Internet of Things and Security challenges
-
Upload
anastasios-economides -
Category
Internet
-
view
644 -
download
5
Transcript of Internet of Things and Security challenges
Prof. Anastasios A. Economides
University of Macedonia, Thessaloniki, Greece
http://conta.uom.gr
Internet of Things (IoT) &
Security Challenges
• IoT Definitions • Forecasting, Market & Economics • Applications • Technology • Research Challenges • Security Challenges • Wireless Sensor Network Security • Attacks & Defense • Security Visualization • Conclusions
Presentation Outline
IN3-UOC 2014 seminar by Prof. A.A. Economides 2
IN3-UOC 2014 seminar by Prof. A.A. Economides
3
IoT Definitions
4 IN3-UOC 2014 seminar by Prof. A.A. Economides
• IoT will connect objects around us to provide seamless communication and contextual services provided by them. IETF
• IoT enables the objects in our environment to become active participants, i.e.,
– they share information with other members of the network or with any other stakeholder,
– they are capable of recognizing events and changes in their surroundings and of acting and reacting autonomously in an appropriate manner. IERC (Internet of Things Research in Europe Cluster)
“Worldwide ICT infrastructure that enables ubiquitous services among interacting humans, machines, data and applications”
A.A. Economides
IoT Driving Forces
IN3-UOC 2014 seminar by Prof. A.A. Economides 5
IN3-UOC 2014 seminar by Prof. A.A. Economides 6
IoT Forecast
7 IN3-UOC 2014 seminar by Prof. A.A. Economides
Cisco: 25 billion devices connected to the Internet by 2015 and 50 billion by 2020.
IDC: 30 billion devices will be communicating over the network by 2020. ABI Research: There are more than 10 billion wirelessly connected devices in
the market today; with over 30 billion devices by 2020. Gartner: 26 billion units installed by 2020. Ericsson: 50 billion connected devices by 2020.
IN3-UOC 2014 seminar by Prof. A.A. Economides 8
IoT Economic Impact, 1
9 IN3-UOC 2014 seminar by Prof. A.A. Economides
Harbor Research: Service Revenues for the IoT will reach $500 Billion by 2018, dwarfing the $33 Billion in revenue expected from devices in 2018.
McKinsey Global Institute: the potential economic impact of IoT will
be $2.7 trillion to $6.2 trillion per year by 2025. Across the health-care applications, IoT technology could have an economic impact of $1.1 trillion to $2.5 trillion per year by 2025.
GSMA & Machina Research: A $ 4.5 trillion global impact in 2020.
The global business impact of the IoT can be split into two broad categories: ‘revenues’ ($2.5 trillion) and ‘cost reduction’ ($1 trillion) and ‘service improvements’ ($1 trillion).
IoT Economic Impact, 2
10 IN3-UOC 2014 seminar by Prof. A.A. Economides
Cisco: The IoE Value at Stake will be $19 trillion for companies and industries worldwide in the next decade (2013 – 2022).
IDC: The market will increase 133% to $3.04 trillion by 2020. Gartner: IoT product and service suppliers will generate
incremental revenue exceeding $300 billion, mostly in services, in 2020. It will result in $1.9 trillion in global economic value-add through sales into diverse end markets. The verticals that are leading its adoption are manufacturing (15 percent), healthcare (15 percent) and insurance (11 percent).
75% of companies from across industries are already exploring the IoT.
15 % of organizations across the globe already have an IoT
solution in place. 53 % plan to implement one within the next 24 months,
and another 14 % in the next two to five years. 21 % of transportation and logistics companies already
have IoT solutions in place.
(Zebra Technologies / Forrester Consulting).
IoT deployment
IN3-UOC 2014 seminar by Prof. A.A. Economides 11
12 IN3-UOC 2014 seminar by Prof. A.A. Economides
Cisco predicts that IoT will cause IP traffic to reach 1.6 zettabytes by 2018 (300% increase compared to 2013).
