
A: Firmware Upgrades?!
P13 elektor E-Lock
![Page 14: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/14.jpg)
YOUR LOGO
IoT developing Corporations
IoT using Corporations
Governments
Citizens
Criminals
Stakeholders
Page 14 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
![Page 15: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/15.jpg)
YOUR LOGO
Stakeholders (Amphion Forum Sponsors)
Page 15 of 17 P14
![Page 16: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/16.jpg)
YOUR LOGO
Stakeholders (Military Contractors)
Page 16 of 17 P14
![Page 17: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/17.jpg)
YOUR LOGO
Conclusion
Page 17 of 17
Definition
Provider
Access
IoT Devices
Stakeholders
Conclusion
“We have to put pressure on embedded system
vendors to design their systems better.” [C3] Bruce Schneier, 2014
![Page 18: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/18.jpg)
YOUR LOGO
Thank you very much for your attention!
Questions?
![Page 19: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/19.jpg)
YOUR LOGO
Bibliography - Documents
C0 - http://doi.acm.org/10.1145/329124.329126
C1 - http://www.rfidjournal.com/articles/view?4986
C2 – DOI: 10.1109/PROC.1975.9939
C3 -
https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.h
tml
![Page 20: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/20.jpg)
YOUR LOGO
Bibliography - Media
P0 - http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-
explanation-internet-things-that-anyone-can-understand/
P1 -
http://www.libelium.com/top_50_iot_sensor_applications_ranking#show_in
fographic
P2 – Own graphic
P3 – Screenshot of www.mbed.org IDE
P4 – Own Photo of Intel Galileo Platform
P5 – Screenshot of www.xively.com Dev System
P6 – Own Photo of Intel Galileo Platform
P7 – Screenshot of www.xively.com Dev System
![Page 21: (In)Security in the Internet of Things - Nico Maas€¦ · MIT, 1975 [C2] Definition Page 6 of 17 Definition Provider Access IoT Devices Stakeholders Conclusion . YOUR LOGO Definition](https://reader035.fdocuments.net/reader035/viewer/2022062510/611420fafc355618255b0105/html5/thumbnails/21.jpg)
YOUR LOGO
Bibliography - Media
P8 – Own graphic, Wireshark Capture of xively.com communication
P9 - Linksys WAG200G,
http://securityaffairs.co/wordpress/20941/hacking/netgear-linkys-routers-
backdoor.html
P10 – Safecast, http://blog.safecast.org/
P11 – Google Nest, http://tech.co/google-makes-big-announcement-nest-
2014-01
P12 –Little Printer, http://littleprinter.com/
P13 – elektor E-Lock, http://www.elektor.com/e-lock
P14 – Amphion Forum Sponsors, https://amphionforum.com
P15 –BoT,
http://www.technewsdaily.com/images/i/000/006/937/original/military-big-
data-02.jpg