Internet of Things and Security challenges

Prof. Anastasios A. Economides

University of Macedonia, Thessaloniki, Greece

[email protected]

http://conta.uom.gr

Internet of Things (IoT) &

Security Challenges

mailto:[email protected]

http://conta.uom.gr/

• IoT Definitions • Forecasting, Market & Economics • Applications • Technology • Research Challenges • Security Challenges • Wireless Sensor Network Security • Attacks & Defense • Security Visualization • Conclusions

Presentation Outline

IN3-UOC 2014 seminar by Prof. A.A. Economides 2

IN3-UOC 2014 seminar by Prof. A.A. Economides

3

IoT Definitions

4 IN3-UOC 2014 seminar by Prof. A.A. Economides

• IoT will connect objects around us to provide seamless communication and contextual services provided by them. IETF

• IoT enables the objects in our environment to become active participants, i.e.,

– they share information with other members of the network or with any other stakeholder,

– they are capable of recognizing events and changes in their surroundings and of acting and reacting autonomously in an appropriate manner. IERC (Internet of Things Research in Europe Cluster)

“Worldwide ICT infrastructure that enables ubiquitous services among interacting humans, machines, data and applications”

A.A. Economides

IoT Driving Forces


IoT Forecast


Cisco: 25 billion devices connected to the Internet by 2015 and 50 billion by 2020.

IDC: 30 billion devices will be communicating over the network by 2020. ABI Research: There are more than 10 billion wirelessly connected devices in

the market today; with over 30 billion devices by 2020. Gartner: 26 billion units installed by 2020. Ericsson: 50 billion connected devices by 2020.

IoT Economic Impact, 1


Harbor Research: Service Revenues for the IoT will reach $500 Billion by 2018, dwarfing the $33 Billion in revenue expected from devices in 2018.

McKinsey Global Institute: the potential economic impact of IoT will

be $2.7 trillion to $6.2 trillion per year by 2025. Across the health-care applications, IoT technology could have an economic impact of $1.1 trillion to $2.5 trillion per year by 2025.

GSMA & Machina Research: A $ 4.5 trillion global impact in 2020.

The global business impact of the IoT can be split into two broad categories: ‘revenues’ ($2.5 trillion) and ‘cost reduction’ ($1 trillion) and ‘service improvements’ ($1 trillion).

IoT Economic Impact, 2


Cisco: The IoE Value at Stake will be $19 trillion for companies and industries worldwide in the next decade (2013 – 2022).

IDC: The market will increase 133% to $3.04 trillion by 2020. Gartner: IoT product and service suppliers will generate

incremental revenue exceeding $300 billion, mostly in services, in 2020. It will result in $1.9 trillion in global economic value-add through sales into diverse end markets. The verticals that are leading its adoption are manufacturing (15 percent), healthcare (15 percent) and insurance (11 percent).

75% of companies from across industries are already exploring the IoT.

15 % of organizations across the globe already have an IoT

solution in place. 53 % plan to implement one within the next 24 months,

and another 14 % in the next two to five years. 21 % of transportation and logistics companies already

have IoT solutions in place.

(Zebra Technologies / Forrester Consulting).

IoT deployment


Cisco predicts that IoT will cause IP traffic to reach 1.6 zettabytes by 2018 (300% increase compared to 2013).

By 2018, 57% of IP traffic will come from devices other than PCs. Wi-Fi will generate 49% of IP traffic, other mobile-connected devices will generate 12% of it. Cisco will invest $1 billion to build the world's largest

Intercloud network to tackle the IoT.

Cisco to build a network


http://www.techradar.com/us/news/internet/cloud-services/cisco-investing-1bn-in-cloud-network-for-internet-of-everything-1236428

APPLICATIONS


• Personal Health, • Personal Devices (e.g. glass, watch, mobile), • Clothes, • Personal Exercise, • Infant/ Elderly/Patient Monitoring, • Special needs persons Assistance, • Hospitals, Health Retreat, • Pharmaceuticals, • Emergency, • Recreational activities, • etc.

Smart Healthcare & Wellbeing


Fall Detection Assistance for elderly or disabled people living independent.