By 2018, 57% of IP traffic will come from devices other than PCs. Wi-Fi will generate 49% of IP traffic, other mobile-connected devices will generate 12% of it. Cisco will invest $1 billion to build the world's largest
Intercloud network to tackle the IoT.
Cisco to build a network
13 IN3-UOC 2014 seminar by Prof. A.A. Economides
APPLICATIONS
IN3-UOC 2014 seminar by Prof. A.A. Economides 14
• Personal Health, • Personal Devices (e.g. glass, watch, mobile), • Clothes, • Personal Exercise, • Infant/ Elderly/Patient Monitoring, • Special needs persons Assistance, • Hospitals, Health Retreat, • Pharmaceuticals, • Emergency, • Recreational activities, • etc.
Smart Healthcare & Wellbeing
IN3-UOC 2014 seminar by Prof. A.A. Economides 15
Fall Detection Assistance for elderly or disabled people living independent.
Medical Fridges
Control of conditions inside freezers storing vaccines, medicines and organic elements.
Sportsmen Care Vital signs monitoring in high performance centers and fields. Patients Surveillance
Monitoring of conditions of patients inside hospitals and in old people's home.
Ultraviolet Radiation
Measurement of UV sun rays to warn people not to be exposed in certain hours.
eHealth
16 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
• Home equipment/appliances Control, • Safety Detectors (e.g. smoke, gas, motion), • Security, Surveillance, • Environment (e.g. heat, air, light), • Entertainment, • etc.
Smart Home
IN3-UOC 2014 seminar by Prof. A.A. Economides 17
Energy and Water Use Energy and water supply consumption monitoring to obtain advice on how to save cost and resources.
Remote Control Appliances
Switching on and off remotely appliances to avoid accidents and save energy.
Intrusion Detection Systems
Detection of windows and doors openings and violations to prevent intruders.
Art and Goods Preservation
Monitoring of conditions inside museums and art warehouses.
Domotic & Home Automation
18 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
• Energy & Lighting, • Security, Surveillance, • Emergency (e.g. fire, gas), • Metering, • Offices, • Hotels, • etc.
Smart Building
IN3-UOC 2014 seminar by Prof. A.A. Economides 19
IN3-UOC 2014 seminar by Prof. A.A. Economides 20
• Monitoring, Fault Detection, • Metering, • Electricity, • Waste Management, • Water, • Gas, • Tolls, • Bridges, etc.
Smart Utilities
IN3-UOC 2014 seminar by Prof. A.A. Economides 21
http://www.alcatel-lucent.com/
Smart Grid Energy consumption monitoring and management.
Tank level
Monitoring of water, oil and gas levels in storage tanks and cisterns.
Photovoltaic Installations
Monitoring and optimization of performance in solar energy plants.
Water Flow
Measurement of water pressure in water transportation systems. Silos Stock Calculation
Measurement of emptiness level and weight of the goods.
Smart Metering
22 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
Potable water monitoring Monitor the quality of tap water in cities.
Chemical leakage detection in rivers
Detect leakages and wastes of factories in rivers. Swimming pool remote measurement
Control remotely the swimming pool conditions. Pollution levels in the sea
Control real time leakages and wastes in the sea. Water Leakages
Detection of liquid presence outside tanks and pressure variations along pipes.
River Floods
Monitoring of water level variations in rivers, dams and reservoirs.
Smart Water
23 IN3-UOC 2014 seminar by Prof. A.A. Economides http://www.libelium.com/
• E-Government, • Security, Surveillance, • Emergency (e.g. fire, flood, tsunami), • Energy Management (e.g. lighting), • Air & Water Quality Monitoring, • Traffic Control, Parking, • Transportation (e.g. cars, buses, metro, trams,…), • Tourism, • Culture, Arts, • Education, etc.