Medical Fridges

Control of conditions inside freezers storing vaccines, medicines and organic elements.

Sportsmen Care Vital signs monitoring in high performance centers and fields. Patients Surveillance

Monitoring of conditions of patients inside hospitals and in old people's home.

Ultraviolet Radiation

Measurement of UV sun rays to warn people not to be exposed in certain hours.

eHealth


http://www.libelium.com/

• Home equipment/appliances Control, • Safety Detectors (e.g. smoke, gas, motion), • Security, Surveillance, • Environment (e.g. heat, air, light), • Entertainment, • etc.

Smart Home


Energy and Water Use Energy and water supply consumption monitoring to obtain advice on how to save cost and resources.

Remote Control Appliances

Switching on and off remotely appliances to avoid accidents and save energy.

Intrusion Detection Systems

Detection of windows and doors openings and violations to prevent intruders.

Art and Goods Preservation

Monitoring of conditions inside museums and art warehouses.

Domotic & Home Automation



• Energy & Lighting, • Security, Surveillance, • Emergency (e.g. fire, gas), • Metering, • Offices, • Hotels, • etc.

Smart Building


• Monitoring, Fault Detection, • Metering, • Electricity, • Waste Management, • Water, • Gas, • Tolls, • Bridges, etc.

Smart Utilities


http://www.alcatel-lucent.com/

Smart Grid Energy consumption monitoring and management.

Tank level

Monitoring of water, oil and gas levels in storage tanks and cisterns.

Photovoltaic Installations

Monitoring and optimization of performance in solar energy plants.

Water Flow

Measurement of water pressure in water transportation systems. Silos Stock Calculation

Measurement of emptiness level and weight of the goods.

Smart Metering



Potable water monitoring Monitor the quality of tap water in cities.

Chemical leakage detection in rivers

Detect leakages and wastes of factories in rivers. Swimming pool remote measurement

Control remotely the swimming pool conditions. Pollution levels in the sea

Control real time leakages and wastes in the sea. Water Leakages

Detection of liquid presence outside tanks and pressure variations along pipes.

River Floods

Monitoring of water level variations in rivers, dams and reservoirs.

Smart Water

23 IN3-UOC 2014 seminar by Prof. A.A. Economides http://www.libelium.com/

• E-Government, • Security, Surveillance, • Emergency (e.g. fire, flood, tsunami), • Energy Management (e.g. lighting), • Air & Water Quality Monitoring, • Traffic Control, Parking, • Transportation (e.g. cars, buses, metro, trams,…), • Tourism, • Culture, Arts, • Education, etc.

Smart City/ Community



Smart Parking Monitoring of parking spaces availability in the city.

Structural health

Monitoring of vibrations and material conditions in buildings, bridges and historical monuments. Noise Urban Maps

Sound monitoring in bar areas and centric zones in real time. Smartphone Detection

Detect iPhone and Android devices and in general any device which works with WiFi or Bluetooth interfaces.

Eletromagnetic Field Levels

Measurement of the energy radiated by cell stations and and WiFi routers. Traffic Congestion

Monitoring of vehicles and pedestrian levels to optimize driving and walking routes. Smart Lighting

Intelligent and weather adaptive lighting in street lights. Waste Management

Detection of rubbish levels in containers to optimize the trash collection routes.

Smart Cities



There are sensors everywhere: monitoring traffic, parking spaces, street lights, air pollution, meteorological conditions, the humidity of green spaces in parks, the trash bins etc.

Street lights in Born are shut down automatically if they don’t detect

any activity nearby. They also gathers environmental information, humidity, temperature, pollution, and noise. It is expected to have 3,360 lights on 160 streets by 2015.

The trash cans alert sanitation workers monitoring on a tablet that

they need to be emptied.

The irrigation systems in Pobleneau Central Park monitor the moisture in the soil and turning on pop-up sprinklers. Parks department employees can also access meteorological data and rain gauges and adjust the quantity of water used.

Barcelona Smart City


• 83 projects across 12 areas • 47,000 jobs created

• Smart Water: $58 million savings • Smart Parking: $53 million revenue • Smart Lighting: $47 million savings • Smart Buildings: $124 million savings www.cisco.com

Barcelona Smart City economics


Perimeter Access Control Access control to restricted areas and detection of people in non-authorized areas.