Smart City/ Community
IN3-UOC 2014 seminar by Prof. A.A. Economides 24
http://www.alcatel-lucent.com/
Smart Parking Monitoring of parking spaces availability in the city.
Structural health
Monitoring of vibrations and material conditions in buildings, bridges and historical monuments. Noise Urban Maps
Sound monitoring in bar areas and centric zones in real time. Smartphone Detection
Detect iPhone and Android devices and in general any device which works with WiFi or Bluetooth interfaces.
Eletromagnetic Field Levels
Measurement of the energy radiated by cell stations and and WiFi routers. Traffic Congestion
Monitoring of vehicles and pedestrian levels to optimize driving and walking routes. Smart Lighting
Intelligent and weather adaptive lighting in street lights. Waste Management
Detection of rubbish levels in containers to optimize the trash collection routes.
Smart Cities
25 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
There are sensors everywhere: monitoring traffic, parking spaces, street lights, air pollution, meteorological conditions, the humidity of green spaces in parks, the trash bins etc.
Street lights in Born are shut down automatically if they don’t detect
any activity nearby. They also gathers environmental information, humidity, temperature, pollution, and noise. It is expected to have 3,360 lights on 160 streets by 2015.
The trash cans alert sanitation workers monitoring on a tablet that
they need to be emptied.
The irrigation systems in Pobleneau Central Park monitor the moisture in the soil and turning on pop-up sprinklers. Parks department employees can also access meteorological data and rain gauges and adjust the quantity of water used.
Barcelona Smart City
26 IN3-UOC 2014 seminar by Prof. A.A. Economides
• 83 projects across 12 areas • 47,000 jobs created
• Smart Water: $58 million savings • Smart Parking: $53 million revenue • Smart Lighting: $47 million savings • Smart Buildings: $124 million savings www.cisco.com
Barcelona Smart City economics
27 IN3-UOC 2014 seminar by Prof. A.A. Economides
Perimeter Access Control Access control to restricted areas and detection of people in non-authorized areas.
Liquid Presence
Liquid detection in data centers, warehouses and sensitive building grounds to prevent break downs and corrosion.
Radiation Levels
Distributed measurement of radiation levels in nuclear power stations surroundings to generate leakage alerts.
Explosive and Hazardous Gases
Detection of gas levels and leakages in industrial environments, surroundings of chemical factories and inside mines.
Security & Emergencies
28 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
• Farming, Agriculture, Livestock, • Water, • Pollution, • Weather, • Nature, etc.
Smart Environment
IN3-UOC 2014 seminar by Prof. A.A. Economides 29
Forest Fire Detection Monitoring of combustion gases and preemptive fire conditions to define alert zones.
Air Pollution
Control of CO2 emissions of factories, pollution emitted by cars and toxic gases generated in farms.
Snow Level Monitoring
Snow level measurement to know in real time the quality of ski tracks and allow security corps avalanche prevention.
Landslide and Avalanche Prevention
Monitoring of soil moisture, vibrations and earth density to detect dangerous patterns in land conditions.
Earthquake Early Detection
Distributed control in specific places of tremors.
Smart Environment
30 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
Wine Quality Enhancing Monitoring soil moisture and trunk diameter in vineyards to control the amount of sugar in grapes and grapevine health.
Green Houses Control micro-climate conditions to maximize the production of fruits and vegetables and its quality.
Golf Courses Selective irrigation in dry zones to reduce the water resources required in the green.
Meteorological Station Network Study of weather conditions in fields to forecast ice formation, rain, drought, snow or wind changes.
Compost Control of humidity and temperature levels in alfalfa, hay, straw, etc. to prevent fungus and other microbial contaminants.
Smart Agriculture & Animal Farming (1)
31 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
Hydroponics Control the exact conditions of plants grown in water to get the highest efficiency crops.
Offspring Care
Control of growing conditions of the offspring in animal farms to ensure its survival and health.
Animal Tracking
Location and identification of animals grazing in open pastures or location in big stables.