Liquid Presence

Liquid detection in data centers, warehouses and sensitive building grounds to prevent break downs and corrosion.

Radiation Levels

Distributed measurement of radiation levels in nuclear power stations surroundings to generate leakage alerts.

Explosive and Hazardous Gases

Detection of gas levels and leakages in industrial environments, surroundings of chemical factories and inside mines.

Security & Emergencies



• Farming, Agriculture, Livestock, • Water, • Pollution, • Weather, • Nature, etc.

Smart Environment


Forest Fire Detection Monitoring of combustion gases and preemptive fire conditions to define alert zones.

Air Pollution

Control of CO2 emissions of factories, pollution emitted by cars and toxic gases generated in farms.

Snow Level Monitoring

Snow level measurement to know in real time the quality of ski tracks and allow security corps avalanche prevention.

Landslide and Avalanche Prevention

Monitoring of soil moisture, vibrations and earth density to detect dangerous patterns in land conditions.

Earthquake Early Detection

Distributed control in specific places of tremors.

Smart Environment



Wine Quality Enhancing Monitoring soil moisture and trunk diameter in vineyards to control the amount of sugar in grapes and grapevine health.

Green Houses Control micro-climate conditions to maximize the production of fruits and vegetables and its quality.

Golf Courses Selective irrigation in dry zones to reduce the water resources required in the green.

Meteorological Station Network Study of weather conditions in fields to forecast ice formation, rain, drought, snow or wind changes.

Compost Control of humidity and temperature levels in alfalfa, hay, straw, etc. to prevent fungus and other microbial contaminants.

Smart Agriculture & Animal Farming (1)



Hydroponics Control the exact conditions of plants grown in water to get the highest efficiency crops.

Offspring Care

Control of growing conditions of the offspring in animal farms to ensure its survival and health.

Animal Tracking

Location and identification of animals grazing in open pastures or location in big stables.

Toxic Gas Levels

Study of ventilation and air quality in farms and detection of harmful gases from excrements.

Smart Agriculture & Animal Farming (2)



• Smart Factory, • Manufacturing, Robotics, • Financial Services, • Banking, • Insurance, etc.

Smart Industry & Services


M2M Applications Machine auto-diagnosis and assets control.

Indoor Air Quality

Monitoring of toxic gas and oxygen levels inside chemical plants to ensure workers and goods safety.

Temperature Monitoring

Control of temperature inside industrial and medical fridges with sensitive merchandise.

Ozone Presence

Monitoring of ozone levels during the drying meat process in food factories. Indoor Location

Asset indoor location by using active (ZigBee) and passive tags (RFID/NFC). Vehicle Auto-diagnosis

Information collection from CanBus to send real time alarms to emergencies or provide advice to drivers.

Industrial Control



Quality of Shipment Conditions Monitoring of vibrations, strokes, container openings or cold chain maintenance for insurance purposes.

Item Location

Search of individual items in big surfaces like warehouses or harbours.

Storage Incompatibility Detection

Warning emission on containers storing inflammable goods closed to others containing explosive material.

Fleet Tracking

Control of routes followed for delicate goods like medical drugs, jewels or dangerous merchandises.

Smart Logistics & Supply Chain Management



Smart Transportation (e.g. Airlines, Railways, Shipping),



alcatel-lucent.com

Sensors & Actuators

Wireless Communications: RFID, WiFi, Bluetooth, Cellular, Satellite

Networks (HW & SW)

Addressing

Cloud Computing (Storage, Processing, Analytics, Security, etc.)

TECHNOLOGY


Devices (Sensors, Actuators, etc.), Networking & Communications, Data Management, Decision Making, Security & Privacy, Social & Legal issues, Economics, Human Behavior & Usability, Marketing, etc.

Research Challenges


Google wants to advance the Internet of things, offers grants for ‘open innovation’ research proposals Deadline: January 21, 2015

Individual Project Grants: US $50,000 to $150,000. Expedition Lead Grants: US$500,000 to $800,000.