Toxic Gas Levels
Study of ventilation and air quality in farms and detection of harmful gases from excrements.
Smart Agriculture & Animal Farming (2)
32 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
• Smart Factory, • Manufacturing, Robotics, • Financial Services, • Banking, • Insurance, etc.
Smart Industry & Services
IN3-UOC 2014 seminar by Prof. A.A. Economides 33
M2M Applications Machine auto-diagnosis and assets control.
Indoor Air Quality
Monitoring of toxic gas and oxygen levels inside chemical plants to ensure workers and goods safety.
Temperature Monitoring
Control of temperature inside industrial and medical fridges with sensitive merchandise.
Ozone Presence
Monitoring of ozone levels during the drying meat process in food factories. Indoor Location
Asset indoor location by using active (ZigBee) and passive tags (RFID/NFC). Vehicle Auto-diagnosis
Information collection from CanBus to send real time alarms to emergencies or provide advice to drivers.
Industrial Control
34 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
Quality of Shipment Conditions Monitoring of vibrations, strokes, container openings or cold chain maintenance for insurance purposes.
Item Location
Search of individual items in big surfaces like warehouses or harbours.
Storage Incompatibility Detection
Warning emission on containers storing inflammable goods closed to others containing explosive material.
Fleet Tracking
Control of routes followed for delicate goods like medical drugs, jewels or dangerous merchandises.
Smart Logistics & Supply Chain Management
35 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.libelium.com/
Smart Transportation (e.g. Airlines, Railways, Shipping),
36 IN3-UOC 2014 seminar by Prof. A.A. Economides
http://www.alcatel-lucent.com/
alcatel-lucent.com
Sensors & Actuators
Wireless Communications: RFID, WiFi, Bluetooth, Cellular, Satellite
Networks (HW & SW)
Addressing
Cloud Computing (Storage, Processing, Analytics, Security, etc.)
TECHNOLOGY
IN3-UOC 2014 seminar by Prof. A.A. Economides 38
IN3-UOC 2014 seminar by Prof. A.A. Economides 39
Devices (Sensors, Actuators, etc.), Networking & Communications, Data Management, Decision Making, Security & Privacy, Social & Legal issues, Economics, Human Behavior & Usability, Marketing, etc.
Research Challenges
IN3-UOC 2014 seminar by Prof. A.A. Economides 40
Google wants to advance the Internet of things, offers grants for ‘open innovation’ research proposals Deadline: January 21, 2015
Individual Project Grants: US $50,000 to $150,000. Expedition Lead Grants: US$500,000 to $800,000.
Google - Open Web of Things
41 IN3-UOC 2014 seminar by Prof. A.A. Economides
Research at the intersection of disciplines including: Human Computer Interaction (HCI)
Privacy & Security
Systems & Protocols
42 IN3-UOC 2014 seminar by Prof. A.A. Economides
Deadlines: March 25th , 2015 & May 11th , 2015 open to young women between the ages of 13-18 New ideas on how technologies from the Internet of Things can improve: education, healthcare, manufacturing, energy, retail, transportation, smart cities
http://iotchallenge-cisco.younoodle.com/
Cisco IoT Challenge for Young Women
IN3-UOC 2014 seminar by Prof. A.A. Economides 43
Any cyber-attack, large or small, is born from a weak link in the security chain. Weak links can be: • poorly written code, • outdated software, • an abandoned website, • Developer, • errors, • a user who blindly trusts, etc.
Cisco on Cyber-attack effects
44 IN3-UOC 2014 seminar by Prof. A.A. Economides
The Center for Strategic and International Studies estimated that US$100 billion is lost annually to the US economy, and 508,000 US jobs are lost, because of malicious online activity.
Ponemon Institute estimated that the average cost of an organizational data breach was US$5.4 million in 2014, up from US$4.5 million in 2013.