Google - Open Web of Things


Research at the intersection of disciplines including: Human Computer Interaction (HCI)

Privacy & Security

Systems & Protocols


Deadlines: March 25th , 2015 & May 11th , 2015 open to young women between the ages of 13-18 New ideas on how technologies from the Internet of Things can improve: education, healthcare, manufacturing, energy, retail, transportation, smart cities

http://iotchallenge-cisco.younoodle.com/

Cisco IoT Challenge for Young Women


https://iotchallenge.cisco.spigit.com/Page/AboutTheContest





Any cyber-attack, large or small, is born from a weak link in the security chain. Weak links can be: • poorly written code, • outdated software, • an abandoned website, • Developer, • errors, • a user who blindly trusts, etc.

Cisco on Cyber-attack effects


The Center for Strategic and International Studies estimated that US$100 billion is lost annually to the US economy, and 508,000 US jobs are lost, because of malicious online activity.

Ponemon Institute estimated that the average cost of an organizational data breach was US$5.4 million in 2014, up from US$4.5 million in 2013.

Losses due to attacks


+

Companies’ considerations


Nearly half (46%) of the IT leaders who responded to Computer World poll said that they will invest more next year in:

access control, intrusion prevention, identity management, virus and malware protection.


@Device: • stolen • modified • replaced • cloned

@Software: • modified (firmware / OS / middleware) • decompiled to extract credentials • exhausted (denial of service) @Network

Attack Examples


Routers will be a prime target for hackers looking to compromise network-connected devices as IoT grows. (Avast)

Hackers are more likely to want to take over the local

networks that connect devices rather than hack into the individual devices themselves. (Ondrej Vlcek, chief operation officer at Avast)


A wireless network consisting of a large number of autonomous sensors that are spatially distributed in area of interest in order to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, pollutants, etc.

Sensor:

Wireless Sensor Network (WSN)


Sensors

ADC

Processor

Memory Transceiver

Location finding system (optional)

Mobilizer (optional)

Sensing Unit Processing Unit

Power unit

Communication Unit

WSN Architecture


Internet, Satellite

Sink

Sink

Task Manager

User

Sensor Field

Sensor Node

Figure – The big picture

WSNs are vulnerable to various types of attacks


Internet, Satellite

Sink

Sink

Task Manager

User

Sensor Field

Sensor Node

Spoofed Routing

information

Wormhole Attack

Eavesdropping: an attacker intercepts packets transmitted over the air for further cryptanalysis or traffic analysis.

Traffic analysis: allows an attacker to determine that there is activity in the network, the location of the BSs, and the type of protocols being used.

Message injection: an adversary injects bogus control information into the data stream.

Message modification: a previously captured message is modified before being retransmitted

Node capture: An embedded device is considered being compromised when an attacker, through various means, gains control to the node itself.

Denial-of-Service (DoS) attacks: can be grouped into two categories

– Service degradation (e.g., collision attack), and

– Service disablement through power exhaustion (e.g. jamming)

Attack Models


Pas

sive

att

acks

A

ctiv

e at

tack

s

Various security mechanisms have been proposed to address the security concerns of WSNs.

Despite the fast development of computer security mechanisms, the scale and complexity of the generated wireless data put major challenges to the representation and understanding of security-relevant network information.

To address this issue, efficient visualization techniques have been adopted by the researchers to bridge the gap.

A new security discipline emerges!

Network Security Visualization


The power of visualization should go beyond the simple ”illustration” of network behavior in order to help the analysts discriminate between normal and abnormal network activities.

Network security visualization provides insight into areas that other system fail to enlighten by integrating visualization and machine learning techniques.

In the near future… Visualization for network security


Security Visualization Techniques


Node Links

Glyphs

Parallel Coordinates

Bundle Diagrams

Radial Panels

IoT enables dramatic society transformation!

WSN is a main ingredient of IoT.

WSN Security is important!

Conclusions


Thank you for your attention

Prof. Anastasios A. Economides

[email protected]

http://conta.uom.gr




http://conta.uom.gr/

Internet of Things and Security challenges

Internet

Transcript of Internet of Things and Security challenges