Losses due to attacks
45 IN3-UOC 2014 seminar by Prof. A.A. Economides
+
Companies’ considerations
IN3-UOC 2014 seminar by Prof. A.A. Economides 46
Nearly half (46%) of the IT leaders who responded to Computer World poll said that they will invest more next year in:
access control, intrusion prevention, identity management, virus and malware protection.
47 IN3-UOC 2014 seminar by Prof. A.A. Economides
@Device: • stolen • modified • replaced • cloned
@Software: • modified (firmware / OS / middleware) • decompiled to extract credentials • exhausted (denial of service) @Network
Attack Examples
48 IN3-UOC 2014 seminar by Prof. A.A. Economides
Routers will be a prime target for hackers looking to compromise network-connected devices as IoT grows. (Avast)
Hackers are more likely to want to take over the local
networks that connect devices rather than hack into the individual devices themselves. (Ondrej Vlcek, chief operation officer at Avast)
49 IN3-UOC 2014 seminar by Prof. A.A. Economides
A wireless network consisting of a large number of autonomous sensors that are spatially distributed in area of interest in order to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, pollutants, etc.
Sensor:
Wireless Sensor Network (WSN)
50 IN3-UOC 2014 seminar by Prof. A.A. Economides
Sensors
ADC
Processor
Memory Transceiver
Location finding system (optional)
Mobilizer (optional)
Sensing Unit Processing Unit
Power unit
Communication Unit
WSN Architecture
51 IN3-UOC 2014 seminar by Prof. A.A. Economides
Internet, Satellite
Sink
Sink
Task Manager
User
Sensor Field
Sensor Node
Figure – The big picture
WSNs are vulnerable to various types of attacks
52 IN3-UOC 2014 seminar by Prof. A.A. Economides
Internet, Satellite
Sink
Sink
Task Manager
User
Sensor Field
Sensor Node
Spoofed Routing
information
Wormhole Attack
Eavesdropping: an attacker intercepts packets transmitted over the air for further cryptanalysis or traffic analysis.
Traffic analysis: allows an attacker to determine that there is activity in the network, the location of the BSs, and the type of protocols being used.
Message injection: an adversary injects bogus control information into the data stream.
Message modification: a previously captured message is modified before being retransmitted
Node capture: An embedded device is considered being compromised when an attacker, through various means, gains control to the node itself.
Denial-of-Service (DoS) attacks: can be grouped into two categories
– Service degradation (e.g., collision attack), and
– Service disablement through power exhaustion (e.g. jamming)
Attack Models
53 IN3-UOC 2014 seminar by Prof. A.A. Economides
Pas
sive
att
acks
A
ctiv
e at
tack
s
Various security mechanisms have been proposed to address the security concerns of WSNs.
Despite the fast development of computer security mechanisms, the scale and complexity of the generated wireless data put major challenges to the representation and understanding of security-relevant network information.
To address this issue, efficient visualization techniques have been adopted by the researchers to bridge the gap.
A new security discipline emerges!
Network Security Visualization
54 IN3-UOC 2014 seminar by Prof. A.A. Economides
The power of visualization should go beyond the simple ”illustration” of network behavior in order to help the analysts discriminate between normal and abnormal network activities.
Network security visualization provides insight into areas that other system fail to enlighten by integrating visualization and machine learning techniques.
In the near future… Visualization for network security
55 IN3-UOC 2014 seminar by Prof. A.A. Economides
Security Visualization Techniques
56 IN3-UOC 2014 seminar by Prof. A.A. Economides
Node Links
Glyphs
Parallel Coordinates
Bundle Diagrams
Radial Panels
IoT enables dramatic society transformation!
WSN is a main ingredient of IoT.
WSN Security is important!
Conclusions
IN3-UOC 2014 seminar by Prof. A.A. Economides 57
Thank you for your attention
Prof. Anastasios A. Economides
http://conta.uom.gr
IN3-UOC 2014 seminar by Prof. A.A. Economides 58